Skip to content

Releases: Xenthys/ShareXen

Multidomain support improvement

29 Jul 23:11
f364218
Compare
Choose a tag to compare

The whole URL generation mechanism has been overhauled.

The domain parameter has been added. It allows user to specify which domain name they want within the url field instead of the one being used by the HTTP request. The use case for this is simple: multidomain installations may want to enable the script only on a specific host to, per example, reduce attack surface by ratelimiting calls with a service like Cloudflare instead of having to enable it on every domain name.

The deletion URL is now properly generated in the case where the script was called behind a rewrite rule. It now relies on the request URI instead of using its own name, which is more logical.

File (when domain is unspecified) and deletion URLs now both use the specified HTTP host instead of the server name, as having this data user-controlled is preferable since it isn't used internally. Also, the server name can depend on the server configuration and may not reflect the true host.

Bugfix and memory optimization

26 Jul 07:00
820dd90
Compare
Choose a tag to compare

This patch fixes the missing check_auth function's $data argument, which caused the API answer to be incomplete (missing api_version, api_source, and endpoint JSON fields) in case a wrong auth_token was supplied by the caller. The endpoint field was therefore also missing in the logs.

Passing $data as a reference is now enforced in every function, which should reduce memory usage as the array is no longer copied at all within the script. The check_filename function's parameters order has also been changed, which puts $data first like any other function, and is now the convention.

Configuration clarity

24 Jul 03:08
f908766
Compare
Choose a tag to compare

Benchmarking is now done properly, by using the proper superglobal that exists since PHP 5.4 instead of declaring a lame variable at the beginning of the code. Results should be similar, but it looks better now.

The mime type regex is now a configuration option, and it can be dangerous indeed, so it's obviously not recommended to edit it unless you know what you are doing, but at least you now have the possibility to properly do it if ever needed.

Configuration options have been reordered in a more logical way, and comments about some of them have been improved to be even clearer. As people may struggle to generate secure tokens, a URL pointing to a proper random password generator has been added to the comments of USER_TOKENS and DELETION_SALT, which should hopefully help some lost souls.

Power to the filenames

23 Jul 22:47
5473072
Compare
Choose a tag to compare

This release adds the ALLOWED_CHARACTERS configuration option.

It allows to set allowed characters for custom filenames without having them in the KEYSPACE, to avoid generating random filenames containing them. This is useful if you want to allow dashes, per example.

The intermediate version (1.0.1) also contains a fix for special regex characters contained in the KEYSPACE, that could break the check_filename function in some cases as they weren't escaped at all.

The info endpoint includes the newly introduced allowed_characters option.
The documentation has been updated to reflect this change.

First stable release

19 Jul 16:07
11a2031
Compare
Choose a tag to compare

This marks the very first stable ShareXen release.

Switching to SemVer is a breaking change in itself since api_version is now a string instead of a float.

Script is now considered as stable, please report any error you may encounter.