sc0tfree · KFDCompiled · Aug 5, 2022 · Sep 6, 2022 · Sep 6, 2022 · Jun 1, 2023
diff --git a/README.md b/README.md
@@ -1,8 +1,3 @@
-![Version 1.4](http://img.shields.io/badge/version-v1.4-green.svg)
-![Python 3.8](http://img.shields.io/badge/python-3.8-blue.svg)
-[![MIT License](http://img.shields.io/badge/license-MIT%20License-blue.svg)](https://github.com/sc0tfree/updog/blob/master/LICENSE)
-[![sc0tfree Twitter](http://img.shields.io/twitter/url/http/shields.io.svg?style=social&label=Follow)](https://twitter.com/sc0tfree)
-
 <p>
   <img src="https://sc0tfree.squarespace.com/s/updog.png" width=85px alt="updog"/>
 </p>
@@ -11,15 +6,11 @@ Updog is a replacement for Python's `SimpleHTTPServer`.
 It allows uploading and downloading via HTTP/S, 
 can set ad hoc SSL certificates and use HTTP basic auth.
 
-<p align="center">
-  <img src="https://sc0tfree.squarespace.com/s/updog-screenshot.png" alt="Updog screenshot"/>
-</p>
-
 ## Installation
 
-Install using pip:
+Install using pipx:
 
-`pip3 install updog`
+`pipx install git+https://github.com/KFDCompiled/updog`
 
 ## Usage
 
@@ -60,6 +51,13 @@ enter the password in the password field.
 
 `updog --ssl`
 
+**Upload using curl:**
+`curl -v -XPOST -F "file=@PATH/NAME;filename=NAME" -F "path=/FULL/PATH/TO/UPDOG/WORKINGDIR" http://IP:PORT/upload`
+
+if you started updog with `updog -p 80 -d ${PREFIX}/www` then `curl -v -XPOST -F "file=@Public/foo;filename=foo" -F "path=${PREFIX}/www" http://IP:80/upload`
+
+
+
 ## Thanks
 
 A special thank you to [Nicholas Smith](http://nixmith.com) for

diff --git a/requirements.txt b/requirements.txt
@@ -1,5 +1,6 @@
 colorama
 flask
 flask_httpauth
-werkzeug
-pyopenssl
+flask_cors
+werkzeug == 1.01
+pyopenssl
diff --git a/updog/__main__.py b/updog/__main__.py
@@ -4,6 +4,7 @@
 
 from flask import Flask, render_template, send_file, redirect, request, send_from_directory, url_for, abort
 from flask_httpauth import HTTPBasicAuth
+from flask_cors import CORS
 from werkzeug.utils import secure_filename
 from werkzeug.security import generate_password_hash, check_password_hash
 from werkzeug.serving import run_simple
@@ -34,6 +35,7 @@ def parse_arguments():
     parser.add_argument('--password', type=str, default='', help='Use a password to access the page. (No username)')
     parser.add_argument('--ssl', action='store_true', help='Use an encrypted connection')
     parser.add_argument('--version', action='version', version='%(prog)s v'+VERSION)
+    parser.add_argument('--cors', action='store_true', help='Enable CORS')
 
     args = parser.parse_args()
 
@@ -49,6 +51,9 @@ def main():
     app = Flask(__name__)
     auth = HTTPBasicAuth()
 
+    if args.cors:
+        CORS(app)
+
     global base_directory
     base_directory = args.directory
 
@@ -110,6 +115,8 @@ def home(path):
             except PermissionError:
                 abort(403, 'Read Permission Denied: ' + requested_path)
 
+            # remove the base_directory
+            requested_path = requested_path[len(base_directory):]
             return render_template('home.html', files=directory_files, back=back,
                                    directory=requested_path, is_subdirectory=is_subdirectory, version=VERSION)
         else:
@@ -121,22 +128,24 @@ def home(path):
     @app.route('/upload', methods=['POST'])
     @auth.login_required
     def upload():
+        global base_directory
+
         if request.method == 'POST':
 
             # No file part - needs to check before accessing the files['file']
             if 'file' not in request.files:
-                return redirect(request.referrer)
+                return redirect(request.headers.get('Referer', '/'))
 
-            path = request.form['path']
+            path = base_directory + request.form.get('path', '/')
             # Prevent file upload to paths outside of base directory
             if not is_valid_upload_path(path, base_directory):
-                return redirect(request.referrer)
+                return redirect(request.headers.get('Referer', '/'))
 
             for file in request.files.getlist('file'):
 
                 # No filename attached
                 if file.filename == '':
-                    return redirect(request.referrer)
+                    return redirect(request.headers.get('Referer', '/'))
 
                 # Assuming all is good, process and save out the file
                 # TODO:
@@ -149,7 +158,7 @@ def upload():
                     except PermissionError:
                         abort(403, 'Write Permission Denied: ' + full_path)
 
-            return redirect(request.referrer)
+            return redirect(request.headers.get('Referer', '/'))
 
     # Password functionality is without username
     users = {