Documenti di Didattica
Documenti di Professioni
Documenti di Cultura
*updated*
*updated*
*new*
*updated*
*updated*
*new*
*new*
Changes:
- Improvement: new default skin "Shinra".
- Improvement: moving directories and files on the same FTP server is now much f
aster.
- Improvement: logging tables updated to InnoDB engine; automatic log rotation.
- Improvement: all plugins have been updated to the latest stable version.
- Improvement: the syntax editor CodePress has been replaced by Ace
- Improvement: the syntax highlighter Geshi has been replaced by Luminous
- Improvement: package list (with web software which can be installed via net2ft
p) is updated.
- Improvement: Google Chrome browser is now detected.
- Bugfix: fixed filename when downloading a file
- Bugfix: fixed XSS bug on the error page
- Bugfix: fixed the glueDirectories function for shared Windows directories
*updated*
*updated*
*updated*
*updated*
*updated*
*updated*
- Zip library
pcltar version 1.3
- Zip library
zip.lib.php version 2.5
- Calendar
Jscalendar version 1.0
- Upload applet
JUpload version 0.86
- SWFUpload
SWFUpload 1.0.2
- Syntax highlighter GeSHi 1.0.7.21
- Encryption wrapper Stone PHP SafeCrypt
---------net2ftp uses icons from the icon sets:
- nuvola
---------net2ftp is translated into:
- Arabic
- Simplified Chinese
- Traditonal Chinese
- Czech
- German
- Spanish
- French
- Italian
- Japanese
- Dutch
*updated*
- Polish
- Portugese
- Russian
*updated*
- Swedish
- Turkish
- Vietnamese
----------
*updated*
*new*
This release includes a fix for a serious vulnerability in the Unzip functionali
ty.
- Critical bugfix: archives containing malicious filenames are not extracted.
- Improvement: allow/ban IP address ranges.
- Improvement: accesses and errors can now also be logged to the system logger.
- Improvement: the list of web software which can be installed by net2ftp is upd
ated.
- Bugfix: the banned FTP servers were not taken into account.
July 2007: version 0.96
=======================
---------net2ftp version 0.96 contains:
- HTML editor
FCKEditor version 2.4.2
- HTML editor
TinyMCE version 2.1.1
- Code editor
CodePress version 0.9.5
- Zip library
pclzip version 2.5
- Zip library
pcltar version 1.3
- Zip library
zip.lib.php version 2.5
- Calendar
Jscalendar version 1.0
- Upload applet
JUpload version 0.86
- SWFUpload
SWFUpload 1.0.2
- Syntax highlighter GeSHi 1.0.7.19
---------net2ftp uses icons from the icon sets:
- nuvola
---------net2ftp is translated into:
*updated*
*updated*
*updated*
*new*
*updated*
- Arabic
- Simplified Chinese
- Traditonal Chinese
- Czech
- German
- Spanish
- French
- Italian
- Japanese
- Dutch
- Polish
- Portugese
- Russian
- Swedish
- Turkish
*new*
- Vietnamese
---------Minor upgrade release.
- Improvement: it is now possible to upload files from the Browse screen using
the SWFUpload Flash applet.
- Improvement: a list of allowed IP addresses from which users may connect
can be specified in settings_authorizations.inc.php.
- Improvement: added data transfer statistics (blue skin).
- Improvement: updated the Mambo skin and added code to integrate net2ftp with
Joomla 1.0.12.
- Bugfix: the character encoding added in version 0.94 didn't work well for
German (umlaut) and French special characters. Character encoding is now
only applied for Japanese, Simplified and Traditional Chinese, and also
for the UTF-8 languages (Arabic, English, Vietnamese).
- Bugfix: PNG images with transparent regions are now fixed in PHP, which works
better than the Javascript fix (pngfix.js). For people who want to integrate
net2ftp in another PHP application which fixes PNG images in another way, it
is still possible to turn off the correction in settings.inc.php.
- Bugfix: the JUpload applet didn't work any more because cookie information
wasn't passed through. (Still doesn't work with Opera though.)
- Bugfix: recursive chmodding first chmods the subdirectories and files when
chmodding to for example 444, before chmodding the parent directory.
- Bugfix: some XHTML validation fixes.
- Bugfix: files which have filenames containing special characters are now
displayed correctly. When downloading, the filename is preserved on IE (not
yet on Firefox - if anyone knows a fix send an email to david at net2ftp dot
com).
- Bugfix: fixed the Edit and View links on the Browse screen (blue skin).
- Bugfix: removed the check on IP address changes, as this may be the cause for
some people to have to re-enter the login information too often.
- Information: the JUpload applet was not updated to the 0.90 version because
the new applet is too large (441 kB) - this would cause unacceptable download
times for people which are not on broadband.
- Bugfix: the unzipping has been fixed; the temporary subdirectories were not
created with the required permissions.
- Bugfix: following symlinks did not work properly due to a mistake in the skin
files; this is now fixed.
- Bugfix: this version now includes the new Blue skin.
*updated*
*updated*
*new*
*updated*
net2ftp v0.94 is also available in a light version with less plugins, skins and
languages.
The normal version takes 8.9 MB, the light version 4.9 MB.
- nuvola
---------net2ftp is translated into:
- Arabic *new*
- Simplified Chinese
- Traditonal Chinese
- Czech
- German
- Spanish
- French
- Italian
- Japanese
- Dutch
- Polish
- Portugese
- Russian
- Vietnamese
---------New release with improvements, bugfixes and a new language file
- Improvement: The "max_filesize" setting prevents big files from being
processed by net2ftp. Files bigger than this limit can't be uploaded,
downloaded, copied, moved, searched, edited or viewed. They can still be
deleted, chmodded or renamed.
- Improvement: Archives can be unzipped on the FTP server
- Improvement: Symlinks are now handled much better; first net2ftp checks if
it points to a directory or a file; if it's a directory, you're redirected
to that directory; if it's a file, the file is downloaded.
- Improvement: The mapping between the FTP directory and the HTTP directory
now checks if the FTP directory contains special names, like "htdocs" or
"public_html". If it does, the HTTP root directory is set accordingly.
- Improvement: If a file can't be moved, the processing of that subdirectory
is aborted (remaining files are not moved and subdirectory is not deleted)
- Improvement: New language files for Arabic
- Improvement: CSS styles and images are mirrored for right-to-left languages
- Bugfix: Content of the <body> tag is now handled correctly in the HTML editors
net2ftp v0.92 is also available in a light version with less plugins, skins and
languages.
The normal version takes 7.6 MB, the light version 3.0 MB.
May 2006: version 0.91a
===========================
Mainly a bugfix release
- Bugfix: The updated PCLZip libraries that were included in 0.91 were not
modified to work with net2ftp, this is now fixed
- Bugfix: Upload confirmation screen in the India skin didn't show a new upload
form
- Improvement: Integration with Drupal's new 4.7.0 release
- Improvement: Integration with Joomla 1.0.8
net2ftp v0.91a is also available in a light version with less plugins, skins and
languages.
The normal version takes 7.6 MB, the light version 3.0 MB.
May 2006: version 0.91
===========================
*updated*
*updated*
*updated*
*updated*
*updated*
*updated*
*updated*
*new*
*updated*
*updated*
*updated*
*updated*
*updated*
*updated*
- Unnecessary plugin files have been removed (smaller size and increased
security).
- Plugin language is derived from net2ftp language (for plugins: HTMLArea 3.0 RC
1,
jscalendar 0.9.6 and FCKEditor 2.0 RC2).
- Logs are deleted automatically after 14 days; this can be configured in
settings.inc.php.
- Skins have been sorted; pastel moved up; grey and yellow moved down.
- The total nr of directories/files and the total size of the files is printed
on the Browse screen.
- An index has been added for all MySQL tables. A DROP TABLE IF EXISTS
statement has been added to make upgrades easier. This will delete existing
logs.
- registerglobals.inc.php has been cleaned up.
- shutdown() fixed for PHP configurations where max_execution_time is -1.
Bug fixes:
- The net2ftp code was reviewed for security, following the recent release of
different worms which target PHP web applications (Santy).
The mistakes which were checked are those explained in the article "PHP
Security Mistakes" by Dave Clark.
http://www.devshed.com/c/a/PHP/PHP-Security-Mistakes/
1. Never include, require, or otherwise open a file with a filename based
on user input, without thoroughly checking it first.
==> Done.
2. Be careful with eval().
==> net2ftp translation files must be checked for malicious code.
3. Be careful when using register_globals = ON.
==> All auto-registered variables are now unset(), and after that
only those variables which are needed are declared.
This works on all servers, whereas a .htaccess file only works on Apache.
4. Never run unescaped queries.
==> All variables are passed through addslashes() when executing a SQL
query.
5. For protected areas, use sessions or validate the login every time.
==> Login is checked on each pageload, also for the Admin section.
6. If you don't want the file contents to be seen, give the file a .php
extension.
==> Done.
- The HTTP authentication code (used when logging in via a Bookmark and
when using the Admin panel) has been improved to work with different
kinds of PHP setups (external authentication, PHP as CGI, IIS ISAPI).
Due to external restrictions however, there are no workarounds when
PHP is running as CGI module AND mod_rewrite is not available.
- Zip files created by net2ftp can now be viewed using Windows XP's file
manager. They looked empty before. The reason is that there may not
be a leading / in the filename.
- Upload-and-untar is fixed.
- The Copy/move check if the target directory is "same as or subdirectory of"
the subdirectory was not correct.
- The cookie for remembering the last FTP mode was not working. This is fixed.
The default is still BINARY.
By the way: recursive chmod was already present in version 0.81, but not
mentioned below.
A daily limit on data transfer volume and on script execution time can be set.
Once this limit is reached, the user can still browse the FTP server but not
transfer data any more.
The data transfer volume and script execution time are logged per IP address and
per FTP server.
The admin panel has been improved:
- It can now be accessed from the main page.
- The username and password can be set in settings.inc.php (this is easier than
using
the .htaccess and .htpasswd files)
- The code to retrieve the SQL logs is faster
Bugfixes:
* When a file was moved to the same directory, it was deleted. Thanks to Enigma
for
pointing that out.
* Some HTML errors were corrected (Jakub)
* The HTTP headers have been improved
* Minor error handling improvement
March 2004: version 0.80
========================
---------net2ftp version 0.80 contains:
- htmlarea version 2.0.3
- pclzip version 2.1
- pcltar version 1.3
- Everaldo's Crystal icons
---------A new version with lots of additional features:
* Directories, files and symlinks are shown together and can be manipulated
together
* The size taken by directories and files can be calculated; the directories
are processed recursively.
* Directories and files can be searched for a word; the directories
are processed recursively.
* The upload-and-unzip function works now even if the Zip module of PHP is not
installed, thanks to the pclzip library (see /includes/pclzip.lib.php).
* The upload-and-unzip function works now also for Tar archives, thanks to the
pcltar library (see /includes/pcltar.lib.php).
* When uploading files, a popup message appears to tell: 1- to be patient and
2- that if the upload takes more than x seconds, it will be halted and he'll
have to try again with less/smaller files.
* Functions which are not yet totally implemented can be turned on or off in
settings.inc.php.
* If you don't know which function generates a particular output, you can turn a
setting on in settings.inc.php, then extra hidden HTML tags will be added
by each function.
* There are 2 troubleshooting functions: one to troubleshoot net2ftp on a
webserver, and another one to troubleshoot an FTP server.
* While the script is executed, the status is displayed on top of the page.
* Selected rows have another background color
* The number of settings in settings.inc.php have been reduced
to make net2ftp easier to configure. Some were not really used.
* When logging in the passive mode can be set
* The cookies set by net2ftp can be cleared from the login page
* The list of directories and files can be sorted based on the filename, size,
modification time, etc
* Version checking script can automatically check if a new version of net2ftp
exists
* Added support for Lycos Tripod and Earthlink, so that the Open link would work
on the Browse page (printURL() function in browse.inc.php).
* New 16x16 icons which take less space and look nicer
* All icons are .png; workaround applied for IE which does not display
transparent png images nicely by default
* New onMouseOver effect for the action icons
* Bugfix: when the login directory was "" the user was directed to the root
directory instead of his home directory
* Bugfix: when a file was downloaded, the filename was appended by ".txt"
and a line was added at the end of the file (reported by Jean-Pierre and
corrected by Slynderdale)
* Bugfix: files with a filename which starts with a dot are transferred
using the FTP_ASCII mode
September 2003: version 0.73
============================
* Two of Slynderdale's add-ons are now integrated in the main release:
- the directory can be set on the login page
- there is an anonymous login checkbox on the login page. (Last minute note:
this one is included but put in comment, because there is a small bug that
I couldn't solve.)
* A default directory can be specified in the settings.inc.php file.
* Bugfix: . and .. entries are removed now
* Upload page: it is possible to enter another directory on the first page, and
to to upload another 5 files from the upload result page.
* The nr of files that can be uploaded at once can be set in settings.inc.php.
* The location of net2ftp on the server is determined automatically; there
is no need to enter it in settings.inc.php any more.
* A check is made to see if the FTP module of PHP is installed.
The modules needed for zip upload (Zip and Zlib) are optional. If they are
not installed, the extra buttons and textboxes are suppressed.
* New functionality on the administrator page
Bugfixes:
* Some FTP servers do not show hidden files by default.
By using the -a option those files are now shown.
* Some FTP servers return fake directory entries "." and ".." which caused
infinite loops in the copy/move/delete functions. These entries are now
filtered out.
* There was a problem with javascript on the Browse page, if a directory or
filename contained a single quote. This is solved now.
* The directories and files are shown when connecting to the AS400 FTP server.
March 2003: version 0.5
=======================
New features:
* The directory that was last used, is saved in the cookie; when logging in
later on, that directory is used. If the directory has been deleted in the
meanwhile, an error message is shown, and the cookie information is reset.
* Some of the layout settings which were coded on server side in
settings.inc.php and in the browse/edit/... functions have been replaced by
styles in the css files
* The HTML that is generated is now valid HTML 4.01 Transitional, or almost.
(There are some features that most browsers can handle, but which are not
foreseen in the standard, such as the wrap attribute of a textarea, used
when editing text files.)
Bugfixes:
* When logging in for the first time,
On certain FTP servers, entering ""
(for example /home/user) instead of
on a subdirectory link (for example
subdirectory to be /subdir, whereas
This is corrected.
* The layout has been adapted a little in most action (rename, chmod,...) screen
s:
the text is now aligned 50 px from the left border, instead of in the middle.
February 2003: version 0.4
==========================
Following the feedback of some users, here are the bugfixes:
* Function fopen is now used with the "b" option, which is (only) useful on Wind
ows
servers
* The deletion of directories is now done with ftp_rmdir instead of ftp_delete
* The file layout_server.inc.php is merged in settings.inc.php
* All the arrays are now used with ['string'] instead of [string], as
recommended in the manual
* In the INSTALL file is now pointed out how to change the appearance of the
login screen
* The database use is now by default set to no, to make the install easier.
February 2003: version 0.3
==========================
This version contains new features, and bug fixes.
New features:
* Copy and move files to a SECOND FTP server! This is handy for developers,
who develop and test on a different environment than the production environment.
* If you change $myname and $mydomain in the settings.inc.php file, the layout
of the login page is different from what is on net2ftp.com.
* If the security settings (in settings.inc.php) are set to restrict the access
to some FTP servers only, this is reflected on the login page.
Bug fixes:
* Check the authorization only if $check_authorization is set to yes in
settings.inc.php.
* The nr of lines in the edit form is reduced from 37 to 35 in
layout_server.inc.php, because in Mozilla based browsers each line is a little
taller than in IE.
* After doing some tests on different public FTP servers, it appears that they
reply differently to the ftp_rawlist request -- thanks to Ondrej for reporting
this.
- some FTP servers, like ftp.belnet.be, start with a line summarizing how
many subdirectories and files there are in the current directory. The
real list of subdirectories and files starts on the second line. This