Remove query param fallback for impersonateEmail and impersonatePhone
to avoid PII exposure in server logs, browser history, and Referer
headers. Only impersonateUserId (an opaque internal ID) is safe to
pass via URL query param.
Allow impersonation to be specified via URL query params
(?impersonateUserId, ?impersonateEmail, ?impersonatePhone) as a
fallback to the existing headers, enabling Console to embed
impersonation in direct file/image URLs where headers cannot be set.
- Add APP_LIMIT_UPLOAD_CHUNK_SIZE constant (5MB) matching official SDKs
- Replace dynamic chunk calculation with fixed 5MB chunk math in all upload endpoints
- Remove -1 last-chunk sentinel that broke when last chunk arrived first
- Fix duplicate-retry guards: return existing resource instead of erroring for chunked uploads
- Add out-of-order e2e tests for Storage, Functions, and Sites
- Upgrade utopia-php/storage to 2.0.0 for device-level out-of-order assembly support
Per review feedback on the PHPStan cleanup, the two `if
($executionsRetentionCount > 0 && ENABLE_EXECUTIONS_LIMIT_ON_ROUTE)`
blocks in `app/controllers/general.php` and
`src/Appwrite/Platform/Modules/Functions/Http/Executions/Create.php`
were load-bearing feature flags, not dead code. Removing them silently
dropped the ability to turn the cleanup on later.
Changes:
- Convert `ENABLE_EXECUTIONS_LIMIT_ON_ROUTE` from
`const ... = false;` to a `define()` backed by the new
`_APP_EXECUTIONS_LIMIT_ON_ROUTE` env var (defaults to `disabled`).
PHPStan can no longer fold the `&&` away since the value is now
runtime-resolved, so the guarded blocks are live again.
- Restore the `/* cleanup */` block in the `router()` helper in
`app/controllers/general.php`.
- Restore the two cleanup blocks in `Functions/Http/Executions/Create.php`
(one on the async-scheduled return path, one on the sync-response
path), and re-add the `DeleteEvent $queueForDeletes` /
`int $executionsRetentionCount` injections plus the
`Appwrite\Event\Delete` import.
Runtime behavior is identical to main (flag off by default); operators
can now flip it via env without a code change.
fogelito
Torsten Dittmann
Matej Bačo
Harsh Mahajan
harsh mahajan
Chirag Aggarwal