Tags: Xenthys/ShareXen
Tags
Add URL_STRIP_EXTENSION constant (#2) This small update allows users to remove the file extension from the resulting URL, as requested. This is useful for instances using a rewrite rule in order to automatically find the corresponding file. Be careful, as the filename generator only checks against existing files of the same extension. It is therefore possible to have two files with the exact same name, as long as they have a different extension. Version bumped to 2.3.0
Fix flawed MAX_ITERATIONS check The name-generating loop now errors properly when reaching the configured MAX_ITERATIONS value. Before the patch, the error condition was hardcoded to 10. If you kept the MAX_ITERATIONS constant set to 10, you are fine. Setting the MAX_ITERATIONS constant under 10 (then reaching it) would validate the name and overwrite the file, instead of rejecting the request with a "cannot_generate_unique_filename" error. Setting the MAX_ITERATIONS constant above 10 had no effect. Version bumped to 2.2.1
Refactor, drop curl (webhook), enhance info endpoint String concatenation is no longer used where in-line variables can improve code readability and ease of use Constants are now all checked and given default values in case they're unset. Old checks have been removed An optional MAX_ITERATIONS constant has been added Calling the Discord webhook now relies on native PHP functions (fopen, specifically file_get_contents) instead of using a plethora of curl functions This might be disabled on some cheap webhosts, but those usually don't have libcurl installed anyway The info endpoint now indicates the amount of max iterations (to everyone), gives a list of configured usernames along with the list of admins (to admins), and whether a Discord webhook is configured and can be used by checking if "allow_url_fopen" is enabled (to admins) Version bumped to 2.2.0
Patch security issue on empty salt A configured salt is necessary for generating security keys According to the comment above its definition, keeping it empty was supposed to disable the feature. Instead, it kept it insecurely enabled and used the empty salt, giving absolutely predictible security keys considered as valid instead of not returning any Note that commenting-out the define properly disabled this feature This behavior is now fixed. If you do not update and have an empty salt, either remove/comment the define, or set one immediately Default allowed file extensions have also been edited, showing regex are supported (which they are since the beginning) to make sure users are aware of that possibility as it wasn't documented Version bumped to 2.1.1
Add a safeguard to the random name generator The iteration_count JSON field has therefore been added to indicate how many loop iterations were necessary to generate a unique name. If no unique name is found after 10 iterations, the script will return an HTTP 500 cannot_generate_unique_filename error. The PHP version check has been removed since the script errors immediately, as PHP 5 cannot parse it at all before execution. The random_str function doesn't require mbstring anymore as the keyspace only contains ASCII characters. Unicode keyspaces are therefore not (and have never been) supported at all. Version bumped to 2.1.0
This release introduces breaking changes, be careful when updating. Users now have usernames, adding admins does not depend on positions anymore. This is way easier to use and more convenient. Requires client & server configuration update. Configuration has been updated: - USER_TOKENS has been removed in favor of USERS (new format) - MAX_ADMIN_ID has been removed in favor of ADMINS (new format) - DELETION_SALT has been renamed to SALT (same format) Some parameters have been changed: - `auth_token` has been renamed to `token` - `deletion_hash` has been renamed to `key` - `user_id` has been removed in favor of `username` and now only exists when a user is authenticated As of now, this is a beta version. A migration guide will be added for the release. Version bumped to 2.0.0-beta1
PreviousNext