- Vasilis Giann
- Victor Lamoine
- Viktar Vauchkevich
-- Weblate
- Wim Livens
- Yaron Shahrabani
- YFdyh000
5. Follow the installation wizard, it should propose you the same data folder or even update automatically
6. Check your `/lib/config.local.php` and compare it with the `/lib/config.original.php` to see if new configuration items are available. If a new item is missing in your `config.local.php`, this may trigger some errors as Jirafeau may expect to have them.
-## Current snapshots
+## Version 4.6.x (not yet released)
+
+- ...
+
+## Version 4.6.1
- Removed the download button and the corresponding link for encrypted files from the admin interface
+- Fixed an issue with sending the wrong filesize after decrypting an encrypted file
+- Fixed the possibility to bypass the check for CVE-2022-30110 (prevent preview of SVG images) by sending a manipulated HTTP request with a MIME type like "image/svg+XML".
+- We now provide Docker images for AMD64 and ARM64 systems
- Lots of code refactoring and cleanup
- Few more little fixes
- Typo and spelling mistakes
+- Upgrade from 4.6.0: in-place upgrade
New configuration items:
- `one_time_download_preselected` for preselecting the checkbox for deleting the file after the first download
- Removed usage of deprecated `strftime()` function
- Few more little fixes
- Typo and spelling mistakes
+- Upgrade from 4.5.0: in-place upgrade
New configuration items:
- `download_password_requirement`, `download_password_gen_len`, `download_password_gen_chars`, `download_password_policy` and `download_password_policy_regex` for configuring file download passwords
## Translations
-Translation may be added via [Jirafeau's Weblate](https://hosted.weblate.org/projects/jirafeau/master/).
+Translations may be added by creating a new JSON file under `locales` and submitting a merge request.
## Coding style
-- This project follows the [PSR-2](http://www.php-fig.org/psr/psr-2/) Coding Style
+- This project follows the [PSR-12](https://www.php-fig.org/psr/psr-12/) coding style
- Files must be in UTF-8 without BOM and use Unix Line Endings (LF)
## Branches
## New Releases
-* Fetch weblate and rebase and import translations
* If the release is not done for security purposes: create a new issue and freeze next-release branch for at least week.
* Compare the [`next-release` branch to `master`](https://gitlab.com/jirafeau/Jirafeau/compare/master...next-release)
* Add a list of noteworthy features and bugfixes to `CHANGELOG.md`
docker run -it --rm -p 8080:80 -v /tmp/jirafeau_data:/data registry.gitlab.com/jirafeau/jirafeau:latest
```
+Please note that the files and directories created in the directory outside the container will probably be owned by UID 100.
+
## Few notes
- `var-...` folder where lives all uploaded data is protected from direct access
if (!empty($mime)) {
$viewable = array('image', 'video', 'audio');
$decomposed = explode('/', $mime);
- if (in_array($decomposed[0], $viewable) && strpos($mime, 'image/svg+xml') === false) {
+ if (in_array($decomposed[0], $viewable) && stripos($mime, 'image/svg+xml') === false) {
return true;
}
$viewable = array('text/plain');
return "Error: referenced file does not exist";
}
+ /* Store filesize before encrypting the file */
+ /* Otherwise we would send the size of the encrypted file and the data of the unencrypted file */
+ /* This would break some browsers */
+ $size = filesize($p);
+
$crypted = false;
$crypt_key = '';
if ($crypt == true && extension_loaded('sodium') == true) {
}
$hash = jirafeau_hash_file($file_hash_method, $p);
- $size = filesize($p);
$np = s2p($hash);
$delete_link_code = jirafeau_gen_random(5);
<?php
echo t('MADE_WITH') .
' <a href="' . JIRAFEAU_WEBSITE . '" target="_blank" rel="noopener noreferrer">' . t('JI_PROJECT') . '</a>' .
- '<p> ' . t('DESIGNED') . ' ' . $cfg['contactperson'] . '</p>' .
' (<a href="https://www.gnu.org/licenses/agpl.html" target="_blank" rel="noopener noreferrer"><abbr title="GNU Affero General Public License v3">AGPL-3.0</abbr></a>)';
?>
<!-- Installation dependent links -->
<?php
if (false === empty($cfg['installation_done'])) {
+ if(false === empty($cfg['organisation'])) {
+ echo ' <span>|</span> ';
+ echo ' ' . t('DESIGNED') . ' ' . $cfg['organisation'];
+ }
+
echo ' <span>|</span> ';
- echo '<a href="tos.php" target="_blank" rel="noopener noreferrer">' . t('TOS') . '</a>';
+ echo '<a href="tos.php" target="_blank" rel="nooener noreferrer">' . t('TOS') . '</a>';
}
?>
</p>
git.p6c8.net / jirafeau.git / commitdiff