- Vasilis Giann
- Victor Lamoine
- Viktar Vauchkevich
-- Weblate
- Wim Livens
- Yaron Shahrabani
- YFdyh000
5. Follow the installation wizard, it should propose you the same data folder or even update automatically
6. Check your `/lib/config.local.php` and compare it with the `/lib/config.original.php` to see if new configuration items are available. If a new item is missing in your `config.local.php`, this may trigger some errors as Jirafeau may expect to have them.
-## Current snapshots
+## Version 4.6.x (not yet released)
+
+- ...
+
+## Version 4.6.1
- Removed the download button and the corresponding link for encrypted files from the admin interface
+- Fixed an issue with sending the wrong filesize after decrypting an encrypted file
+- Fixed the possibility to bypass the check for CVE-2022-30110 (prevent preview of SVG images) by sending a manipulated HTTP request with a MIME type like "image/svg+XML".
+- We now provide Docker images for AMD64 and ARM64 systems
- Lots of code refactoring and cleanup
- Few more little fixes
- Typo and spelling mistakes
+- Upgrade from 4.6.0: in-place upgrade
New configuration items:
- `one_time_download_preselected` for preselecting the checkbox for deleting the file after the first download
- Removed usage of deprecated `strftime()` function
- Few more little fixes
- Typo and spelling mistakes
+- Upgrade from 4.5.0: in-place upgrade
New configuration items:
- `download_password_requirement`, `download_password_gen_len`, `download_password_gen_chars`, `download_password_policy` and `download_password_policy_regex` for configuring file download passwords
## Translations
-Translation may be added via [Jirafeau's Weblate](https://hosted.weblate.org/projects/jirafeau/master/).
+Translations may be added by creating a new JSON file under `locales` and submitting a merge request.
## Coding style
-- This project follows the [PSR-2](http://www.php-fig.org/psr/psr-2/) Coding Style
+- This project follows the [PSR-12](https://www.php-fig.org/psr/psr-12/) coding style
- Files must be in UTF-8 without BOM and use Unix Line Endings (LF)
## Branches
## New Releases
-* Fetch weblate and rebase and import translations
* If the release is not done for security purposes: create a new issue and freeze next-release branch for at least week.
* Compare the [`next-release` branch to `master`](https://gitlab.com/jirafeau/Jirafeau/compare/master...next-release)
* Add a list of noteworthy features and bugfixes to `CHANGELOG.md`
## Run Jirafeau through a pre-made Docker image
-Jirafeau is a small PHP application so running it inside a docker container is pretty straightforward.
+Jirafeau is a small PHP application so running it inside a Docker container is pretty straightforward. Container images are built for AMD64 and ARM64 systems and can be downloaded from our registry at `registry.gitlab.com`.
```shell
docker pull registry.gitlab.com/jirafeau/jirafeau:latest
- `DARK_STYLE`: apply a specific style for browsers in dark mode.
- `AVAILABILITY_DEFAULT`: setup which availability shows by default.
- `ONE_TIME_DOWNLOAD`: set to 1 or 0 to enable or disable one time downloads.
+- `ONE_TIME_DOWNLOAD_PRESELECTED`: set to 1 or 0 to preselect the checkbox for one time downloads.
- `ENABLE_CRYPT`: set to 1 or 0 to enable or disable server side encryption.
- `DEBUG`: set to 1 or 0 to enable or disable debug mode.
- `MAXIMAL_UPLOAD_SIZE`: maximal file size allowed (expressed in MB).
```shell
mkdir /tmp/jirafeau_data
docker run -it --rm -p 8080:80 -v /tmp/jirafeau_data:/data registry.gitlab.com/jirafeau/jirafeau:latest
-
```
+Please note that the files and directories created in the directory outside the container will probably be owned by UID 100.
+
## Few notes
- `var-...` folder where lives all uploaded data is protected from direct access
env_2_cfg_string($cfg, 'availability_default');
env_2_cfg_string($cfg, 'dark_style');
env_2_cfg_bool($cfg, 'one_time_download');
+ env_2_cfg_bool($cfg, 'one_time_download_preselected');
env_2_cfg_bool($cfg, 'enable_crypt');
env_2_cfg_bool($cfg, 'debug');
env_2_cfg_int($cfg, 'maximal_upload_size');
if (!empty($mime)) {
$viewable = array('image', 'video', 'audio');
$decomposed = explode('/', $mime);
- if (in_array($decomposed[0], $viewable) && strpos($mime, 'image/svg+xml') === false) {
+ if (in_array($decomposed[0], $viewable) && stripos($mime, 'image/svg+xml') === false) {
return true;
}
$viewable = array('text/plain');
<?php
echo t('MADE_WITH') .
' <a href="' . JIRAFEAU_WEBSITE . '" target="_blank" rel="noopener noreferrer">' . t('JI_PROJECT') . '</a>' .
- '<p> ' . t('DESIGNED') . ' ' . $cfg['contactperson'] . '</p>' .
' (<a href="https://www.gnu.org/licenses/agpl.html" target="_blank" rel="noopener noreferrer"><abbr title="GNU Affero General Public License v3">AGPL-3.0</abbr></a>)';
?>
<!-- Installation dependent links -->
<?php
if (false === empty($cfg['installation_done'])) {
+ if(false === empty($cfg['organisation'])) {
+ echo ' <span>|</span> ';
+ echo ' ' . t('DESIGNED') . ' ' . $cfg['organisation'];
+ }
+
echo ' <span>|</span> ';
- echo '<a href="tos.php" target="_blank" rel="noopener noreferrer">' . t('TOS') . '</a>';
+ echo '<a href="tos.php" target="_blank" rel="nooener noreferrer">' . t('TOS') . '</a>';
}
?>
</p>
git.p6c8.net / jirafeau.git / commitdiff