Change log for ProjectSend’s releases:

Version: r1070

Date released: April 25, 2019

  • Fixed login not working with certain translations (eg: French)
  • Removed the need for simple_xml extension
  • News and version updates are cached locally to prevent unnecessary connections, making the dashboard load faster everytime.
  • Improved email validation
  • Fixed a connection issue on the installer
  • Replaced the default allowed file types that are set during installation with a more comprehensive (by trini)
  • Fix for uploading files with the same name (by AlanReiblein)
  • Fixed an issue when uploading files unlisted extensions, even if this was not limited via settings.
  • Added the option to download multiple files zipped via the manage files page (same as the default template for clients)
  • Security fixes when hiding-showing files and on the installer (by mschop)
  • Fixed a security issue that allowed arbitrary code to be executed (by lmsilva)
  • Fixed known XSS bugs
  • Fixed a security issue where server’s log files would record passwords (reported by Felipe Molina de la Torre)
  • Updated README with requirements

Version: r1053

Date released: April 11, 2018

New features

  • New UI. More modern, responsive and overall more polished looking.
  • Can set a maximum file upload size on each client and user, overriding the default one.
  • Can now set the default maximum upload size on the installer.
  • Added ckeditor as a visual editor on files and groups descriptions (can be disabled)
  • Public groups: an option create groups where people can see its contents without being logged in.
  • Public page: a special page that shows all of the public groups and files. Has several options. Disabled by default.
  • Groups memberships: Option to allow clients to request memberships to public groups. An administrator can approve or deny them.
  • Added a new block on the dashboard with server information.
  • New template page design, in the style of that of WordPress with themes screnshots and descriptions.
  • Manage files: added filter by uploader.
  • Added options to set custom subjects on emails.
  • Email previews are now accurate in content.
  • New option to customize the footer text.
  • Better download links.
  • Added an option to prevent indexing by search engines.
  • Updated the style of the gallery theme.
  • Load a custom.js file if it exists (won’t get overwritten when updating).
  • Clients can select and expiry date for their files.


  • Fix for modal window not closing on zip downloads.
  • Fixed the MySQL error on some versions during installation, attributed to having 2 timestamps columns on the same table with default value of CURRENT_TIMESTAMP. Based on a contribution by cdoepmann.
  • Email: don’t auth if smtp is selected but auth is set to “none”.
  • CSV injection bug fix.
  • XSS security fixes.
  • Several security fixes.
  • Fixed category deletion.
  • Fix for uploaders not being able to delete their files.
  • Several fixes for multiple files downloading as zip.
  • Zip files download IDOR fix.
  • Fixed showing active status of clients and users.
  • New server side pagination, replaces the javacript one which made the site unresponsive if there were a lof of results.
  • Some fixes to the manage files page.

Misc changes and fixes

  • Added a DEBUG constant.
  • Fixed notices on the installer.
  • Added a check on the installer for php and mysql versions requierements.
  • Some parts of the code where cleaned up, including a new table generation class.
  • Refactory of the options pages UI. No more tabs, now groups of options are on their own page. Cleaner and faster to use.
  • Admin load a minified version of CSS files.
  • Moved most of the backend javacript to it’s own file.
  • Show the public url on the file editor.
  • Uploaded scripts. flot, phpmailer.
  • Better category administration page.
  • Throw a warning if php extension is present in the allowed uploads extension list.
  • Several other minor fixes.


  • A very important contribution in the form of security audit (security-prince)
  • MySQL compatibility fixed on the dashboard statistics (DBezemer)
  • Handle following of symlinks for imported orphaned files (joshstrange)
  • Fix to prevent direct access to the files folder (trainwreckjvbo)
  • UI improvements and option to disable the welcome email when creating users (adrianp-sti)
  • Fix CVE-2017-9783 and CVE-2017-9786 XSS vulnerabilities. (JackWhite20)
  • Fix for the email subjects (remez)
  • Login and notification fixes (OrlandoST)
  • Fix unsolicited error message on config save (Fix unsolicited error message on config save)
  • Fixed bug that stops uploading. (JackWhite20)
  • In case the file is a symlink, get the size from the real file not the symlink itself (Kevin Druelle)
  • Several Security Fixes (IppSec)
  • Expiry dates fixes, new features and improvements (eyeobticeo)
  • Typos fixes (hailthemelody)
  • Fixed port number problem when behind reverse proxy (berndblume)

Version: r754

Date released: September 17, 2016

New features

  • Files categories! Think of them as either categories, projects or folders. They are hierarchical and let you organize your files very easily. Clients – for the moment- can only use them to filter files. In the future they will be able to make their own categories and assign files to them.
  • Added an option so clients can now delete the files they have uploaded.
  • Moved to Bootstrap 3 for a much better mobile experience.
  • Log the download when an anonymous user gets a file through a public link.
  • Extended the downloads information for a particular file. You can now see the total downloads, how much are by unique clients and also how many are anonymous. The table now shows date, ip and remote host of each particular download.
  • Select system language when logging in (overrides the system defined language for this session only).
  • Added buttons to auto-generate secure passwords when creating users and clients.
  • Added an optional Google sign in button.
  • You can now log in using your e-mail too.
  • Added reCAPTCHA on the self registration form to prevent spam.
  • Added a confg file creator that will run if the sys.config.php file isn’t found.
  • Added a button to show the public URL for a file in the post-upload table.

Misc changes and fixes

  • Fixed downloading of large files on some servers.
  • You can now upload and import orphan files even if no clients or groups exist yet.
  • Files without assignations are not considered orphan anymore. Only those uploaded via FTP are orphan until they are added to the database.
  • Default and PinBoxes templates now show the categories filter and the expiration status/date for each file.
  • Redesigned the PinBoxes template to be more modern and compatible.
  • The username/email field on login isn’t case sensitive anymore.
  • Improved compatibility with php7

Behind the scenes improvements

  • CSS clean up
  • Better generation of the main menu
  • Replaced textboxlist with jQuery tags input, making the options page stop freezing for a few seconds when loading.
  • Changed the file renaming routine so characters are replaced by similar allowed ones instead of underscores.
  • Lots of other small fixes and improvements!

Version: r609

Date released: June 5, 2016

  • Replaced the old database class for PDO. This improves the security exponentially, as well as making the software more compatible and future-proof.
  • The table prefix will now be considered so it can be changed from the default tbl_ without the loop errors. This way you can have several PS installs on the same database as well as improve security by using a custom prefix.
  • Fixed the bug where the wrong files where deleted.
  • Fixed the hide/show files routines for clients and groups.
  • XSS fixes
  • “.” can now be used on usernames (added by sq5gvm)

Version: r582

Date released: June 8, 2015

  • Added a preview function for custom e-mail templates
  • Fixed the bug where wrong files were deleted
  • Fixed the search function for clients and groups when adding/editing files
  • Fixed a bug where files can’t be downloaded by a client if it was assigned to a group and not the client specifically
  • Fixed a bug where clients were not able to update their information and password
  • Security fixes

Version: r572

Date released: May 26, 2015

  • XXS security error fix.
  • Fixed the update routine. r571 shows an available update even if using that version.
  • Added the language files to the git.

Version: r571

Date released: May 25, 2015

  • Security fixes
  • Redirect on install error fixed
  • Public files are no longer considered orphan

Version: r561

Date released: April 22, 2014

  • Security fixes
  • Tables are now responsive thanks to footable
  • Fix for the orphans list bug
  • Manage files list also shows unassigned files, because they might be public
  • Added password rules (eg: require a lower case letter, a number, etc)
  • Added SMTP authentication options
  • Added an option to limit the uploading file types to certain roles only
  • Fixes for the database queries giving errors when a NULL setting was incorrect
  • Fix for the password recovery table not being created
  • Fix for public settings being reset if a client edited a file
  • CSS Cleanup
  • minor UI cleaning


Version: r514

Date released: October 31, 2013

New features

  • Added a new form so users and clients can reset their password. *
  • Added the possibility to set an expiry date to any file.
  • Added an option to select if expired files should be hidden from the clients, or shown but not allowed to download.
  • Added a template editor so each system email text, and the general header/footer can be customized.
  • Added the possibility to set any file as public, which allows downloading via a tokenized link. Can be combined with the expiry date feature.
  • New options to select the maximum attemps to send each notification, and also an expiration date (globally, in days).
  • You can now search within the orphan files list. Also, it now has pagination.
  • Each password field now has a toggle button for visibility, and the “confirm password” fields were removed.
  • Added a new button on the files uploads page to copy the selected assignations of the current file to all others.
  • The download log is stored on a separate table. This allows the system to recognize the date each file has been downloaded.
  • Files (on the manage files page) can now be sorted by download count.


  • Implemented phpass for secure passwords.
  • Fixed the notifications being sent multiple times.
  • Changed the way the download link is generated to improve security.
  • More validations are made when a file is requested for download.
  • Fixed the back button so it won’t work after a user logs out.
  • No more infinite redirects on login.
  • The modal window can now be reused without reloading the page (the action is does it performs is no longer repetead).
  • Fixed the urls where a double slash (//) was used.
  • With the new download log, files that belong to groups can also be tracked when a client downloads it.
  • Options are now saved correctly every time.
  • Sorting files/users/groups by date now works with any set format.

Updated scripts

  • plupload (1.5.7)
  • phpmailer (5.2.7)
  • Bootstrap (2.3.2)
  • timthumb
  • jQuery EasyTabs
  • jQuery flot

Other notes

  • The new password storing system requires that all curent accounts generate a new one. The security has been improved at the cost of this minor issue.
  • The remember me checkbox has been temporarily removed. A more secure implementation is planned.
  • The version number is not visible for unlogged users.
  • jQuery is now loaded locally.
  • The UI has been normalized (menu, button and messages styles, margins, layouts).

Version: r412

Date released: April 26, 2013


  • Fixed the installer to include the new options too.
  • Menu hover state fix by Martine Bouvrette
  • 0kb downloads fix by AlanReiblein
  • Correct timestamp for the main admin during installation
  • Downloads fix by cyril.ballagny
  • Updated phpmailer to 5.2.4

No new features have been added to this release, however this is a strongly recommended one due to both downloads fixes.

Version: r405

Date released: April 14, 2013

What’s new

  • New update notifier.
  • Added an option to prevent clients from uploading files.
  • Added an option to automatically add new self-registered clients to a specific group.
  • Auto-aproval for self-registrations.


  • Privacy fixes on the log.
  • Use UTF-8 on the header.
  • Fixes on the installer.
  • Small fix for moving files to the new folder structure if updating from a version older than the previous.
  • Clients are now sorted alphabetically on the upload form.
  • Fix for the statistics when there are no results.

Version: r375

Date released: March 4, 2013

What’s new:
– Added an option to send BCC of the notifications for new files to the main admin and any other specified e-mail addresses.
– Added the possibility to export the log to a csv file.
– Spanish translation file is included by default (translated by Raúl Elenes).
– The header is now completely responsive. Some other parts are still not done.
– Added a “My account” link for users and clients to be able to edit their own preferences and data.
– Files-to-clients relations are now imported from older installations.
– On updates and installation, the system will try to chmod some files and folders for security, and to improve timthumb’s compatibility.
– Added an option to select if timthumb should use the relative or absolute path to the image file.
– Notifications are not deleted from the database, but stored as sent (or any other code for error messages). This will allow for the creation of a notifications management page in the future.

– Email notifications are now working correctly.
– 0kb downloads should be fixed.
– File sizes over 2gb are now correctly read.
– Fixed some errores and notices on the installer.
– Fixed the zip file generator routine. Suggested by bflahault.
– Other small fixes.