diff --git a/core/src/core/classes/class.AJXP_Utils.php b/core/src/core/classes/class.AJXP_Utils.php
index f4ffbc7674..cacdd2366d 100644
--- a/core/src/core/classes/class.AJXP_Utils.php
+++ b/core/src/core/classes/class.AJXP_Utils.php
@@ -92,6 +92,7 @@ static function securePath($path)
         //
         // REMOVE ALL "../" TENTATIVES
         //
+        $path = str_replace(chr(0), "", $path);
         $dirs = explode('/', $path);
         for ($i = 0; $i < count($dirs); $i++)
         {
diff --git a/core/src/plugins/access.ajxp_conf/class.ajxp_confAccessDriver.php b/core/src/plugins/access.ajxp_conf/class.ajxp_confAccessDriver.php
index 99e28573a7..494782c2ac 100644
--- a/core/src/plugins/access.ajxp_conf/class.ajxp_confAccessDriver.php
+++ b/core/src/plugins/access.ajxp_conf/class.ajxp_confAccessDriver.php
@@ -647,7 +647,7 @@ function switchAction($action, $httpVars, $fileVars){
                 $basePath = AuthService::getLoggedUser()->getGroupPath();
                 if(empty ($basePath)) $basePath = "/";
                 if(!empty($httpVars["group_path"])){
-                    $newUser->setGroupPath( rtrim($basePath, "/")."/".ltrim($httpVars["group_path"], "/"));
+                    $newUser->setGroupPath(rtrim($basePath, "/")."/".ltrim($httpVars["group_path"], "/"));
                 }else{
                     $newUser->setGroupPath($basePath);
                 }
diff --git a/core/src/plugins/access.fs/class.fsAccessDriver.php b/core/src/plugins/access.fs/class.fsAccessDriver.php
index 42823f8a43..23c7077ebe 100644
--- a/core/src/plugins/access.fs/class.fsAccessDriver.php
+++ b/core/src/plugins/access.fs/class.fsAccessDriver.php
@@ -1231,7 +1231,13 @@ function readFile($filePathOrData, $headerType="plain", $localName="", $data=fal
             if($this->getFilteredOption("USE_XSENDFILE", $this->repository->getId()) && $this->wrapperClassName == "fsAccessWrapper"){
                 if(!$realfileSystem) $filePathOrData = fsAccessWrapper::getRealFSReference($filePathOrData);
                 $filePathOrData = str_replace("\\", "/", $filePathOrData);
-                header("X-Sendfile: ".SystemTextEncoding::toUTF8($filePathOrData));
+                $server_name = $_SERVER["SERVER_SOFTWARE"];
+                $regex = '/^(lighttpd\/1.4).([0-9]{2}$|[0-9]{3}$|[0-9]{4}$)+/';
+                if(preg_match($regex, $server_name))
+                	$header_sendfile = "X-LIGHTTPD-send-file";
+                else
+                	$header_sendfile = "X-Sendfile";
+                header($header_sendfile.": ".SystemTextEncoding::toUTF8($filePathOrData));
                 header("Content-type: application/octet-stream");
                 header('Content-Disposition: attachment; filename="' . basename($filePathOrData) . '"');
                 return;
diff --git a/core/src/plugins/action.share/class.ShareCenter.js b/core/src/plugins/action.share/class.ShareCenter.js
index c7feebcd16..6ea433d5b6 100644
--- a/core/src/plugins/action.share/class.ShareCenter.js
+++ b/core/src/plugins/action.share/class.ShareCenter.js
@@ -221,7 +221,7 @@ Class.create("ShareCenter", {
             };
             oForm.down('#repo_label').setValue(getBaseName(this.currentNode.getPath()));
             if(!$('share_folder_form').autocompleter){
-                var pref = ajaxplorer.getPluginConfigs("ajxp_plugin[@name='share']").get("SHARED_USERS_TMP_PREFIX");
+                var pref = ajaxplorer.getPluginConfigs("ajxp_plugin[@id='action.share']").get("SHARED_USERS_TMP_PREFIX");
                 $('share_folder_form').autocompleter = new AjxpUsersCompleter(
                     $("shared_user"),
                     $("shared_users_summary"),
@@ -383,6 +383,14 @@ Class.create("ShareCenter", {
                     }.bind(this));
                     this.updateDialogButtons(oForm.down("div.dialogButtons"), "file");
                 }else{
+                    this.maxexpiration = parseInt(ajaxplorer.getPluginConfigs("ajxp_plugin[@id='action.share']").get("FILE_MAX_EXPIRATION"));
+                    if(this.maxexpiration > 0){
+                        oForm.down("[name='expiration']").setValue(this.maxexpiration);
+                    }
+                    this.maxdownload = parseInt(ajaxplorer.getPluginConfigs("ajxp_plugin[@id='action.share']").get("FILE_MAX_DOWNLOAD"));
+                    if(this.maxdownload > 0){
+                        oForm.down("[name='downloadlimit']").setValue(this.maxdownload);
+                    }
                     var button = $(oForm).down('div#generate_publiclet');
                     button.observe("click", this.generatePublicLinkCallback.bind(this));
                 }
@@ -557,6 +565,14 @@ Class.create("ShareCenter", {
             ajaxplorer.displayMessage("ERROR", MessageHash["share_center.75"]);
             return;
         }
+        if(this.maxexpiration > 0 && !(serialParams["expiration"] > 0 && serialParams["expiration"] <= this.maxexpiration) ){
+            ajaxplorer.displayMessage("ERROR", "Expiration must be between 1 and " + this.maxexpiration);
+            return;
+        }
+        if(this.maxdownload > 0 && !(serialParams["downloadlimit"] > 0 && serialParams["downloadlimit"] <= this.maxdownload) ){
+            ajaxplorer.displayMessage("ERROR", "Download limit must be between 1 and " + this.maxdownload);
+            return;
+        }
 
         oForm.down('img#generate_image').src = window.ajxpResourcesFolder+"/images/autocompleter-loader.gif";
         conn.setParameters(serialParams);
diff --git a/core/src/plugins/action.share/class.ShareCenter.php b/core/src/plugins/action.share/class.ShareCenter.php
index 9905085a41..32f0b3a858 100644
--- a/core/src/plugins/action.share/class.ShareCenter.php
+++ b/core/src/plugins/action.share/class.ShareCenter.php
@@ -144,9 +144,19 @@ function switchAction($action, $httpVars, $fileVars){
                     }
                     print($url);
             	}else{
-                    if(!isSet($httpVars["downloadlimit"])){
-                        $httpVars["downloadlimit"] = 0;
+                    $maxdownload = $this->getFilteredOption("FILE_MAX_DOWNLOAD", $this->repository->getId());
+                    if(!isSet($httpVars["downloadlimit"]) || $httpVars["downloadlimit"] == 0){
+                        $httpVars["downloadlimit"] = $maxdownload;
+                    }else{
+                        $httpVars["downloadlimit"] = min($maxdownload,floor(abs($httpVars["downloadlimit"])));
+                    }
+                    $maxexpiration = $this->getFilteredOption("FILE_MAX_EXPIRATION", $this->repository->getId());
+                    if(!isSet($httpVars["expiration"]) || $httpVars["expiration"] == 0){
+                        $httpVars["expiration"] = $maxexpiration;
+                    }else{
+                        $httpVars["expiration"] = min($maxexpiration,floor(abs($httpVars["expiration"])));
                     }
+
 	                $data = $this->accessDriver->makePublicletOptions($file, $httpVars["password"], $httpVars["expiration"], $httpVars["downloadlimit"], $this->repository);
                     $customData = array();
                     foreach($httpVars as $key => $value){
diff --git a/core/src/plugins/action.share/manifest.xml b/core/src/plugins/action.share/manifest.xml
index 753e8b4cb2..1b9a60e50b 100644
--- a/core/src/plugins/action.share/manifest.xml
+++ b/core/src/plugins/action.share/manifest.xml
@@ -3,6 +3,8 @@
     <server_settings>
         <global_param name="USE_REWRITE_RULE" group="CONF_MESSAGE[Link Generation]" description="CONF_MESSAGE[Use web server RewriteEngine mechanism to generate prettier URLs]" label="CONF_MESSAGE[Use Rewrite Rule]" type="boolean" default="false"/>
         <global_param name="HASH_MIN_LENGTH" group="CONF_MESSAGE[Link Generation]" description="CONF_MESSAGE[Minimum length of the generated hash]" label="CONF_MESSAGE[Hash minimum length]" type="integer" default="6"/>
+        <global_param name="FILE_MAX_EXPIRATION" group="CONF_MESSAGE[Link Generation]" description="CONF_MESSAGE[Maximum share expiration limit for file, 0 = unlimited]" label="CONF_MESSAGE[Maximum file expiration limit]" type="integer" default="0" expose="true"/>
+        <global_param name="FILE_MAX_DOWNLOAD" group="CONF_MESSAGE[Link Generation]" description="CONF_MESSAGE[Maximum download limit for file, 0 = unlimited]" label="CONF_MESSAGE[Maximum file download limit]" type="integer" default="0" expose="true"/>
         <global_param name="AVOID_SHARED_FOLDER_SAME_LABEL" group="CONF_MESSAGE[Folder Sharing]" description="CONF_MESSAGE[Disallow users to create shared folders if a workspace already exists with the same label]" label="CONF_MESSAGE[Avoid labels duplication]" type="boolean" default="true"/>
         <!--
         <global_param name="SHARED_USERS_LIST_MINIMUM" group="CONF_MESSAGE[Shared users configurations]" description="CONF_MESSAGE[Minimum number of characters to start getting results by auto-completion when sharing a folder with other users]" label="CONF_MESSAGE[Autocomplete minimum chars]" type="integer" default="2" expose="true"/>
diff --git a/core/src/plugins/uploader.jumploader/class.JumploaderProcessor.php b/core/src/plugins/uploader.jumploader/class.JumploaderProcessor.php
index 34e6215ad0..c756ad0c31 100644
--- a/core/src/plugins/uploader.jumploader/class.JumploaderProcessor.php
+++ b/core/src/plugins/uploader.jumploader/class.JumploaderProcessor.php
@@ -259,7 +259,7 @@ public function postProcess($action, $httpVars, $postProcessData){
                 }
             }
 
-            if( (!$all_in_place || $partitions_length != intval($fileLength))){
+            if( (!$all_in_place || $partitions_length != floatval($fileLength))){
                 echo "Error: Upload validation error!";
                 /* we delete all the uploaded partitions */
                 if($httpVars["partitionCount"] > 1){