Version 2.1.64

Changes form previous version

All previous changes is here.

Version 2.1.64

• [css] re-fix #3584 css error and CI

Version 2.1.63

• [php:core] fix download a file via context menu the windows download popup don't close (#3619)
• [VD:MySQL] Use prepared statements instead of escaping when saving file (#3604)
• [VD:core] fix #3617 Filename Restriction Bypass Leading To Persistent Cross-site Scripting
• [js] fix #3614 $.isFunction() is deprecated in jQuery
• [js] Update to jQuery 3.7.1 and Jquery UI 1.13.2
• [VD:LocalFileSystem] fix #3615 Using .php8 in PHP handler leading to RCE
• [cmd:upload] fix #3575 Drag&Drop Upload Issue with Firefox

Version 2.1.62

Changes form previous version

All previous changes is here.

• [php:core] prevent garbled file name when URL upload
• [js:core,upload] fixed DnD in-browser image upload in Chrome
• [js:options] update CDNs
• [js:core,upload] fixed DnD in-browser image upload in Chrome
• [php] Update elFinderVolumeSFTPphpseclib.class.php (#3483)
• [mime.types] Update mime.types to allow MS outlook message files (#3499)
• [js:cmd:resize] fix #3513 rotate bug on Chrome
• [VD:LocalFileSystem] Security fixes, directory traversal vulnerability fixes
  • Awaiting CVE ID.
  • This issue was found by Michał Majchrowicz & Livio Victoriano AFINE Team.
• Correctly urlencode path in setcookie(); fix #3538 (#3561)
• [js:core] fix #3572 Useless backend request during elFinder.sync()
• [VD:LocalFileSystem] fix #3543 Can't download folder in PHP 8.1
• [php:core] fix #3546 Use elFinder::getCmdOfBind instead of self::getCmdOfBind which is deprecated in PHP v8.2
• [VD:SFTP] fix SFTP driver fatal error, cleanup (#3574)
• And some minor bug fixes

Version 2.1.61

Changes form previous version

All previous changes is here.

• [security] Fixed #3458 filename bypass leading to RCE on Windows server
• [security:CVE-2022-26960] Fixed a path traversal issue
• [i18n] Updated ru and fr
• [js] Updated CDNs of external libs
• And some minor bug fixes

Version 2.1.60

Changes form previous version

All previous changes is here.

• [VD:OneDrive] show error on _od_obtainAccessToken()
• [ui:cwd] make easily able to mapping mimetype to the kind (#3375)
• [cmd:rm] Fixed an issue that sometime ignore the delete button and into the trash
• [VD:LocalFileSystem] Fixed #3429 RCE on Windows server
• [js:core,options] Fixed #3401 add an option workerBaseUrl

Version 2.1.59

Changes form previous version

All previous changes is here.

• [Security:php] Fixed multiple vulnerabilities leading to RCE
• [php:session] Fixed #3278 wrong code of typo
• [js:core] #3351 allow columnsCustomName[x] to be a function
• [css:quicklook] Fixed #3240 remove unnecessary color specifications
• [cmd:extract] Fixed #3252 for checking the existence of existing files
• [js:core] Fixed #3359 add an option "noResizeBySelf"
• [VD:abstract] Fixed #3216 missing url option on upload into root
• And some minor bug fixes

Version 2.1.58

Changes form previous version

All previous changes is here.

• [VD:abstract] Fixed #3151 support RAR5 lib
• [cmd:fullscreen] Fixed #3177 wrong fullscreen button caption
• [js:core] Supports cookie samesite attribute
• [VD:SFTP] Add new SFTP driver, via phpseclib library
• [js:core] Fixed #3193 auto-detection of baseUrl
• [js:upload] Fixed upload bug (#3264)
• [VD:abstract,php] make the thumbnail support webp (#3265)
• [php:core] Fixed #3250 error only variables can be passed by reference
• [VD:abstract] add 'phar:*' => 'text/x-php' into 'staticMineMap'
• [VD:abstract] Fixed #3181 add an option uploadMaxMkdirs
• [php:core] Add cwd param to proc_open (#3281)
• [VD:abstract] Bugfix of an option mimeDetect (#3291)
• [UI] Fixed #3302 problem of d&d when copy of UI command is disabled
• And some minor bug fixes

Version 2.1.57

Changes form previous version

All previous changes is here.

• [js] Fixed #3148 to support jQuery 3.5.0 update
• [php:core] Fixed #3154 volume that require online access cannot be specified
• [VD:abstract] Fixed #3161 fix option data of cwd results on after change files
• [VD:abstract] Fixed #3167 added "none" (no image library check) to imgLib
• [cmd:resize] Fixed #3158 to make able to change quality without changing dimensions
• And some minor bug fixes

Version 2.1.56

Changes form previous version

All previous changes is here.

• [js:extras:editors.default] remove Pixlr editor it is no longer possible to display in IFRAME
• [php:core] Fixed #3134 close file pointer before deleting temporary file on shutdown
• [VD:abstract] change prefix of zipdl temp file
• [php:core] Fixed #3136 zipdl fails on Chrome on iOS / iPadOS
• [cmd:netmount] Fixed #3138 OAuth not possible with CORS due to new ITP
• [VD:MySQL,OneDrive] Fixed #3142 remove debug code
• [i18n:pl,ko] Updated translations
• And some minor bug fixes

Version 2.1.55

Changes form previous version

All previous changes is here.

• [VD:abstract] Fixed #3125 Fatal error in zipArchiveUnzip()
• [cmd:open] optimization, move function definition in loop to out of loop
• [php:session] Fixed #3103 WARNING: setcookie(): Unrecognized key 'lifetime'
• [i18n:cs,sk] Updated translations

Version 2.1.54

Changes form previous version

All previous changes is here.

• [cmd:edit,quicklook] adjustment about select encoding function
• [php:core] add toastErrorHandler for send toast message to client side
• [cmd:resize] to allow image resize more image type with the ImageMagick
• [php:session] Fixed #3103 WARNING: setcookie(): Unrecognized key 'lifetime'
• [php:session] Fixed #2857 warning error on start()
• [ui:dialog] delete an option flexibleHeight so it works well by option `height: "auto"``
• [cmd:edit] bugfix of save as on the serach results
• [php:core] add a public method utf8Encode() and make new main option utf8Encoder @callable
• [VD:abstract] Fixed #3104 Fixed as much as possible the differences in encoding of archive file names
• [php:plugins:Watermark] repeated use of Imagick::compositeImage() may cause PHP to hang, so disable it
• [js:core] Fixed #3106 enable to specify header name of parrot return to enable ITP measures
• [php:Connector] add a public method setHeader($value)
• [js:core] support fake progress bar
• [VD:OneDrive] bugfix of large file uploading
• [VD:Box] Fixed problem where access token could be lost
• [VD:Box] Fixed processing of getSharedWebContentLink()
• [js:core] if the file URL is public, use it as onetime url
• [php:plugins:Normalizer] support "caron" with option "umlauts"
• [js:core:notify] Fixed #3111 add minimize, close(option) button into notify dialog
• [ja:extars:editors.default] Fixed #2600 remove Creative Cloud Image Editor UI
• [php] Fixed #3114 stream proxy function using the file cmd corresponds to range request
• [js:extras:efitors.default] to show color slider of TUI Image Editor
• [cmd:edit] error handling of ta.getContent()
• [cmd:edit] bugfix of savecl() edit dialog may not re-open in case of error
• [js:core] Fixed #3118 web worker does not work when elfinder.js is cross-site loaded
• [php:core,VD] Fixed #3119 disallow extract of uncompressed size larger than option "maxArcFilesSize"
• [php:core] Fixed #3120 allow plugins (Sanitizer etc) to be applied when pasting from another volume
• [php:plugins:Normlizer,Sanitizer] update example commentation, recommend to bind to action "paste.copyfrom"
• [VD:FTP] Fixed stat() of root on server with no supports "MLST"
• [ui:cwd] Fixed a bug that thumbnails might not be displayed after editing image
• And some minor bug fixes