]> git.p6c8.net - jirafeau/jirafeau.git/log
jirafeau/jirafeau.git
4 weeks agoAdded TehPeGaSuS to the list of authors
Patrick Canterino [Fri, 5 Jun 2026 14:49:58 +0000 (16:49 +0200)]
Added TehPeGaSuS  to the list of authors

4 weeks agoModified copyright header of all themes
Patrick Canterino [Fri, 5 Jun 2026 14:35:55 +0000 (16:35 +0200)]
Modified copyright header of all themes

4 weeks agoApplied CSS for "show password box" to other themes
Patrick Canterino [Fri, 5 Jun 2026 14:31:44 +0000 (16:31 +0200)]
Applied CSS for "show password box" to other themes

4 weeks agoApplied patch by @Blackstareye from merge request !30
Patrick Canterino [Fri, 5 Jun 2026 14:23:42 +0000 (16:23 +0200)]
Applied patch by @Blackstareye  from merge request !30

Now we have an eye button for toggling the password to clear text

4 weeks agoMerge branch 'patch-1' into 'show_password_box'
Patrick Canterino [Fri, 5 Jun 2026 14:16:41 +0000 (16:16 +0200)]
Merge branch 'patch-1' into 'show_password_box'

Add a Show password checkbox

See merge request jirafeau/Jirafeau!30

4 weeks agoMerge branch 'fix_legacy_upload' into 'next-release'
Patrick Canterino [Fri, 5 Jun 2026 14:02:08 +0000 (16:02 +0200)]
Merge branch 'fix_legacy_upload' into 'next-release'

Fixed file encryption on classic upload

See merge request jirafeau/Jirafeau!34

4 weeks agoMerge branch 'md5_to_sha256' into 'next-release'
Patrick Canterino [Fri, 5 Jun 2026 14:01:33 +0000 (16:01 +0200)]
Merge branch 'md5_to_sha256' into 'next-release'

Md5 to sha256

See merge request jirafeau/Jirafeau!33

4 weeks agoFixed error message occuring on classic upload 34/head
Patrick Canterino [Sun, 31 May 2026 16:55:05 +0000 (18:55 +0200)]
Fixed error message occuring on classic upload

Changed handling of XHR responses

4 weeks agoFixed temporary filenames of encrypted files during classic upload
Patrick Canterino [Sun, 31 May 2026 13:49:28 +0000 (15:49 +0200)]
Fixed temporary filenames of encrypted files during classic upload

4 weeks agoRenamed cfg option debug_enforce_legacy_upload to debug_enforce_classic_upload
Patrick Canterino [Sun, 31 May 2026 13:30:50 +0000 (15:30 +0200)]
Renamed cfg option debug_enforce_legacy_upload  to debug_enforce_classic_upload

4 weeks agoFixed file encryption in classic uploads
Patrick Canterino [Sun, 31 May 2026 13:29:37 +0000 (15:29 +0200)]
Fixed file encryption in classic uploads

Encrypted files uploaded using classic (synchronous) uploads were marked using "C" identifying legacy mcrypt encryption
=> changed to "C2" identifying Sodium encryption

4 weeks agoSmall refactoring 33/head
Patrick Canterino [Sun, 31 May 2026 13:07:50 +0000 (15:07 +0200)]
Small refactoring

5 weeks agoAdded config option to enforce legacy synchronous file upload
Patrick Canterino [Fri, 29 May 2026 14:57:14 +0000 (16:57 +0200)]
Added config option to enforce legacy synchronous file upload

This is useful for debugging, we use it for issue #48

5 weeks agoFixed linter error
Patrick Canterino [Fri, 29 May 2026 13:48:02 +0000 (15:48 +0200)]
Fixed linter error

5 weeks agoPrefixed SHA256 password hashes
Patrick Canterino [Fri, 29 May 2026 13:35:41 +0000 (15:35 +0200)]
Prefixed SHA256 password hashes

This way we can identify them and still compare to legacy MD5 hashes

5 weeks agoHere we actually NEED MD5. This one affects only legacy files encrypted using mcrypt.
Patrick Canterino [Fri, 29 May 2026 13:13:29 +0000 (15:13 +0200)]
Here we actually NEED MD5. This one affects only legacy files encrypted using mcrypt.

5 weeks agoMerge branch 'proposal_ci_php_linting_with_warning' into 'next-release'
Blackeye [Thu, 28 May 2026 18:21:13 +0000 (20:21 +0200)]
Merge branch 'proposal_ci_php_linting_with_warning' into 'next-release'

Proposal ci php linting with warning

See merge request jirafeau/Jirafeau!32

4 months agoMentioned CVE-2026-1466 in CHANGELOG
Patrick Canterino [Wed, 4 Feb 2026 11:36:38 +0000 (12:36 +0100)]
Mentioned CVE-2026-1466 in CHANGELOG

4 months agopat pat - ci linting
Blackeye [Wed, 4 Feb 2026 00:47:30 +0000 (01:47 +0100)]
pat pat - ci linting

4 months agofixed script md5 -> sha256
Blackeye [Wed, 4 Feb 2026 00:39:18 +0000 (01:39 +0100)]
fixed script md5 -> sha256

4 months ago#34 - change md5 to sha256
Blackeye [Wed, 4 Feb 2026 00:33:51 +0000 (01:33 +0100)]
#34 - change md5 to sha256

4 months agoupdated php-cs-fixer version to latest version 32/head
Blackeye [Tue, 3 Feb 2026 22:31:42 +0000 (23:31 +0100)]
updated php-cs-fixer version to latest version

4 months agorearanged anchors and added linting proposal
Blackeye [Tue, 3 Feb 2026 22:19:50 +0000 (23:19 +0100)]
rearanged anchors and added linting proposal

5 months agoUpdated CHANGELOG
Patrick Canterino [Fri, 30 Jan 2026 12:22:47 +0000 (13:22 +0100)]
Updated CHANGELOG

5 months agoMerge branch 'master' into 'next-release'
Patrick Canterino [Fri, 30 Jan 2026 12:19:15 +0000 (13:19 +0100)]
Merge branch 'master' into 'next-release'

Missing favicon

See merge request jirafeau/Jirafeau!31

5 months agoAnother attempt to fix linting 30/head
TehPeGaSuS [Mon, 26 Jan 2026 22:03:25 +0000 (23:03 +0100)]
Another attempt to fix linting

5 months agoTrying to make linting happy
TehPeGaSuS [Mon, 26 Jan 2026 21:46:29 +0000 (22:46 +0100)]
Trying to make linting happy

5 months agoUpload New File
TehPeGaSuS [Mon, 26 Jan 2026 21:25:20 +0000 (22:25 +0100)]
Upload New File

5 months agoAdd a `Show password checkbox`
TehPeGaSuS [Mon, 26 Jan 2026 20:59:12 +0000 (21:59 +0100)]
Add a `Show password checkbox`

5 months agoBegin a new release cycle
Patrick Canterino [Sun, 25 Jan 2026 13:39:52 +0000 (14:39 +0100)]
Begin a new release cycle

5 months agoJirafeau 4.7.1 is ready 4.7.1
Patrick Canterino [Sun, 25 Jan 2026 13:35:16 +0000 (14:35 +0100)]
Jirafeau 4.7.1 is ready

5 months agoUpdated README
Patrick Canterino [Sun, 25 Jan 2026 13:33:36 +0000 (14:33 +0100)]
Updated README

- Notes about lack of end-to-end encryption
- Notes about setting max_upload_chunk_size_bytes manually if updating from an older version

5 months agoUpdated CHANGELOG
Patrick Canterino [Mon, 19 Jan 2026 18:36:45 +0000 (19:36 +0100)]
Updated CHANGELOG

5 months agoDocker image: Updated PHP to 8.3 and removed mime-types.conf from lighttpd.conf
Patrick Canterino [Mon, 19 Jan 2026 18:30:06 +0000 (19:30 +0100)]
Docker image: Updated PHP to 8.3 and removed mime-types.conf from lighttpd.conf

PHP 8.1 is end-of-life
mime-types.conf is not available in recent versions of lighttpd

Fixed issue #45

5 months agoAdded slt to list of authors
Patrick Canterino [Sun, 18 Jan 2026 13:58:01 +0000 (14:58 +0100)]
Added slt to list of authors

5 months agoUpdated CHANGELOG
Patrick Canterino [Sun, 18 Jan 2026 13:30:14 +0000 (14:30 +0100)]
Updated CHANGELOG

5 months agoFurther description of issue #40 in README
Patrick Canterino [Sun, 18 Jan 2026 13:20:21 +0000 (14:20 +0100)]
Further description of issue #40 in README

5 months agoSet default value of max_upload_chunk_size_bytes to 5000000 (5MB)
Patrick Canterino [Sun, 18 Jan 2026 13:14:05 +0000 (14:14 +0100)]
Set default value of max_upload_chunk_size_bytes to 5000000 (5MB)

Higher values can trigger a bug in Chromium based browsers with HTTP/3 on the web server enabled (see issue #40)

5 months agoMerge branch 'bug_mime_sniffing' into 'next-release'
Patrick Canterino [Sat, 10 Jan 2026 15:29:40 +0000 (16:29 +0100)]
Merge branch 'bug_mime_sniffing' into 'next-release'

Disable MIME sniffing to prevent preview of invalid (propably harmful) file types

See merge request jirafeau/Jirafeau!29

5 months agoDisable MIME sniffing to prevent preview of invalid (propably harmful) file types
Patrick Canterino [Sun, 4 Jan 2026 13:54:55 +0000 (14:54 +0100)]
Disable MIME sniffing to prevent preview of invalid (propably harmful) file types

Reported by Yann CAM and Killian CHEVRIER

5 months agoMentioned issue #40 as a known issue in the README file
Patrick Canterino [Sun, 4 Jan 2026 13:43:49 +0000 (14:43 +0100)]
Mentioned issue #40 as a known issue in the README file

9 months agoBegin a new release cycle
Patrick Canterino [Mon, 8 Sep 2025 10:09:50 +0000 (12:09 +0200)]
Begin a new release cycle

9 months agoJirafeau 4.7.0 is ready 4.7.0
Patrick Canterino [Mon, 8 Sep 2025 10:03:48 +0000 (12:03 +0200)]
Jirafeau 4.7.0 is ready

9 months agoUpdated list of authors
Patrick Canterino [Mon, 8 Sep 2025 09:54:03 +0000 (11:54 +0200)]
Updated list of authors

9 months agoUpdated CHANGELOG
Patrick Canterino [Mon, 8 Sep 2025 09:50:56 +0000 (11:50 +0200)]
Updated CHANGELOG

10 months agoUpdated CHANGELOG
Patrick Canterino [Sat, 30 Aug 2025 12:28:22 +0000 (14:28 +0200)]
Updated CHANGELOG

10 months agoMerge branch 'shortlinks' into 'next-release'
Patrick Canterino [Sat, 30 Aug 2025 12:13:45 +0000 (14:13 +0200)]
Merge branch 'shortlinks' into 'next-release'

add short link support

See merge request jirafeau/Jirafeau!24

10 months agoadd short link support
Florian [Sat, 30 Aug 2025 12:13:45 +0000 (12:13 +0000)]
add short link support

10 months agoFixed indentation
Patrick Canterino [Tue, 12 Aug 2025 13:04:20 +0000 (15:04 +0200)]
Fixed indentation

10 months agoMerge branch 'f_issue_35-36' into 'next-release'
Patrick Canterino [Tue, 12 Aug 2025 12:46:59 +0000 (14:46 +0200)]
Merge branch 'f_issue_35-36' into 'next-release'

Fixes for issues 35 and 36

See merge request jirafeau/Jirafeau!26

10 months agoMerge branch 'f_issue_37' into 'next-release'
Patrick Canterino [Tue, 12 Aug 2025 12:45:01 +0000 (14:45 +0200)]
Merge branch 'f_issue_37' into 'next-release'

Fix for issue 37

See merge request jirafeau/Jirafeau!27

10 months agoTrying to upload a file using script.php with an upload password set always ends...
Patrick Canterino [Sat, 9 Aug 2025 13:35:46 +0000 (15:35 +0200)]
Trying to upload a file using script.php with an upload password set always ends up in an "Error 2". Added "!isset($_POST['upload_password'])" to the test condition.

Patch by Yannis Aribaud

10 months agoDownload statistics were not shown in the admin interface
Patrick Canterino [Sat, 9 Aug 2025 13:13:44 +0000 (15:13 +0200)]
Download statistics were not shown in the admin interface

This feature got accidentally lost during refactoring

10 months agoThe generated download password was not shown in the "finished" page
Patrick Canterino [Sat, 9 Aug 2025 13:06:13 +0000 (15:06 +0200)]
The generated download password was not shown in the "finished" page

This feature got accidentally lost during refactoring

Also made the form field readonly

10 months agoMerge branch 'make-tos-identifiable' into 'next-release'
Patrick Canterino [Sat, 9 Aug 2025 12:53:45 +0000 (14:53 +0200)]
Merge branch 'make-tos-identifiable' into 'next-release'

give tos notice a specific element id

See merge request jirafeau/Jirafeau!25

10 months agogive tos notice a specific element id
Florian [Sat, 9 Aug 2025 12:53:45 +0000 (12:53 +0000)]
give tos notice a specific element id

10 months agoMentioned CVE-2025-7066
Patrick Canterino [Fri, 8 Aug 2025 13:00:52 +0000 (15:00 +0200)]
Mentioned CVE-2025-7066

12 months agoBegin a new release cycle
Patrick Canterino [Sun, 22 Jun 2025 13:12:28 +0000 (15:12 +0200)]
Begin a new release cycle

12 months agoJirafeau 4.6.3 is ready 4.6.3
Patrick Canterino [Sun, 22 Jun 2025 13:02:31 +0000 (15:02 +0200)]
Jirafeau 4.6.3 is ready

12 months agoUpdated CHANGELOG
Patrick Canterino [Thu, 19 Jun 2025 12:17:35 +0000 (14:17 +0200)]
Updated CHANGELOG

12 months agoFixes for issues #31 and #32
Patrick Canterino [Thu, 19 Jun 2025 11:56:59 +0000 (13:56 +0200)]
Fixes for issues #31 and #32

See merge request jirafeau/Jirafeau!22

12 months agoCompare stored hashes for admin and download password using hash_equals()
Patrick Canterino [Mon, 16 Jun 2025 10:13:44 +0000 (12:13 +0200)]
Compare stored hashes for admin and download password using hash_equals()

This prevents timing attacks and attacks using Type Juggling

Originally proposed by onosh

12 months agoCheck for commas in MIME type before generating preview
Patrick Canterino [Mon, 16 Jun 2025 09:58:15 +0000 (11:58 +0200)]
Check for commas in MIME type before generating preview

It was possible to bypass the preview check by sending a manipulated HTTP request with a MIME type like "image/png,text/html".
When parsing the Content-Type of a HTTP response, browsers see multiple MIME types, and the last one, text/html, takes precedence, allowing to execute potentially harmful JavaScript code.

This check was originally implemented to address CVE-2022-30110 then CVE-2024-12326.

Reported by:
- Yann CAM (ycam) (https://yann.cam/)
- Killian CHEVRIER (palmier) (https://killianchevrier.fr/)

15 months agoMerge branch 'master' into 'next-release'
Patrick Canterino [Sat, 22 Mar 2025 12:15:31 +0000 (13:15 +0100)]
Merge branch 'master' into 'next-release'

fix grammar mistake

See merge request jirafeau/Jirafeau!21

15 months agofix grammar mistake
Ruixey [Fri, 21 Mar 2025 16:08:57 +0000 (16:08 +0000)]
fix grammar mistake

15 months agoBegin a new release cycle
Patrick Canterino [Tue, 4 Mar 2025 14:39:23 +0000 (15:39 +0100)]
Begin a new release cycle

15 months agoMerge branch 'next-release' 4.6.2
Patrick Canterino [Tue, 4 Mar 2025 14:34:07 +0000 (15:34 +0100)]
Merge branch 'next-release'

15 months agoJirafeau 4.6.2 is ready
Patrick Canterino [Tue, 4 Mar 2025 14:31:23 +0000 (15:31 +0100)]
Jirafeau 4.6.2 is ready

16 months agoUpdated CHANGELOG
Patrick Canterino [Fri, 28 Feb 2025 12:57:19 +0000 (13:57 +0100)]
Updated CHANGELOG

16 months agoMerge branch 'hotfix_issue_21' into 'master'
Blackeye [Wed, 19 Feb 2025 13:46:25 +0000 (13:46 +0000)]
Merge branch 'hotfix_issue_21' into 'master'

HOTFIX: fix for issue #21 and a docker_compose.yaml for testing | cherry https://gitlab.com/jirafeau/Jirafeau/-/commit/8e36d013510ddedf9bb830b547f2de7664815bd0

See merge request jirafeau/Jirafeau!20

16 months agofix for issue #21 and a docker_compose.yaml for testing
Blackstareye [Sat, 18 Jan 2025 17:15:14 +0000 (18:15 +0100)]
fix for issue #21 and a docker_compose.yaml for testing

16 months agoMerge branch 'hotfix_cherrypick_issue_23' into 'master'
Blackeye [Tue, 18 Feb 2025 16:52:49 +0000 (16:52 +0000)]
Merge branch 'hotfix_cherrypick_issue_23' into 'master'

fixed script upload - missing return statement

See merge request jirafeau/Jirafeau!19

16 months agofixed script upload - missing return statement
Blackstareye [Mon, 17 Feb 2025 17:13:46 +0000 (18:13 +0100)]
fixed script upload - missing return statement

16 months agoMerge branch 'fix_for_issue_23' into 'next-release'
Blackeye [Tue, 18 Feb 2025 14:26:37 +0000 (14:26 +0000)]
Merge branch 'fix_for_issue_23' into 'next-release'

fixed script upload - missing return statement

See merge request jirafeau/Jirafeau!18

16 months agofixed script upload - missing return statement
Blackstareye [Mon, 17 Feb 2025 17:13:46 +0000 (18:13 +0100)]
fixed script upload - missing return statement

16 months agoMerge branch 'fix_for_issue_20' into 'next-release'
Blackeye [Mon, 17 Feb 2025 15:51:11 +0000 (15:51 +0000)]
Merge branch 'fix_for_issue_20' into 'next-release'

fix for #20, added also lang to env variables; added function for associative...

See merge request jirafeau/Jirafeau!14

16 months agofixed typo
Blackstareye [Mon, 17 Feb 2025 15:46:11 +0000 (16:46 +0100)]
fixed typo

16 months agoadded run container section
Blackstareye [Mon, 17 Feb 2025 15:42:27 +0000 (16:42 +0100)]
added run container section

16 months agochanged method name and added doc for docker compose
Blackstareye [Mon, 17 Feb 2025 15:39:00 +0000 (16:39 +0100)]
changed method name and added doc for docker compose

17 months agofixed format
Blackstareye [Fri, 24 Jan 2025 19:38:58 +0000 (20:38 +0100)]
fixed format

17 months agofix for #20, added also lang to env variables; added function for associative arrays...
Blackstareye [Fri, 24 Jan 2025 19:26:29 +0000 (20:26 +0100)]
fix for #20, added also lang to env variables; added function for associative arrays (e.g. json in env)

17 months agoexample docker compose with availabilities (defaulted according to config)
Blackstareye [Fri, 24 Jan 2025 19:25:15 +0000 (20:25 +0100)]
example docker compose with availabilities (defaulted according to config)

17 months agoMerge branch 'fix_for_issue_21' into 'next-release'
Blackeye [Tue, 21 Jan 2025 14:18:52 +0000 (14:18 +0000)]
Merge branch 'fix_for_issue_21' into 'next-release'

fix for issue #21 and a docker_compose.yaml for testing

See merge request jirafeau/Jirafeau!13

17 months agofix for issue #21 and a docker_compose.yaml for testing
Blackstareye [Sat, 18 Jan 2025 17:15:14 +0000 (18:15 +0100)]
fix for issue #21 and a docker_compose.yaml for testing

19 months agoBegin a new release cycle
Patrick Canterino [Sun, 1 Dec 2024 14:33:14 +0000 (15:33 +0100)]
Begin a new release cycle

19 months agoUpdated CHANGELOG 4.6.1
Patrick Canterino [Sun, 1 Dec 2024 14:27:35 +0000 (15:27 +0100)]
Updated CHANGELOG

19 months agoJirafeau 4.6.1 is ready
Patrick Canterino [Sun, 1 Dec 2024 14:25:51 +0000 (15:25 +0100)]
Jirafeau 4.6.1 is ready

19 months agoUpdated CHANGELOG
Patrick Canterino [Sun, 1 Dec 2024 14:25:15 +0000 (15:25 +0100)]
Updated CHANGELOG

19 months agoMade check for MIME type "image/svg+xml" case insensitive
Patrick Canterino [Sun, 1 Dec 2024 14:05:34 +0000 (15:05 +0100)]
Made check for MIME type "image/svg+xml" case insensitive

It was possible to bypass this check by sending a manipulated HTTP request with a MIME type like "image/svg+XML".
This check was originally implemented to address CVE-2022-30110.

Reported by:
- Yann CAM (ycam) (https://yann.cam/)
- Georges TAUPIN (jo) (https://www.georgestaupin.com/)

19 months agoFixed footer ("designed by")
Patrick Canterino [Mon, 25 Nov 2024 16:24:07 +0000 (17:24 +0100)]
Fixed footer ("designed by")

19 months agoRemoved references to weblate
Patrick Canterino [Fri, 22 Nov 2024 14:56:24 +0000 (15:56 +0100)]
Removed references to weblate

19 months agoUpdated CHANGELOG
Patrick Canterino [Fri, 22 Nov 2024 13:47:04 +0000 (14:47 +0100)]
Updated CHANGELOG

19 months agoUpdated Docker README
Patrick Canterino [Fri, 22 Nov 2024 13:41:51 +0000 (14:41 +0100)]
Updated Docker README

19 months agoMerge branch 'bug_content_length' into 'next-release'
Patrick Canterino [Sat, 16 Nov 2024 14:09:32 +0000 (14:09 +0000)]
Merge branch 'bug_content_length' into 'next-release'

Store filesize before encrypting the file

See merge request jirafeau/Jirafeau!11

19 months agoUpdated Docker README
Patrick Canterino [Sun, 10 Nov 2024 13:47:41 +0000 (14:47 +0100)]
Updated Docker README

19 months agoStore filesize before encrypting the file
Patrick Canterino [Sun, 10 Nov 2024 13:03:40 +0000 (14:03 +0100)]
Store filesize before encrypting the file

This currently applies only for async uploads.

Otherwise we would send the size of the encrypted file and the data of the unencrypted file.
The encrypted file is usually larger than the unencrypted one. So the browser expects more
data and aborts the download because it thinks it didn't receive all the data.

20 months agoAdded "one_time_download_preselected" to Docker options
Patrick Canterino [Fri, 25 Oct 2024 18:50:18 +0000 (20:50 +0200)]
Added "one_time_download_preselected" to Docker options

20 months agoMerge branch 'docker_arm' into 'next-release'
Patrick Canterino [Thu, 24 Oct 2024 15:39:14 +0000 (15:39 +0000)]
Merge branch 'docker_arm' into 'next-release'

Build Docker images for linux/arm/v7, linux/arm64/v8 and linux/amd64

See merge request jirafeau/Jirafeau!10

20 months agoAdded some comments explaining the build job for the Docker image
Patrick Canterino [Tue, 22 Oct 2024 18:17:59 +0000 (20:17 +0200)]
Added some comments explaining the build job for the Docker image

20 months agoBuild Docker images for linux/arm/v7, linux/arm64/v8 and linux/amd64
Patrick Canterino [Sat, 19 Oct 2024 13:24:08 +0000 (15:24 +0200)]
Build Docker images for linux/arm/v7, linux/arm64/v8 and linux/amd64

patrick-canterino.de