Kirby Files

🚨 Security Enhancement

We've added a new option to disable clean file redirects to original files in your content folder. Currently, you can access the original file (rather than a generated thumbnail) via the URL https://yourdomain.com/some-page/some-file.jpg, which redirects you to the full file URL in the media folder. This is useful when you need clean URLs for your files. However, depending on your files and filenames, such URLs could be guessable. If you want to add an extra layer of protection for your original files, you can now disable this feature.

:::php
return [
  'content' => [
    'fileRedirects' => false
  ]
];

If you only want to switch it off for individual files, you can also pass a function.

:::php
return [
  'content' => [
    'fileRedirects' => function ($file) {
      if ($file->filename() === 'supersecret.jpg') {
        return false;
      }

      return true;
    }
  ]
];

✨ Enhancements

• Added numeric support for image ratio option #7083
• Validate boolean options for KIRBY_RENDER env #7146

🐛 Bug fixes

• Panel: larger save button on mobile #7157
• Number input: step: any is now supported, allowing for any amount of decimals (e.g. great for lat/lng coordinates) #7158
• Select field: placeholder option is translatable now
• Tags in multiselect fields do no longer overflow [#7221]

🧹 Housekeeping

• Updated PHP dependencies
• Updated JS dependencies
• Normalized timezone during unit tests