]>
git.p6c8.net - jirafeau.git/log
Patrick Canterino [Sun, 1 Dec 2024 14:25:51 +0000 (15:25 +0100)]
Jirafeau 4.6.1 is ready
Patrick Canterino [Sun, 1 Dec 2024 14:25:15 +0000 (15:25 +0100)]
Updated CHANGELOG
Patrick Canterino [Sun, 1 Dec 2024 14:05:34 +0000 (15:05 +0100)]
Made check for MIME type "image/svg+xml" case insensitive
It was possible to bypass this check by sending a manipulated HTTP request with a MIME type like "image/svg+XML".
This check was originally implemented to address CVE-2022-30110.
Reported by:
- Yann CAM (ycam) (https://yann.cam/)
- Georges TAUPIN (jo) (https://www.georgestaupin.com/)
Patrick Canterino [Mon, 25 Nov 2024 16:24:07 +0000 (17:24 +0100)]
Fixed footer ("designed by")
Patrick Canterino [Fri, 22 Nov 2024 14:56:24 +0000 (15:56 +0100)]
Removed references to weblate
Patrick Canterino [Fri, 22 Nov 2024 13:47:04 +0000 (14:47 +0100)]
Updated CHANGELOG
Patrick Canterino [Fri, 22 Nov 2024 13:41:51 +0000 (14:41 +0100)]
Updated Docker README
Patrick Canterino [Sat, 16 Nov 2024 14:09:32 +0000 (14:09 +0000)]
Merge branch 'bug_content_length' into 'next-release'
Store filesize before encrypting the file
See merge request jirafeau/Jirafeau!11
Patrick Canterino [Sun, 10 Nov 2024 13:47:41 +0000 (14:47 +0100)]
Updated Docker README
Patrick Canterino [Sun, 10 Nov 2024 13:03:40 +0000 (14:03 +0100)]
Store filesize before encrypting the file
This currently applies only for async uploads.
Otherwise we would send the size of the encrypted file and the data of the unencrypted file.
The encrypted file is usually larger than the unencrypted one. So the browser expects more
data and aborts the download because it thinks it didn't receive all the data.
Patrick Canterino [Fri, 25 Oct 2024 18:50:18 +0000 (20:50 +0200)]
Added "one_time_download_preselected" to Docker options
Patrick Canterino [Thu, 24 Oct 2024 15:39:14 +0000 (15:39 +0000)]
Merge branch 'docker_arm' into 'next-release'
Build Docker images for linux/arm/v7, linux/arm64/v8 and linux/amd64
See merge request jirafeau/Jirafeau!10
Patrick Canterino [Tue, 22 Oct 2024 18:17:59 +0000 (20:17 +0200)]
Added some comments explaining the build job for the Docker image
Patrick Canterino [Sat, 19 Oct 2024 13:24:08 +0000 (15:24 +0200)]
Build Docker images for linux/arm/v7, linux/arm64/v8 and linux/amd64
Patrick Canterino [Sat, 19 Oct 2024 11:31:25 +0000 (11:31 +0000)]
Merge branch 'fix_cs' into 'next-release'
Switched to php-cs-fixer 3.64.0 and PSR12 in CI
Added pipeline for PHP 8.2
See merge request jirafeau/Jirafeau!7
Patrick Canterino [Mon, 14 Oct 2024 17:28:35 +0000 (19:28 +0200)]
Added pipeline for PHP 8.2
Patrick Canterino [Mon, 14 Oct 2024 17:23:13 +0000 (19:23 +0200)]
Skip single_space_around_construct check in CI
Patrick Canterino [Mon, 14 Oct 2024 14:26:16 +0000 (16:26 +0200)]
Fixed every error detected by php-cs-fixer (except the single_space_around_construct type)
Patrick Canterino [Wed, 16 Oct 2024 17:50:05 +0000 (19:50 +0200)]
Updated Docker README
- Mount local directory for data storage
- Syntax highlighting
Patrick Canterino [Mon, 14 Oct 2024 10:22:34 +0000 (12:22 +0200)]
Switched to php-cs-fixer 3.64.0 and PSR12 in CI
Also "fix --dry-run" does the same as "check"
Patrick Canterino [Mon, 14 Oct 2024 17:40:29 +0000 (19:40 +0200)]
Updated README and CHANGELOG
Patrick Canterino [Sat, 12 Oct 2024 14:48:50 +0000 (14:48 +0000)]
Merge branch 'bug_admin_download_encrypted' into 'next-release'
Removed the download button and the corresponding link for encrypted files from the admin interface
See merge request jirafeau/Jirafeau!6
Patrick Canterino [Sat, 12 Oct 2024 14:48:50 +0000 (14:48 +0000)]
Removed the download button and the corresponding link for encrypted files from the admin interface
Patrick Canterino [Sun, 8 Sep 2024 14:26:07 +0000 (14:26 +0000)]
Merge branch 'new-copyright-header' into 'next-release'
Updated copyright header, new list of authors in separate file
See merge request jirafeau/Jirafeau!5
Patrick Canterino [Sun, 8 Sep 2024 14:26:07 +0000 (14:26 +0000)]
Updated copyright header, new list of authors in separate file
Patrick Canterino [Tue, 3 Sep 2024 17:49:49 +0000 (19:49 +0200)]
Updated CHANGELOG
Patrick Canterino [Tue, 3 Sep 2024 17:34:19 +0000 (19:34 +0200)]
Added screenshots directory to .dockerignore
Patrick Canterino [Mon, 2 Sep 2024 17:14:13 +0000 (17:14 +0000)]
Merge branch 'new-screenshots' into 'next-release'
Update screenshots in README and store them in the repository
See merge request jirafeau/Jirafeau!4
Patrick Canterino [Mon, 2 Sep 2024 17:14:13 +0000 (17:14 +0000)]
Update screenshots in README and store them in the repository
Blackeye [Mon, 26 Aug 2024 11:58:02 +0000 (11:58 +0000)]
Merge branch 'f_modularization_wip_rebased' into 'next-release'
Code Modularization
See merge request jirafeau/Jirafeau!3
Blackeye [Mon, 26 Aug 2024 11:58:02 +0000 (11:58 +0000)]
Code Modularization
Patrick Canterino [Sun, 18 Aug 2024 15:53:20 +0000 (17:53 +0200)]
Merge branch 'master' into next-release
This will fix the history after commit
4efa531d in master
Patrick Canterino [Sun, 18 Aug 2024 15:52:31 +0000 (17:52 +0200)]
Copied information about Docker from README files from next-release to master
So our users will instantly get this new information whem opening the GitLab page
Patrick Canterino [Sun, 18 Aug 2024 15:38:00 +0000 (17:38 +0200)]
Fixed Docker README
- URL was incorrect
- Removed warning about outdated image
Patrick Canterino [Sun, 18 Aug 2024 14:01:58 +0000 (14:01 +0000)]
Merge branch 'rebase_integrate_docker_build_and_publish' into 'next-release'
#2: Build and publish Docker images using GitLab CI.
See merge request jirafeau/Jirafeau!1
Erik Hubers [Sun, 11 Aug 2024 12:52:52 +0000 (14:52 +0200)]
#2: Build and publish Docker images using GitLab CI.
---
Add the ability to build & publish a docker image to the Gitlab
container registry when tagging a commit.
For now we'll publish both tag (i.e. `x.x.x`) and `latest` upon trigger.
It's assumed tags are only set on the default branch and only limited
amount people have tag rights. As it publishes `latest` it's important
not to push breaking / untested releases. If required a more elaborate
setup can be created, but let's start somewhere.
For now it's assumed in README.md files we're going to publish to the
GitLab Container Registry, with $CI_REGISTRY/$CI_REGISTRY_IMAGE
variables resolving to `registry.gitlab.com/jirafeau/jirafeau`.
Changes:
- Fixup of several pre-existing linter errors in `php` files
- Cleanup `Dockerfile`, merged `COPY` & `RUN` layers leveraging BuildKit
- Added `publish` pipeline step to be triggered using `tags`
- Updated docker image related references in `README.md`
- Refactored `.gitlab-ci.yaml` to only run `before_script` for linters
Patrick Canterino [Sun, 11 Aug 2024 11:20:25 +0000 (13:20 +0200)]
New config option to preselect the checkbox for deleting the file after the first download
Patrick Canterino [Sat, 10 Aug 2024 16:06:31 +0000 (18:06 +0200)]
Changed JIRAFEAU_VERSION so that we can identify that this is a development vesion
Patrick Canterino [Mon, 15 Jul 2024 19:18:48 +0000 (21:18 +0200)]
Define new constant JIRAFEAU_WEBSITE with the project's website
Made use of this constant where possible
Patrick Canterino [Sat, 13 Jul 2024 14:25:32 +0000 (16:25 +0200)]
README: Deny access to var on Apache using "Require all denied"
Patrick Canterino [Sat, 13 Jul 2024 14:12:01 +0000 (16:12 +0200)]
Added some words about a custom dark theme
Added folder "dark-custom" to .gitignore
Patrick Canterino [Sat, 6 Jul 2024 13:48:59 +0000 (15:48 +0200)]
Jirafeau version 4.6.0
Patrick Canterino [Sat, 6 Jul 2024 13:42:53 +0000 (15:42 +0200)]
Fixed headings in Docker README
Also mentioned that there is currently no pre-made Docker image
Patrick Canterino [Sat, 6 Jul 2024 13:40:02 +0000 (15:40 +0200)]
Fixed headings in README
Patrick Canterino [Sat, 6 Jul 2024 13:38:20 +0000 (15:38 +0200)]
Fixed headings in CHANGELOG
Patrick Canterino [Sat, 6 Jul 2024 13:20:24 +0000 (15:20 +0200)]
Added link to Sodium extension in README
Patrick Canterino [Sat, 6 Jul 2024 12:10:47 +0000 (14:10 +0200)]
Note the authentication type (by password or by IP no password) in the session
This allows us to show the logout button only if the user is authenticated by password
Patrick Canterino [Sat, 6 Jul 2024 11:33:10 +0000 (13:33 +0200)]
Translated INSTALL_FILE_NOT_FOUND_TITLE and INSTALL_FILE_NOT_FOUND_DESC to German
Patrick Canterino [Fri, 5 Jul 2024 16:03:33 +0000 (18:03 +0200)]
Small changes to README and CONTRIBUTING
fm-sys [Mon, 1 Jul 2024 21:46:58 +0000 (23:46 +0200)]
Small readme adoptions
Patrick Canterino [Mon, 1 Jul 2024 18:15:53 +0000 (20:15 +0200)]
Changed URLs to point to new group repository
Patrick Canterino [Sun, 30 Jun 2024 13:05:18 +0000 (15:05 +0200)]
Fixed some things in README (typos, URLS, formatting)
Patrick Canterino [Fri, 28 Jun 2024 13:29:52 +0000 (15:29 +0200)]
Changed links to point to my fork
Patrick Canterino [Thu, 27 Jun 2024 12:29:01 +0000 (14:29 +0200)]
Updated CHANGELOG to reflect the changes since 4.5.0
Patrick Canterino [Thu, 27 Jun 2024 12:03:15 +0000 (14:03 +0200)]
Fixed some things in README, especially the inline code
Patrick Canterino [Thu, 27 Jun 2024 10:31:46 +0000 (12:31 +0200)]
Merge branch 'multi-http-admins' into next-release
Patrick Canterino [Thu, 27 Jun 2024 10:19:54 +0000 (12:19 +0200)]
Updated README
Patrick Canterino [Thu, 27 Jun 2024 10:15:52 +0000 (12:15 +0200)]
Merged next-release into master
Jérôme Jutteau [Fri, 21 Jun 2024 07:19:36 +0000 (07:19 +0000)]
Add @Blackstareye's fork
@ref #360
Jerome Jutteau [Wed, 12 Jun 2024 19:26:41 +0000 (21:26 +0200)]
Update some badges in README
Signed-off-by: Jerome Jutteau <jerome@jutteau.fr>
Jerome Jutteau [Wed, 12 Jun 2024 19:05:29 +0000 (21:05 +0200)]
End of maintenance
Signed-off-by: Jerome Jutteau <jerome@jutteau.fr>
Patrick Canterino [Sun, 19 Mar 2023 13:15:50 +0000 (14:15 +0100)]
Allow multiple usernames when using HTTP authentication for the admin interface
Changed $cfg['admin_http_auth_user'] to an array to provide multiple usernames.
The option to provide a string here is preserved for backward compatibility.
Patrick Canterino [Sun, 26 Nov 2023 13:17:16 +0000 (14:17 +0100)]
Fixed some mistakes in german translation
Patrick Canterino [Wed, 3 Apr 2024 13:14:14 +0000 (15:14 +0200)]
Fixed a typo
Patrick Canterino [Wed, 3 Apr 2024 12:44:01 +0000 (14:44 +0200)]
Centralize legacy mcrypt decryption in `jirafeau_decrypt_file_legacy()`
Same as with `jirafeau_decrypt_file()` in a previous commit
`jirafeau_decrypt_file_legacy()` was also broken, a `mcrypt_generic_init()` was missing
Patrick Canterino [Wed, 3 Apr 2024 12:36:16 +0000 (14:36 +0200)]
Fixed function comments
Patrick Canterino [Wed, 3 Apr 2024 12:21:33 +0000 (14:21 +0200)]
Define constants only if Sodium is available
Patrick Canterino [Mon, 1 Apr 2024 13:37:37 +0000 (15:37 +0200)]
Centralize decryption in `jirafeau_decrypt_file()`
Previously the decryption code in f.php was a copy of `jirafeau_decrypt_file()`.
Now, we let the funtion write to `php://output`.
`jirafeau_decrypt_file()` was previously broken because of me doing copy-paste...
Patrick Canterino [Mon, 1 Apr 2024 13:08:53 +0000 (15:08 +0200)]
Mention that source and destination file must not be the same and abort if they are the same
Patrick Canterino [Sat, 30 Mar 2024 13:02:22 +0000 (14:02 +0100)]
Define some Sodium constants from newer PHP versions if they are not available
Patrick Canterino [Sat, 30 Mar 2024 12:51:40 +0000 (13:51 +0100)]
Check return value of `rename()` after encryption
Patrick Canterino [Fri, 29 Mar 2024 12:12:31 +0000 (13:12 +0100)]
Show a warning in admin interface if Sodium is not available
Patrick Canterino [Thu, 28 Mar 2024 17:06:56 +0000 (18:06 +0100)]
Mention changed encryption algorithm and module in README
Patrick Canterino [Thu, 28 Mar 2024 16:50:24 +0000 (17:50 +0100)]
Re-emplementing encryption using Sodium
Changes:
- Encryption using Sodium
- Key is generated using random_bytes() (cryptographically secure)
- Encryption is done using a second file, which is renamed after encryption is
complete (by using the same file, we would encrypt already encrypted data
again)
- A file encrypted using Sodium is marked with "C2" in the link file, so we can
distinguish them from files encrypted using mcrypt
ToDo:
- Error checking
- Show a warning in the admin interface if Sodium is not available
Fabien Clément [Wed, 8 Nov 2023 09:25:23 +0000 (09:25 +0000)]
mod_usertrack was deprecated and seems to be retired (currently installing from latest php 8.1 alpine image)
I remove it and application still seems to work as expected
Patrick Canterino [Thu, 27 Apr 2023 18:17:07 +0000 (20:17 +0200)]
Provide URL scheme in installer
Sandybunting [Tue, 27 Sep 2022 16:31:08 +0000 (16:31 +0000)]
Fixed and improved Docker image options.
Fixed the Docker image TITLE option and added a DARK_STYLE option.
Changes made to docker_config.php and the docker README
Jack Footner [Thu, 9 Mar 2023 05:27:35 +0000 (15:57 +1030)]
Require Root to make access denied prettier
Jack Footner [Thu, 9 Mar 2023 05:02:57 +0000 (15:32 +1030)]
Add new `admin_ip` configuration option
Dan Untenzu [Wed, 15 Mar 2023 13:40:43 +0000 (14:40 +0100)]
[FEATURE] Add meta viewport
Add the generic meta viewport tag,
to support responsive themes.
Refs #328
Andrea Zucchelli [Sat, 10 Jun 2023 22:08:03 +0000 (00:08 +0200)]
fix: docker lighttpd mod_usertrack not found
Andrea Zucchelli [Sat, 10 Jun 2023 21:57:28 +0000 (23:57 +0200)]
fix:remove deprecated strftime
Mathis Mensing [Wed, 5 Apr 2023 07:00:53 +0000 (09:00 +0200)]
fix: favicon location
Wim Livens [Sun, 2 Oct 2022 22:40:02 +0000 (00:40 +0200)]
keep and show basic download stats
gwunderlich [Fri, 2 Sep 2022 14:42:37 +0000 (16:42 +0200)]
fix wrong location for cfg access
gwunderlich [Fri, 2 Sep 2022 14:35:41 +0000 (16:35 +0200)]
fix input validation on required/regex setting
gwunderlich [Fri, 2 Sep 2022 12:57:39 +0000 (14:57 +0200)]
add function to check or generate file download passwords
gwunderlich [Mon, 14 Nov 2022 14:23:21 +0000 (15:23 +0100)]
Fix for mcrypt error, when encrypting files of size = X*1024 bytes
Jerome Jutteau [Fri, 26 Aug 2022 07:34:15 +0000 (09:34 +0200)]
[BUGFIX] Fix Linter
Update to php-cs-fixer which supports php >7.4 and >8.1. Removed unsupported versions
closes #320
Signed-off-by: Jerome Jutteau <jerome@jutteau.fr>
Jerome Jutteau [Wed, 24 Aug 2022 22:08:43 +0000 (00:08 +0200)]
[TASK] Fix php-cs-fixer errors
Signed-off-by: Jerome Jutteau <jerome@jutteau.fr>
Jerome Jutteau [Wed, 24 Aug 2022 20:09:15 +0000 (22:09 +0200)]
[TASK] rework user auth
This is a cleaner way to upload files and also prepare for #311.
Signed-off-by: Jerome Jutteau <jerome@jutteau.fr>
Jerome Jutteau [Tue, 19 Jul 2022 11:17:43 +0000 (13:17 +0200)]
Jirafeau version 4.5.0
closes #306
Signed-off-by: Jerome Jutteau <jerome@jutteau.fr>
Jerome Jutteau [Fri, 15 Jul 2022 12:27:23 +0000 (14:27 +0200)]
Revert "[TASK] update CI to add PHP 8.1"
This reverts commit
8b1d336a1c2693b7f372df10860b96aa8d8a6a82 .
Jerome Jutteau [Fri, 15 Jul 2022 11:46:09 +0000 (13:46 +0200)]
[BUGFIX] Negative download speed display
fixes #309
Signed-off-by: Jerome Jutteau <jerome@jutteau.fr>
Asharas [Sun, 10 Jul 2022 20:03:11 +0000 (22:03 +0200)]
Fix JIRAFEAU_UPLOAD_PASSWD use.
Variable in help is described as JIRAFEAU_UPLOAD_PASSWD but both tested
and assigned variables have the wrong name.
Jerome Jutteau [Thu, 7 Jul 2022 13:20:03 +0000 (15:20 +0200)]
[BUGFIX] fix admin moving buttons on focus on dark-courgette
Signed-off-by: Jerome Jutteau <jerome@jutteau.fr>
Jerome Jutteau [Wed, 6 Jul 2022 18:34:35 +0000 (20:34 +0200)]
[TASK] Fix weblate warning regarding ku lang.
Original warning:
> Files for translated languages are using ambiguous language codes.
> These language codes indicate a macrolanguage, and it is usually better to use the code of the individual language instead.
> Language code: ku
> Suggested individual language codes: ckb, kmr, sdh
I will arbitrally choose ckb because I ignore differences about those individual languages and I'am sorry for this.
Feel free to edit, open an issue or edit those individual languages.
Signed-off-by: Jerome Jutteau <jerome@jutteau.fr>
Jerome Jutteau [Wed, 6 Jul 2022 18:09:46 +0000 (20:09 +0200)]
[TASK] Update release process
Signed-off-by: Jerome Jutteau <jerome@jutteau.fr>
Jerome Jutteau [Wed, 6 Jul 2022 18:02:50 +0000 (20:02 +0200)]
[TASK] Update changelog
Signed-off-by: Jerome Jutteau <jerome@jutteau.fr>
Jerome Jutteau [Wed, 6 Jul 2022 17:46:15 +0000 (19:46 +0200)]
[TASK] import weblate the hard way
Webblate git repository was conflicting with gitlab's origin since two release.
This induced a lot of conflicts which are now resolved in this single commit.
Weblate will be hard-based on this commit.
Signed-off-by: Jerome Jutteau <jerome@jutteau.fr>
patrick-canterino.de