nokonoko / pomf Goto Github PK
View Code? Open in Web Editor NEWSimple file uploading and sharing, source for the now shut down site Pomf.se
License: MIT License
Simple file uploading and sharing, source for the now shut down site Pomf.se
License: MIT License
Add CORS headers to allow JS scripts to post to upload endpoint
It looks like most or all sites running the pomf software can be used as a XSS attack vector via the .svg file format.
I think the only way to fix is to strip all unnecessary html with in the file, or ban .svg all together.
Proof of Concept:
http://a.pomf.cat/zgeuli.svg
http://b.1339.cf/ukzceyr.svg
http://my.mixtape.moe/brbuhb.svg
delete
Currently if I upload many related pictures or manga chapters or whatever, I have to give people dozens links for them to keep track, and always update the list.
It would be cool to have a folder where I can put related things together and keep it updated.
And it could be kept anonymous, with the folder being just a random hash as other files. But if you login you can add more content to the folder.
What do you think?
Thanks.
I am looking for a site where there is "never expire" and files are NOT DELETED.
Is there an expire of files?
Thankyou.
maxfile.ro does not upload .pdf
It just displays it but does not upload for sharing.
How can I share a .pdf please?
Thankyou
Some compression formats (bz2, etc) compress a single file where the contained file is named after the archive itself. For example, "gamearchive.packme.bz2" decompresses to a file called whatever is to the left of the bz2 extension. This isn't a problem for nested archives (such as tar.gz) but it can make some single-file uploads useless due to losing the filename unless they encapsulate the archive in another useless file or vice versa.
Can you have an upload from web button, like imgur does? For example, this would be useful since images on 4chan are temporary. You might even add this feature but for 4cdn.org uploads just keep a link to a copy on an archive and make it appear that you host it.
Hi2all.
I have the next issue:
grunt
Running "swig:dist" (swig) task
Writing HTML to dist/index.html
Writing HTML to dist/faq.html
Writing HTML to dist/tools.html
Running "htmlmin:dist" (htmlmin) task
File dist/faq.html created.
File dist/index.html created.
File dist/tools.html created.
Running "cssmin:dist" (cssmin) task
File dist/pomf.min.css created.
Running "uglify:dist" (uglify) task
File "dist/pomf.min.js" created.
Running "imagemin:dist" (imagemin) task
Fatal error: spawn EACCES
How can I fix it?
I've had the same grill show up for the past 4 days, previously she used to change everytime I visited the site, is the randomizer broken, or was there something changed?
The code at github doesn't mention numbers past 10, so I'm not really sure if it is the most recent version
(Also requesting more grills)
If an upload has taken longer than 5 seconds, then maybe a countdown should be shown. A small progress bar is helpful to see, well, the progress, but not time remaining.
Why would you not allow head requests?
Would it be possible to add "Week" and "6 Months" to p.pomf.se?
Even better would be something like Imgur uses, "3 months without views", but I understand that that would take some changes to the code.
Don't know if it's typical or not but some stuff my peoples and i use don't quite work because of lack of content-length HTTP header in .jpeg urls.
Reproducible via:
$ curl -X HEAD -i http://a.pomf.se/bphrxe.jpeg
HTTP/1.1 200 OK
Date: Thu, 21 May 2015 06:44:39 GMT
Content-Type: image/jpeg
Connection: keep-alive
Set-Cookie: __cfduid=d44a657cdeb2ca0519507e03710d5f0411432190679; expires=Fri, 20-May-16 06:44:39 GMT; path=/; domain=.pomf.se; HttpOnly
Last-Modified: Thu, 21 May 2015 00:17:26 GMT
Vary: Accept-Encoding
ETag: W/"555d2416-eddc"
Expires: Fri, 20 May 2016 06:44:39 GMT
Cache-Control: public, max-age=31536000
X-Frame-Options: DENY
CF-Cache-Status: HIT
Server: cloudflare-nginx
CF-RAY: 1e9e5060787f07f1-LAX
This is opposed to webms and other filetypes which do seem to provide them.
Now that it works to upload files without any extension without a dot being added we need to add support to upload files such as tar.gz without it cutting out and giving back bf43q.gz when uploading a file called test5.tar.gz.
Currently if I upload something, I get a random 6 letter ID for my file, and then the extension is tacked on at the end.
I'd like to be able to upload a file with a specific name and then also download a file with the same name.
For example, if I upload "abc.zip", I currently get a URL like http://a.pomf.se/qwerty.zip
I propose a URL which includes the zip name, like http://a.pomf.se/qwerty/abc.zip (so it still uses the ID internally.)
The file would only be downloaded if the ID and the filename matches, so this method also adds another layer of security for files uploaded (although that's negligible, as there are 300 million possible combinations not including the file extension which is limitless)
I imagine you'd store the file on the disk as qwerty.zip but serve the file as abc.zip.
Another way could just be to still have a.pomf.se/qwerty.zip, and then have the download be abc.zip, but I think that when you share the file you also want the filename to be in the URL - the users consuming your service will expect it to be like that, and less confusion is better.
In upload.php , randomizing filename does not work if max < min , corrected it and works fine.
Error log above.
2014/01/03 23:37:36 [error] 1554#0: *251 FastCGI sent in stderr: "PHP message: PHP Warning: mt_rand(): max(97) is smaller than min(122) in /www/file/upload.php on line 54
Tested with nginx 1.4.4 / php-fpm and php 5.5.7
As a pomf API programmer, I need some way to manage the maximum file size for certain host. It would be great if there was a page (/maxsize.php) which would show maximum size in bytes.
Hi, my upload speed is very bad. When i upload a big file can't be sure that the file is still uploading without opening my network monitor. pomf's progressbar just doesn't move for several minutes.
It would be easier if the progress bar was at least double the width it is now.
Fatal error: ENOENT: no such file or directory, stat 'dist/img/flattr.png'
Uploading the content located on the clipboard by pressing Ctrl+V / Cmd+V would be very helpful as some people take screenshots that stay on the clipboard instead of getting saved on a folder.
When I do Cmd+V on pomf nothing happens, so I have to save the screenshot and do the drag and drop thing.
I think the best way of doing this is via counting the rows in the db, rather than counting the files themselves. I'm pretty basic at PHP though and can't figure out the best way of doing it.
Also I'm not sure how much (if any) overhead this would add to the homepage. Could cache it via memcached etc but then we're straying a little from 'lightweight'.
Ideas? Is this worth being added?
Suppose you upload a file called audio.jpg
, and get the URL .../zksebc.jpg
back. Then you realise that it had the wrong filename suffix, so you rename it to audio.ogg
and upload that one. The URL you then get back will again be .../zksebc.jpg
, so you still have the wrong filename suffix.
If I know my file is not going to be needed permanently, I should be able to specify a deletion time (hours/days/weeks/months).
For most of the files I share I don't want them to take up unnecessary space after I've forgotten about them. You probably already delete files after they aren't downloaded for a while, but to be able to specify an even shorter amount is always helpful to free up space.
An extension upon this temporary storage would be not to specify a deletion time, but rather something like a 4chan thread, and the file will be deleted after that thread 404s. This would be rather easy to check every hour by just using a HEAD request to save bandwidth. If the thread stays alive for longer than X days (e.g. threads on slow boards and/or stickies), then you stop checking the thread and just let the file stay there until it is deleted for inactivity.
...if done directly from api.php in the address bar.
This would increase the range of possible names by a wide margin, and so would be beneficial to a growing fiie host.
Example: https://github.com/ccd0/4chan-x/raw/master/builds/4chan-X-beta.user.js becomes https://a.pomf.se/znivud.js
// ==UserScript==
// @name 4chan X beta
// @Version 1.9.13.4
// @minGMVer 1.14
// @minFFVer 26
// @namespace 4chan-X
// @description Cross-browser userscript for maximum lurking on 4chan.
// @license MIT; https://github.com/ccd0/4chan-x/blob/master/LICENSE
// @match ://boards.4chan.org/
// @match ://sys.4chan.org/
// @match ://a.4cdn.org/
// @match ://i.4cdn.org/
// @grant GM_getValue
// @grant GM_setValue
// @grant GM_deleteValue
// @grant GM_listValues
// @grant GM_openInTab
// @grant GM_xmlhttpRequest
// @run-at document-start
// @updateURL https://ccd0.github.io/4chan-x/builds/4chan-X-beta.meta.js
// @downloadurl https://ccd0.github.io/4chan-x/builds/4chan-X-beta.user.js
// @ICON data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAADAAAAAwCAMAAABg3Am1AAAACVBMVEUAAGcAAABmzDNZt9VtAAAAAXRSTlMAQObYZgAAAF5JREFUeNrtkTESABAQxPD/R6tsE2dUGYUtFJvLDKf93KevHJAjpBorAQWSBIKqFASC4G0pCAkm4GfaEvgYXl0T6HBaE97f0vmnfYHbZOMLZCx9ISdKWwjOWZSC8GYm4SUGwfYgqI4AAAAASUVORK5CYII=
// ==/UserScript==
gets removed/stripped, making the userscript uninstallable
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.