r1053
New features
- New UI. More modern, responsive and overall more polished looking.
- Can set a maximum file upload size on each client and user, overriding the default one.
- Can now set the default maximum upload size on the installer.
- Added ckeditor as a visual editor on files and groups descriptions (can be disabled)
- Public groups: an option create groups where people can see its contents without being logged in.
- Public page: a special page that shows all of the public groups and files. Has several options. Disabled by default.
- Groups memberships: Option to allow clients to request memberships to public groups. An administrator can approve or deny them.
- Added a new block on the dashboard with server information.
- New template page design, in the style of that of WordPress with themes screnshots and descriptions.
- Manage files: added filter by uploader.
- Added options to set custom subjects on emails.
- Email previews are now accurate in content.
- New option to customize the footer text.
- Better download links.
- Added an option to prevent indexing by search engines.
- Updated the style of the gallery theme.
- Load a custom.js file if it exists (won’t get overwritten when updating).
- Clients can select and expiry date for their files.
Fixes
- Fix for modal window not closing on zip downloads.
- Fixed the MySQL error on some versions during installation, attributed to having 2 timestamps columns on the same table with default value of CURRENT_TIMESTAMP. Based on a contribution by cdoepmann.
- Email: don’t auth if smtp is selected but auth is set to “none”.
- CSV injection bug fix.
- XSS security fixes.
- Several security fixes.
- Fixed category deletion.
- Fix for uploaders not being able to delete their files.
- Several fixes for multiple files downloading as zip.
- Zip files download IDOR fix.
- Fixed showing active status of clients and users.
- New server side pagination, replaces the javacript one which made the site unresponsive if there were a lof of results.
- Some fixes to the manage files page.
Misc changes and fixes
- Added a DEBUG constant.
- Fixed notices on the installer.
- Added a check on the installer for php and mysql versions requierements.
- Some parts of the code where cleaned up, including a new table generation class.
- Refactory of the options pages UI. No more tabs, now groups of options are on their own page. Cleaner and faster to use.
- Admin load a minified version of CSS files.
- Moved most of the backend javacript to it’s own file.
- Show the public url on the file editor.
- Uploaded scripts. flot, phpmailer.
- Better category administration page.
- Throw a warning if php extension is present in the allowed uploads extension list.
- Several other minor fixes.
Contributions:
- A very important contribution in the form of security audit (security-prince)
- MySQL compatibility fixed on the dashboard statistics (DBezemer)
- Handle following of symlinks for imported orphaned files (joshstrange)
- Fix to prevent direct access to the files folder (trainwreckjvbo)
- UI improvements and option to disable the welcome email when creating users (adrianp-sti)
- Fix CVE-2017-9783 and CVE-2017-9786 XSS vulnerabilities. (JackWhite20)
- Fix for the email subjects (remez)
- Login and notification fixes (OrlandoST)
- Fix unsolicited error message on config save (Fix unsolicited error message on config save)
- Fixed bug that stops uploading. (JackWhite20)
- In case the file is a symlink, get the size from the real file not the symlink itself (Kevin Druelle)
- Several Security Fixes (IppSec)
- Expiry dates fixes, new features and improvements (eyeobticeo)
- Typos fixes (hailthemelody)
- Fixed port number problem when behind reverse proxy (berndblume)