Projectsend Versions Save

• Added file version to CSS and JavaScript assets to prevent cache issues
• Added an option to show a link to the public files repository under the log in form
• Show image file dimensions (manage files, public page, download page, templates)
• Updated Gallery theme to flexbox
• Added link to download translations to the languages dropdown (system users only)
• Fix upload button on default template (by SnappyBird)
• Enlarged PDF preview (by ch1138 and serg499)
• Fixed side menu visibility on dashboard (by ch1138)
• Fixed public page not loading when no public groups were available
• Disabled autocomplete on 2FA verification form (by SnappyBird)
• Fixed PDO warning
• Don’t add

  tag to file description in email notifications if markup has HTML already

• Use full path for sort links (by Koenari)

Features

Users with "uploader" role can now be limited to certain clients only Added 2FA via email with a one time password Added Custom assets manager (HTML, CSS, JS), to insert custom code into available locations (public pages, admin, templates, all) New setting: set default expiration options (file expires or not, day before expiring) New privacy settings: record user's IP for downloads of all users, anonymous only or never File editor: added buttons to copy expiration, public and hidden settings to other files Templates can be extended to the public files list and download file page Added preview for public files in listing and download page

UI

Updated to Bootstrap 5 General update of colors, sizes and placing of elements. Completely revamped the public files list page using the default template style. Standardization of filters, search boxes and bulk actions. Added a button to create new items in pages where they belong (ie: clients list -> Create client, manage files -> Upload file, etc) Applied filters and search bar to public files list Added a simple side modal class to show static content, or load it via ajax Email template tags can now be clicked to insert them into the content area Unsed email template tags are highlighted when editing a template Removed grayed out effect from date selector on file editor, made the field look disabled Copy file selection/settings (expiration, public, categories, clients, groups) grouped together for a cleaner experience. File editor: added expand/collapse of each file Updated the click to copy UI and functions, added Toastr for messages Added copy to clipboard buttons to cron commands and social login callbacks Public files list page group filter: show file count in each group Download information UI fixes Fixed a bug where installer errors were not showing

General Fixes and improvements

Added language selector to all non-logged in pages. On language change, return to previous page instead of index Fixed user password being changed during editing Fixed social login with Linkedin, Twitter, WindowsLive and Yahoo Fixed a bug that prevented removing all categories from a file Import orphan: by default, show allowed files. Improved loading time of Orphan files pages when traversing several thousand files Orphan files can now be deleted. Updated UI to import via actions selector Fixed memberships requests failing when requested_by had to be null Fixed loading plupload language General code cleanup JS and SCSS files completely reorganized Removed Open Sans font since it was loading externally just for the headings Fixed button that loads default emails content Fix for installer not creating the user Separated installer instances into different files Replaced chosen-js with select2 Public file: don't show title if it is equal to filename Public download: file title used as page title Replaced psendmodal with SweetAlert2 Highlight current submenu also on options and email templates Upgraded to Gulp4 (by redondi88) Cron fixes for FreeBSD (By xzenor) Leave only html5 runtime on plupload Updated dependencies

• Fixed deleting files as admin
• Fixed deleting files from the database when they don't exist on the disk
• Added filtering files by assigned/not assigned

New feature: throttle and ban failed log in attempts to prevent brute force attacks. New in security Settings: whitelist or blacklist IPs from the log in ban feature. New in Tools: unblock a banned IP address New feature: cron jobs. Set up a task that can send pending email notifications in batches, deletes expired files and orphan files. New Cron settings page: Enable/disable cron, change cron security key, select which tasks to run, enable or disable running via url, save log to database, send results via email. New in Tools: Cron log viewer Orphan files can now be filtered by allowed/not allowed. If Recaptcha is enabled, use it on login, password reset request and register forms New setting: disable sending email notifications of new files after adding/editing assignations. Enable this and combine it with a cron task to prevent long loading times after saving a file and overloading your mail server. Updates are now separated into different files, with the latest database update number being independent from the software version. Cleans up the process and makes adding new updates easier. Fixed installer issues (redirect loops and old sessions) Fix: Category edit: verify parent id is not equal to same category id (by luca-rigutti) While installing, get default timezone from system Added max-width to the logo image on the gallery template. Enable or disable debug from the custom config file, instead of using a core file Fixed translations not loading and warnings on php 8+ Enable csv uploading by default Use curl -if available- to get new versions and news data, enables timeout to prevent long loading times Fixed: dashboard counters labels where not translatable When editing a user, if role is not client, some fields should be always null (phone, contact, address) Fixed XSS vulnerability on search forms Fixed .htaccess (by RoboDoc) Batch actions are sent as post instead of get to prevent malicious users from sending an action url to an admin user Updated dependencies Prevent registering via POST if self registration is disabled Fixed Title TAG instead of file name (by deklica) Spellchecking + Changed all instances of "his" to "their" when referencing an unknown individual (by ehawman-rosenberg) Fixed JSON responses on widgets (by RiversideRocks)

From r1335 Improved php 8 compatibility by fixing the PDOEx query method (when DEBUG is set to true) Fixed installer missing a database column Fixed manage files and downloads when shell_exec is not enabled. which resulted in wrong file sizes

From r1330 Clients can now make files public according to a new setting (all clients, none, or manually allowed ones) Implemented resumable downloads via php file serving (by jesbrand) Fixed issues when updating due to invalid MySQL date values (by guitoulefoux) Fixed directory traversal security issue (by (Thrun12) Fixed all known XSS vulnerabilities Fixed a security issue due to files IDs not being type validated (by ranjit-git) Fixed file wrong file names in certain downloads (by guitoulefoux) Fixed wrong migrations on users and files relations tables (by guitoulefoux) Replaced invalid characters on file names when downloading the files Fixed download of files with special characters (by PC-COLLEGE-Training) Added Microsoft Graph OAuth2 support (by Seros) Added IIS Compatibility (by Trapulo) Updated dependencies Added Security policy (by zidingz) Fixed X-Accel downloads (by alexey001) Fixed rejection of files with uppercase extensions while trying to upload Prevented more file types from executing from the uploads directory Fixed file name not showing in manage files after renaming (by cesarcorrea) Fixed plupload translation not loading (by jensbrand) Improved compatibility with newer versions of php Fixed and issue that returned a 500 error on the Manage Files page

Added support for X-Accel on nginx Fixed password reset forms returning 403. By @varandinawer New option: select pagination amount for all administration areas Fixed pagination on default template. Solution by @mike-miguel Always check php, mysql and modules requirements to prevent the app from running on unsupported platforms Fixed: statistics chart for roles 7 and 8 Default template: use global pagination amount Fixed missing uppercase characters on uploaded files Fixed typo on activities widget Added file size on public file download page Added file description colum on manage files page Don't show the directories write permissions warning to clients Fix CVE-2020-28874 by @varandinawer Login: removed ajax functionality. Fixes infinite loading during errors. Fixes CVE-2020-28875 (found by @varandinawer)

• Changed php version requirement to 7.1+
• Added files preview for video, audio, PDF and images (in the Manage files page and the default template for clients)
• Added a page under Tools menu to test email configuration and new SSL options
• Multiple files can now be edited at the same time. This is the result of changing how uploads work. As soon as a file finishes uploading it is added to the database so it’s always available and easier to edit
• Added an option to download via XSendFile. This is a huge improvement for large downloads. While it requires a module to be installed on the server, the difference is outstanding. This module skips php when serving files, so that adds resumable downloads, faster speeds, and reduces significantly the chance of corrupt files
• When creating users and clients, you can require them to change the password after their first login
• Social login can now be enabled for Google, Facebook, Twitter, Linkedin, Windows Live, Yahoo
• Better zip download support. When downloading multiple files as zip, everything is recorded on the action log and downloads viewer.
• Added functions to download as zip on Pinboxes and Gallery templates.
• Implemented svg uploading as branding logo or regular shareable files. A sanitizer is added for security
• Flow of some actions have been improved, such as auto login when a client registers an account if auto approve is enabled
• Image files thumbnails are created and served with a new, much more reliable library
• Logged in users can change the language via a selector on the top right corner
• Many security fixes have been applied
• Dependencies are now handled via composer and npm, so it’s much easier to update them (phpmailer, plupload, bootstrap, chart.js, etc) and all assets are compiled via gulp. This leaves us with fewer, more compact and lighter requests and resource files
• Fixed installer issue where you would not be allowed to continue due to directory write errors, but the error was hidden
• New actions on the actions log
• Changed how news and updates are retrieved, eliminating the need for the simple_xml module
• New widget loads via ajax, so the dashboard is quicker to load and does not crash in case of errors
• Actions log widget: you can now select and view any available action instead of a few predetermined ones
• Lots of code refactoring to improve speed and resources usage
• Fixed and issue when updating assignations and several hundred users/groups were targeted and php would stop responding
• Fix: keep original filename special characters when downloading a file
• Improved the default email templates with a bigger font size and content width
• Show a warning if important directories don’t have write permissions
• Several small bug fixes
• Fixed an issue with r1265 where the new columns where not being created on the actions log and user meta tables
• Fixed notices

• Fixed login not working with certain translations (eg: French)
• Removed the need for simple_xml extension
• News and version updates are cached locally to prevent unnecessary connections, making the dashboard load faster everytime.
• Improved email validation
• Fixed a connection issue on the installer
• Replaced the default allowed file types that are set during installation with a more comprehensive (by trini)
• Fix for uploading files with the same name (by AlanReiblein)
• Fixed an issue when uploading files unlisted extensions, even if this was not limited via settings.
• Added the option to download multiple files zipped via the manage files page (same as the default template for clients)
• Security fixes when hiding-showing files and on the installer (by mschop)
• Fixed a security issue that allowed arbitrary code to be executed (by lmsilva)
• Fixed known XSS bugs
• Fixed a security issue where server’s log files would record passwords (reported by Felipe Molina de la Torre)
• Updated README with requirements

New features

• New UI. More modern, responsive and overall more polished looking.
• Can set a maximum file upload size on each client and user, overriding the default one.
• Can now set the default maximum upload size on the installer.
• Added ckeditor as a visual editor on files and groups descriptions (can be disabled)
• Public groups: an option create groups where people can see its contents without being logged in.
• Public page: a special page that shows all of the public groups and files. Has several options. Disabled by default.
• Groups memberships: Option to allow clients to request memberships to public groups. An administrator can approve or deny them.
• Added a new block on the dashboard with server information.
• New template page design, in the style of that of WordPress with themes screnshots and descriptions.
• Manage files: added filter by uploader.
• Added options to set custom subjects on emails.
• Email previews are now accurate in content.
• New option to customize the footer text.
• Better download URLs
• Added an option to prevent indexing by search engines.
• Updated the style of the gallery theme.
• Load a custom.js file if it exists (won't get overwritten when updating).
• Clients can select and expiry date for their files.

Fixes

• Fix for modal window not closing on zip downloads
• Fixed the MySQL error on some versions during installation, attributed to having 2 timestamps columns on the same table with default value of CURRENT_TIMESTAMP. Based on a contribution by cdoepmann.
• Email: don't auth if smtp is selected but auth is set to "none"
• CSV injection bug fix.
• XSS security fixes.
• Several security fixes.
• Fixed category deletion.
• Fix for uploaders not being able to delete their files.
• Several fixes for multiple files downloading as zip.
• Zip files download IDOR fix.
• Fixed showing active status of clients and users.
• New server side pagination, replaces the javacript one which made the site unresponsive if there were a lof of results.
• Some fixes to the manage files page.

Misc

• Added a DEBUG constant.
• Fixed notices on the installer.
• Added a check on the installer for php and mysql versions requierements.
• Some parts of the code where cleaned up, including a new table generation class.
• Refactory of the options pages UI. No more tabs, now groups of options are on their own page. Cleaner and faster to use.
• Admin load a minified version of CSS files.
• Moved most of the backend javacript to it's own file.
• Show the public url on the file editor
• Uploaded scripts. flot, phpmailer.
• Better category administration page.
• Throw a warning if php extension is present in the allowed uploads extension list.
• Several other minor fixes

Contributions:

• A very important contribution in the form of security audit (security-prince)
• MySQL compatibility fixed on the dashboard statistics (DBezemer)
• Handle following of symlinks for imported orphaned files (joshstrange)
• Fix to prevent direct access to the files folder (trainwreckjvbo)
• UI improvements and option to disable the welcome email when creating users (adrianp-sti)
• Fix CVE-2017-9783 and CVE-2017-9786 XSS vulnerabilities. (JackWhite20)
• Fix for the email subjects (remez)
• Login and notification fixes (OrlandoST)
• Fix unsolicited error message on config save (Fix unsolicited error message on config save)
• Fixed bug that stops uploading. (JackWhite20)
• In case the file is a symlink, get the size from the real file not the symlink itself (Kevin Druelle)
• Several Security Fixes (IppSec)
• Expiry dates fixes, new features and improvements (eyeobticeo)
• Typos fixes (hailthemelody)
• Fixed port number problem when behind reverse proxy (berndblume)

New features

Files categories! Think of them as either categories, projects or folders. They are hierarchical and let you organize your files very easily. Clients – for the moment- can only use them to filter files. In the future they will be able to make their own categories and assign files to them.
Added an option so clients can now delete the files they have uploaded.
Moved to Bootstrap 3 for a much better mobile experience.
Log the download when an anonymous user gets a file through a public link.
Extended the downloads information for a particular file. You can now see the total downloads, how much are by unique clients and also how many are anonymous. The table now shows date, ip and remote host of each particular download.
Select system language when logging in (overrides the system defined language for this session only).
Added buttons to auto-generate secure passwords when creating users and clients.
Added an optional Google sign in button.
You can now log in using your e-mail too.
Added reCAPTCHA on the self registration form to prevent spam.
Added a confg file creator that will run if the sys.config.php file isn’t found.
Added a button to show the public URL for a file in the post-upload table.

Misc changes and fixes

Fixed downloading of large files on some servers.
You can now upload and import orphan files even if no clients or groups exist yet.
Files without assignations are not considered orphan anymore. Only those uploaded via FTP are orphan until they are added to the database.
Default and PinBoxes templates now show the categories filter and the expiration status/date for each file.
Redesigned the PinBoxes template to be more modern and compatible.
The username/email field on login isn’t case sensitive anymore.
Improved compatibility with php7

Behind the scenes improvements

CSS clean up
Better generation of the main menu
Replaced textboxlist with jQuery tags input, making the options page stop freezing for a few seconds when loading.
Changed the file renaming routine so characters are replaced by similar allowed ones instead of underscores.
Lots of other small fixes and improvements!