mirror of
https://github.com/rclone/rclone.git
synced 2026-06-10 09:24:33 -04:00
2326ea79f7
The --rc-serve GET/HEAD file serving path accepted bracketed inline remotes from the URL and instantiated them, so a single unauthenticated request could run a command as the rclone user via backend options such as webdav bearer_token_command or sftp ssh, read arbitrary local files, or change process-wide config via global.* options. This was the GET/HEAD equivalent of the POST hole fixed for CVE-2026-41179, which only guarded the rc call dispatch path. Now, unless the rc server has authentication configured or --rc-no-auth is set, the serve path only allows remotes already present in the config file: inline remotes, connection string parameters and bare local paths are rejected. Connection string global.* options are never honoured on the serve path, even when authenticated. See: GHSA-qw24-gh76-8rvv
Docs
This directory tree is used to build all the different docs for rclone.
See the content directory for the docs in markdown format.
Note that some of the docs are auto-generated - these should have a DO NOT EDIT marker near the top.
Use hugo to build the website.
Changing the layout
If you want to change the layout then the main files to edit are
layout/index.htmlfor the front pagechrome/*.htmlfor the HTML fragments_default/single.mdfor the default templatepage/single.mdfor the page template
Running make serve in a terminal give a live preview of the website
so it is easy to tweak stuff.
What are all these files
├── config.json - hugo config file
├── content - docs and backend docs
│ ├── _index.md - the front page of rclone.org
│ ├── commands - auto-generated command docs - DO NOT EDIT
├── i18n
│ └── en.toml - hugo multilingual config
├── layouts - how the markdown gets converted into HTML
│ ├── 404.html - 404 page
│ ├── chrome - contains parts of the HTML page included elsewhere
│ │ ├── footer.copyright.html - copyright footer
│ │ ├── footer.html - footer including scripts
│ │ ├── header.html - the whole html header
│ │ ├── header.includes.html - header includes e.g. css files
│ │ ├── menu.html - left hand side menu
│ │ ├── meta.html - meta tags for the header
│ │ └── navbar.html - top navigation bar
│ ├── _default
│ │ └── single.html - the default HTML page render
│ ├── index.html - the index page of the whole site
│ ├── page
│ │ └── single.html - the render of all "page" type markdown
│ ├── partials - bits of HTML to include into layout .html files
│ │ └── version.html - the current version number
│ ├── rss.xml - template for the RSS output
│ ├── section - rendering for sections
│ │ └── commands.html - rendering for /commands/index.html
│ ├── shortcodes - shortcodes to call from markdown files
│ │ ├── cdownload.html - download the "current" version
│ │ ├── download.html - download a version with the partials/version.html number
│ │ ├── provider.html - used to make provider list on the front page
│ │ └── version.html - used to insert the current version number
│ └── sitemap.xml - sitemap template
├── public - render of the website
├── README.md - this file
├── resources - don't know!
│ └── _gen
│ ├── assets
│ └── images
└── static - static content for the website
├── css
│ ├── bootstrap.css
│ └── custom.css - custom css goes here
├── fontawesome
│ ├── css
│ └── webfonts
├── img - images used
├── js
│ ├── bootstrap.js
│ ├── custom.js - custom javascript goes here
│ └── jquery.js