release(v1.6.5): fix PHP warning and upload-flag check in capabilities.php

CHANGELOG.md

@@ -1,5 +1,15 @@
 # Changelog
 
+## Changes 10/24/2025 (v1.6.5)
+
+release(v1.6.5): fix PHP warning and upload-flag check in capabilities.php
+
+- Fix undefined variable: use $disableUpload consistently
+- Harden flag read: (bool)($perms['disableUpload'] ?? false)
+- Prevents warning and ensures Upload capability is computed correctly
+
+---
+
 ## Changes 10/24/2025 (v1.6.4)
 
 release(v1.6.4): runtime version injection + CI bump/sync; caching tweaks

public/api/folder/capabilities.php

@@ -153,7 +153,7 @@ if ($folder !== 'root') {
 $perms       = loadPermsFor($username);
 $isAdmin     = ACL::isAdmin($perms);
 $readOnly    = !empty($perms['readOnly']);
-$disableUp   = !empty($perms['disableUpload']);
+$disableUpload = (bool)($perms['disableUpload'] ?? false);
 $inScope     = inUserFolderScope($folder, $username, $perms, $isAdmin);
 
 // --- ACL base abilities ---
@@ -213,7 +213,7 @@ echo json_encode([
   'flags'   => [
     //'folderOnly'    => !empty($perms['folderOnly']) || !empty($perms['userFolderOnly']) || !empty($perms['UserFolderOnly']),
     'readOnly'      => $readOnly,
-    'disableUpload' => $disableUp,
+    'disableUpload' => $disableUpload,
   ],
   'owner'        => $owner,