From: Patrick Canterino <patrick@patrick-canterino.de>
Date: Tue, 4 Mar 2025 14:39:23 +0000 (+0100)
Subject: Begin a new release cycle
X-Git-Url: https://git.p6c8.net/jirafeau.git/commitdiff_plain/refs/heads/next-release?ds=inline;hp=37a47dbd255874bcdfc14f2e7a5dc1461ddd145e
Begin a new release cycle
---
diff --git a/AUTHORS.md b/AUTHORS.md
index a5d94ae..a8e247e 100644
--- a/AUTHORS.md
+++ b/AUTHORS.md
@@ -106,7 +106,6 @@ This is a list of people who contributed to Jirafeau over the years. The list wa
- Vasilis Giann
- Victor Lamoine
- Viktar Vauchkevich
-- Weblate
- Wim Livens
- Yaron Shahrabani
- YFdyh000
diff --git a/CHANGELOG.md b/CHANGELOG.md
index 6f55e08..c3e5aba 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -12,12 +12,28 @@
5. Follow the installation wizard, it should propose you the same data folder or even update automatically
6. Check your `/lib/config.local.php` and compare it with the `/lib/config.original.php` to see if new configuration items are available. If a new item is missing in your `config.local.php`, this may trigger some errors as Jirafeau may expect to have them.
-## Current snapshots
+## Version 4.6.x (not yet released)
+
+- ...
+
+## Version 4.6.2
+
+- Allow to configure the language and the availabilities for files for a Docker container (issue [#20](https://gitlab.com/jirafeau/Jirafeau/-/issues/20))
+- Added an example `docker-compose.yaml` file for configuring the Docker container
+- Fixed an error occuring on some systems while building the Docker image (issue [#24](https://gitlab.com/jirafeau/Jirafeau/-/issues/24))
+- Script upload was broken due to a missing `return` statement (issue [#23](https://gitlab.com/jirafeau/Jirafeau/-/issues/23))
+- Upgrade from 4.6.1: in-place upgrade
+
+## Version 4.6.1
- Removed the download button and the corresponding link for encrypted files from the admin interface
+- Fixed an issue with sending the wrong filesize after decrypting an encrypted file
+- Fixed the possibility to bypass the check for [CVE-2022-30110](https://www.cve.org/CVERecord?id=CVE-2022-30110) (prevent preview of SVG images) by sending a manipulated HTTP request with a MIME type like "image/svg+XML". This issue has subsequently been reported as [CVE-2024-12326](https://www.cve.org/CVERecord?id=CVE-2024-12326).
+- We now provide Docker images for AMD64 and ARM64 systems
- Lots of code refactoring and cleanup
- Few more little fixes
- Typo and spelling mistakes
+- Upgrade from 4.6.0: in-place upgrade
New configuration items:
- `one_time_download_preselected` for preselecting the checkbox for deleting the file after the first download
@@ -32,6 +48,7 @@ New configuration items:
- Removed usage of deprecated `strftime()` function
- Few more little fixes
- Typo and spelling mistakes
+- Upgrade from 4.5.0: in-place upgrade
New configuration items:
- `download_password_requirement`, `download_password_gen_len`, `download_password_gen_chars`, `download_password_policy` and `download_password_policy_regex` for configuring file download passwords
diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md
index c80c1cd..bde45e8 100644
--- a/CONTRIBUTING.md
+++ b/CONTRIBUTING.md
@@ -54,11 +54,11 @@ view only to show the most important files and their role.
## Translations
-Translation may be added via [Jirafeau's Weblate](https://hosted.weblate.org/projects/jirafeau/master/).
+Translations may be added by creating a new JSON file under `locales` and submitting a merge request.
## Coding style
-- This project follows the [PSR-2](http://www.php-fig.org/psr/psr-2/) Coding Style
+- This project follows the [PSR-12](https://www.php-fig.org/psr/psr-12/) coding style
- Files must be in UTF-8 without BOM and use Unix Line Endings (LF)
## Branches
@@ -90,7 +90,6 @@ Quick walkthrough:
## New Releases
-* Fetch weblate and rebase and import translations
* If the release is not done for security purposes: create a new issue and freeze next-release branch for at least week.
* Compare the [`next-release` branch to `master`](https://gitlab.com/jirafeau/Jirafeau/compare/master...next-release)
* Add a list of noteworthy features and bugfixes to `CHANGELOG.md`
diff --git a/Dockerfile b/Dockerfile
index d4854a8..6bf9788 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -1,5 +1,6 @@
FROM php:8.1-fpm-alpine
LABEL org.opencontainers.image.authors="jerome@jutteau.fr"
+ARG INI="php"
# base install
RUN apk update && \
@@ -11,7 +12,7 @@ RUN apk update && \
COPY --chmod=550 docker/cleanup.sh docker/run.sh /
COPY --chmod=640 docker/docker_config.php /docker_config.php
-COPY docker/php.ini /usr/local/etc/php/php.ini
+COPY docker/${INI}.ini /usr/local/etc/php/php.ini
COPY docker/lighttpd.conf /etc/lighttpd/lighttpd.conf
# Install Jirafeau
@@ -21,8 +22,8 @@ RUN --mount=type=bind,source=.,target=/mnt \
cp -r /mnt/* /www/ && \
rm -rf /www/docker && \
touch /www/lib/config.local.php && \
- chown -R $(id -u lighttpd).$(id -g www-data) /www && \
+ chown -R $(id -u lighttpd):$(id -g www-data) /www && \
chmod 770 /www
CMD ["/run.sh"]
-EXPOSE 80
\ No newline at end of file
+EXPOSE 80
diff --git a/docker-compose.yaml b/docker-compose.yaml
new file mode 100644
index 0000000..2de68f8
--- /dev/null
+++ b/docker-compose.yaml
@@ -0,0 +1,31 @@
+services:
+ web:
+ build:
+ no_cache: true
+ #args:
+ # INI: php_debug #change the ini
+ context: . # or ../Dockerfile if we put it in the ./docker folder
+ volumes:
+ - ./jirafeau_data:/data
+ environment:
+ ADMIN_PASSWORD: p4ssw0rd
+ #LANG: en
+ #WEB_ROOT: 'my.domain.de'
+ #STYLE: 'my_jirafeau_theme'
+ #DARK_STYLE: 'my_jirafeau_theme'
+ AVAILABILITIES: |
+ {
+ "minute": true,
+ "hour": true,
+ "day": true,
+ "week": true,
+ "fortnight": true,
+ "month": true,
+ "quarter": false,
+ "year": false,
+ "none": false
+ }
+ ports:
+ - 8080:80
+
+
diff --git a/docker/README.md b/docker/README.md
index 33c9fc0..d170d70 100644
--- a/docker/README.md
+++ b/docker/README.md
@@ -2,7 +2,7 @@
## Run Jirafeau through a pre-made Docker image
-Jirafeau is a small PHP application so running it inside a docker container is pretty straightforward.
+Jirafeau is a small PHP application so running it inside a Docker container is pretty straightforward. Container images are built for AMD64 and ARM64 systems and can be downloaded from our registry at `registry.gitlab.com`.
```shell
docker pull registry.gitlab.com/jirafeau/jirafeau:latest
@@ -20,6 +20,47 @@ cd Jirafeau
docker build -t your/jirafeau:latest .
```
+## Docker Compose
+
+You can use the `docker-compose.yaml` from [here](../docker-compose.yaml)
+
+### Run Container
+
+```sh
+docker compose up -d
+```
+
+### Custom Theme
+
+1. copy the theme data from the running container
+
+ ```sh
+ docker compose cp web:/www/media jirafeau_media
+ ```
+
+2. mount the theme data
+
+ ```yaml
+ #....
+ volumes:
+ - ./jirafeau_media/your_theme:/www/media/your_theme
+ ```
+
+3. set the environment variable
+
+ ```yaml
+ # ....
+ environment:
+ STYLE: 'your_theme'
+ DARK_STYLE: 'your_theme'
+ ```
+
+4. run the compose file
+
+ ```sh
+ docker compose up -d
+ ```
+
## Security
You may be interested in running Jirafeau on port 80:
@@ -36,8 +77,11 @@ Jirafeau's docker image accepts some options through environment variables to ea
More details about options in `lib/config.original.php`.
Available options:
+
- `ADMIN_PASSWORD`: setup a specific admin password. If not set, a random password will be generated.
- `ADMIN_IP`: set one or more ip allowed to access admin interface (separated by comma).
+- `LANG`: choose the language for jirafeau (default auto).
+- `AVAILABILITIES`: change the array for availablibilities that the user can select (see `docker-compose.yaml` for an example how to do that). Availability is the time the file should be available before it can be deleted.
- `WEB_ROOT`: setup a specific domain to point at when generating links (e.g. 'jirafeau.mydomain.com/').
- `VAR_ROOT`: setup a specific path where to place files. default: '/data'.
- `FILE_HASH`: can be set to `md5`, `partial_md5` or `random` (default).
@@ -49,6 +93,7 @@ Available options:
- `DARK_STYLE`: apply a specific style for browsers in dark mode.
- `AVAILABILITY_DEFAULT`: setup which availability shows by default.
- `ONE_TIME_DOWNLOAD`: set to 1 or 0 to enable or disable one time downloads.
+- `ONE_TIME_DOWNLOAD_PRESELECTED`: set to 1 or 0 to preselect the checkbox for one time downloads.
- `ENABLE_CRYPT`: set to 1 or 0 to enable or disable server side encryption.
- `DEBUG`: set to 1 or 0 to enable or disable debug mode.
- `MAXIMAL_UPLOAD_SIZE`: maximal file size allowed (expressed in MB).
@@ -86,9 +131,10 @@ It is also possible to put Jirafeau data into an already existing directory outs
```shell
mkdir /tmp/jirafeau_data
docker run -it --rm -p 8080:80 -v /tmp/jirafeau_data:/data registry.gitlab.com/jirafeau/jirafeau:latest
-
```
+Please note that the files and directories created in the directory outside the container will probably be owned by UID 100.
+
## Few notes
- `var-...` folder where lives all uploaded data is protected from direct access
diff --git a/docker/docker_config.php b/docker/docker_config.php
index 976f366..6037ec6 100644
--- a/docker/docker_config.php
+++ b/docker/docker_config.php
@@ -91,6 +91,26 @@ function env_2_cfg_string_array(&$cfg, $config_name)
return true;
}
+function env_2_cfg_array_from_json(&$cfg, $config_name)
+{
+ $env_name = strtoupper($config_name);
+ $env_string = getenv($env_name);
+ if ($env_string === false) {
+ return;
+ }
+ $result = json_decode($env_string, true);
+ if (json_last_error() === JSON_ERROR_NONE) {
+ // JSON is valid
+ $c = count($result);
+ echo("setting $config_name array with $c value(s)n\n");
+ } else {
+ echo("ERROR - invalid json for environment key $config_name \n");
+ }
+
+ $cfg[$config_name] = $result;
+ return true;
+}
+
function setup_admin_password(&$cfg)
{
if (strlen($cfg['admin_password']) > 0) {
@@ -165,11 +185,13 @@ function run_setup(&$cfg)
env_2_cfg_bool($cfg, 'preview');
env_2_cfg_string($cfg, 'title', false);
env_2_cfg_string($cfg, 'organisation');
+ env_2_cfg_string($cfg, 'lang');
env_2_cfg_string($cfg, 'contactperson');
env_2_cfg_string($cfg, 'style');
env_2_cfg_string($cfg, 'availability_default');
env_2_cfg_string($cfg, 'dark_style');
env_2_cfg_bool($cfg, 'one_time_download');
+ env_2_cfg_bool($cfg, 'one_time_download_preselected');
env_2_cfg_bool($cfg, 'enable_crypt');
env_2_cfg_bool($cfg, 'debug');
env_2_cfg_int($cfg, 'maximal_upload_size');
@@ -178,6 +200,8 @@ function run_setup(&$cfg)
env_2_cfg_string_array($cfg, 'admin_ip');
env_2_cfg_string_array($cfg, 'upload_ip_nopassword');
env_2_cfg_string_array($cfg, 'proxy_ip');
+ // this is a key value based value
+ env_2_cfg_array_from_json($cfg, 'availabilities');
env_2_cfg_bool($cfg, 'store_uploader_ip');
env_2_cfg_string($cfg, 'download_password_requirement');
env_2_cfg_int($cfg, 'download_password_gen_len');
diff --git a/lib/functions.php b/lib/functions.php
index 9091af7..7ac4c9e 100644
--- a/lib/functions.php
+++ b/lib/functions.php
@@ -446,7 +446,7 @@ function jirafeau_upload($file, $one_time_download, $key, $time, $ip, $crypt, $l
'link' => '',
'delete_link' => ''));
}
- jirafeau_add_file($file, $one_time_download, $key, $time, $ip, $crypt, $link_name_length, $file_hash_method);
+ return jirafeau_add_file($file, $one_time_download, $key, $time, $ip, $crypt, $link_name_length, $file_hash_method);
}
/**
@@ -623,7 +623,7 @@ function jirafeau_is_viewable($mime)
if (!empty($mime)) {
$viewable = array('image', 'video', 'audio');
$decomposed = explode('/', $mime);
- if (in_array($decomposed[0], $viewable) && strpos($mime, 'image/svg+xml') === false) {
+ if (in_array($decomposed[0], $viewable) && stripos($mime, 'image/svg+xml') === false) {
return true;
}
$viewable = array('text/plain');
diff --git a/lib/template/footer.php b/lib/template/footer.php
index 637ce42..64132c7 100644
--- a/lib/template/footer.php
+++ b/lib/template/footer.php
@@ -4,14 +4,18 @@
<?php
echo t('MADE_WITH') .
' <a href="' . JIRAFEAU_WEBSITE . '" target="_blank" rel="noopener noreferrer">' . t('JI_PROJECT') . '</a>' .
- '<p> ' . t('DESIGNED') . ' ' . $cfg['contactperson'] . '</p>' .
' (<a href="https://www.gnu.org/licenses/agpl.html" target="_blank" rel="noopener noreferrer"><abbr title="GNU Affero General Public License v3">AGPL-3.0</abbr></a>)';
?>
<!-- Installation dependent links -->
<?php
if (false === empty($cfg['installation_done'])) {
+ if(false === empty($cfg['organisation'])) {
+ echo ' <span>|</span> ';
+ echo ' ' . t('DESIGNED') . ' ' . $cfg['organisation'];
+ }
+
echo ' <span>|</span> ';
- echo '<a href="tos.php" target="_blank" rel="noopener noreferrer">' . t('TOS') . '</a>';
+ echo '<a href="tos.php" target="_blank" rel="nooener noreferrer">' . t('TOS') . '</a>';
}
?>
</p>