From 79464ec6276e8eb0e0b0ad597db02b85080d2b63 Mon Sep 17 00:00:00 2001 From: Patrick Canterino Date: Mon, 16 Jun 2025 11:58:15 +0200 Subject: [PATCH 01/16] Check for commas in MIME type before generating preview It was possible to bypass the preview check by sending a manipulated HTTP request with a MIME type like "image/png,text/html". When parsing the Content-Type of a HTTP response, browsers see multiple MIME types, and the last one, text/html, takes precedence, allowing to execute potentially harmful JavaScript code. This check was originally implemented to address CVE-2022-30110 then CVE-2024-12326. Reported by: - Yann CAM (ycam) (https://yann.cam/) - Killian CHEVRIER (palmier) (https://killianchevrier.fr/) --- lib/functions.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/functions.php b/lib/functions.php index 7ac4c9e..f9fbd9b 100644 --- a/lib/functions.php +++ b/lib/functions.php @@ -623,7 +623,7 @@ function jirafeau_is_viewable($mime) if (!empty($mime)) { $viewable = array('image', 'video', 'audio'); $decomposed = explode('/', $mime); - if (in_array($decomposed[0], $viewable) && stripos($mime, 'image/svg+xml') === false) { + if (in_array($decomposed[0], $viewable) && stripos($mime, 'image/svg+xml') === false && strpos($mime, ',') === false) { return true; } $viewable = array('text/plain'); -- 2.43.0 From 8c8f88ec2104ab0a12ceec4f5a8e2ebeb72758cc Mon Sep 17 00:00:00 2001 From: Patrick Canterino Date: Mon, 16 Jun 2025 12:13:44 +0200 Subject: [PATCH 02/16] Compare stored hashes for admin and download password using hash_equals() This prevents timing attacks and attacks using Type Juggling Originally proposed by onosh --- admin.php | 2 +- f.php | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/admin.php b/admin.php index f8270a2..75cc38d 100644 --- a/admin.php +++ b/admin.php @@ -73,7 +73,7 @@ elseif (true === jirafeau_challenge_admin_ip($cfg, get_ip_address($cfg))) { } /* Test web password authentication. */ elseif (!empty($cfg['admin_password']) && isset($_POST['admin_password'])) { - if ($cfg['admin_password'] === hash('sha256', $_POST['admin_password'])) { + if (hash_equals($cfg['admin_password'], hash('sha256', $_POST['admin_password']))) { jirafeau_admin_session_start(); } else { require(JIRAFEAU_ROOT . 'lib/template/header.php'); diff --git a/f.php b/f.php index f523f72..a93ec98 100644 --- a/f.php +++ b/f.php @@ -171,7 +171,7 @@ if (!empty($link['key'])) { require(JIRAFEAU_ROOT.'lib/template/footer.php'); exit; } else { - if ($link['key'] == md5($_POST['key'])) { + if (hash_equals($link['key'], md5($_POST['key']))) { $password_challenged = true; } else { sleep(2); -- 2.43.0 From 7fd830c66eb04aa70e83936f81a04e119acaf0b5 Mon Sep 17 00:00:00 2001 From: Patrick Canterino Date: Thu, 19 Jun 2025 14:17:35 +0200 Subject: [PATCH 03/16] Updated CHANGELOG --- CHANGELOG.md | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index c3e5aba..38b4a3f 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -12,9 +12,11 @@ 5. Follow the installation wizard, it should propose you the same data folder or even update automatically 6. Check your `/lib/config.local.php` and compare it with the `/lib/config.original.php` to see if new configuration items are available. If a new item is missing in your `config.local.php`, this may trigger some errors as Jirafeau may expect to have them. -## Version 4.6.x (not yet released) +## Version 4.6.3 (not yet released) -- ... +- Fixed the possibility to bypass the checks for [CVE-2022-30110](https://www.cve.org/CVERecord?id=CVE-2022-30110) and [CVE-2024-12326](https://www.cve.org/CVERecord?id=CVE-2024-12326) (prevent preview of SVG images and other critical files) by sending a manipulated HTTP request with a MIME type like "image/png,text/html". When doing the preview, the MIME type "text/html" takes precedence and you can execute for example JavaScript code. +- Compare password hashes using `hash_equals()` +- Upgrade from 4.6.2: in-place upgrade ## Version 4.6.2 -- 2.43.0 From 28ccf13d58e5b5d3e295215f7d28901cb65c127e Mon Sep 17 00:00:00 2001 From: Patrick Canterino Date: Sun, 22 Jun 2025 15:02:31 +0200 Subject: [PATCH 04/16] Jirafeau 4.6.3 is ready --- CHANGELOG.md | 2 +- lib/settings.php | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 38b4a3f..a00d820 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -12,7 +12,7 @@ 5. Follow the installation wizard, it should propose you the same data folder or even update automatically 6. Check your `/lib/config.local.php` and compare it with the `/lib/config.original.php` to see if new configuration items are available. If a new item is missing in your `config.local.php`, this may trigger some errors as Jirafeau may expect to have them. -## Version 4.6.3 (not yet released) +## Version 4.6.3 - Fixed the possibility to bypass the checks for [CVE-2022-30110](https://www.cve.org/CVERecord?id=CVE-2022-30110) and [CVE-2024-12326](https://www.cve.org/CVERecord?id=CVE-2024-12326) (prevent preview of SVG images and other critical files) by sending a manipulated HTTP request with a MIME type like "image/png,text/html". When doing the preview, the MIME type "text/html" takes precedence and you can execute for example JavaScript code. - Compare password hashes using `hash_equals()` diff --git a/lib/settings.php b/lib/settings.php index cbdfaff..cc4a9b2 100644 --- a/lib/settings.php +++ b/lib/settings.php @@ -43,7 +43,7 @@ if ($cfg['debug'] === true) { /* Jirafeau package */ define('JIRAFEAU_PACKAGE', 'Jirafeau'); -define('JIRAFEAU_VERSION', '4.6.x-dev'); +define('JIRAFEAU_VERSION', '4.6.3'); define('JIRAFEAU_WEBSITE', 'https://gitlab.com/jirafeau/Jirafeau'); -- 2.43.0 From ab1f34106e6117ebc1cb80cf3a6528c40fc97065 Mon Sep 17 00:00:00 2001 From: Patrick Canterino Date: Sun, 22 Jun 2025 15:12:28 +0200 Subject: [PATCH 05/16] Begin a new release cycle --- CHANGELOG.md | 4 ++++ lib/settings.php | 2 +- 2 files changed, 5 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index a00d820..19f69e4 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -12,6 +12,10 @@ 5. Follow the installation wizard, it should propose you the same data folder or even update automatically 6. Check your `/lib/config.local.php` and compare it with the `/lib/config.original.php` to see if new configuration items are available. If a new item is missing in your `config.local.php`, this may trigger some errors as Jirafeau may expect to have them. +## Version 4.6.x (not yet released) + +- ... + ## Version 4.6.3 - Fixed the possibility to bypass the checks for [CVE-2022-30110](https://www.cve.org/CVERecord?id=CVE-2022-30110) and [CVE-2024-12326](https://www.cve.org/CVERecord?id=CVE-2024-12326) (prevent preview of SVG images and other critical files) by sending a manipulated HTTP request with a MIME type like "image/png,text/html". When doing the preview, the MIME type "text/html" takes precedence and you can execute for example JavaScript code. diff --git a/lib/settings.php b/lib/settings.php index cc4a9b2..cbdfaff 100644 --- a/lib/settings.php +++ b/lib/settings.php @@ -43,7 +43,7 @@ if ($cfg['debug'] === true) { /* Jirafeau package */ define('JIRAFEAU_PACKAGE', 'Jirafeau'); -define('JIRAFEAU_VERSION', '4.6.3'); +define('JIRAFEAU_VERSION', '4.6.x-dev'); define('JIRAFEAU_WEBSITE', 'https://gitlab.com/jirafeau/Jirafeau'); -- 2.43.0 From 40656e0e31419e968c15d57920c62d0aa2f1d1c9 Mon Sep 17 00:00:00 2001 From: Patrick Canterino Date: Fri, 8 Aug 2025 15:00:52 +0200 Subject: [PATCH 06/16] Mentioned CVE-2025-7066 --- CHANGELOG.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 19f69e4..d06a0bc 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -18,7 +18,7 @@ ## Version 4.6.3 -- Fixed the possibility to bypass the checks for [CVE-2022-30110](https://www.cve.org/CVERecord?id=CVE-2022-30110) and [CVE-2024-12326](https://www.cve.org/CVERecord?id=CVE-2024-12326) (prevent preview of SVG images and other critical files) by sending a manipulated HTTP request with a MIME type like "image/png,text/html". When doing the preview, the MIME type "text/html" takes precedence and you can execute for example JavaScript code. +- Fixed the possibility to bypass the checks for [CVE-2022-30110](https://www.cve.org/CVERecord?id=CVE-2022-30110) and [CVE-2024-12326](https://www.cve.org/CVERecord?id=CVE-2024-12326) (prevent preview of SVG images and other critical files) by sending a manipulated HTTP request with a MIME type like "image/png,text/html". When doing the preview, the MIME type "text/html" takes precedence and you can execute for example JavaScript code. This issue has subsequently been reported as [CVE-2025-7066](https://www.cve.org/CVERecord?id=CVE-2025-7066). - Compare password hashes using `hash_equals()` - Upgrade from 4.6.2: in-place upgrade -- 2.43.0 From 1d414d7f236e26fd125dec93105bfa2ce0fc3540 Mon Sep 17 00:00:00 2001 From: Florian <7305144-fm-sys@users.noreply.gitlab.com> Date: Sat, 9 Aug 2025 12:53:45 +0000 Subject: [PATCH 07/16] give tos notice a specific element id --- f.php | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/f.php b/f.php index a93ec98..922668f 100644 --- a/f.php +++ b/f.php @@ -98,7 +98,7 @@ if (!empty($delete_code) && $delete_code == $link['link_code']) { - + ' . t('TOS') . '.' ?> @@ -143,7 +143,7 @@ if (!empty($link['key'])) { t('GIMME_PSW') . ' : ' . '' . '' . - '' . + '' . t('USING_SERVICE'). ' ' . t('TOS') . '.' . ''; @@ -193,7 +193,7 @@ if (!$password_challenged && !$do_download && !$do_preview) { '' . t('NOW_DOWNLOADING') . ' "' . jirafeau_escape($link['file_name']) . '" (' . jirafeau_human_size($link['file_size']) . ').' . '' . - '' . + '' . t('USING_SERVICE'). ' ' . t('TOS') . '.' . ''; -- 2.43.0 From 9611fc95d7ee0f0f0fa5bc7835b07634fa09dd25 Mon Sep 17 00:00:00 2001 From: Patrick Canterino Date: Sat, 9 Aug 2025 15:06:13 +0200 Subject: [PATCH 08/16] The generated download password was not shown in the "finished" page This feature got accidentally lost during refactoring Also made the form field readonly --- index.php | 6 ++++-- lib/functions.php | 18 +++++++++++++++++- 2 files changed, 21 insertions(+), 3 deletions(-) diff --git a/index.php b/index.php index 435e059..4881c51 100644 --- a/index.php +++ b/index.php @@ -25,7 +25,9 @@ require(JIRAFEAU_ROOT . 'lib/settings.php'); require(JIRAFEAU_ROOT . 'lib/functions.php'); require(JIRAFEAU_ROOT . 'lib/lang.php'); -if ($cfg['download_password_requirement'] === "generated") { +$download_pass = null; + +if ($cfg['download_password_requirement'] === 'generated') { $download_pass = jirafeau_gen_download_pass($cfg['download_password_gen_len'], $cfg['download_password_gen_chars']); } @@ -102,7 +104,7 @@ elseif (true === jirafeau_challenge_upload_ip($cfg, get_ip_address($cfg))) { ?> - +

diff --git a/lib/functions.php b/lib/functions.php index f9fbd9b..5d4602e 100644 --- a/lib/functions.php +++ b/lib/functions.php @@ -1779,7 +1779,7 @@ function jirafeau_write_download_stats($hash, $ip) fclose($handle); } -function jirafeau_create_upload_finished_box($preview = true) +function jirafeau_create_upload_finished_box($preview = true, $download_pass = null) { ?> @@ -1796,6 +1796,22 @@ function jirafeau_create_upload_finished_box($preview = true)

+ +
+

+ +
+

+ '?> + +

+
+
+ + +
-- 2.43.0 From 51a3e59006cc2dbe80a20ea9a5031795249bb914 Mon Sep 17 00:00:00 2001 From: Patrick Canterino Date: Sat, 9 Aug 2025 15:13:44 +0200 Subject: [PATCH 09/16] Download statistics were not shown in the admin interface This feature got accidentally lost during refactoring --- lib/functions.php | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/lib/functions.php b/lib/functions.php index 5d4602e..578276f 100644 --- a/lib/functions.php +++ b/lib/functions.php @@ -771,6 +771,9 @@ function jirafeau_admin_list($name, $file_hash, $link_hash) if (!empty($link_hash) && $link_hash != $node) { continue; } + + /* Get download statistics */ + $ld = jirafeau_get_download_stats($node); /* Print link information. */ echo ''; echo ''; @@ -793,6 +796,11 @@ function jirafeau_admin_list($name, $file_hash, $link_hash) if (strlen($l['ip']) > 0) { echo t('ORIGIN') . ': ' . $l['ip'] . '
'; } + echo t('DOWNLOAD_COUNT') . ': ' . $ld['count'] . '
'; + if ($ld['count'] > 0) { + echo t('DOWNLOAD_DATE') . ': ' . jirafeau_get_datetimefield($ld['date']) . '
'; + echo t('DOWNLOAD_IP') . ': ' . $ld['ip'] . '
'; + } echo ''; if (!$l['crypted'] && !$l['crypted_legacy']) { -- 2.43.0 From f13207503ad0262c4fba3f5cb47d01dcf73f71c5 Mon Sep 17 00:00:00 2001 From: Patrick Canterino Date: Sat, 9 Aug 2025 15:35:46 +0200 Subject: [PATCH 10/16] Trying to upload a file using script.php with an upload password set always ends up in an "Error 2". Added "!isset($_POST['upload_password'])" to the test condition. Patch by Yannis Aribaud --- script.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/script.php b/script.php index aa8c259..ae57449 100644 --- a/script.php +++ b/script.php @@ -74,7 +74,7 @@ if (isset($_FILES['file']) && is_writable(VAR_FILES) !jirafeau_challenge_upload($cfg, get_ip_address($cfg), $_POST['upload_password'])) { echo 'Error 3: Invalid password'; exit; - } elseif (!jirafeau_challenge_upload($cfg, get_ip_address($cfg), null)) { + } elseif (!isset($_POST['upload_password']) && !jirafeau_challenge_upload($cfg, get_ip_address($cfg), null)) { echo 'Error 2: No password nor allowed IP'; exit; } -- 2.43.0 From 45d4b6ade0603e34537d6c21f1a09d5a7304132f Mon Sep 17 00:00:00 2001 From: Patrick Canterino Date: Tue, 12 Aug 2025 15:04:20 +0200 Subject: [PATCH 11/16] Fixed indentation --- lib/functions.php | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/lib/functions.php b/lib/functions.php index 578276f..84bcea8 100644 --- a/lib/functions.php +++ b/lib/functions.php @@ -1804,8 +1804,7 @@ function jirafeau_create_upload_finished_box($preview = true, $download_pass = n

- +

-- 2.43.0 From 97971a35ce678939f577c4fc44c054ef98c72f0b Mon Sep 17 00:00:00 2001 From: Florian <7305144-fm-sys@users.noreply.gitlab.com> Date: Sat, 30 Aug 2025 12:13:45 +0000 Subject: [PATCH 12/16] add short link support --- .gitignore | 3 ++- .htaccess.sample | 7 +++++++ lib/config.original.php | 7 +++++++ lib/functions.js.php | 21 ++++++++++++++++----- 4 files changed, 32 insertions(+), 6 deletions(-) create mode 100644 .htaccess.sample diff --git a/.gitignore b/.gitignore index 4c13bde..02ef59e 100644 --- a/.gitignore +++ b/.gitignore @@ -12,4 +12,5 @@ composer.phar .* !.gitlab-ci.yml !.gitignore -!.dockerignore \ No newline at end of file +!.dockerignore +!.htaccess.sample \ No newline at end of file diff --git a/.htaccess.sample b/.htaccess.sample new file mode 100644 index 0000000..98d1d80 --- /dev/null +++ b/.htaccess.sample @@ -0,0 +1,7 @@ + + RewriteEngine On + + # Match URLs with an 8-character alphanumeric ID + RewriteRule ^([a-zA-Z0-9_-]{8})$ f.php?h=$1 [L,QSA] + + diff --git a/lib/config.original.php b/lib/config.original.php index 8aec857..876ddba 100644 --- a/lib/config.original.php +++ b/lib/config.original.php @@ -34,6 +34,13 @@ $cfg['web_root'] = ''; */ $cfg['var_root'] = ''; +/* Activating 'use_shortlinks' will allow you to use shortened download links + * This requires a web server that supports URL rewriting, like Apache with mod_rewrite. + * If you are using Apache, copy the provided '.htaccess.sample' file in the root directory of + * Jirafeau and store it as '.htaccess'. For other web servers, manual configuration is required. + */ +$cfg['use_shortlinks'] = false; + /* Language - choose between 'auto' or any language located in the /lib/locales/ folder. * The mode »auto« will cause the script to detect the user's browser information * and offer a matching language, or use »en« if it is not available. diff --git a/lib/functions.js.php b/lib/functions.js.php index b8888a6..29d50c1 100644 --- a/lib/functions.js.php +++ b/lib/functions.js.php @@ -25,7 +25,9 @@ function template_js_preview_link() if (!!document.getElementById('preview_link')) { document.getElementById('upload_finished_preview').style.display = 'none'; - var preview_link_href = 'f.php?h=' + reference + '&p=1'; + var preview_link_href = use_shortlinks ? '' : 'f.php?h='; + preview_link_href += reference; + preview_link_href += use_shortlinks ? '?p=1' : '&p=1'; if (crypt_key.length > 0) { preview_link_href += '&k=' + crypt_key; @@ -50,10 +52,12 @@ function template_js_download_page() { ?> // Download page - var download_link_href = 'f.php?h=' + reference; + var download_link_href = use_shortlinks ? '' : 'f.php?h='; + download_link_href += reference; if (crypt_key.length > 0) { - download_link_href += '&k=' + crypt_key; + download_link_href += use_shortlinks ? '?k=' : '&k=' + download_link_href += crypt_key; } if (!!document.getElementById('upload_finished_download_page')) { @@ -79,7 +83,10 @@ function template_js_delete_link() { ?> // Delete link - var delete_link_href = 'f.php?h=' + reference + '&d=' + delete_code; + var delete_link_href = use_shortlinks ? '' : 'f.php?h='; + delete_link_href += reference; + delete_link_href += use_shortlinks ? '?d=' : '&d='; + delete_link_href += delete_code; document.getElementById('delete_link').href = delete_link_href; document.getElementById('delete_link_text').innerHTML = web_root + delete_link_href; // Direct download link - var direct_download_link_href = 'f.php?h=' + reference + '&d=1'; + //var direct_download_link_href = 'f.php?h=' + reference + '&d=1'; + var direct_download_link_href = use_shortlinks ? '' : 'f.php?h='; + direct_download_link_href += reference; + direct_download_link_href += use_shortlinks ? '?d=1' : '&d=1'; if (crypt_key.length > 0) { direct_download_link_href += '&k=' + crypt_key; @@ -132,6 +142,7 @@ require(JIRAFEAU_ROOT . 'lib/lang.php'); ?> // @license magnet:?xt=urn:btih:0b31508aeb0634b347b8270c7bee4d411b5d4109&dn=agpl-3.0.txt AGPL-v3-or-Later var web_root = ""; +var use_shortlinks = ; var lang_array = ; var lang_array_fallback = ; -- 2.43.0 From 8c25790dc330b1465c0d77167103a19ed2a8eea7 Mon Sep 17 00:00:00 2001 From: Patrick Canterino Date: Sat, 30 Aug 2025 14:28:22 +0200 Subject: [PATCH 13/16] Updated CHANGELOG --- CHANGELOG.md | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index d06a0bc..13e53f9 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -14,7 +14,16 @@ ## Version 4.6.x (not yet released) +- Shortlinks... +- Added CSS class `tos` to the link to the "Terms of Service" page +- Download stats introduced in version 4.6.0 were accidentally removed in version 4.6.1. This feature is now available again. +- Generated download passwords were not shown after the upload was completed +- Uploading a file using `script.php` with an upload password set always ended up in an "Error 2". This is fixed now. - ... +- Upgrade from 4.6.2: in-place upgrade + +New configuration items: +- `use_shortlinks` for enabling shortlinks ## Version 4.6.3 -- 2.43.0 From 978683b51e7c6c49377b5a9404f4717cfd2f5392 Mon Sep 17 00:00:00 2001 From: Patrick Canterino Date: Mon, 8 Sep 2025 11:50:56 +0200 Subject: [PATCH 14/16] Updated CHANGELOG --- CHANGELOG.md | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 13e53f9..1dcf19c 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -12,15 +12,15 @@ 5. Follow the installation wizard, it should propose you the same data folder or even update automatically 6. Check your `/lib/config.local.php` and compare it with the `/lib/config.original.php` to see if new configuration items are available. If a new item is missing in your `config.local.php`, this may trigger some errors as Jirafeau may expect to have them. -## Version 4.6.x (not yet released) +## Version 4.7.0 (not yet released) -- Shortlinks... -- Added CSS class `tos` to the link to the "Terms of Service" page +- Added feature for using shortened download links. This requires a web server that supports URL rewriting, like Apache with `mod_rewrite`. +- Added CSS class `tos` for addressing the link to the "Terms of Service" page - Download stats introduced in version 4.6.0 were accidentally removed in version 4.6.1. This feature is now available again. - Generated download passwords were not shown after the upload was completed - Uploading a file using `script.php` with an upload password set always ended up in an "Error 2". This is fixed now. - ... -- Upgrade from 4.6.2: in-place upgrade +- Upgrade from 4.6.3: in-place upgrade New configuration items: - `use_shortlinks` for enabling shortlinks -- 2.43.0 From 10aaabd693a9eeccc85f7310f5070784fa9f5b4b Mon Sep 17 00:00:00 2001 From: Patrick Canterino Date: Mon, 8 Sep 2025 11:54:03 +0200 Subject: [PATCH 15/16] Updated list of authors --- AUTHORS.md | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/AUTHORS.md b/AUTHORS.md index a8e247e..e12f2c1 100644 --- a/AUTHORS.md +++ b/AUTHORS.md @@ -38,6 +38,7 @@ This is a list of people who contributed to Jirafeau over the years. The list wa - fm-sys - François Boulogne - François L +- Georges Taupin - GoZ - Guilherme Andrade - gwunderlich @@ -58,6 +59,7 @@ This is a list of people who contributed to Jirafeau over the years. The list wa - Julien Malik - KajmaczeK - Kidhoma Norman +- Killian Chevrier - Lari Oesch - Laurentiu Dobrota - Luna Jernberg @@ -85,6 +87,7 @@ This is a list of people who contributed to Jirafeau over the years. The list wa - Poorchop - Pyry - Pyry Kujala +- Ruixey - R.W - Sabri Ünal - sam lt @@ -107,6 +110,8 @@ This is a list of people who contributed to Jirafeau over the years. The list wa - Victor Lamoine - Viktar Vauchkevich - Wim Livens +- Yann Cam +- Yannis Aribaud - Yaron Shahrabani - YFdyh000 - Your Name -- 2.43.0 From dcf7ec54255194932d15a8130a86f572ff9e21ee Mon Sep 17 00:00:00 2001 From: Patrick Canterino Date: Mon, 8 Sep 2025 12:03:48 +0200 Subject: [PATCH 16/16] Jirafeau 4.7.0 is ready --- CHANGELOG.md | 3 +-- lib/settings.php | 2 +- 2 files changed, 2 insertions(+), 3 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 1dcf19c..40a6241 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -12,14 +12,13 @@ 5. Follow the installation wizard, it should propose you the same data folder or even update automatically 6. Check your `/lib/config.local.php` and compare it with the `/lib/config.original.php` to see if new configuration items are available. If a new item is missing in your `config.local.php`, this may trigger some errors as Jirafeau may expect to have them. -## Version 4.7.0 (not yet released) +## Version 4.7.0 - Added feature for using shortened download links. This requires a web server that supports URL rewriting, like Apache with `mod_rewrite`. - Added CSS class `tos` for addressing the link to the "Terms of Service" page - Download stats introduced in version 4.6.0 were accidentally removed in version 4.6.1. This feature is now available again. - Generated download passwords were not shown after the upload was completed - Uploading a file using `script.php` with an upload password set always ended up in an "Error 2". This is fixed now. -- ... - Upgrade from 4.6.3: in-place upgrade New configuration items: diff --git a/lib/settings.php b/lib/settings.php index cbdfaff..5e8a13e 100644 --- a/lib/settings.php +++ b/lib/settings.php @@ -43,7 +43,7 @@ if ($cfg['debug'] === true) { /* Jirafeau package */ define('JIRAFEAU_PACKAGE', 'Jirafeau'); -define('JIRAFEAU_VERSION', '4.6.x-dev'); +define('JIRAFEAU_VERSION', '4.7.0'); define('JIRAFEAU_WEBSITE', 'https://gitlab.com/jirafeau/Jirafeau'); -- 2.43.0