CKFinder 3.1 for PHP with Security Patches Released
We’d like to announce the release of CKFinder 3.1 for PHP, the first major update to the totally rebuilt CKFinder 3 line that was unveiled this summer. This version includes plenty of improvements and new features, including reworked keyboard navigation and focus management with a new Keyboard Shortcuts dialog, greatly improved application performance, full Microsoft Edge compatibility as well as some new configuration options and commands. Considerable effort was also put into improving iPad/Safari compatibility and Right-to-Left support as well as UI and UX fixes for the compact mode. Last but not least, this release includes several important security patches for the server-side part of the application so updating is highly recommended. Read on for more!
Keyboard Navigation & Focus Management
Accessibility and UX have always been a priority in our products, so this release includes several improvements in these areas. CKFinder 3.1 was also thoroughly tested in screen readers and its accessibility level is quite outstanding. We actually reworked keyboard navigation in the entire application and thus:
- We identified and fixed all places of the application that were not accessible with keyboard.
- We implemented custom Tab key support to resolve inconsistency between browsers.
- We resolved an issue with Arrow keys navigation when viewing files in the gallery.
- We resolved issues with disappearing focus after performing various operations, e.g. after deleting a file.
- Focus is now correctly cycled between context menu items and toolbar buttons.
- We adjusted the behavior of keyboard navigation to be compliant with accessibility requirements, e.g. when focusing a component, the first element inside the component is focused automatically:
Keyboard Shortcuts Dialog
As a final step in improving keyboard navigation in CKFinder we introduced the new Keyboard Shortcuts dialog window. This dialog is opened by pressing ? on your keyboard and is a helpful reminder that explains how to navigate CKFinder with keyboard and use its features.
These shortcuts are also described in the new Keyboard Shortcuts documentation.
We put a lot of effort into speeding up CKFinder and the results were pretty successful:
- Loading files from Amazon S3 buckets with hundreds of thousands of files has been significantly improved and now works several dozen times faster.
- The number of cases when the entire files pane is refreshed was reduced by refreshing just the relevant files that have been altered by the executed operation - which results in a much better UX.
- Thumbnails loading was sped up. Again, this has given us a significant performance gain, especially in case of using PHP sessions, and thumbnails may now load multiple times faster.
- Graceful files refresh on subsequent clicks on a folder was implemented.
- Caching of image previews was fixed. This should speed up viewing files in a gallery.
Microsoft Edge Support
CKFinder 3.1 is now fully compatible with Microsoft Edge, the latest browser available in Windows 10.
New Proxy Command
The server-side connector of CKFinder 3.1 introduces a new
Proxy command that helps resolve some issues e.g. with accessing original files from remote backends by the Edit Image feature. Since a similar feature was frequently requested in the past, we connected it with
backends and introduced a new optional backends configuration option:
useProxyCommand. It can be used to proxy files stored outside the document root.
New PHP Configuration Options
CKFinder 3.1 adds a few PHP configuration settings for the server-side component:
cacheoption configures cache lifetime for various CKFinder components.
tempDirectoryoption sets the path to the temporary files folder used by CKFinder. It should resolve temporary directory access issues on some IIS installations.
sessionWriteCloseoption defines whether the connector should close write access to the session to avoid performance issues.
We take security of our applications seriously and special focus is always put to this domain in our testing phase. As a result of some vigorous security testing and hacking that we did on CKFinder 3 we discovered some potential security concerns in the server-side part of the application. These issues affected actions that only authenticated users without sufficient permissions could perform solely in locations specified in your CKFinder backends configuration.
All identified issues are now fixed and an upgrade to CKFinder 3.1 is highly recommended.
CKFinder 3.1 includes two new localizations, Basque and Kurdish. Apart from that, Brazilian Portuguese, Chinese, Croatian, Czech, Danish, Esperanto, Estonian, French, German, Greek, Hungarian, Italian, Korean, Norwegian, Persian, Polish and Russian language versions were updated.
We would like to thank all contributors who helped us translate the CKFinder user interface - both the CKFinder team and the end-users are really grateful for your help!
The CKFinder localization process goes through a dedicated GitHub repository, so if you would like to help us translate CKFinder into your native language (and get a free license, too!), it will be most appreciated.
CKFinder is a highly responsive application with great mobile support that we are constantly fine-tuning. This release includes several fixes for mobile environments such as iOS/Safari and Android. We also fixed a dozen of UI glitches in compact mode and in RTL interfaces. Last but not least, some changes were introduced to the very popular Edit Image feature.
The image below shows CKFinder 3.1 in compact mode, using the new Right-to-Left Kurdish localization.
See the What’s New? page for a full list of changes.
Reporting Issues and Feature Requests
If you miss anything in CKFinder, have ideas on how CKFinder could be improved, or found a bug, please do not hesitate to report an issue in the CKFinder issue tracker. The tracker is public, so not only can you submit your ideas, but you can also browse existing issues and add your comments there.
Alongside further development of the PHP version, the team has now started working on the ASP.NET (ETA: Q1/Q2 of 2016) and Java (ETA: Q2 of 2016) server-side connectors - it has already been announced that all customers who purchase a license after June 2015 will get a free upgrade to CKFinder 3.
The classic ASP/ColdFusion distributions of CKFinder will not be upgraded to version 3, however will still receive patches (including security fixes) until 2019.
We are really enthusiastic about this new, major CKFinder version and its numerous new features. We will be happy to hear from you and thankful for any suggestions that will help us improve these features and tailor them to your expectations.