github error311/FileRise v1.2.4
FileRise v1.2.4
on GitHub

latest releases: v1.3.9, v1.3.8, v1.3.7...
4 months ago

Full Changelog: v1.2.3...v1.2.4

Changes 4/23/2025 1.2.4

AuthModel

  • Added validateRememberToken(string $token): ?array
    • Reads and decrypts persistent_tokens.json
    • Verifies token exists and hasn’t expired
    • Returns stored payload (username, expiry, isAdmin, etc.) or null if invalid

authController (checkAuth)

  • Enhanced “remember-me” re-login path at top of checkAuth()

    • Calls AuthModel::validateRememberToken() when session is missing but remember_me_token cookie present
    • Repopulates $_SESSION['authenticated'], username, isAdmin, folderOnly, readOnly, disableUpload from payload
    • Regenerates session ID and CSRF token, then immediately returns JSON and exits

  • Updated userController.php

    • Fixed totp isAdmin when session is missing but remember_me_token cookie present

  • loadCsrfToken()

    • Now reads X-CSRF-Token response header first, falls back to JSON csrf_token if header absent
    • Updates window.csrfToken, window.SHARE_URL, and <meta> tags with the new values

  • fetchWithCsrf(url, options)

    • Sends credentials: 'include' and current X-CSRF-Token on every request
    • Handles “soft-failure” JSON ({ csrf_expired: true, csrf_token }): updates token and retries once without a 403 in DevTools
    • On HTTP 403 fallback: reads new token from header or /api/auth/token.php, updates token, and retries once

  • start.sh

  • Session directory setup

Check out latest releases or
releases around error311/FileRise v1.2.4

Don't miss a new FileRise release

NewReleases is sending notifications on new releases.

Get notifications