FileChucker: Old Changelog

Newer Changelog Items

v4.30 (20080806):

FileChucker now generates video thumbnails on servers where ffmpeg is available; the thumbnail command is customizable though so you can also use any other command capable of generating thumbnails from video files.
New setting $PREF{only_allow_one_subdir_dropdown_per_upload}, and the existing $PREF{only_allow_one_new_subdir_per_upload} setting is now enabled by default, so that by default, if the user selects a subdirectory or creates a new directory, all the files from that upload will use the same directory, rather than being serialized with _01, _02, etc, for the files in a multi-file upload.
New $PREF{integrate_with_userbase_method_b} setting, which provides an alternative integration method for situations where the default method fails because you're running a much older version of one or the other app.
We now detect whether our onload events occurred, so we can display an error if they did not (because we're embedded in a page that does <body onload=foo()> for instance), since some of them are critical for certain features to work.
We now delete any entries from the fileinfo database when the corresponding file itself is deleted.
We now specify a hardcoded default prefs file name, to be loaded only if we fail to load a prefs file based on the script's filename, so that we can attempt to continue on servers that fail to set their environment variables properly.
Emails sent by the script now include visitor information in the email headers (IP address, hostname, user agent).
Bugfix: if using the download_links_go_through_FileChucker setting and if disabling the filename-cleaning feature, then download links would be broken for filenames containing spaces.
(Prefs file updated.)

(More changelogs coming coon.)

v4.01 (20070630) (internal):

FileChucker can now read usernames from PHP sessions.
Custom form fields can now be made read-only.
There is now an option to generate email message IDs internally, for strange cases where the mail server for some reason fails to generate them.
Refactored some code for the passing of progress bar (and progress table) status information from the CGI script on the server to the Javascript on the client, in order to make it easier to hack the code to pass custom/extra information to the browser via AJAX.
Bugfix: when using the new feature where the progress bar is displayed in a pop-up window (i.e. in Safari), we failed to properly relay the AJAX "upload too big" message, so the whole upload would still take place and then the server would tell you it was too big.

v4.00 (20070625) (internal):

Bugfix: the serial_is_userdir feature only worked for the first upload for a given serial number; reusing a serial number (i.e. reusing an upload folder) didn't work.

v3.99 (20070624) (internal):

Bugfix: a recent update broke FileChucker's upload-is-too-big error logic, so uploads that exceed the site's sizelimit setting were just timing out instead of saying "sorry, upload too big."

v3.98 (20070618) (internal):

We now automatically periodically delete any leftover *.rawpost files in the fcdata directory (only applies to servers running outdated versions of Perl).
Made some changes to support servers whose DOCUMENT_ROOT is a UNC path (one beginning with \\ or //).

v3.97 (20070618) (internal):

Renamed the ?makePasswordHash argument to ?newpw (though the old one is still supported).
We now display an error if the human-test image directory does not exist and the human-test is enabled.
We now assume that if userdirs are enabled and the current user has one, then at least one writable directory exists for this user. This is to save a call to get_all_writable_directories(), which can take a lot of time on servers with lots of folders in their upload area.
Bugfix: all template variables are now of the form %%var%% instead of %var% as before, because %foo% is ambiguous within a template that may also contain a URL with hex-encoded portions.

v3.96 (20070614) (internal):

New "Download" link on the options menu for each file in the file list, which "forces" the browser to display a "Save File" dialog for the file instead of trying to use a plugin to render it.
The update-timestamp-on-download feature is finally fixed/finished.

v3.95 (20070614) (internal):

New option to allow multiple levels when creating a new subfolder (i.e. multiple levels in that folder's name; we've always allowed multiple sublevels overall, but you had to create them one at a time).
New option to specify a max image filesize for which we'll attempt to create a thumbnail, so that on sites with huge images, we'll skip them instead of hanging and/or producing an empty thumbnail file.
On the file list, we no longer exit with an error if a folder isn't writable. That generally is an error, but when just displaying the files, it really isn't.

v3.94 (20070613) (internal):

FileChucker can now optionally display the progress bar in a pop-up window instead of within the original page.
FileChucker's progress bar now works more reliably on Safari. Previously it would sometimes work fine but intermittently the progress bar would fail to move; FileChucker now always displays the progress bar in a separate pop-up window for Safari users, which seems to make it function properly all the time. I guess we'll find out come June 29th when there are scores of new iPhone-wielding Safari users...
Miscellaneous CSS adjustments, including a new per-page class attribute on the outermost container so different pages can be styled differently more easily.

v3.93 (20070611) (internal):

FileChucker can now read PHP session data to get an existing username for password-protection, userdirs, etc.
New preference for specifying custom Javascript code to be executed right when an upload completes.
New option to automatically reconnect to a database after an upload completes in case of lost connection (only necessary for a tiny percentage of web hosts who constantly lose database connections, like GoDaddy).
A single copy of FileChucker can now run in multiple modes with different settings by passing URL options to specify different prefs files to be used.
For upload sessions where no files are included, but other form-field data is, we can now pass the form-field data on the URL to another page upon completion.
Bugfix: a previous update broke the pass-formfield-values-on-redirect functionality.

v3.92 (20070526) (internal):

Made the various error pages more consistent, and template-based.
Disabled the $PREF{urls_allowed_to_post_to_us*} settings by default, because a small number of people reported false positives with it.
New option to control whether we serialize new subfolder names if a folder by the same name already exists (previously we always did and there was no option to disable that behavior).
New option to specify custom Javascript code that will be executed when the upload form is submitted (in addition to the existing custom JS code option, which does not get executed onsubmit).
New subfolders created during uploads (whether manually by the user, or via $PREF{automatic_new_subdir_name}) can now include multiple folder levels.
Bugfix: the auto-redirection to the login page that was implemented in the previous update caused problems when not integrated with UserBase, so we now test for that and don't auto-redirect unless integrated with UserBase.
Bugfix: a line in our JS code failed to work in Opera, resulting in it being impossible to upload. This appears to be due to a bug in Opera's regex processing within Javascript, but we've now implemented a workaround that does the same thing in a different way, and works on all browsers.

v3.91 (20070517) (internal):

You can now add custom columns to the file list to display information about the uploaded files (the same information that was previously [and still is] available on the options > info link).
Now the "You must log in" screen automatically redirects the user to the login page.
You can now specify notification email recipient addresses on a per-folder basis.
We now hide/ignore Frontpage's stupid _vti_cnf folders by default.
Our newline-replacement string (used in the info files) is no longer optionally space-padded, in order to simplify processing and make it more deterministic. This may affect sites that have existing info files which store fields that can contain newlines; the result would simply be extra spaces in the field's value.
Bugfix: a recent update made perfile formfields fail to have their values saved for files other than the first one in multi-file uploads.
Bugfix: when using the store-info-to-database option, the new counternum field was created as NOT NULL which caused a problem on some versions of MySQL.
Bugfix: the "Add another file?" link is now hidden when in reprocessing mode.
Bugfix: a recent update broke the serial_is_userdir feature in some cases, because the serial number is now generated client-side just before each upload begins; so we now use this new serial number in creating the userdir instead of the one hard-coded into the subdir field.
Bugfix: the reprocessing feature was not being processed by the Javascript code for the Actions Menu.

v3.90 (20070502) (internal):

New $PREF{enable_upload_counter_number} option to give each upload a unique number that can be used as a serial number, order number, confirmation number, etc.
Changed the file info page (FileList > options > info) so it is now entirely template-based. This required changing the format of our info files in a way that breaks compatibility with any existing info files created by previous versions of FileChucker. So if you have existing info files that you need to keep accessible, then you'll probably want to set $PREF{store_upload_info_in_files__oldformat} = 'yes'.

v3.89 (20070425) (internal):

The user can now add more file-fields to the upload form by just clicking on a link that updates the page instantly, instead of having to hit an "Apply" button which reloads the page from the server as before.

v3.88 (20070424) (internal):

The Javascript that controls the progress bar and table now includes a check for a rare problem on some (probably broken) servers which prevents the server from knowing the total upload size.
Added some more sanity checking and bounds-checking for the progress percentage on the upload form.

v3.87 (20070413) (internal):

New option to allow form submissions that don't include files, in case you want to collect other data (text input) in a submission that may or may not include file uploads.
The upload progress bar now slides smoothly from one value to the next instead of jumping.
The pop-up menu on the per-file "options" link has been changed: it no longer includes a "Close Menu" link -- instead clicking somewhere else automatically closes it (as is ~standard for such menus); it now has a minimum width so it never displays absurdly tinyly; it now displays "(none)" when there are no applicable options for a given file/folder.
Bugfix: if disabling the $PREF{show_progress_table_during_uploads} option, so that just the progress bar is shown (but no textual data), the upload failed to start.

v3.86 (20070407) (internal):

Bugfix: one of the recent Javascript updates caused an incompatibility with certain versions of Firefox on Windows; fixed now.

v3.85 (20070406) (internal):

You can now specify different icons for files in the file-list based on their MIME types (determined by their file extensions).
Bugfix: the "Home" link in the footer was displayed as an invisible link if the $PREF{home_link_name} was set to null; now it's not displayed at all in that case.
There is now an "all permissions" page to show all the folder permissions that have been assigned to all users and groups (in addition to the original permissions page which shows the permissions for each folder on its own permissions page).

v3.84 (20070402) (internal):

Added new "human test" feature, where the user has to enter a code displayed on the page to prove that he is a human and not a spambot (or other nastybot). This feature also includes an invisible mode where the user doesn't even actually have to type anything or even see the extra field at all, and it should still block spambots.

v3.83 (20070331) (internal):

FileChucker can now generate the upload serial number (synchronization token) on the client-side via Javascript at the start of each upload, which can be useful in some situations where the upload form must come from a static file.

v3.82 (20070329) (internal):

FileChucker's upload form can now get a new upload serial number from the server at the start of the upload, instead of when the form itself is first generated. This can facilitate the separation of the front-end from the back-end (for example to host the form and the CGI script on two different servers).

v3.81 (20070328) (internal):

Added an option to automatically transfer the uploaded files to a second server via FTP at the end of an upload.

v3.80 (20070327) (internal):

Bugfix: when using custom_folder_permissions together with integrate_with_userbase, users in the public group were sometimes treated as users in the members group.

v3.79 (20070321) (internal):

Bugfix: the $PREF{serial_is_userdir} feature broke in a past update; fixed now.
Moved lots of text strings into user-adjustable $TEXT{foo} settings, to make i18n and l10n (internationalization and localization) easier for translations, etc.
Lots of small changes to make Perl's warnings mode less verbose.
The top row on the file-list (containing the "Viewing:" breadcrumbs line and the Options Menu) is now a row within the table, instead of a separate div. This makes styling easier when you want to adjust the width of the file-list, and it obviates the need for some conditional CSS that was previously necessary to make the div align properly in IE.

v3.78 (20070309):

Added an option to specify the amount of sleep-time during upload blocks when not using the upload hook (i.e. only on servers with extremely old versions of Perl, or where you manually set the disable_upload_hook option). On most modern servers there is no sleep time and uploads happen as fast as the network link will allow.
Removed some old unused code.

v3.77 (20070307) (internal):

Added documentation for the fact that you can now pass ?path=/foo/bar/baz/ on the URL to specify a particular uploads subdirectory (feature was added a few releases back).

v3.76 (20070307) (internal):

The size and date columns in the file-list can now be disabled.
Bugfix: in a few places, we forgot to change our old %TEXTBOX variables to the new %FORMFIELD variables.
Each item (row) in the file-list now has a single "options" link that produces a pop-up menu when clicked, which contains the various actions like delete, move, info, etc (as opposed to before where each of those actions had its own space-hogging column in the table).
Bugfix: sometimes on servers without sendmail and/or MIME::Lite, the error message we displayed didn't contain all the error details.

v3.75 (20070228) (internal):

The template-based notification emails can now include a list of the uploaded files.

v3.74 (20070226) (internal):

Bugfix: sometimes the "you tried to upload too much data" message would display 0 as the current limit. Fixed now.

v3.73 (20070223) (internal):

The upload progress bar now has a nicer more 3D look.
Added documentation for the fact that notification emails are now fully customizable via templates (feature was added a few releases back).
Default exclude list now includes .phtml files.

v3.72 (20070222) (internal):

The file/folder/size counts in the footer now reflect the current folder only, and clicking on it toggles to a new set of numbers that reflect the current folder and all subfolders.

v3.71 (20070221) (internal):

Bugfix: custom folder permissions feature incorrectly assumed that UserBase was present in some places.

v3.70 (20070220) (internal):

If image-processing Perl modules (ImageMagick and GD) are not present, we display a message explaining how to install them, and stating that the user can optionally disable the image features instead of installing the modules. But one of the PREF names to disable was slightly incorrect in this message.

v3.69 (20070208) (internal):

The $PREF{top_textbox_NN_singleline_*} options are now $PREF{formfield_NN_*} options.
FileChucker now supports image rotation in the file-list.
The file/folder checkboxes on the file-list now support "Delete" as a multi-item action.

v3.68 (20070202) (internal):

The you-must-login message is now customizable.
FileChucker can now automatically create a new subfolder for each upload based on the user's textbox input, cookies, URL variables, date/time, etc.
The _dbcolname PREF for textboxes has been renamed to _shortname, and it is now required for all textboxes/formfields (as opposed to before when it was required only if storing the data into a database).
Added CGI and ASP extensions to the default list of excluded extensions.
Added better documentation for the replace/reprocess modes.
New option to automatically put users into their userdir subfolder in the file-list, instead of always starting them at the top level and requiring them to click on their home folder in the list.
The upload serial number is now a hash by default.
Notification emails are now totally customizable, with separate templates for admin notifications and user notifications.

v3.67 (20070113) (internal):

Added option to disable the checkboxes on the file-list.
Bugfix: one of our SQL loops referenced undef instead of \$foo which some older MySQLs don't support.

v3.66 (20070112) (internal):

New "replace" and "reprocess" modes to allow users to select files in the file-list and choose to upload replacements, or reprocess the job that they came from without re-uploading the files.
New option to force all uploads into subdirectories of the uploaded_files_dir (i.e. don't present the root of the uploaded_files_dir in the directory selection drop-down list).
The file-list now has a checkbox at the end of each row, to allow the user to select and manipulate multiple files/folders at once (currently the only available actions are "replace" and "reprocess").

v3.65 (20070110) (internal):

Bugfix: previous update caused breakage when max_files_allowed was set to 1.

v3.64 (20070109) (internal):

Streamlined extension-based filtering and added new option to filter based on strings anywhere within filenames (not just extension), including support for regular expressions.

v3.63 (20070105) (internal):

Bugfix: custom front-end form support only worked for single-file uploads; now supports multi-file just like the built-in form.

v3.62 (20070104) (internal):

Slight changes to the custom form support.

v3.61 (20070104) (internal):

Now supports unlimited arbitrary groups of users when integrated with UserBase.
FileChucker now supports custom folder permissions, allowing the webmaster to specify read-only or read-write access for individual users/groups on a per-folder basis. This is basically an ACL (Access Control List) system. (The "must_be_member_to_*" PREFs are now "groups_allowed_to_*" PREFs.)
Changed the internal handling of the userdir feature; userdirs are now all within a top-level subdir ("home" by default) in your uploaded_files_dir, so that even with userdirs enabled, it is possible to allow your users to access other top-level folders if you wish.
It's now possible to have notifications emails sent to user-entered email addresses even if you don't have them sent to your administrative email address.
It's now possible to specify header and footer files that FileChucker will include in its output. This is normally much better handled by calling FileChucker via PHP or SSI (the latter in a *.shtml file), but on some especially retarded servers (which is to say IIS 6+) that's not always possible.
We now support fully-custom form front-ends. We still need to put our JS/CSS/etc into the page, but the form elements (inputs, selects, radio buttons, checkboxes, textareas, and file elements) can be totally custom. (For cases where FileChucker's built-in formfield features don't provide enough flexibility.)
Changes to how database credentials are stored.
Many small changes, some not documented.

v3.47 (20061222) (internal):

Slight adjustments to the way we update the timestamp on files when they're downloaded.

v3.46 (20061212) (internal):

Slight adjustments to default settings for UserBase integration, since UserBase is now at /cgi-bin/userbase.cgi instead of /cgi-bin/userbase/userbase.cgi.

v3.45 (20061211) (internal):

Custom dropdown boxes (i.e. select/option elements) now support the ability to have each displayed item map to a different submitted value, for example you could have the drop-down display names, each of which submits a different email address (which the user does not see; he only sees the names).

v3.44 (20061205) (internal):

Bugfix: the Options Menu now only displays the thumbnail options when those features are enabled.
We now display a nicer error message if neither ImageMagick nor GD are installed on your server, and include instructions for how to install them, and to disable the thumbnail features if the modules cannot be installed.

v3.43 (20061204) (internal):

Thumbnails in the file-list can now be enabled but turned off by default (so users can enable them via the Options Menu if they want to).
Moved some initialization code from the top of the script into the load_prefs() function to improve code organization.
We no longer hide the file/folder icons when displaying thumbnails in the file-list, because displaying them helps to distinguish folder thumbnails from file thumbnails.
We no longer upscale images when creating thumbnails; any image that is already smaller than our thumbnail size will be used as-is for the thumbnail.
Improved delete feature: deleting a file now uses a pop-up confirmation dialog instead of a confirmation page, so the whole process is quicker, and it also returns you to the same page you came from (including any sort options) rather than just to the default file-list page.

v3.42 (20061107) (internal):

New option to store URL variables into a database.

v3.41 (20061107) (internal):

Moved CSS Conditional Comments to after the user's custom CSS, so the CCs don't break the stylesheet (thus preventing the custom CSS from taking effect) when embedding within an existing layout.
The counts on the file-list now include hidden items.

v3.40 (20061106):

New "grid" display mode, particularly useful if most of your files are images and you have thumbnails enabled.
New "Options Menu" provides a centrailzed location for adjusting the style, layout, and thumbnail-viewing options.
We now display a file-count in the "Size" column for folders.
New folder-thumbnail feature, so that folders containing images automatically have a thumbnail displayed, instead of just a folder icon.
Laid the groundwork for internationalization and localization (i18n and l10n).

v3.39 (20061103) (internal):

Hide the thumbnails directory in all the drop-down dir listings.

v3.38 (20061103) (internal):

Added ".jpe" to the list of file extensions for which we display thumbnails.

v3.37 (20061103) (internal):

The file list now displays thumbnails for files that are images.
The custom textboxes feature can now create radio button lists and checkboxes, in addition to text fields, multi-line text boxes (textareas) and drop-down lists (select elements) as before.
Drop-down lists are now positioned more nicely by default.
New option to specify the initial/default value for form elements.
New option to specify filters to hide folders/files from being displayed in the file list (in addition to the existing extension-based filters).
Bugfix: on IIS, sometimes our untaint function receives garbage like ".\\98736CGI.tmp" and the escaped backslash breaks the untaint process (thanks, Microsoft). Fixed.
Bugfix: when using pass_textbox_values_on_redirect, the dash we used would prevent some PHP methods from properly retrieving the URL variable. So that dash is now an underscore instead.
Bugfix: the serial_is_userdir option now works with serial numbers containing letters.

v3.36 (20061027) (internal):

Added quota features that can be enabled for the entire uploads directory and/or for individual member subdirectories (userdirs).
Reorganized some of the code that handles an IIS5 redirection bug.

v3.35 (20061023) (internal):

Changed the default installation location from /cgi-bin/filechucker/filechucker.cgi to /cgi-bin/filechucker.cgi.
Renamed the logs directory to "fcdata" to help prevent people from thinking that it's just temporary logs in there.

v3.34 (20061023) (internal):

Moved the path_to_filelist_images PREF into PREFs Section 02, since anyone who changes the uploaded_files_dir setting will probably want to change this too.
Added some brief instructions for how to create your own styles, in the inline documentation for the styles in PREFs Section 11.
Bugfix: on some IIS installations, we couldn't load the filechucker_prefs.txt file because it wasn't in our cwd.

v3.33 (20061018) (internal):

Extremely old versions of Perl (as in >5 years old) don't support some of the "newer" more efficient upload logic, so we now have a fallback for them.

v3.32 (20061018) (internal):

The clean_up_filenames preference now applies to files that you've set to be renamed based on the user's textbox input.
New only_allow_one_new_subdir_per_upload & display_dropdown_box_for_subdir_selection prefs provide greater flexibility in configuring the upload form.
Moved some of the markup for the footer and the "Viewing:" box into prefs.
New "round" style.
Rearranged some of the code and prefs related to high-contrast row-highlighting for the uploaded files table; now you can specify a different high-contrast highlight color for each style.
Now if a user tries to create a new subdirectory during an upload, and a directory by the same name already exists, we rename the new one with an "_01" ("_02", "_03", etc) on the end.

v3.31 (20061013) (internal):

Bugfix: when using enable_userdir_on_url and keep_userdir_on_url, some functions (like ?js and ?login) complained about userdir missing from the URL, when really they shouldn't care about that. And some functions (like move/rename/delete) failed to keep the userdir on the URL.

v3.30 (20061011) (internal):

We now show the percent completed in the titlebar during uploads.

v3.29 (20061005) (internal):

Now pressing Enter when a textbox is focused will call the verification function instead of submitting the form.

v3.28 (20060928) (internal):

Improved the "dark" color scheme.
Streamlined some of the color-scheme functions so adding new schemes/themes is easier. Also added the ability to have per-scheme values for $PREF{title}.

v3.27 (20060927) (internal):

New pref update_timestamp_on_download so that the file's date/timestamp can reflect the last time it was accessed (downloaded), instead of the last time it was modified (which is probably when it was uploaded).
New dark color scheme.
We no longer pass the uploaded file's URL path on the URL for the upload-complete page.
New prefs length_of_serial and use_letters_in_serial.

v3.26 (20060926):

Now if you've enabled an email textbox, you can choose to have the From: field on your notification emails be set to whatever address the visitor enters into the email textbox.
Refactored the email function to be more logical and to print better error messages in case the SMTP server and/or sendmail preferences aren't set.

v3.25 (20060916):

Previously, we weren't actually returning XML to the AJAX calls; we were using straight text. Of course this isn't really a problem, and it's quicker (since we're not transferring lots of text we don't really need), but it was annoying seeing the "errors" in the Javascript console. So now we return a valid XML document.
Bugfix: filenames containing pound-signs can now be downloaded without error.
Bugfix: the automatically_delete_old_files pref would sometimes attempt to delete non-empty directories, which of course didn't work and returned an error.

v3.24 (20060915) (internal):

You can now specify different upload size limits for strangers, members, and administrators.

v3.23 (20060914) (internal):

New pref automatically_delete_old_files.
Changed how the after_upload_redirect_to and reformat_filenames_for_all_uploads prefs are defined.
Bugfix: moving the entire prefs section to a separate prefs file without editing it should actually work now; previously, it would choke on non-string values.
Bugfix: if using your server's document root as your uploaded_files_dir (unlikely), there were duplicate slashes in some places, which prevented the download links from working.

v3.22 (20060913) (internal):

Added more workarounds for IE's ridiculous caching of AJAX stuff that's already clearly marked DO NOT CACHE.

v3.21 (20060912) (internal):

Bugfix: prefs loaded from a separate prefs file can now be set to null values.

v3.20 (20060906) (internal):

Manually create the REQUEST_URI env var if DNE (because IIS is garbage).
Try to set DOCROOT from PATH_* (because IIS is garbage).
Improved processing of upload data so uploads (once transferred to server) are processed much more quickly with less work by the server.

v3.19 (20060828) (internal):

Bugfix: when manually setting uploaded_files_urlpath (which is only when uploaded_files_dir_is_in_docroot is disabled), and when integrating with UserBase, the download links for members' files were broken (they didn't contain the username in the path). This affected an extremely small number of users since uploaded_files_dir_is_in_docroot is enabled, not disabled, in over 99% of installations.

v3.18 (20060826) (internal):

Now when an AJAX call comes back screwy, we still continue to try to update the progress bar (but at a slower rate), rather than stopping it altogether. (The upload itself still continues regardless.)
Bugfix: when uploading multiple files and using the after_upload_redirect_to pref, interpolating variables from the URL to form the redirection URL did not work.
Bugfix: when using serial_is_userdir, the link on the upload-complete page to reuse the uploads folder went to the wrong place.

v3.17 (20060817) (internal):

Bugfix: when uploading multiple files, if the user left some of the file fields blank, we did not decrement the count for total-uploaded-files for that session.

v3.16 (20060816) (internal):

Bugfix: when integrated with UserBase, the names of our infofiles did not have the userdir on the front, so while each user could see the infofiles just fine, the admin could not. Now we prepend the userdir to the infofile name so it is accessible by both members and admins.

v3.15 (20060808) (internal):

Added new PREF store_upload_info_in_database.
It seems that on some certain pages, window.onload fires before the page is really done loading. So we now schedule set_row_mouseovers() to be executed a few extra times after a 1-second interval if #filelist doesn't exist yet. This turned out to only apply when a certain (old) DOCTYPE was used, so we are not keeping it in for use in the general case.
Changed the "here" PREF into multiple separate PREFS (here_uploader, here_filelist, etc) to ease integration into some layouts.
Added new integrate_with_existing_login_system PREF. We already did this for userdirs, but this allows further integration.
Added new login_url and logout_url PREFs to ease integration.
In various places, moved markup into PREFs to ease integration.
Added new progress_bar_width PREF to easily adjust this.
Added new show_progress_table_during_uploads PREF for those who want just the bar without the table.
Added new PREFs to control whether the default message & stats are shown on the upload-complete page, as well as a PREF to define a custom message to be displayed there.

v3.14 (20060804) (internal):

On the post-upload redirection URL, the uploads stats data now comes before the textbox values. We also now abbreviate some of the field-names used on this URL due to Safari having an extremely lame max URL length.
When hiding the upload form to display the progress bar, we now include display:none in addition to abs-pos relocation because otherwise IE doesn't hide everything properly in some rendering modes.
Rewrote some of the login code to make it more consistent across the various login systems.
Rewrote some of the output to be more semantically correct (using <dl>s and <label>s instead of generic DIVs, etc).
Added PREFs to disable the container DIVs.
Added PREFs to disable the output of the full HTML tags (i.e. HTML, BODY, HEAD, etc, and their closing tags at the end) so that embedding FileChucker within another page is syntactically valid. Also added functions to return only the CSS and JS, to be called from the page's HEAD when we're installed this way.
Bugfix: if the server didn't have an SMTP server available and thus had to use sendmail, then HTML messages were getting sent as text.

v3.13 (20060726) (internal):

When passing the names/values of custom textboxes on the URL after an upload is complete, instead of passing "&value=&" for null values, we just didn't pass that value at all. Now we do pass it, with a null value.
Added a very basic shopping cart / ordering system, that allows users to select items (files) and place an order for them, which simply sends an email to you containing the list of items and the user's info.
Removed the word "Error" from the "Authentication Required" message, since in some (most?) cases that's not actually an error, just a message.
Added new default_page PREF for installations where the default page should be the filelist instead of the uploader.
Added new KB and MB PREFs so these labels can be set to something else (to Ko and Mo, for French users, for example).
Added the option to have custom drop-down fields (i.e. select/option elements) in addition to custom textboxes as before.
Simplified the handling of any textboxes marked mandatory.
We now mark the first file-selection element as mandatory so that we can catch it with Javascript if the user fails to select a file (rather than relying on the server-side to detect that, as before).
Added the ability to copy/move PREFs from the script into the separate prefs file directly, without removing the programming syntax. This means you can basically take the entire PREFs section from the top of the script as-is and drop it into a separate filechucker_prefs.txt file without having to adjust anything.
The AJAX now reads the serial number from the action attribute on the form element, rather than having it hard-coded in from the Perl side. This makes it possible to rip out all the Javascript and put it into a separate *.js file (though there are still lots of Perl variables in there, so you'd want to take it from the script's output -- i.e. a rendered page's source-code in your browser -- rather than from the Perl source code).

v3.12 (20060721) (internal):

Added new PREF pass_textbox_values_on_redirect.

v3.11 (20060719) (internal):

Added an uploadbuttonwrapper div around the upload button.
Added a "file" CSS class to the file-selection field, and a "text" CSS class to the new-subdirectory field.
Added a new PREF "cancelbutton" for users who want a "Click here to cancel this upload" -type link on the upload progress page.

v3.10 (20060718) (internal):

The "Upload Complete" page is now displayed within your site's SSI/PHP framework (assuming you've got that enabled with the "here" preference).

v3.09 (20060717) (internal):

Adjustments to handle uploads properly on ancient Perls.

v3.08 (20060717) (internal):

Changed the way we open files and directories to appease ancient Perls.

v3.07 (20060716) (internal):

Separate prefs file now supports perl-style here-documents, i.e. foo=<<'STOP'; ... (stuff on multiple lines) ... STOP
Now if an upload was disallowed (i.e. because of an illegal extension), we show "...but there were errors" on the upload-complete page (in addition to printing the "skipped..." message for each individual skipped file, as before). And if after_upload_redirect_to is set, we ignore it to display the error. (TODO: we should pass the error onto the redirect page instead.)
Now the notification emails (sent to the webmaster or to a user-entered email address) can optionally include the uploaded files as attachments.
Any custom textbox can now be made mandatory, i.e. the upload will refuse to start until the user fills it in.
User-entered email addresses (in email textboxes) are now checked for proper formatting (they must contain an at-symbol and a period, separated by text, and surrounded by text).
Cleaned-up the "big" style and re-enabled the style-switcher by default, and added a new "minimal" style.

v3.05 (internal):

New custom_footer prefs.

v3.03 (internal):

Added new pref pass_original_querystring_through.

v3.00 (aka v2.96) (20060703):

Now when the server doesn't respond to an AJAX call, we don't pop up the Javascript alert box with "Error: got a non-OK status code..." unless FileChucker is in debug mode.
New file-list styling that's higher-contrast and more fancy, maybe even a little "web 2.0" as they say.

v2.95b9 (20060628) (internal):

Bugfix: when using the New Folder function in the file-list, if userdir-on-URL is enabled, then creating a new folder failed because the userdir wasn't passed on the URL.

v2.95b8 (20060625) (internal):

Added new PREFs to enable more granular control over whether the "Upload Complete" page displays the filenames as links:

	upload_complete_page_links_to_files_for_strangers
	upload_complete_page_links_to_files_for_members
	upload_complete_page_links_to_files_for_admins

v2.95b6 (20060621) (internal):

Added new PREF show_text_url_to_file_after_upload, for users who want to copy & paste the link to their file, but don't know that you can just right-click on the link and choose "Copy."

v2.95b5 (20060620) (internal):

Added elapsed time, total size, and average speed stats to the "upload complete" page.
After deleting a file, we now meta-refresh, to get the delete parameters off the query-string, to prevent spurious re-deletion attempts when other links are clicked.
Added new PREF nice_serialization, so that if a file by the same name already exists on the server, the new upload will automatically be renamed with an "_01" or " 01" at the end.

v2.95b4 (20060615) (internal):

Added new PREF download_links_go_through_PeerFactor to support the P2P-based automatic load-balancing service provided by PeerFactor.
Refactored file-list code to simplify and eliminate duplication.
Added new big blocky style for the file-list, and new PREFs that allow visitors to switch their view between the small (older) style and the new style at any time.

v2.95b3 (20060614) (internal):

Added a few isNum() tests in the AJAX to prevent things from breaking (in IE), and NaN from being displayed, when things aren't yet initialized or aren't coming in fast enough, due to network issues.
The sort-by-column feature now works even when enable_subdirs is not set.
IE doesn't support window.stop, so now when the size of an attempted upload exceeds our $PREF{sizelimit}, we redirect to ourselves to stop the browser, and then display the error message.

v2.95b2 (20060613) (internal):

We now hide the "Mv" and/or "Del" column headers when the user doesn't have permissions for those actions (i.e. when the columns are empty).

v2.95b1 (20060612) (internal):

Updated for compatibility with the new UserBase, which is now a single file instead of 4 separate files.
Bugfix: if download_links_go_through_FileChucker was set, the "Show Uploads" link would not be displayed, even though typing in the URL manually did work.
Removed some old unused functions (written back when trying to get around the server write-caching issue).

v2.94 (20060607) (internal):

Now the auto-rename-uploads feature can use values that the user types into textboxes when renaming the file.

v2.93 (internal):

The debugging output can now be displayed on any page, not just the front page (the upload form).
The "Folder is Empty" message and the $PREF{sizelimit} inline calculation from previous updates apparently failed to get applied to the master copy of this program; they're there now.

v2.92 (internal):

Specifying the sizelimit PREF in the separate prefs file now works just like it does when specified in the script itself: you can use inline multiplication like "1024*1024*5" to mean 5 MB, instead of having to calculate the product manually and use that for the PREF value.

v2.91 (internal):

Added a "Folder is empty" message when displaying an empty folder.
Bugfix: the new time_offset PREF was causing trouble in a few places where it's used in strings; the addition operation between it and the time() call needed to be parenthesized.

v2.90 (internal):

The file-list can now be sorted by different columns by clicking on the column names, just like directory listings in Apache (and in your system's local file-manager program, etc).
Added a new PREF{time_offset} to be added to / subtracted from the value of time() in each call to localtime(time()), so people whose servers are in different timezones can see date/time in a sensible way.
The filesizes were getting rounded/truncated to zero instead of 1 for very small files. Now if the file has any non-zero content then it'll go to 1 instead of 0.
The clean_up_filenames PREF now defaults to yes.
Changed the name of the "Uploader" link in the footer to "Upload Files" to match "Show Uploads".
Added new PREFs home_link_name and home_link_url so that webmasters can set the "Home" link in the footer to something other than their server's document-root if they want to.
Changed the order of the text in the email notification to "User/File Data" then "File/System Statistics" and then "Footer". Most customers do not want to see the technical information first - they want the user-entered fields and the direct link to the file.
Bugfix: in sub delete_directory(), the RHS of the path-testing expressions needs to be protected with \Q...\E because of the fact that Windows uses the escape character as its directory-separator. So all the instances of this:
```
	if(foo =~ /^$PREF{uploaded_files_realpath}/)

		if(foo =~ /^$PREF{DOCROOT}/)
```
...need to have the RHS wrapped in \Q...\E.
Now when an upload exceeds the size limit, we use javascript to stop the upload.

v2.89 (internal):

Safari is buggy in its handling of AJAX calls; specifically if we issue a progress-status call before Safari starts sending the upload data, the whole thing stops communicating. As a work-around, we now wait ~8 seconds before issuing any status calls (compared to 1.2 seconds in other browsers). Not sure if this is a complete fix but so far it seems to prevent the problem in our tests.

v2.88 (internal):

New PREFs smtp_auth_username and smtp_auth_password to support SMTP authentication.
Custom textboxes are now styled & aligned more nicely by default
New PREF "download_links_go_through_FileChucker" so the download links aren't normal links directly to files, instead they go through the CGI script, so we can password-protect them, and send notification emails when files are downloaded (TODO).
Changed error message for ancient browsers that don't support XMLHTTP from "Error: could not create XMLHTTP object." to "Your upload is in progress and will probably complete successfully, but your browser cannot display the progress bar (most likely because it is too old). Please wait while your upload completes."

v2.87 (internal):

Added a new PREF "outtro", like "intro", to display text just before the "Begin Upload" button.
Bugfix: when the overwrite_existing_files PREF was enabled, it caused confusion about whether the serial number was removed from filenames in some cases, resulting in infofiles not working properly.

v2.86 (internal):

Bugfix: if integrate_with_UserBase was set, we assumed that enable_userdirs was set too.

v2.85 (20060421):

Added new PREF to include the list of uploaded filenames & filesizes on the redirection URL.
Massive reorganization of the PREFs section at the top of the script. All PREFs are now categorized and should be much easier to use/adjust/understand.
Bugfix: after_upload_redirect_to did not work while the debugging PREFs are enabled (still doesn't, since of course we can't print headers once we've printed the debug output; but now it explains that fact, and shows where it would have redirected).

v2.81 (20060419):

Bugfix: the table row background color on hover now only applies to rows in the filelist table, not all <tr>s on the page. (This only affected sites that both used table-based layouts (or have other tables in their site header/footer) and embedded FileChucker within those layouts.)
Bugfix: for text boxes / comment fields, the _save and _email options were not handled correctly: if they were set at all (i.e. even set to 'no') then they were treated as if they were set to 'yes'.
Bugfix: don't try to set cookies if output has already started (since obviously it will fail). This only happened when debug mode was enabled at the same time that text fields with _save were configured.

v2.80 (20060417):

Reworded the serial_is_userdir mode output to include a message & link explaining how to create a totally new upload folder instead of re-using the current one.
Buxfix: if multiple text boxes were configured as email fields, only the final one actually received the notification email.

v2.75 (20060415):

Added new PREF serial_is_username, which enables automatic private upload directories without having to use usernames or passwords. This is primarily designed to facilitate single-use uploads, like when someone just wants to sent a single file to a friend, but the user can choose to re-use the same private directory for future uploads too.
Bugfix: the file display/hide filters (only_show_files_with_these_extensions and hide_files_with_these_extensions) were ignored if enable_subdirs was disabled.
The "New Folder" link was displayed in the file-list even if enable_subdirs was disabled.

v2.70 (20060414):

We now allow an unlimited number of input/comment text boxes to be configured, and they can go anywhere you want: at the top of the page, at the bottom, or once per file.
You can now configure any of your input/comment text boxes to be an email address field, so that after the upload, a notification email is sent to the user-specified address. This field accepts multiple addresses too, separated by commas and/or spaces.
Added a new PREF to hide the URL path in various places, like the subdir-selection drop-down box, the move-item page, etc. This makes the uploaded-files-dir look like the root of the site for the purposes of your visitors using FileChucker. (Of course, files are not actually uploaded to the root of the site, unless that actually *is* your uploaded-files-dir.)
Added must_be_*_to_delete_items PREFs so that the webmaster can choose whether strangers and/or members should be able to delete files. Previously only admins were allowed.
When an upload is denied because of an illegal extension, we now put the original filename with extension into the error message and into the email to the administrator.
When renaming a file, the new-filename box is now pre-filled with the old filename, to make it easier to make small name changes.
Improved the JS code for the table-row hover background color. Because IE is a piece of garbage, we can't simply use CSS to do this. Previously, we were using Javascript on every single <tr> tag to set the mouseovers & mouseouts; now we're using a loop in a JS init function to set them all. So the page size is reduced considerably.
If $PREF{max_files_allowed} is set to 1, then we don't show the "choose number of files" drop-down box.
We no longer include the uploads-dir-name at front of info filenames. This means you can now move your uploads dir somewhere else, and the existing info files will still work properly. Note that this breaks your ability to view info files created by versions of FileChucker prior to 2.70. (If that's a big problem for anyone please contact us; if you can send us your old info files and/or give us access to your server, we can probably update them for you.)
When displaying the info file for an upload, the filename now wraps instead of overflowing its container on the page.
Bugfix: when integrated with UserBase, the login link was still pointing to the built-in login instead of the UserBase login in some places.
Bugfix: if after_upload_redirect_to was set, notification emails failed to be sent.
Bugfix: when uploaded_files_dir is set to somewhere outside the website's DOCROOT, the dir-selection drop-down shouldn't show /cgi-bin/... in front of the path, and the success page shouldn't show the filename(s) as links.

v2.60 (20060316):

FileChucker can now be integrated with the UserBase login system.
Now when you delete a file, you get automatically sent back to viewing the file-list where the file was at, instead of being shown a "Deletion successful" message. But if an error occurs, the error is shown instead.
Added a new PREF "show_login_link" to control whether this link is displayed with the other footer links. If it's not displayed, then you can log in by either a) visiting a page that you don't have access to, and clicking the "you must log in first" link, or b) visiting the script with ?login on the end of the URL.
Added a "home" link to the footer links on most of the pages.
At the beginning of the process_upload() subroutine, we now check whether the serial-number variable is null before untainting it. This is so that in the rare case of someone trying to post to the script from their own form, they'll get a more sensible error message than "couldn't untaint ''".
Added progMeterInner DIV to aid in styling. This includes everything that the progMeterContainer DIV does, except for the title and the powered-by DIVs.
Replaced the uploaded_files_dir_type PREF with uploaded_files_dir_is_in_docroot, and did the same for logpath_type. This is just to make it a little clearer and easier to understand.
Bugfix: the commentsbox-code was incorrectly nested within the subdir code, so you couldn't have comments without subdirs.
Bugfix: moving items didn't work (died with an error) if you were moving a file (as opposed to a folder). This got broken in v2.50 with the new PREF "store_info_about_each_upload".

v2.55 (20060302):

Added a new PREF "display_comments_box_for_uploads", so that for each file, the user can enter some comments or information about it, which will be saved on the server and included in the notification emails (if enabled).
The auto-reformat-filename feature can now interpolate variable values from both the query-string on the URL and from cookies.
Added a new PREF "after_upload_redirect_to" which lets you specify a URL to send the user to, instead of displaying the normal "upload complete" page. This can also include variables from the URL and from cookies.
Added a new PREF "custom_css_section" which lets you specify your own stylesheet or just individual style rules without having to edit the script's code directly.
The user-agent field in the infofiles now wraps instead of overflowing the container.
We now overwrite the infofile if it already exists, based on the logic that it won't already exist unless someone manually deleted the corresponding uploaded file outside of FileChucker (via shell, FTP, etc), in which case the infofile is no longer relevant anyway.
We now display a "Home" link on the bottom of the uploaded file list (as we always have on the bottom of the uploader itself).
At the bottom of the uploaded file list, we now hide the "Uploader" link if the user doesn't have upload rights, and we hide the "New Folder" link if they don't have that right.
Bugfix: the notification emails were being sent as plaintext with HTML tags instead of actual HTML content if the function was forced to fall back to sendmail (because you didn't specify an SMTP server, or because it couldn't be contacted).

v2.51 (20060228):

Bugfix: in Firefox, the links at the bottom of the uploader (Home, Show Uploads, Powered by Encodable) were not clickable, because a "hidden" (severely-left-positioned) DIV was invisibly overlapping them. This affected only Firefox; Mozilla, Opera, Safari, and IE all worked fine.
Added some space between the progress-bar and the progress-table in IE. (It was already there in other browsers, but IE was ignoring it.)

v2.50 (20060227):

FileChucker now works properly in Apple's Safari web browser (which is a Konqueror-based browser).
Added a new PREF "delete_logfiles_immediately". Previously we never deleted logfiles at all. Now we do, so that 1) they don't pile up and 2) if someone uploads a file and then hits the back button (instead of the "New Upload" link) to do another upload, they won't get the error about the logfile already existing.
Added a new PREF "clean_up_filenames" that removes any unfriendly characters from uploaded filenames.
Added a new PREF "store_info_about_each_upload"; this provides an "info" link in the file manager next to each uploaded file, which shows the uploader's IP/hostname/user-agent, date/time of upload, etc.
Added a new PREF "reformat_filenames_for_all_uploads", which allows the webmaster to supply a formula to use to rename every file that gets uploaded. This feature allows you to insert variables into each filename like date/timestamps, the uploader's user-dir name, etc.
The "show_link_to_uploads" PREF has been split into 3 separate new PREFs "show_link_to_uploads_for_strangers", "show_link_to_uploads_for_members", and "show_link_to_uploads_for_admins".
Now if we're running on a secure server, our internal redirects and links will reflect that by starting with https instead of http.
Fixed a bug whereby at the end of large uploads, the progress meter would reach 100% even though the table still showed a few MB left to transfer.
Fixed a bug whereby files with no extensions wouldn't upload. Also added a new PREF "allow_files_without_extensions" to control this behavior.
Fixed a typo in some of the instructions that referred to ?subdir=foo; it should have been ?userdir=foo.

v2.40 (20060215):

Now if you have one of the file-extension-based filters enabled, and a user tries to upload a file with no extension, or tries to rename a file to one with no extension, then FileChucker will refuse it and report an error. (Previously we allowed the upload/rename, but then reported an error when trying to display the file in the filelist, which doesn't make sense.)

v2.35 (20060209):

Fixed typo in one of the DB prefs: it had said "delete_database_entires" instead of "entries". (But the typo actually also existed in the code where that PREF was used, so it still functioned correctly.)
Added new PREFs only_show_files_with_these_extensions and hide_files_with_these_extensions.
Added more sanity checks for people/servers that don't set things like docroot and uploaded_files_dir.
Made some calls to the untaint function be conditional on the arguments being not null.

v2.30 (20060205):

If a filename including extension was >= $PREF{display_shortened_filename_if_longer_than} chars long, but shorter than that when the extension was removed, then it would get displayed as just "..." followed by its extension, instead of properly abbreviated. Fixed now.
Directory listings in drop-downs (to choose upload folder, etc) are now sorted without regard to case.

v2.25 (20060203):

Fixed a missing </div> tag when subfolders are disabled.
Added a new PREF called display_shortened_filename_if_longer_than, so that files with extremely long names can be displayed in an abbreviated form.
Some of the v2.0/v2.20 file-manager updates accidentally didn't get applied to the output when subfolders were disabled; fixed that.

v2.20 (20060203):

FileChucker is now a (mostly)full-fledged online file manager: it supports moving and renaming of uploaded files and directories, along with creating new directories anytime (not just during new uploads) and deleting files/directories. It also displays the last-modified datestamp for each file/folder, and it has a nifty mouseover effect to highlight the row for the item you're currently pointing at.
We no longer die on missing DBI or IO::Socket unless the user's PREFs indicate that they want to use those.
Changed default path_to_sendmail from /usr/bin/sendmail to /usr/sbin/sendmail.

v2.15 (20060201):

Security update: prevent visitors from entering things like "../" or "./" in the path= variable on the URL. (We were already doing this for uploads, but should have been doing it for viewing (path=) too.) This vulnerability had allowed visitors to view the filenames (but not file contents) of any world-writable directories on your server. Because it did not allow visitors to actually view any files, nor overwrite any files, nor view even the names of most files on your system (just those in world-writable directories like /tmp), this vulnerability was fairly minor.

v2.1 (20060127):

Added new PREF datestamp_all_uploads.
Bugfix: if the user had set must_be_(admin|member)_to_X for either upload or list_files, but set neither for the other, then do_authentication() would return false for that unpassworded other, when it should have returned true. Fixed now.

v2.0 (20060126):

multiple folders/subfolders for uploads
users can make their own subfolders
prefs to limit length of user-created subdir names and to limit the maximum number of subdirectory levels allowed
option to automatically put users' files into their own subfolder, based on their username from a cookie or the URL
administrator can delete subdirectories recursively through in the browser
new look with icons for files & folders on server
restrict uploads by file extension
don't update the progress bar or table unless we received a valid response from the server
pref to control whether to always display sizes in KB is now two separate prefs, one for sizes and one for transfer-rate

v20060113-0509:

Added email notification.
We now stop the AJAX when the upload percent reaches 100 to avoid displaying bogus NaN values.

v20060113-0148:

We now explicitly set AutoCommit when connecting to the database (only applies when using the database backend).

v20060112-1820:

There is now an optional database backend, which stores the upload status in a database instead of in text logfiles. Hopefully this works around a problem a few people are having, where the server does write-caching so the logfiles don't actually hit the disk until the upload is finished, making them useless for reporting progress during an upload. (Update: this does NOT work around the write-caching on such servers; the only known solution so far is to disable the write-caching in the operating system itself.) Note that this doesn't store the uploaded files themselves in the database; they are normal disk files.
There is a new PREF called overwrite_existing_files; when set, if a new upload has the same filename as an old upload, the old one gets overwritten. Previously when there was a duplicate filename, we automatically serialized the filename of the new upload to avoid overwriting any files, but some people want the old files overwritten.

v20060111:

Added lots more debugging output, displayed below the progress table via AJAX and also displayed in HTML comments at the top of the page after the upload completes. Also added more debug info to the HTML comments at the bottom of the page when viewing the uploader with ?debug.
Added new preferences to give users more options for specifying whether their logpath and uploaded_files_dir are absolute, relative, absolute within docroot, etc.
Added tests to make sure the logpath and uploaded_files_dir actually exist and are readable & writable by world.
Added workaround for IIS bug where you can't use Location: after using Cookie:. See: BUG: Set-Cookie Is Ignored in CGI When Combined With Location.

v20051220:

Added a message that gets displayed when the upload progress hits 100%:

"Upload complete; the server is now processing your file(s). This could take a minute or two if your upload was very big. Please wait."

This is because on very large uploads (~100MB or more, but "large" depends on the server), after all the data is transferred, the server still needs to do some housekeeping on the file before telling the client that it's all good and all done. During this time, we don't want the uploader to appear to just hang at 100%.
Changed the "update" button to an "Apply" button (on the num-files-chooser).
Removed the taint switch from the shebang line. The code should all still run fine in taint-mode (does on our server), but because some people are reporting trouble, we'll remove it by default.

v20051203:

Now supports multiple files in a single upload, by popular demand.

v20051101:

First public release. Created a post on digg.com shortly before midnight, which became extremely popular: in about 24 hours, it received 500 "diggs," and this page spent most of the next day as #2 on the the del.icio.us "popular" page. Encodable.com received 5800 unique visitors that day; at the height of the traffic, there were about 130 visitors online simultaneously at any given moment. (Of course we were monitoring the traffic in real-time using VisitorLog and its visitor stats.)

Products

Web Design

Information

Visitors

Search

FileChucker: Old Changelog