Releases: Studio-42/elFinder
Releases · Studio-42/elFinder
Version 2.1.66
Changes form previous version
Full Changelog: 2.1.64...2.1.66
Version 2.1.65
- [js] update CDNs
- [php:editors] Zoho API update
Version 2.1.66
- [PHP 8.4] Fix: Curl
CURLOPT_BINARYTRANSFERdeprecated - Merge pull request #3629 from Ayesh/php84-curl-depr
- translate to Chinese
- Update zh_CN.js
- Update Chinese help
- fix name
- Update elfinder.ko.js
- try copy / deleting folder if moving it doesn't work
- Merge pull request #3636 from vfishv/master
- Merge pull request #3647 from allity/patch-1
- Merge pull request #3653 from terrafrost/branch-1
- Fix #3637 FILTER_SANITIZE_STRING is deprecated (PHP 8.1)
- Allow image URL in theme manifest.json to be a relative link as well
- Update elfinder.ru.js
- Merge pull request #3677 from blutorange/feat-relative-image-link-in-theme-manifest
- Merge pull request #3682 from Ruslan-Aleev/patch-1
- Fixes #3684 (#3685)
- [OneDrive] fix Content URL
- Fix #3667 where the Content URL could be invalid
- [VD:core] Check if copying was successful when moving files in copy + delete mode
- Fix CVE-2025-0818 (#3723)
- Fixes #3689, fm.sync removes unavailable volumes. (#3690)
- [VD:SFTP] Make compatible with phpseclib version 2 or 3 when returned from connectCallback($options) (#3687)
- Add font mime kinds (WOFF, WOFF2, EOT, SFNT, generic font/*) (#3691)
- Ignore posted message that are not intended for ElFinder (#3692)
- Add option to rename command to disable alias rename (#3693)
- Add option commandsOptions.edit.confirmUnsavedBeforeClose (#3698)
- Fix build for Windows environment (#3699)
- Replace usage of deprecated
E_STRICTconstant (#3705) - Add "WEBP" to File mimetype to kind mapping (#3712)
- fix translation mistakes and unification (#3719)
Version 2.1.64
Changes form previous version
Version 2.1.64
- [css] re-fix #3584 css error and CI
Version 2.1.63
- [php:core] fix download a file via context menu the windows download popup don't close (#3619)
- [VD:MySQL] Use prepared statements instead of escaping when saving file (#3604)
- [VD:core] fix #3617 Filename Restriction Bypass Leading To Persistent Cross-site Scripting
- [js] fix #3614 $.isFunction() is deprecated in jQuery
- [js] Update to jQuery 3.7.1 and Jquery UI 1.13.2
- [VD:LocalFileSystem] fix #3615 Using .php8 in PHP handler leading to RCE
- [cmd:upload] fix #3575 Drag&Drop Upload Issue with Firefox
Version 2.1.62
Changes form previous version
- [php:core] prevent garbled file name when URL upload
- [js:core,upload] fixed DnD in-browser image upload in Chrome
- [js:options] update CDNs
- [js:core,upload] fixed DnD in-browser image upload in Chrome
- [php] Update elFinderVolumeSFTPphpseclib.class.php (#3483)
- [mime.types] Update mime.types to allow MS outlook message files (#3499)
- [js:cmd:resize] fix #3513 rotate bug on Chrome
- [VD:LocalFileSystem] Security fixes, directory traversal vulnerability fixes
- Awaiting CVE ID.
- This issue was found by Michał Majchrowicz & Livio Victoriano AFINE Team.
- Correctly urlencode path in setcookie(); fix #3538 (#3561)
- [js:core] fix #3572 Useless backend request during elFinder.sync()
- [VD:LocalFileSystem] fix #3543 Can't download folder in PHP 8.1
- [php:core] fix #3546 Use elFinder::getCmdOfBind instead of self::getCmdOfBind which is deprecated in PHP v8.2
- [VD:SFTP] fix SFTP driver fatal error, cleanup (#3574)
- And some minor bug fixes
Version 2.1.61
Changes form previous version
- [security] Fixed #3458 filename bypass leading to RCE on Windows server
- [security:CVE-2022-26960] Fixed a path traversal issue
- [i18n] Updated ru and fr
- [js] Updated CDNs of external libs
- And some minor bug fixes
Version 2.1.60
Changes form previous version
- [VD:OneDrive] show error on _od_obtainAccessToken()
- [ui:cwd] make easily able to mapping mimetype to the kind (#3375)
- [cmd:rm] Fixed an issue that sometime ignore the delete button and into the trash
- [VD:LocalFileSystem] Fixed #3429 RCE on Windows server
- [js:core,options] Fixed #3401 add an option workerBaseUrl
Version 2.1.59
Changes form previous version
- [Security:php] Fixed multiple vulnerabilities leading to RCE
- [php:session] Fixed #3278 wrong code of typo
- [js:core] #3351 allow columnsCustomName[x] to be a function
- [css:quicklook] Fixed #3240 remove unnecessary color specifications
- [cmd:extract] Fixed #3252 for checking the existence of existing files
- [js:core] Fixed #3359 add an option "noResizeBySelf"
- [VD:abstract] Fixed #3216 missing url option on upload into root
- And some minor bug fixes
Version 2.1.58
Changes form previous version
- [VD:abstract] Fixed #3151 support RAR5 lib
- [cmd:fullscreen] Fixed #3177 wrong fullscreen button caption
- [js:core] Supports cookie samesite attribute
- [VD:SFTP] Add new SFTP driver, via phpseclib library
- [js:core] Fixed #3193 auto-detection of baseUrl
- [js:upload] Fixed upload bug (#3264)
- [VD:abstract,php] make the thumbnail support webp (#3265)
- [php:core] Fixed #3250 error only variables can be passed by reference
- [VD:abstract] add 'phar:*' => 'text/x-php' into 'staticMineMap'
- [VD:abstract] Fixed #3181 add an option uploadMaxMkdirs
- [php:core] Add cwd param to proc_open (#3281)
- [VD:abstract] Bugfix of an option mimeDetect (#3291)
- [UI] Fixed #3302 problem of d&d when copy of UI command is disabled
- And some minor bug fixes
Version 2.1.57
Changes form previous version
- [js] Fixed #3148 to support jQuery 3.5.0 update
- [php:core] Fixed #3154 volume that require online access cannot be specified
- [VD:abstract] Fixed #3161 fix option data of cwd results on after change files
- [VD:abstract] Fixed #3167 added "none" (no image library check) to
imgLib - [cmd:resize] Fixed #3158 to make able to change quality without changing dimensions
- And some minor bug fixes
Version 2.1.56
Changes form previous version
- [js:extras:editors.default] remove Pixlr editor it is no longer possible to display in IFRAME
- [php:core] Fixed #3134 close file pointer before deleting temporary file on shutdown
- [VD:abstract] change prefix of zipdl temp file
- [php:core] Fixed #3136 zipdl fails on Chrome on iOS / iPadOS
- [cmd:netmount] Fixed #3138 OAuth not possible with CORS due to new ITP
- [VD:MySQL,OneDrive] Fixed #3142 remove debug code
- [i18n:pl,ko] Updated translations
- And some minor bug fixes