Security Enhancement
We've added a new option to disable clean file redirects to original files in your content folder. Currently, you can access the original file (rather than a generated thumbnail) via the URL
https://yourdomain.com/some-page/some-file.jpg, which redirects you to the full file URL in the media folder. This is useful when you need clean URLs for your files. However, depending on your files and filenames, such URLs could be guessable. If you want to add an extra layer of protection for your original files, you can now disable this feature.
Code:
return [
'content' => [
'fileRedirects' => false
]
];
If you only want to switch it off for individual files, you can also pass a function.
Code:
return [
'content' => [
'fileRedirects' => function ($file) {
if ($file->filename() === 'supersecret.jpg') {
return false;
}
return true;
}
]
];
Enhancements
- Added numeric support for image ratio option #7083
- Validate boolean options for KIRBY_RENDER env #7146
Bug fixes
- Panel: larger save button on mobile #7157
- Number input: step: any is now supported, allowing for any amount of decimals (e.g. great for lat/lng coordinates) #7158
- Select field: placeholder option is translatable now
- Tags in multiselect fields do no longer overflow #7221
Housekeeping
- Updated PHP dependencies
- Updated JS dependencies
- Normalized timezone during unit tests
