v1.8.2

Full Changelog: v1.8.1...v1.8.2

v1.8.1

What's New

MySQL Detection Fix

• Fixed MySQL version not showing in info section
• Now detects MySQL directly on page load using common binary paths

Lazy Loading for Better Performance

• Pre-fetch runtimes and server stats in background
• Info+ section now loads instantly when expanded
• Ports section auto-scans on page load and appears when ready

Housekeeping

• Removed features folder

v1.8.0 - Open Ports Display

What's New

Open Ports Detection

• New ports section in sidebar to detect running localhost services
• Scans common dev port ranges (3000-3999, 4000-4999, 5000-5999, 8000-8999, 9000-9999)
• Shows process name (Node.js, Python, PHP, Ruby, Go, etc.)
• Click any port to open localhost:PORT in new tab
• Kill button to terminate processes directly from the UI
• Filters out macOS system services (AirPlay, php-fpm)

Deploy Script

• New deploy.sh for easy deployment to parent Sites folder
• --full flag to include favicon
• --backup flag to save previous version as index_old_N.php

Usage

./deploy.sh              # Deploy index.php only
./deploy.sh --full       # Deploy index.php + favicon
./deploy.sh --backup     # Backup previous, then deploy

v1.7.4 - Code Quality Improvements

Phase 4: Code Quality Improvements

Changes

• Type Declarations - Added return types and parameter types to all 11 functions
• Constants - Added MAX_LOGIN_ATTEMPTS, LOCKOUT_DURATION, DIR_MAX_DEPTH constants for magic numbers
• DRY Refactor - Consolidated duplicate Apache detection into single getApacheVersion() function
• Security Headers - Added X-Content-Type-Options, X-Frame-Options, X-XSS-Protection, Referrer-Policy
• Health Check - New ?health endpoint returns JSON status for monitoring

Security Audit Complete

This release completes the 4-phase security audit:

• v1.7.1: Critical security fixes (command injection, object injection, session fixation)
• v1.7.2: High priority security (CSRF via POST, path validation, rate limiting)
• v1.7.3: Reliability improvements (DoS protection, graceful degradation, deferred MySQL)
• v1.7.4: Code quality (type safety, constants, DRY, security headers, health check)

🤖 Generated with Claude Code

v1.7.3 - Reliability & Performance

Reliability & Performance Improvements

This release focuses on reliability and performance optimizations.

Changes

ID	Type	Issue	Fix
P2-001	Reliability	Directory recursion DoS	Symlink loop protection + skip large dirs
P2-002	Reliability	Shell unavailable crashes	safeShellExec wrapper for graceful degradation
P2-003	Performance	Slow page load	MySQL detection deferred to AJAX
P2-004	Reliability	Inconsistent error handling	Centralized shell availability checking

Performance Impact

• Page load: ~500ms faster (no MySQL detection on initial load)
• Directory scanning: Bounded execution time, no infinite loops
• Graceful degradation: Works on hosts with disabled shell_exec

Details

Directory Recursion Protection

• Tracks visited paths to prevent symlink loops
• Skips: node_modules, vendor, .git, bower_components, __pycache__, .venv
• Max depth reduced from 3 to 2

safeShellExec Wrapper

• Checks if shell_exec is available before calling
• Returns null gracefully instead of crashing
• All shell commands now use this wrapper

MySQL Detection

• Removed from initial page load (can take 2s timeout)
• Available via "+" button on info section
• Loaded via AJAX on demand

Upgrade

Drop-in replacement. Simply replace index.php.

---

Full Changelog: v1.7.2...v1.7.3

v1.7.2 - Security Hardening (Phase 2)

Security Improvements

This release continues the security hardening effort with high-priority fixes.

Changes

ID	Severity	Issue	Fix
P1-001	HIGH	CSRF token exposed in URL	Now uses POST for phpinfo access
P1-002	HIGH	Path validation bypass via symlinks	Strict prefix matching + null byte rejection
P1-003	MEDIUM	No brute-force protection	Rate limiting: 5 attempts, 5 min lockout

Details

CSRF Token Protection

• Token no longer appears in URLs, preventing leakage via:
  • Server access logs
  • Browser history
  • Referrer headers
• Backwards compatible with GET tokens

Path Validation

• Properly handles symlinks pointing outside base directory
• Rejects null bytes and control characters
• Uses DIRECTORY_SEPARATOR for cross-platform safety

Rate Limiting

• Locks out after 5 failed attempts
• 5 minute lockout period
• User feedback: "X attempts remaining"

Upgrade

Drop-in replacement. Simply replace index.php.

---

Full Changelog: v1.7.1...v1.7.2

v1.7.1 - Security Hardening Release

Security Fixes

This release addresses critical security vulnerabilities identified during a comprehensive code audit.

Fixed Vulnerabilities

ID	Severity	Issue	Fix
P0-001	CRITICAL	Command injection in session clearing	Replaced shell_exec with native PHP DirectoryIterator
P0-002	CRITICAL	PHP object injection via unserialize()	Replaced with json_decode()
P0-003	MEDIUM	Session fixation after login	Added session_regenerate_id(true)
P0-004	MEDIUM	Unescaped shell arguments	Properly escape full command string

Impact

• RCE (Remote Code Execution) vulnerabilities eliminated
• Session hijacking vector closed
• No functionality changes - drop-in replacement

Upgrade

Simply replace your index.php with the new version. No configuration changes required.

---

Full Changelog: v1.7.0...v1.7.1

v1.7.0 - Enhanced Project Management System

🚀 Enhanced Project Management System

LocalhostIndex v1.7.0 introduces a comprehensive project management system with favorites, categories, and notes, along with significant UI/UX improvements for a better developer experience.

---

✨ New Features

Project Favorites

• Pin projects to a dedicated favorites section at the top of your project list
• Quickly access your most-used projects with a single click
• Favorites persist across browser sessions using localStorage
• Toggle favorites with the ⭐ button on each project

Project Categories

• Organize projects by type with 8 predefined, color-coded categories:
  • 🔴 Laravel
  • 🔵 WordPress
  • 🔷 React
  • 🟢 Node.js
  • 🔵 Python
  • 🟣 PHP
  • ⚫ Static
  • 🟡 Other
• Assign categories via the 🏷️ button or quick-select modal
• Categories are visually displayed as badges and searchable

Project Notes & Metadata

• Add custom descriptions to your projects
• Create quick tags for better organization and searchability
• Store documentation links and URLs
• Automatic last-opened tracking to see when you last accessed a project
• All metadata accessible via the 📝 button
• Full-featured modal editor with tag management

Enhanced Search

• Search now includes:
  • Project names
  • Descriptions
  • Tags
  • URLs
  • Category names
• Instant filtering as you type
• Press Enter to open the first matching result

---

🎨 UI/UX Improvements

Interactive Project Rows

• Entire project row is now clickable (except control buttons)
• Smooth hover highlight effect with proper spacing
• Visual feedback on interaction
• Better touch targets for easier navigation

Refined Layout & Spacing

• Right-aligned metadata display for cleaner appearance
• Description and tags appear before category badges
• Improved horizontal padding and spacing throughout
• Balanced layout that adapts to content

File Size Display

• File sizes now only display when sorting by size
• Applies to all projects (not just favorites)
• Cleaner interface when sorting by name or date

Search Bar Improvements

• Extended to full width for better visibility
• Increased height for improved usability
• Better padding and focus states

Control Buttons

• Buttons (⭐ 🏷️ 📝) fade in on hover for a cleaner look
• Active states show when features are in use
• Tooltips for better discoverability

---

📋 Layout Examples

Sorting by Name or Date:

[Project Name] ·········· [Description] [tag] [tag] [CATEGORY] [⭐] [🏷️] [📝]

Sorting by Size:

[Project Name] ·········· [Description] [tag] [tag] [CATEGORY] [⭐] [🏷️] [📝] 1.2 GB

---

💾 Data Persistence

All project metadata (favorites, categories, notes) is stored in browser localStorage using the key localhostindex_projects. Your data persists across:

• Browser sessions
• Page refreshes
• Theme changes
• Sort order changes

---

🔧 Technical Details

• Single-file application - Still just one index.php file
• No dependencies - Works out of the box
• localStorage API - Client-side data persistence
• Performance optimized - Minimal overhead
• Backward compatible - No breaking changes

---

📦 Installation

Same simple installation as always:

1. Download index.php
2. Place in your localhost root directory
3. Navigate to http://localhost/

That's it!

---

🙏 Credits

Developed with ❤️ for the local development community.

🤖 Generated with Claude Code

Co-Authored-By: Claude noreply@anthropic.com

v1.6.0: Performance & Sorting Enhancements

🚀 Performance Improvements

• Instant client-side sorting - No more page reloads when changing sort order
• Optimized MySQL detection - Faster initial page load (~500-1000ms improvement)
• Smart caching - 60-second cache for directory listings

✨ New Features

Reverse Sort

Click any sort button twice to toggle the order:

• A-Z ↔ Z-A (alphabetical reverse)
• 📅 Date: Newest first ↔ Oldest first
• 💾 Size: Largest first ↔ Smallest first

A down arrow (↓) appears when sort is reversed.

Folder Size Calculation

Folders now show actual sizes instead of 0 bytes. Recursive calculation with depth limit (3 levels) prevents performance issues.

Smart Sort Behavior

• Name (A-Z): Folders before files (traditional directory listing)
• Date & Size: Folders and files mixed by criterion (see largest/newest items regardless of type)

🐛 Bug Fixes

• Fixed PHP 8.1+ mysqli exception handling (prevented fatal errors when MySQL not configured)
• Fixed MySQL version detection showing PHP client version (8.1.33) instead of actual server version
• Fixed folder sizes showing 0 bytes
• Fixed data attribute mismatch causing sort by date to fail

📊 Performance Impact

• Sorting: Instant (0ms) vs 2000ms+ page reload before
• Page load: ~500-1000ms faster with optimized MySQL detection

🔧 Technical Details

• Added getDirectorySize() function with depth limiting
• Increased MySQL binary candidates from 3 to 5 for better detection
• Reordered MySQL paths by likelihood on macOS/Linux
• Client-side sorting using data attributes (data-name, data-modified, data-size)
• Try-catch block for mysqli exceptions in PHP 8.1+

📝 Upgrade Notes

Simply replace your existing index.php with the new version. No configuration changes required.

---

Full Changelog: v1.5.3...v1.6.0

v1.5.3 - Quick Actions

Quick Actions

Added a new Actions section with simple cache management tools:

✨ New Features

• Clear OPcache - Reset PHP opcode cache with one click
• Clear Sessions - Remove session files from /tmp directory
• Clean, minimal interface with action output display
• CSRF protection for all actions
• Real-time feedback with loading states

🔧 Technical Improvements

• PHP 8.1+ compatibility fixes for strpos() and mysqli
• Improved error handling with detailed console logging
• Better JSON response handling
• Case-insensitive project search

🎨 UI Enhancements

• Two-button grid layout for actions
• Action output modal with formatted results
• Consistent styling with existing themes

🐛 Bug Fixes

• Fixed null parameter warnings in PHP 8.1+
• Fixed mysqli exception handling
• Improved button layout when toggling sections

Perfect for quickly clearing caches during development without leaving your localhost homepage!

---

Full Changelog: v1.5.2...v1.5.3