## v0.1.5
### Deployment Hardening
- Hardened the Nginx example so normal PHP execution is limited to `index.php`, arbitrary `.php` paths return `404`, `install.php` is blocked after `config/database.php` exists, and `post_install_check.php` is only reachable after installation.
- Hardened multipart upload completion and plugin operations: assembled objects must exist, match expected size, keep an allowed extension, avoid executable server-side extensions, pass MIME normalization, and match the supplied SHA-256 checksum before final file records are created, while a new admin plugin upload policy switch can disable ZIP uploads outside planned install/update windows.
- Hardened the admin support bundle and dashboard paths: `/admin/support` now shows a lightweight summary preview, generates the full sanitized bundle only on explicit download/email actions, keeps full JSON out of the email body, sanitizes database exception text before export, and `/admin` dashboard loading now trusts cached `system_stats`, creates the fallback cache directory before lock acquisition, and removes an unused duplicate host-metrics fetch.
- Expanded the Security migration view so Enterprise Data Encryption shows which table and column references are still pending, and extended at-rest encryption coverage to additional safe metadata fields including payment transaction IPs, API token last-used IPs, and admin activity log details/IPs so new writes avoid leaving those values in plaintext while the migration can sweep older rows.
### Rewards and Referral Integrity
- Reworked referral-child earnings to use an explicit `parent_earning_id` link instead of human-readable descriptions so referral commission rows stay attached to the original PPD or PPS earning even if labels change, and child referral earnings now track their parent more reliably through held, cleared, cancelled, reversed, and paid states.
- Added runtime and fresh-install schema support for `parent_earning_id`, referral metadata, and the `pps_reward` earning type, then backfilled existing referral rows from stored metadata or legacy descriptions where possible so older referral earnings are not stranded when the new parent-link column is introduced.
- Tightened the referral dashboard metric so `Earning Referrals` counts only referred users with cleared or paid PPD/PPS earnings, not held earnings that may still be cancelled or reversed.
### File Manager Consistency
- Made the file manager list view the default and rebuilt it as a denser table view with columns for name, size, upload date, downloads, public visibility, and row actions.
- Expanded uploader tooling across bulk links, mass rename, and copy flows: selected files and folders can now generate plain, download-page, HTML, BBCode, and thumbnail embed links with grouped output, copy-all, and `.txt` export; preview-before-apply mass rename supports find/replace, prefix/suffix, remove-text, separator conversion, sequential numbering, and admin regex-lite; and copy workflows now cover duplicating files, copying selected items into another folder, recursively cloning folder structure, and creating alternate filenames that point at the same stored object instead of re-uploading data.
- Improved selection and trash behavior: the toolbar is now context-aware in Trash, clicking blank space clears selection, `Ctrl`/`Cmd` and `Shift` multi-select work in a desktop-style way on file and folder cards, Deleted File History now lives in Trash as cards with permanent deletion date, actor, and reason, admin deletes from `/admin/files` require and record a deletion reason, and recursive hard folder deletion now removes the full hierarchy after deleting its files instead of only the selected root folder row.
- Refined shared shell presentation by increasing the public site-name wordmark size by 15%, unifying the logged-in account sidebar across the main file manager, settings, rewards, notifications, affiliate, and 2FA setup pages while keeping the affiliate page separate for guests, and unifying the public auth/support form shell across login, register, forgot password, reset password, contact, DMCA, and 2FA verification pages.
### Blocked Page and Ad Layout
- Fixed the VPN/proxy enforcement blocked page so it renders through the normal website template with working CSP nonce injection instead of falling back to raw unstyled HTML, restored blocked-page styling, and updated the copy to explicitly mention blocking VPNs, proxies, Tor exit nodes, and similar relay services.
- Re-unified the download page family so the main file page and download-style state pages pull shared ad/layout data through the same download page service and shared state partial, including overlay ad support, which reduces drift between the normal download page, File Not Found, Private File, VPN blocked, and related pages while letting left, right, top, bottom, and overlay download ad placements render consistently when the viewer package is configured to show ads.
- Kept browser-based download starts on the file page by switching the normal JavaScript path to request the signed download URL in the background and launch the actual file download without leaving the visible `/file/{id}` page.
### Support and DMCA Workflow
- Expanded the unified admin Requests inbox with a DMCA file-removal card that resolves submitted `/file/{short_id}` targets into local files, supports processing selected matches or all matched files, and records the uploader-facing deletion reason `Removed due to DMCA report.` when those files are marked for removal.
- Tightened DMCA target handling so request URLs must belong to the local site host and file matching uses an exact `short_id` lookup instead of broader mixed numeric matching, then added no-refresh DMCA processing in the admin request detail view with inline success/error feedback, live file-row state updates, and immediate Activity-log updates without closing or reloading the open request panel.
### Admin Shell Consistency
- Added shared admin shell helpers for page headers and card framing, then moved the main admin workflow pages onto that layer, including Requests, Support, Contacts, Abuse Reports, DMCA, Rewards Fraud, Files, Current Downloads, Withdrawals, Subscriptions, Search Results, Packages, Users, Plugins, Resources, and the Configuration Hub.
- Moved the main admin edit and operations pages onto the same shared shell pattern, including package edit, user edit, storage-server add/edit/migrate, and the standalone admin Help & Docs index, while keeping the bespoke Dashboard, Admin Docs, and System Status layouts routed through the shared admin page-header helper so their specialized widgets and diagnostics do not drift at the shell level.
- Reworked Config Hub navigation into grouped clusters for Site, Security, Storage & Delivery, Revenue, and System while keeping existing `?tab=` routes and save flows intact, then rolled out a more structured workspace with shared section-shell styling, left-side in-tab subnavigation for heavier pages, collapsible "How this works" panels, standardized card spacing, smaller Cron status cards, sticky save bars, cleaner callouts, softer utility boxes, tighter anchor-nav behavior, per-tab summary chips, and clearer danger/utility zones across tabs like Security, Cron, Downloads, Uploads, Link Checker, Storage, SEO, Monetization, Email, General, and Storage Servers.
- Synced Config Hub security notices into the left admin sidebar badge and the main dashboard `Attention Needed` strip, expanded that strip with stale cron heartbeat, Cloudflare IP sync, lingering setup files, SMTP delivery failures, payout-affecting storage delivery warnings, aged pending withdrawals, and reward-fraud backlog, and reworked the Email tab so SMTP tools stay in the narrower working column while the System Email Templates table breaks out into its own full-width section to prevent template subjects and actions from being cut off at normal admin widths.
### Uploader Earnings and API
- Expanded the uploader rewards dashboard with counted downloads, rejected downloads, rejection explanations, country/network breakdowns, earnings by file, conversion rate, pending/held/cleared/cancelled amount cards, and CSV export.
- Added uploader-focused API endpoints for listing files and folders, creating folders, renaming, moving, copying, deleting, remote upload create/status/cancel, bulk link generation, earnings stats, payout info, and `/api/v1/openapi.json`, then updated the public API reference with the new scopes (`files.write`, `stats.read`, `remote.upload`) plus curl, PHP, Python, and JavaScript examples.
- Cleaned up account-side uploader tooling by revealing newly created API tokens clearly with a one-time copy action, showing stored-token rows only as shortened previews, adding revocation confirmation, exposing the full supported scope set (`files.upload`, `files.read`, `files.write`, `stats.read`, and `remote.upload`) in account settings, normalizing remote upload cancellation to store `canceled` consistently on fresh and upgraded installs, preloading the rewards payout modal with each uploader's saved default payment method and payment details, tightening the cancel-button styling, and hardening uploader API file and folder operations so target folders belong to the authenticated account and automation endpoints only mutate active, non-trashed items.
### Payments and Billing
- Added a logged-in Payments history page that shows transaction history, subscription history, current package billing status, and purchase/refund totals using the same shared account shell as the rest of the user dashboard, and added a background billing cleanup task that marks package-purchase attempts still stuck in `pending` after 24 hours as `failed` so abandoned checkout attempts do not linger forever in account payment history.
### Public Link Checker
- Added a public footer-linked Link Checker page between `DMCA` and the powered-by credit so visitors and uploaders can batch-check local file links without digging through the account area.
- The checker supports local file links plus signed-in account folder links, deduplicates pasted URLs, shows clean `Available`, `Not Available`, and `Invalid` results, and includes summary chips plus bulk tools to copy or export available, not-available, or invalid link sets without manually cleaning pasted batches first.
- Added optional `Copy To Account` actions from Link Checker results, including per-link selection, select-all-eligible, and copy-all-available behavior for signed-in users, plus a new `/admin/configuration` `Link Checker` tab so operators can enable or disable the public checker, change the maximum links processed per batch, set a per-IP links-per-second limit, and control whether copy-to-account is available.
