[jirafeau_mojo42.git] / doc / README

Jyraphe, your web file repository
=================================

Jyraphe is a web application of file repository, easy to install and easy to
use. Jyraphe is an entirely free application, it is distributed under the
terms of the GNU Affero General Public License, version 3 or later. See the
COPYING file in this directory.

For more information, see:
http://home.gna.org/jyraphe/

Jyraphe 0.4 (20 april 2009)
---------------------------

  - SECURITY: possible path traversal by uploading a file R0...0 (32 zeroes)
    and calling file.php?h=../files/R0..0
  - BUG: possibility to download a protected file without a key
  - FEATURE: better form (without tables)


Jyraphe 0.3 (28 may 2008)
-------------------------
  - SECURITY: a forged link file could be uploaded and accessed with
    get.php?h=../files/forgedfile so that any readable file could be accessed
  - FEATURE: install.php script with randomised name of the var/ directory
  - FEATURE: password protection
  - FEATURE: time limit
  - FEATURE: Javascript to show the extended options
  - FEATURE: support for multiple CSS and better handling of images in the css
  - FEATURE: better Content-Type handling and XHTML validation
  - SECURITY: now prevent .php from upload, rename it in .phps
  - FEATURE: renamed get.php in file.php (in prevision of thumb.php)


Jyrahe 0.2 (22 april 2008)
--------------------------
  - SECURITY: .htaccess could be uploaded and change the access of var/
  - BUG: infinite loop when renaming a file in case of a collision
  - BUG: warning of the substr_compare when null mime-type
  - BUG: substr_compare not defined for old PHP4


Jyraphe 0.1 (12 april 2008)
---------------------------
  - First release of Jyraphe
  - KNOWN BUG: when not defining $cgf['web_root'] in config.local.php, and
    having $cfg['use_redirect'] = true, the CSS does not appear in case of 404
    error. Workaround: define $cgf['web_root'] in your config.local.php