File Manager

X7ROOT File Manager

Current Path: /var/softaculous/livehelper

?? ..
?? changelog.txt(8.31 KB)
?? clone.php(3.16 KB)
?? edit.php(4.26 KB)
?? edit.xml(433 B)
?? fileindex.php(224 B)
?? images
?? import.php(4.34 KB)
?? info.xml(4.16 KB)
?? install.js(924 B)
?? install.php(6.36 KB)
?? install.xml(962 B)
?? livehelper.sql(167.38 KB)
?? livehelper.zip(70.43 MB)
?? md5(1.94 KB)
?? notes.txt(1.29 KB)
?? php53
?? php56
?? php71
?? php81
?? php82
?? settings.ini.php(17.09 KB)
?? upgrade.php(3.42 KB)
?? upgrade.xml(341 B)

Editing: changelog.txt

4.83v

1. Notable changes since 4.82v
   - Chat list sorting: added sort options for highest and lowest message count in chat lists; a validation warning is shown when sorting by message count without a date range of 31 days or less.
   - Webhooks: debug mode support added to `processEvent` in both chat and mail conversation continuous webhook classes; new validation conditions `notempty` and `in_list`; improved error handling and logging; webhook form updated with chat ID testing and improved button styling; test pattern module enhanced with webhook ID validation.
   - Dropdown: "Select all" and "Unselect all" buttons added to multi-select dropdowns across the back-office; dropdown plugin and render helper updated accordingly.
   - Subject filter: subject filter conditions added to the chat list search panel and mail conversation search panel; department user dep logic enhanced.
   - Widget: bumped to version 272; improved `screenAttributesUpdate` height/width calculations for better responsiveness across screen sizes; wrapper now passes its version to the API; fixed proper termination in wrapper source.
   - Canned messages: fixed auto-uppercase breaking text input in the new rich-text editor (LHCEditor).
   - REST API: fixed authentication validator regression.
   - Chat core: added support for dashes in chat handling logic.
   - Templates: minor fixes in chat lists template and survey fill-widget template.

2. Summary
   - This release improves chat list usability with message count sorting, strengthens webhook debugging with debug mode and new validation conditions, and enhances multi-select dropdowns with select-all/unselect-all controls.
   - Widget responsiveness and wrapper version reporting are improved; canned message auto-uppercase and REST API auth issues are resolved.

execute doc/update_db/update_350.sql for update

4.82v

1. Notable changes since 4.81v
   - Security/file handling: enhanced MIME type validation across file download endpoints (`downloadfile.php`, `inlinedownload.php`, REST API `file.php`); MIME type constants added in mail conversation parser; all operator/visitor uploads validated against `var` folder path; resolved security issues L01, L02, L04, L05, L06, L11, L13.
   - Widget: added expand mode with configurable width/height ratios and new `shrink_text`/`expand_text` UI fields; widget communication updated to include user session prefill variables in sent messages; fixed `reloadWidget` function; updated wrapper version.
   - Chat search/statistics: added message count filters (operators, visitors, bots) to search panel and statistics tabs; added total messages count input field; added search by message ID range.
   - Chat tab visibility: operators can toggle chat tab visibility (show/hide chat tabs) via quick actions in user settings.
   - User settings: added auto-accept chats option and alert preference for transferred chats.
   - Variables/prefill: support for passing custom back-office vars as `lhc_var` variables; encrypted prefilled variables always applied; variable only set when replaceable variable is non-empty; proactive invitations now update vars when custom vars are passed.
   - Theme/translations: widget theme `translate` method accepts user context; REST API modules (`checkchatstatus`, `getinvitation`, `initchat`, `onlinesettings`, `settings`) use user context for theme translations; multilanguage support for custom fields; `fetchByVid` includes caching option.
   - Canned messages: refactored retrieval with `getCannedMessages` method; added `auto_send` filter and `ignore_subjects` parameter.
   - Extensions: support for extensions to contribute custom side-menu items.
   - Configuration: folder/directory write-permission checks added to the configuration page with per-directory success/error indicators.
   - Bot: support for background workers in REST API bot action; improved bot detection filtering.
   - Message history: previous-message loading always uses all messages when the page limit is not reached; safe inclusion of all chat messages.

2. Summary
   - This release strengthens file handling security with MIME type validation, file path checks, and resolves multiple L-series security issues.
   - Operator UX improvements include widget expand mode, chat tab visibility toggles, and richer user settings (auto-accept, transfer alerts).
   - Search and statistics gain new message count filters; extensions gain custom side-menu support; theme translations now respect user context.

3. Contributors

- L01: SSRF via incoming webhook image download (CWE-918)
- L06: Mass assignment in REST API file PUT leading to arbitrary file read (CWE-915, CWE-22)
- L11: Stored XSS via Content-Type spoofing in file upload (CWE-79, CWE-345)
- L13: Unsafe deserialization in configuration loader (CWE-502)

Vulnerability Researcher: Pedro J. Núñez-Cacho Fuentes (https://blogs.tunelko.com)

execute doc/update_db/update_349.sql for update

4.81v

1. Notable changes since 4.80v
   - One-time proactive chat invitations: new DB table `lh_abstract_proactive_chat_invitation_one_time` tracks which visitors have already seen an invitation, preventing repeat displays.
   - Proactive invitations: cleanup logic added for stale one-time invitation records; widget now records when a one-time invitation is shown; edit module enhanced with custom actions for proactive invitations.
   - Captcha: added provider-based captcha support — Google reCAPTCHA v3 and Cloudflare Turnstile are now both supported with a shared validation layer (`CaptchaValidator`, `erLhcoreClassUserValidator`).
   - Captcha admin UI: provider selector with provider-specific field sections; shared key labels across providers; CSRF redirect fix.
   - Translation system: UX improvements for automatic translations; operator and visitor message translation differentiated; messages with existing translations are now skipped; translation configuration UI updated.
   - Bot/Widget: custom HTML buttons and bot buttons are now disabled when a form is in progress status; alert messages added; placeholder for name field in widget start form.
   - Editor: fixed infinite loop issue in the new rich-text editor (LHCEditor).
   - Dashboard: removed legacy old dashboard; cleaned up related options and switch logic.
   - Security/permissions: added permission access checks in block user, hold action, transfer chat, and chat widget closed flows.
   - PHP 8.5 compatibility: resolved deprecation and compatibility issues.
   - Translations: updated translation catalogs including new captcha-related and translation-workflow keys.

2. Summary
   - This release introduces one-time proactive chat invitations, a flexible multi-provider captcha system, and several translation workflow improvements.
   - Includes editor stability fixes, dashboard cleanup, PHP 8.5 compatibility, and stricter permission checks across chat action endpoints.

execute doc/update_db/update_348.sql for update

4.80v

1. Notable changes since 4.79v
   - Message content protection: added language-specific warning message support for ghosting/masking rules.
   - UI (back office): redesigned message protection warning editor with multilingual tabs and per-language message fields.
   - Runtime masking: warning text can now be translated by chat locale (full locale and short locale fallback).
   - Data/model layer: added `languages` persistence support in `lh_abstract_msg_protection` model/POS mapping.
   - Frontend cleanup: simplified multilingual tab content rendering in Svelte component used by admin forms.

2. Summary
   - This release extends message protection rules with localized warning messages and wires the full stack (DB, model, UI, and runtime locale resolution).

execute doc/update_db/update_347.sql for update

4.78v

1. Notable changes since 4.77v
   - Bot: support for bot short name.
   - Message masking: mask last message from visitor.
   - Webhooks/Conditions: support additional comparison variables and accept all params for condition checks.
   - Events: included more information for main chat attributes change event.
   - Debugging: added debug message handling inside chat messages.
   - Guardrails: added whitelist support for phone guardrails.
   - Misc: small typo fixes.

2. Summary
   - Improvements across bot, webhooks, and message masking to increase reliability and observability.
   - Several small bug fixes and developer-facing debug improvements.

execute doc/update_db/update_345.sql for update

X7ROOT File Manager

Editing: changelog.txt

Upload File

Create Folder