What’s new

Changelog

 

September 25, 2017 (2017.09.25)

Changes: 

  • Fixed two SQL Injection vulnerabilities.
  • Added authentication plugin for Joomla version 3.8.
 

 

September 16, 2017 (2017.09.18)

Fixes: 

  • Security fixes:
    • Fixed critical vulnerability.
    • Fixed various minor vulnerabilities.
    • Added CSRF protection for important operations.
    • WebLinks point to HTML-based files no longer open in the browser but prompt the user for downloading. This is to prevent possible "Stored XSS" attacks. This behavior can be changed by setting "$config['app']['weblinks']['allow_html']" either to boolean true, or to string 'sandbox' (which disables loading web resources or running scripts).
    • Fixed open redirect security vulnerability. For redirecting users after login, configure Web File Share with "$config['app']['login']['redirect_url']" instead of passing the URL via the HTTP request.
    Web File Share thanks Roman Ferdigg (discovery, analysis, coordination) from the SEC Consult Vulnerability Lab (https://www.sec-consult.com) for responsibly reporting the identified issues and working with us as we addressed them.
  • Fixed WebDAV problem with files with "&" characters in their names.
  • Improved error handling when JPG files have malformed metadata.
  • Fixed searching via the API inside shared folders.
  • Fixed editing using tools like ONLYOFFICE, document located inside shared folders.
  • Groups created automatically when creating or editing users with owners via the API, have the owner assigned.
  • The API method for editing users takes the same parameter for assigning groups, in the form of an array, instead of a string.
  • Fixed detecting translation files that use underscore characters instead of space characters.
  • Opening image files with Pixlr is now available also from the "Photos" library folder, and other places where uploading is not possible.
  • Opening files with Creative Cloud is no longer possible for cases when uploading new files or changing existing ones is not possible.
  • Browsers no longer autocomplete the username and password fields when editing a user account from the Web File Share control panel.
  • The search field searches "My Files" instead of incorrectly trying to search inside folders shared by the selected user. (The ability of searching multiple shared folders will be added soon.)
  • Added support for Nextcloud/Owncloud X-OC-MTime header, to preserve files modification dates when uploading to the server. It also clears the related warning/error.
  • Searching by metadata fields without specifying a keyword no longer displays duplicate records in the results.
  • Changing the superuser password from the control panel no longer ends the authentication session, keeping the user signed in.


Improvements: 

  • Improved usability of the control panel on mobile devices.
  • Various small interface improvements.
  • A custom thumbnail cache folder can be defined using "$config['path']['thumbnail_cache']". Useful when using Web File Share to access read-only folders containing images.
  • Sharing files is now logged using a separate action than when sharing folders. If you have notification rules enabled for folder sharing, you might want to add for file sharing as well.
  • The default "favicon.ico" file can be enabled by adding "$config['app']['ui']['enable_favicon_ico'] = true;" inside "customizables/config.php".


Other changes: 

  • SMTP AUTOTLS is now disabled by default.
 

 

March 18, 2017 (2017.03.18)

Improvements: 

  • The image viewer has been overhauled:
    • It opens also PDFs and video files.
    • The full contextual menu is now available, so that you can rename, delete, label, star, etc, files directly from the viewer.
    • A toggle button opens a side panel, identical to the one shown on the right side of the screen when viewing the file list. You can view the files details, view and edit metadata and comments without closing the viewer.
    • As you browse the files, the side panel displays the details of the current viewed file.
    • Files can be added to the download cart directly from the viewer. Hitting the "Enter" key while navigating the files, will also add the current file to the download cart, so you can select files without using the mouse.
    • Improved support for mobile devices.
    • After closing the image viewer, the last viewed file remains selected in the list of files, so that you know where you were left.
    • It preloads the high res version of the next file to be viewed (navigating either left or right).
    • Zooming in downloads the original file, so you can zoom in really close on high res photos.
    • It shows a loading indicator when the high res version is being loaded, even if a low res version has been instantly displayed.
  • Improved navigation on iOS devices.
  • FLAC and M4A now play natively in Google Chrome and Mozilla Firefox which allows streaming and skipping.
  • The EPUB reader picks up from the last page you read.
  • Added control panel option for enabling a download accelerator. It can be found under "Configuration" » "Files" » ""Misc options".
    • On NGINX servers, "X-Accell" can be enabled. Optionally $config['x_accel_paths'] = ['/one/path/', '/another/path/']; can be configured with a list of paths X-Accell should be enabled for.
    • On Apache servers "XSendfile" can be enabled. Requires the "mod_xsendfile" module.
    • On LiteSpeed, "Internal Redirect" can be enabled. Requires $config['x_lightspeed_root'] = "/var/www"; to be configured with the absolute path of your server document root (frequently known as "htdocs" or "www"). LiteSpeed allows this feature to be used only with files inside the document root, so please read more about it here.
  • Storage usage can be now calculated from the control panel "Storage usage" section for particular users instead of all.
  • Various usability improvements inside the control panel.
  • Added options for the LDAP authentication plugin for importing groups. Also, added option "Use "homeDirectory"" which now be set to "No" to configure the user accounts with home folders defined by the role, instead of LDAP.
  • Added control panel option for including analytics tracking HTML code inside Web File Share. The code gets included on the login, registration, password reset form, the main user interface, and all weblink-related pages.
  • The Markdown viewer now supports tables of contents which link the headers.
  • Improved the aspect of Markdown formatted README.MD inside the details panel.
  • Added two new user actions that can be used as e-mail notification triggers: "Folder received (via copy)" and "Folder received (via move)".
  • Improved error reporting when the list of files fails to load.
  • The login prompt on Android devices now shows only the first time one is accessing Web File Share.
  • Other minor interface improvements.
  • Files can be shared with internal users from other locations and not only when browsing the home folder.


Fixes: 

  • Fixed downloading files from folders shared anonymously.
  • Fixed display of records showing in duplicates in the control panel user list.
  • Improved compatibility with NGINX web server. The API, WebDAV and mobile and desktop apps like Nextcloud should all work fine now.
  • Improved compatibility with MySQL STRICT SQL modes.
  • Fixed gray overlay apearing on iOS when taping inside Web File Share.
  • Fixed server-side thumbnail cache.
  • The "Google Earth" plugin is now "Google Maps" and requires the configuration with an API key.
  • Added control panel config option for setting the Google Static Maps API key. This will enable Web File Share to display a map showing the location where images with embedded GPS information were taken.
  • Users without download permissions can no longer use any plugin which has the ability of editing files.
  • Double-click files has now no effect for users without download permissions.
  • The media library folders are no longer displayed for users without download permissions.
  • The "Comment" context menu option is now displayed for "read-only" users which have the permission to write comments.
  • Fixed navigating folders by changing the location hash in the address bar or by using bookmarks.
  • Read-only users can now drag items to the download cart.
  • Fixed problem with editing documents with Google Docs on Linux servers.
  • Typing multiple tags uses comma character key as tag separator.
  • Fixed enforcing disk space quota limits for independent admin users.
  • LDAP importing first name and last name in proper order when using the same field for mapping both names.
  • Fixed allowing admin users to manage roles without incorrectingly being forced to configure a home folder path template.
  • Image files for which the thumbnail loading has failed no longer throw an error when trying to preview.
  • Fixed uploading to folder weblinked by users without alter permission.
  • WMV preview.
  • The API provides information about comments count on folders and internal sharing for files, thus this information is now available when browsing via the mobile app.
  • Importing metadata with unparsable date format.
  • Various minor security improvements.
  • The "Versioning" context menu item is no longer displayed when versioning is disabled.
  • The Web File Share mobile apps OAuth2 client record is no longer listed in Web File Share's control panel.
  • Disabled OAuth2 client records no longer show as enabled.
  • Users without the permission to read comments no longer see the option of showing file comments with their web links.
  • Users without the permission to download but with the permission to weblink, no longer see the sharing option.
  • The "More option" contextual menu section is now available under the media library folders.


Other changes: 

  • The option of limiting users traffic usage has been removed.
 

 

January 23, 2017 (2017.01.23)


New features: 

  • More Mobile apps:
    • Added compatibility with the ownCloud Android app.
    • Added compatibility with the Nextcloud Android app.
    • Added compatibility with the Cirrus Android app.
    • You can use any of the above to browse the Web File Share files, download them to your device or for instant photo or video backup to Web File Share. The Cirrus app shows thumbnails while browsing folders, while the other two can store files for offline use. Choose which ever you prefer.
    • To use these mobile apps with Web File Share you do not need to install anything on the server. Simply connect with the apps to your Web File Share installation URL and your Web File Share username and password.
    • (Although there are ownCloud and Nextcloud apps for iOS and Windows Mobile, they work differently than the Android ones and Web File Share is not yet compatible with them.)
  • Desktop folder sync apps:
    • Added compatibility with ownCloud and Nextcloud desktop apps for Windows, Mac and Linux.
    • Use these apps to keep files in sync between your devices and your Web File Share accounts.
    • At this time ownCloud or Nextcloud desktop apps are almost identical so you can choose either.
    • To use the ownCloud or Nextcloud with Web File Share you do not need to install anything on the server. Simply connect with the desktop apps to your Web File Share installation URL and your Web File Share username and password.
  • Two new display modes. (The view toggle button has been replaced with a menu for selecting the display mode.)
    • Music
      • It shows only the audio files from the current file list.
      • It embeds the audio player in the user interface.
      • The file list turns into a playlist.
      • It shows the Title, Artist, Album and Duration for the files. This is metadata automatically extracted from the files at upload time.
    • Photos:
      • It shows only the image files available in the current file list.
      • It shows large thumbnails with the natural image aspect ratio.
      • It does not show the image preview on the details panel, to allow better view of the file's details and metadata.
  • Two new special folders.
    • Music:
      • Last added: lists 100 latest uploaded audio files. (Use $config['app']['media']['music']['latest']['limit'] to customize the number of listed songs.)
      • By artist: lists all artists with song count, sorted alphabetically. (The list is hard-limited to 500 items.)
      • By album: lists all music albums with song count, sorted by alphabetically. (The list is hard-limited to 500 items.)
      • Random: list 100 random songs. (Use $config['app']['media']['music']['random']['limit'] to customize the number of loaded songs.)
      • These special media library folders open automatically using the Music display mode.
    • Photos:
      • Last taken: lists 100 latest taken photos. Note that they are not sorted the date they were uploaded or modified. Nor it shows any image files, but only photography files (which have the "Date taken" embedded information). (Use $config['app']['media']['photos']['latest']['limit'] to customize the number of listed files.)
      • By date: browse photos by year and month. Each year and month folder shows the total file count.
      • By tag: browse photos by tags. It list the most used tags for photo files, sorted by file count. (The list is limited by default to 300 tags. Customize this limit using $config['app']['media']['photos']['tags']['limit'].)
      • These special media library folders open automatically using the Photos display mode.
    • All the above special folders list files from the user's home folder, regardless of how or if they are organized in subfolders.
    • This information is generated from the Web File Share database in real-time. There is no additional import, scanning, etc required.
    • You can use this section to quickly organize your media into folders. For example, list songs by a certain artist, then select all of them and drag them to an actual folder. Or list photos taken a certain date and drag them to a folder. The files will be moved to that physical folder, regardless of where they are scattered around your file repository. All file management functions are available, so you can mass download, copy, star, label or even remove files.
    • The "Music" and "Photos" folders can be individually hidden from the system configuration section of the Web File Share control panel.
    • The Web File Share superuser can now use the new "Index files" option available in the contextual menu for folders. This will scan and index the files from the selected folder. It is useful for the cases where you create a Web File Share user account accessing a server folder which already contains media files, or if you are uploading media files to the Web File Share folders using FTP or other ways where Web File Share was not involved in the process to automatically index the files. It collects a list of all files in the selected folder and then is automatically sets their metadata types and extracts available metadata to save it in Web File Share's database. If interrupted it will resume from where it left. 10 files are being indexed at a time, although on fast servers you can increase that using "$config['app']['metadata']['indexing']['web']['max_files']".
  • New audio player
    • Integrated in the user interface as the "Music" display mode. It allows you to use folders, filename search results, metadata search results, or any other available folder listing as an audio playlist.
    • Based 100% on HTML5 technologies. It requires no Flash or other browser plugin.
    • Plays FLAC (Free Lossless Audio Codec) audio files. In all browsers, without transcoding.
    • Plays ALAC (Apple Lossless Audio Codec) audio files. In all browsers, without transcoding.
    • Plays MP3, M4A, AAC, OGG (currently unsupported by IE/Edge) and WEBA.
    • Shows song Title, Artist, Album and Duration. You can configure the "playlist" to show any other information you would like to see about the files or sort the files by any of this information.
    • Share, comment, label or star files straight from the playlist.
    • Perform any file management action straight from the playlist.
  • EPUB e-book reader
    • Requires no plugin, no app, and works in all modern browsers, mobile included. It features full-screen reading support.
    • Web File Share now shows file type information, icon and thumbnails for EPUB files.
  • The WebDAV server is now included also in the free Web File Share version. Use any standards compliant WebDAV client to access your Web File Share files.
  • Folders can now have metadata, tags, labels and comments attached to them, just as files can.
  • Files can be now individually shared with internal users. Users are no longer required to share the entire folder. (The internal sharing system is available only with the Enterprise Web File Share version.)


Improvements: 

  • Many improvements on the user interface on mobile devices.
  • Added support for signing in for the first time using 2-step verification on the same mobile devices. Instead of scanning a QR code, a textual key is being shown for copying into Google Authenticator.
  • Videos open much faster now.
  • Videos are now full screen inside the player window. It allows smaller screen devices to show the player controls properly. The downside is that low res videos might display stretched on large screens.
  • Improved speed of generating thumbnails.
  • E-mails messages sent with files include the user's name in the sender "From" field.
  • Setting "$config['app']['email']['sendFromDefault'] = true;" will have the files send by the users via e-mail be sent from the configured default e-mail address instead of the e-mail address of the sending user.
  • Holding the CTRL key pressed when choosing an "Open with.." option will open the action in a new browser tab.
  • Added "Open with.." option for opening folders in a new browser tab.
  • Album covers are now displayed also for FLAC audio files.
  • The login background image applies now also to the user registration page and the password reset page.
  • When changing the username or the password of a user, a checkbox will appear asking you if you wish to notify the user about the change.
  • Added dedicated button for generating random passwords when creating user accounts.
  • Added icon and thumbnails and image preview support for SVG image files.
  • Folder README files can be in Markdown format with the .MD extension.
  • Files can be locked/unlocked even if the file versioning is disabled (the number of saved versions is set to 0).
  • The Trash folder loads by default in the "Detailed list" display mode.
  • The API endpoint for retrieving user information can take now a username as alternative to the user id.
  • Added compatibility with MySQL 5.7 default settings.


Fixes: 

  • Clicking "Enable editing" now works in Microsoft Office programs after opening a file directly from Web File Share.
  • Fixed sending files via e-mail as weblinks with expiration dates.
  • Deleting a folder from the trash folder now no longer leaves file metadata records.
  • Getting "Title" from Vorbis comments in audio files.
  • Fixed full-text searching broken by previous update.
  • Fixed the "cron/make_thumbs.php" command line script which had problems introduced by the previous Web File Share update.
  • Readonly users can now also print file comments.
  • Readonly users no longer see the "Copy" and "Add to zip" file context menu options.
  • Renaming the currently opened folder will reload the file list to avoid path errors.
  • The metadata file type and tags are now loaded in the detailed view even if no custom metadata column is enabled.
  • The custom CSS file loaded using "$config['app']['ui']['custom_css_url']" gets now loaded after all the rest of the Web File Share CSS to allow theming.
  • Fixed the "admin-users" API endpoints which might have been broken in some cases by the previous update.


Other changes: 

  • The "Keep me signed in" login option has been removed. Privacy concious users are more likely to use the sign out button than uncheck an option at sign in. The rest of the users never touch that option regardless of the environment. Setting "Inactivity timeout" to 0 will make the login persistent, otherwise it will be session based. The option can be found in the control panel under "System configuration" » ""Security" » "User login".
  • The metadata search result now shows by default 200 items. It can be customized using "$config['app']['metadata']['search']['results']['limit']".
  • The search bar no longer filters the current folder listing.
  • The control panel sections can be now linked individually (http://feedback.filerun.com/topics/32-link-to-individual-control-panel-options/).
Posted by: - Tue, Jun 10, 2014 at 3:21 PM. This article has been viewed 13432 times.
Online URL: https://kb.quikbox.com/article.php?id=716