simple-web-file-upload

History

Stefan Hacker 386855d76a Add customer file browser, configurable WebDAV URL and harden both - /u/:token/files lists files in the customer folder, /u/:token/file streams a download. Iterative walker with depth limit; symlinks are rejected at enumeration and via realpath containment on download; Content-Disposition filename is sanitized with an RFC 5987 fallback - New "Private WebDAV-URL" field in admin settings, displayed under the customer table. Served via authenticated /status (not public /branding) so it does not leak to upload visitors Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-04-16 14:14:05 +02:00
..
admin	Add customer file browser, configurable WebDAV URL and harden both	2026-04-16 14:14:05 +02:00
upload.html	Add customer file browser, configurable WebDAV URL and harden both	2026-04-16 14:14:05 +02:00

Stefan Hacker 386855d76a Add customer file browser, configurable WebDAV URL and harden both

- /u/:token/files lists files in the customer folder, /u/:token/file
  streams a download. Iterative walker with depth limit; symlinks are
  rejected at enumeration and via realpath containment on download;
  Content-Disposition filename is sanitized with an RFC 5987 fallback
- New "Private WebDAV-URL" field in admin settings, displayed under
  the customer table. Served via authenticated /status (not public
  /branding) so it does not leak to upload visitors

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

2026-04-16 14:14:05 +02:00

admin

Add customer file browser, configurable WebDAV URL and harden both

2026-04-16 14:14:05 +02:00

upload.html

Add customer file browser, configurable WebDAV URL and harden both

2026-04-16 14:14:05 +02:00