Mini File Manager

File Manager

Current Directory: /home/lartcid/public_html/journal.lartc.id

[Back]

.. [Open]

.htaccess [Edit]

.well-known [Open]

README.md [Edit]

api [Open]

cache [Open]

cgi-bin [Open]

classes [Open]

config.TEMPLATE.inc.php [Edit]

config.inc.php [Edit]

controllers [Open]

cypress.json [Edit]

dbscripts [Open]

docs [Open]

error_log [Edit]

favicon.ico [Edit]

index.php [Edit]

js [Open]

lib [Open]

locale [Open]

mini.php [Edit]

pages [Open]

php.ini [Edit]

plugins [Open]

public [Open]

registry [Open]

scheduledTaskLogs [Open]

schemas [Open]

styles [Open]

templates [Open]

tools [Open]

Edit File

4.65v

1. Department statistic modal window will show department online status. Useful for investigations.
2. Case insensitive will be a global in additional chat variables.
3. Sometimes while logging as other operator did not work and operator was logged out instantly.
4. `vars_encrypted` option should be respected in popup.
5. `If` condition support in bot individualization. https://doc.livehelperchat.com/docs/bot/multiple-languages#setting-translations-for-messages

execute doc/update_db/update_333.sql for update

4.64v

1. Departments widget will show online operators counter also, not only their slots.
2. Copy CURL Command will be available in audit login also. Click info icon and you will find it.
3. Debug window in chat will preparse chat_variables for better understandability.
4. If user message contained LHC internal tags, Rest API was reparsing them again.
5. Chat tabs will have light background for better visibility.
6. Option to have custom back office site access more easily. https://doc.livehelperchat.com/docs/security
7. Changes to avoid notices in case invalid requests are made.

execute doc/update_db/update_332.sql for update

4.63v

1. Attribute to set additional variable to check if it is encrypted in the first place.
2. `Permission` tab in user window will allow checking which group/role grants specific permission.
3. Holding CTRL will open chat tab in the background.
4. Possibility to search by trigger body in the bot constructor.
5. When logging Rest API message as system message, it will enable generating CURL request by logged data.
6. Search in system configuration.

execute doc/update_db/update_331.sql for update

4.62v

1. Option to show hidden chat variable directly in the chat window.

execute doc/update_db/update_330.sql for update

4.61v

Security Fixes

Multiple XSS vulnerabilities were fixed (all required operator login to exploit)
These were minor security issues that couldn't be exploited by anonymous visitors

Reported by:

* Name: Manojkumar Jaganathan (TheWhiteEvil)
* LinkedIn: https://www.linkedin.com/in/manojkumar-j-7ba35b202/
* HackerOne Profile: https://hackerone.com/the-white-evil?type=user
* Company: HackerBro Technologies
* Their website https://www.hackerbro.net

Specific fixes included:
    1. Properly escaping operator names in the dropdown filtering box
    2. Escaping bot usernames in the Telegram module
    3. Escaping operator names in the change owner window
    4. Escaping "Alias nick" field in department assignment modals
    5. Escaping Facebook page "Name" fields
    6. Escaping canned message content in chat window flows
New Features
    1. Added logging capability for chat priority rules application
    2. Added support for passing chat_id and chat_hash parameters
    3. Improved UI to show which siteaccess is being used for translated text in widget themes

execute doc/update_db/update_329.sql for update