This repository has been archived by the owner on Nov 15, 2024. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 365
/
changelog.txt
516 lines (422 loc) · 19.3 KB
/
changelog.txt
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
Responsive Filemanager Changelog
*********************************************************
* RFM 9.14.0
*********************************************************
- add support to tinymce 5 (thanks to mikolaj pich)
- change image editor to Toast UI Image Editor (thanks to jack denning)
- fix Critical Security (thanks to Fariskhi Vidyan for reporting)
- add ckEditor on html file edit
- update context menu (thanks to joshua schmidtke)
- fix upload an image with malicius code inside
- added compatibility with memory_limit expressed in G
- fix relative url return
- fix error on file duplication
- fix error with memory usage (thanks to tim mclaughlin)
- fix a vulnerability on url upload (thanks to donot-wong for reporting)
- fix return on upload in same cases
- other fixes (thanks to all for reporting)
*********************************************************
* RFM 9.13.4
*********************************************************
- fix Directory Traversal Allows to Read Any File (thanks to Simon Uvarov for reporting)
- fix Path Traversal While Upacking Archives (thanks to Simon Uvarov for reporting)
- Fix foreach warning on URL upload
- Fix http https URL upload
- add toggle on config for extract_files
- prevent image creation for broken links in URL upload (thanks to davodavodavo3)
- Migrate to yarn on development (thanks to mklkj)
- code refactoring
*********************************************************
* RFM 9.13.3
*********************************************************
- support to files without extension
- fix Path Traversal vulnerability and url validation
- fix vulnerability that permits to see server files
- fix double file and folder rename
- refactoring
- update Hungarian, German and Thai languages
- fix nested php tags in download permission
- change jPlayer script to cdn
*********************************************************
* RFM 9.13.2
*********************************************************
- empty filename support (like .htaccess, .env,...)
- fix download bug
- refactoring check extension
*********************************************************
* RFM 9.13.1
*********************************************************
- folder creation fix
- blacklist fix
- php < 5.6 compatibility fix
*********************************************************
* RFM 9.13.0
*********************************************************
- multiple file selection: you can delete multiple files, you can select multiple file (n.b. if you select multiple files on stand alone mode it return a json list of urls, if you use editor with normal mode return only the first and if you use tinymce with responsivefilemanager plugin return all files on editor)
- you can disable mime type renaming on config
- blacklist extensions available on config
- fixed precompiled test on duplication
- rfm remember the last folder when return to filemanager
- added mime type .rar
- fixed folder permission to get config value
- fixed an error on folder renaming
- a lot of others bugs fixed
*********************************************************
* RFM 9.12.2
*********************************************************
- fixed a security vulnerability (thanks to sashaptrw)
- fixed other minor problems
*********************************************************
* RFM 9.12.1
*********************************************************
- fix FTP support
- fix problem with subfolder session
*********************************************************
* RFM 9.12.0
*********************************************************
- fixed multiple security vulnerabilities (thanks to Ryan Dewhurst - BSc Ethical Hacking for Computer Security, CCNA)
- fixed lazy loading problems with a new plugin
- copy url without flash with clipboard.js
- removed java uploader and introduce new upload system with canucks part
- new upload method with jQuery-File-Upload
- removed viewer_js and substituted with google preview
- fix problem with url upload
- multiple files, folder upload permission also WITH RECURSIVE FOLDER UPLOAD
- fix the config.php inclusion on subfolders see CUSTOMISE CONFIGURATION FOR EACH FOLDER on documentation
- RTL stylesheet on repository (if you want to use simply include on dialog.php)
- you can now drop files/folders everywhere to upload
*********************************************************
* RFM 9.11.3
*********************************************************
- fixed multiple security vulnerabilities (thanks to Wiswat Aswamenakul (Nick))
- url upload toggle
- fixed upload xml
- prettify improvement
- added cad preview
- other minor bug fixes
*********************************************************
* RFM 9.11.0
*********************************************************
- fixed multiple security vulnerabilities (thanks to CERT-W and Davide Girardi from Outpost24)
- Add FTP beta support
- Upload from URL
- Add watermark on images
- fixed problem with some file type on upload
- fixed a problem with change language
- fixed a problem with rename
- fixed a problem with upload mine type
- fixed memory_error bool indicator
- add configuration to add &time to image to prevent chaching
- other fixes
*********************************************************
* RFM 9.10.2
*********************************************************
- fixed Download of large file
- added pause resume download
- fixed problem with base_url function
- removed set_time_limit call
*********************************************************
* RFM 9.10.1
*********************************************************
- now you can pass available extensions list in url (ex. you can show only excel files)
- fixed a problem with php<5.3
- remember filter and sort after refresh
- added config toggle to show/hide filter buttons and language selection button
- fixed a problem when you click on namefile label (previously was equal to click two times)
- fixed a problem with relative path with folder (thanks to gordon-matt)
- fixed a problem with mimetype in some cases
- fixed a problem with cache on image editor include
- fixed a problem with + char on folders name
*********************************************************
* RFM 9.10.0
*********************************************************
- added total max size control to limit the size of all files into
source folder (you can control it in config.php) (thanks to Stephane MERCIER)
- improved the error messages (thanks to Stephane MERCIER)
- update jplayer
- fixed a incorrect closing of upload modal
- fixed lowercase on convert_spaces active and add lower_case option on config.php
- add mimetype control on upload (ex. if i renane img.jpg to img.pdf and upload to filemananger the system check the time type and converte it to img.jpg)
- fixed permission error on files and folders
- other fix
*********************************************************
* RFM 9.9.7
*********************************************************
- fixed pdf preview
- fixed a bug with session subfolder folder creation
- fixed a bug with folder creation
- fixed a problem with ie and allow_url_fopen server config
- fixed a problem with folder copy
- fixed a problem with relative folder url export
- fixed error 'TypeError: $ is not a function'
- fixed a problem with lang in query string
- fixed a problem with drag&drop on android
*********************************************************
* RFM 9.9.6
*********************************************************
- fixed a security vulnerability (thanks to securitum.pl)
- code refactoring removed thumb path to ajax calls
- improve file/folder permission layout and fixed a error
- fixed a problem with image editor
- added vitnamese language
*********************************************************
* RFM 9.9.5
*********************************************************
- fixed a Adobe Creative SDK issue
- fixed a problem when you edit multiple image in the same session
- fixed a problem with security issue in some server configurations
- added maxSize config to Adobe Creative SDK export image (default now is 1400)
*********************************************************
* RFM 9.9.4
*********************************************************
- Upgrade Aviary Image Editor with new Adobe Creative SDK without size limitation
- Add files and folders counter on each folder
- Fixed a problem with folder selection on relative url
*********************************************************
* RFM 9.9.3
*********************************************************
- Fixed the problem with undefined windowParent
- Fixed a problem with selection on CKeditor
- Added bootstrap modal default support
*********************************************************
* RFM 9.9.2
*********************************************************
- added file selection directly from dropzone upload area (you can now select file directly after upload)
- folder selection in context menu (you can now select also a folder)
- responsive filemanager modal open on tinyMCE (the dimension of modal depend on window dimension)
- utf8 translitteration fix
*********************************************************
* RFM 9.9.1
*********************************************************
- bugfix
*********************************************************
* RFM 9.9.0
*********************************************************
- add compatibility with CKEditor (thanks to dennis.buijs)
- fix ordering and filtering bugs (in js and php)
- Refactoring of configuration and language files (thanks to rkgrep)
- updated libraries via bower dependency management (thanks to rkgrep)
- added Assets compilation via gulp for developing (thanks to rkgrep)
- added Hebrew lang (sagie212)
*********************************************************
* RFM 9.8.1
*********************************************************
- add compatibility with free full resolution with aviary image editor
- convert all include(); with include ‘’;
- fix a problem with lowercase automatically change
*********************************************************
* RFM 9.8
*********************************************************
- added pdf, openoffice files preview with customized viewer.js
- added other office file preview with google preview
- fixed ordering bug
- improved layout style
- added copy to clipboard button on show url dialog
- fixed a bug when download a file
- fixed a bug in relative path images creation
- adding custom convert_spaces [by fungio]
*********************************************************
* RFM 9.7.3
*********************************************************
- Fix a problem with lazy load and filters
- add option to remember text filter in session
*********************************************************
* RFM 9.7.2
*********************************************************
***** Major *****
- Added mime type lib for downloads
- Added lazy loading feature
- Added options for auto and max image resizing
- Lang. updates
- Added touch devices support for drag&drop
- Added support for returning relative URL-s
- Bugfixes
***** Detailed *****
- Added mime type lib for downloads
All downloads no should load successfuly
- Added lazy loading feature
Images will only load when in the viewport so when you are in a crowded folder it will load faster
- Added options for auto and max image resizing
In the past all images that was resized either with max_image or auto resize was cropped.
Now the user can specify to crop,exact,landscape or portrait options.
The max image size can be overridden by auto resize option
- Added support for returning relative URL-s
Relative URL-s can be returned when selecting files from the filemanager: a 'relative_url' GET parameter should be
added to the request with a value of "1" when opening RFM. Otherwise returned URL-s will be absolute.
- Bugfixes
Fixed css bugs
Fixed drag&drop bugs
Removed 'default' access keys for security
*********************************************************
* RFM 9.6.0
*********************************************************
***** Major *****
- Cross domain feature
- Add in config.php a option to replace all spaces with _
- Encoding of Export URL
- Code refactoring
***** Detailed *****
- Cross domain feature:To enable cross-domain file selector, where files are hosted on one server (for example, serverA.com) and URL is being sent to another (for example, serverB.com), include crossdomain=1 in the URL.
For example, to instantiate image picker, use the following URL:
http://serverA.com/[path to filemanager]/filemanager/dialog.php?type=1&field_id=fieldID&crossdomain=1
Then on serverB.com, the following code can be used to retrieve the URL after file selection is made. Please note, that the code is written for jQuery with FancyBox plug-in.
//
// Handles message from ResponsiveFilemanager
//
function OnMessage(e){
var event = e.originalEvent;
// Make sure the sender of the event is trusted
if(event.data.sender === 'responsivefilemanager'){
if(event.data.field_id){
var fieldID=event.data.field_id;
var url=event.data.url;
$('#'+fieldID).val(url).trigger('change');
$.fancybox.close();
// Delete handler of the message from ResponsiveFilemanager
$(window).off('message', OnMessage);
}
}
}
// Handler for a message from ResponsiveFilemanager
$(‘.opener-class).on('click',function(){
$(window).on('message', OnMessage);
});
FILE MANAGER AS TINYMCE PLUG-IN
There is extra parameter needed filemanager_crossdomain when calling tinymce.init(), please see below.
tinymce.init({
...
filemanager_crossdomain: true,
external_filemanager_path:"http://path/secondaryserver/filemanager/",
external_plugins: { "filemanager" : "http://path/secondaryserver/filemanager/plugin.min.js"},
...
});
- Convert_spaces options: enable the conversion of spaces to _ in file and folder name
*********************************************************
* RFM 9.5.0
*********************************************************
***** Major *****
- File permission changing
- Language Changing
- View/edit/create text files
- Fixes
NOTE: Changed upload button's icon!
***** Detailed *****
- File permission changing (OFF BY DEFAULT!)
Now you can change the files/folders permission with a slick window.
To access the window first you must activate it in the config file.
After you activated it you can reach it from the rigth click menu.
You can configure the permission with both text and checkboxes.
If you entered a wrong format/number the initial state will be restored.
When changing permissions for folders there will be more options for
recursive changing (No/only files/only folders/both).
If you set the permission wrong there will be errors.
NOTE! If you don't know what you are doing then leave as it is bacause
you can cause trouble.
Usually files are 644 and folders are 755
You CANNOT set the sticky bit!
- Language Changing
You can now change the language dynamicly from the menu.
The button is located next to the refresh button (a globe icon)
If adding new language, it should be added to the languages.php file as
well for it to show up.
I tried to identify all language codes and add the name on there own
language but I might messed up so please check it and correct it if
necessary. (Because I'm only a human and speak only 2 languages)
- View/edit/create text files
You can now view/edit/create text based files like .txt.
To view a file's content just click on the preview (eye) icon.
To edit a file rigth click on it and select "Edit file's content"
To create a new file just click on the "+ file" icon (old upload button)
When creating a new file you must specify it's extension.
All valid extensions for edit/create are listed in the config file
($editable_text_file_exts)
- Fixes
Fixed some css overflow errors
Removed lang_View from menu because it was overflowing
Removed hr.php lang because it's the same as hr_HR.php
Changed upload buttons icon to accomodate the "new file" addition
*********************************************************
* RFM 9.4.1
*********************************************************
***** Major *****
- Security Access Keys
- More Tinymce settings
- Tinymce 3.* support
- Added image resize options
- Bugfixes
***** Detailed *****
- Security Access Keys
If 'USE_ACCESS_KEYS' are set to true only those will access RF whose url
contains the access key (akey) like:
<input type="button" href="../filemanager/dialog.php?akey=myPrivateKey">
Allowed access keys are defined in the config as well.
$access_keys must be an array so you can add multiple.
Your access key should NEVER be 'key' and keep in mind they are CASE
SENSITIVE!
For recommended key generation read the comments in the config file.
If there's no access key supplied with the url or it's not in the
$access_key array you will get 'Access Denied' and you cannot continue.
For tinymce a new variable was added: "filemanager_access_key"
Tinymce config example:
tinyinit
...
external_filemanager_path:"../filemanager",
filemanager_access_key: "myPrivateKey",
...
This is a bit of additional security so no one can access your filesystem.
- More Tinymce settings
- Added 'filemanager_subfolder' param so you can now define the starting folder in tinymce
eg: 'filemanager_subfolder:"subfolder/"'
- Bugfixes
- Fixed audio/video player bug
- Fix in remember last position
- Show url context link in all files and folder
- Fixed a problem with old thumbnails on renaming
- Fixed a copy past issue
- Fixed Standalone Mode not using the field_id passed in mixed use cases
*********************************************************
* RFM 9.4.0
*********************************************************
***** Major *****
- Cut/copy/paste support
- Drag&drop support
- Few new icons
- Code refactor
- Bugfixes
***** Detailed *****
- Cut/copy/paste
You can configure the actions in config.php file and disable/ limit them if needed.
When right clicking on a folder/file there will be options for copy and cut
(and paste if files on clipboard and righ clicked on a file)
There's icon for paste to this dir and clear clipboard after the 'new dir' icons
They will grey out if there's nothing on the clipboard.
- Drag&drop
Now you can drag n drop files/folders to other folders
(this will overwrite existing files if encountered any!)
- Icons
Added new icons for the new functions
All are legit made by me or get from free icon sites
- Code Refator
- Added bunch of comments and change a lot of codes.
- Changed all $_SESSION vars to be in a separet array
eg.:$_SESSION["verify"] -> $_SESSION['RF']["verify"]
So now there won't be any problem with big projecfts integrating RF
- Added the lang file url to $_SESSION['RF']['language_file']
Now it can be included easily
- Added a lot of new lang. lines and feedback info
New lines added to every language (in english) so translation can go smoothly
(There are places where i added %s to lang lines which will be swapped with an action name
, commented out what will be inserted at runtime)
- Added timeout when closing upload tab
- Bugfixes
- Corrected issue #69 Dropzone spritemap.png problem
Now when loading a language it will search for the appropiate spritemaps.
If none found will fallback to english
All spritemaps should follow the language code naming eg:
For hu_HU:
spritemap_hu_HU.png
spritemap@2x_hu_HU.png
(might consider moving them in a separte folder in the future)
- Fixed issue #71 The uploaded file exceeds the max size allowed
Now when uploading it properly check for max post size
It is dealt with in config.php after definning the max upload size and if it's bigger
than server's ini it will revert it back to it.