Recent content by DeltaHF

Yep, you're right @Kirby. Disabled JavaScript and both files upload fine, as confirmed here in the test forum. It looks like the bug is in attachment_manager-compiled.js: // ... inside XF.ImageTools.resize ... return new Promise((e, f) => { if (a.type.startsWith("image/")) if...

The image-to-WebP conversion feature in XenForo 2.3 incorrectly rasterizes certain valid SVG files, causing the loss of their vector data. The behavior is inconsistent and appears to be triggered when an SVG file contains only a single color without an explicit transparent background. This...

Two functions in only one file need to be edited. It can be found at src/XF/Html/Renderer/BbCode.php.

I threw src/XF/Html/Renderer/BbCode.php along with descriptions, samples, and screenshots of the errors at Gemini 2.5 Pro and it offered its own suggested changes below. I have modified the two functions and tables appear to be working now. Formatting like color, bold, and italics are preserved...

Just upgraded to 2.3 and have also had several users complaining about this.

I'm having the exact same issue as reported by some of my users. Only a few specific Cloudflare POPs appear to be affected. I was able to confirm it by using a VPN to affected users' area. Specifically, only CSS delivered via XenForo's css.php files are broken (other custom CSS files served by...

I see we can update user_state via the API. I suppose we could write our own webhook endpoint which edits the target user via the API.

Great news!

Same. I have missed a few days here and there for various reasons over the past 23 years, but I have a great moderation team and I'm in daily text communication with my deputy administrator.

Good question. I would guess using URLs with good reputations makes them less likely to be filtered as spam by major email services, too.

I have since added protection to my install page with Cloudflare Access. Surprised this isn't getting more concern or attention. Am I missing something?

Good catch. I just tested it out and it does not ask for 2-factor authentication on the install page.

Yes, hotlink protection also works in emails. Be sure that you're using 2-factor authentication for all accounts with access to your Admin CP. This will provide more security than a CAPTCHA.

Adequate hotlink protection should be enough to prevent this from happening.

Wow. How did you discover this?