|
1 | 1 | # Changelog |
2 | 2 |
|
| 3 | +## Changes 01/28/2026 (v3.2.0) |
| 4 | + |
| 5 | +`release(v3.2.0): share pages revamp + portals browse/download-all + Pro branding upgrades` |
| 6 | + |
| 7 | +**Commit message** |
| 8 | + |
| 9 | +```text |
| 10 | +release(v3.2.0): share pages revamp + portals browse/download-all + Pro branding upgrades |
| 11 | +
|
| 12 | +- shares: modern Dropbox-like share UI (file + folder), safe inline previews, and optional subfolder access |
| 13 | +- portals: subfolder browsing + pagination, list/gallery toggle, download-all zip, resumable uploads, submission IDs |
| 14 | +- branding (Pro): meta description + favicons + theme colors + login/app backgrounds + share/portal branding |
| 15 | +- security: sanitize footer HTML; tighten shared uploads with per-share upload token; validate share/portal paths |
| 16 | +``` |
| 17 | + |
| 18 | +**Added** |
| 19 | + |
| 20 | +- **Shares (Core)** |
| 21 | + - **Folder shares** can optionally **include subfolders** (`allowSubfolders`) when creating the link. |
| 22 | + - Shared folder browsing supports `path=` for subfolder navigation (when enabled). |
| 23 | + - New public endpoint: **`GET /api/folder/downloadSharedFolder.php`** to download a shared folder (or subfolder) as a ZIP **(local storage only)**. |
| 24 | + - Shared downloads support `inline=1` for safe types (images/video/audio/pdf) and **never inline SVG**. |
| 25 | + |
| 26 | +- **Share UI revamp (Core)** |
| 27 | + - New modern share layout + styles in `public/css/share.css` (folder + file share views). |
| 28 | + - Shared folder now supports: |
| 29 | + - **Download all** |
| 30 | + - **List/Gallery toggle** |
| 31 | + - **Search within the shared folder** |
| 32 | + - **Breadcrumbs** when subfolder browsing is enabled |
| 33 | + - Optional XHR upload progress UI for shared-folder uploads |
| 34 | + - File shares now generate a link that defaults to a landing page (`&view=1`) with metadata + preview. |
| 35 | + |
| 36 | +- **Portals (Pro)** |
| 37 | + - New API: **`GET /api/pro/portals/listEntries.php`** (folders + files, pagination, optional “all files” mode). |
| 38 | + - Portal UI now supports: |
| 39 | + - **Subfolder browsing** (optional, per portal) using `?path=...` |
| 40 | + - **Breadcrumbs + pagination** |
| 41 | + - **List/Gallery toggle** |
| 42 | + - **Download all** (queues a ZIP via `/api/file/downloadZip.php`) |
| 43 | + - **Resumable uploads** for portals (with standard upload fallback) |
| 44 | + - Optional **Submission ID** tracking + show in thank-you screen |
| 45 | + - **5 New preset templates** |
| 46 | + |
| 47 | +- **Branding upgrades (Pro)** |
| 48 | + - Admin branding now supports: |
| 49 | + - **Meta description** |
| 50 | + - **Favicons** (SVG/PNG/ICO), **Apple touch icon**, **Safari pinned mask icon + color** |
| 51 | + - **Theme color** (light/dark) for browser UI |
| 52 | + - **Login background** (light/dark) and **App background** (light/dark) |
| 53 | + - Optional **login tagline** |
| 54 | + - New `public/js/shareBranding.js` applies Pro branding to share pages (logo, accents, footer, icons, theme-color). |
| 55 | + - New `public/index.php` can serve `index.html` with branding meta/favicons applied (via `.htaccess` DirectoryIndex). |
| 56 | + |
| 57 | +**Changed** |
| 58 | + |
| 59 | +- **Shared folder data model** |
| 60 | + - Shared folder listing now returns a unified `entries[]` array (folders + files), plus `shareRoot`, `path`, and `allowSubfolders`. |
| 61 | + - Shared file download supports `path=subfolder/file.ext` (with subfolder gating). |
| 62 | + |
| 63 | +- **Shared uploads hardening** |
| 64 | + - Shared-folder upload POST now supports `pass` + `path` and includes a per-share **`share_upload_token`** guard (HMAC) to reduce abuse. |
| 65 | + |
| 66 | +- **Portal uploads enforcement** |
| 67 | + - Portal uploads are enforced server-side: |
| 68 | + - Must stay within the portal’s configured folder |
| 69 | + - Subfolder uploads are blocked unless the portal enables them |
| 70 | + - Portal sourceId must match (when configured) |
| 71 | + |
| 72 | +- **Portals admin UX** |
| 73 | + - Adds portal theme presets (new industries), per-portal theme override fields, and portal logo field. |
| 74 | + - Adds “portal user” controls (optional per-portal user + password, preset modes). |
| 75 | + |
| 76 | +- **Branding plumbing** |
| 77 | + - `main.js` now applies branding meta + icons + theme color + backgrounds, and **sanitizes footer HTML** before injecting. |
| 78 | + |
| 79 | +**Fixed** |
| 80 | + |
| 81 | +- Shared folder password form and file share password form now use the unified share UI and preserve `path` when prompting. |
| 82 | +- `downloadZip` now supports passing an explicit `sourceId` (local sources) by running inside a source context. |
| 83 | +- Various base-path issues resolved for share/portal JS/CSS includes by using `withBase()` and versioned assets. |
| 84 | + |
| 85 | +**Security** |
| 86 | + |
| 87 | +- Share and portal subpaths are normalized/validated (no `..`, invalid segments). |
| 88 | +- Shared downloads: SVG/SVGZ are always attachment-only (defense in depth). |
| 89 | +- Footer branding HTML is sanitized (allowlist) before inserting into DOM. |
| 90 | + |
| 91 | +**Notes** |
| 92 | + |
| 93 | +- `downloadSharedFolder.php` only supports **local** storage; remote adapters return a clear error. |
| 94 | +- Portals “download all” depends on ZIP being enabled for the account + server having the needed tooling for ZIP/7z where applicable. |
| 95 | + |
| 96 | +--- |
| 97 | + |
3 | 98 | ## Changes 01/24/2026 (v3.1.7) |
4 | 99 |
|
5 | 100 | `release(v3.1.7): fix table header select-all checkbox + Pro bundle install progress UI (closes #99)` |
|
0 commit comments