Encoded strings passed to constant_time_compare as ascii, because it was

throwing errors in OSX. Also added --debug to command line version, and made onionshare server
log errors as well as the GUI.

onionshare/onionshare.py

@@ -42,6 +42,19 @@ def set_stay_open(new_stay_open):
 
 app = Flask(__name__)
 
+def debug_mode():
+    import logging
+    global app
+
+    if platform.system() == 'Windows':
+        temp_dir = os.environ['Temp'].replace('\\', '/')
+    else:
+        temp_dir = '/tmp/'
+
+    log_handler = logging.FileHandler('{0}/onionshare_server.log'.format(temp_dir))
+    log_handler.setLevel(logging.WARNING)
+    app.logger.addHandler(log_handler)
+
 # get path of onioshare directory
 if get_platform() == 'Darwin':
     onionshare_dir = os.path.dirname(__file__)
@@ -82,7 +95,7 @@ def human_readable_filesize(b):
 def index(slug_candidate):
     global filename, filesize, filehash, slug, strings, REQUEST_LOAD, onionshare_dir
 
-    if not constant_time_compare(slug, slug_candidate):
+    if not constant_time_compare(slug.encode('ascii'), slug_candidate.encode('ascii')):
         abort(404)
 
     add_request(REQUEST_LOAD, request.path)
@@ -101,7 +114,7 @@ def download(slug_candidate):
     global filename, filesize, q, download_count
     global REQUEST_DOWNLOAD, REQUEST_PROGRESS
 
-    if not constant_time_compare(slug, slug_candidate):
+    if not constant_time_compare(slug.encode('ascii'), slug_candidate.encode('ascii')):
         abort(404)
 
     # each download has a unique id
@@ -261,14 +274,19 @@ def main():
     parser = argparse.ArgumentParser()
     parser.add_argument('--local-only', action='store_true', dest='local_only', help='Do not attempt to use tor: for development only')
     parser.add_argument('--stay-open', action='store_true', dest='stay_open', help='Keep hidden service running after download has finished')
+    parser.add_argument('--debug', action='store_true', dest='debug', help='Log errors to disk')
     parser.add_argument('filename', nargs=1, help='File to share')
     args = parser.parse_args()
 
     filename = os.path.abspath(args.filename[0])
-    local_only = args.local_only
+    local_only = bool(args.local_only)
+    debug = bool(args.debug)
+
+    if debug:
+        debug_mode()
 
     global stay_open
-    stay_open = args.stay_open
+    stay_open = bool(args.stay_open)
 
     if not (filename and os.path.isfile(filename)):
         sys.exit(translated("not_a_file").format(filename))

onionshare_gui/onionshare_gui.py

@@ -96,7 +96,7 @@ def main():
     args = parser.parse_args()
 
     filename = args.filename
-    local_only = args.local_only
+    local_only = bool(args.local_only)
     stay_open = bool(args.stay_open)
     debug = bool(args.debug)
 
@@ -134,6 +134,7 @@ def main():
     else:
         webapp.onion_host = local_host
     if debug:
+        onionshare.debug_mode()
         webapp.debug_mode()
 
     # run the web app in a new thread

onionshare_gui/webapp.py

@@ -22,7 +22,7 @@ def debug_mode():
     else:
         temp_dir = '/tmp/'
 
-    log_handler = logging.FileHandler('{0}/onionshare.web.log'.format(temp_dir))
+    log_handler = logging.FileHandler('{0}/onionshare_gui.log'.format(temp_dir))
     log_handler.setLevel(logging.WARNING)
     app.logger.addHandler(log_handler)
 

setup/onionshare-launcher.py

@@ -1,5 +1,5 @@
 # import stuff for pyinstaller to find
-import os, sys, subprocess, time, hashlib, platform, json, locale, socket, argparse, Queue, inspect, base64, random, functools
+import os, sys, subprocess, time, hashlib, platform, json, locale, socket, argparse, Queue, inspect, base64, random, functools, logging
 import PyQt4.QtCore, PyQt4.QtGui, PyQt4.QtWebKit
 import stem, stem.control, flask
 import onionshare, onionshare_gui