Recent content by Steffen

Same report by our users, quotes in spoilers cannot be expanded reliably: https://www.computerbase.de/forum/threads/in-eigener-sache-das-dritte-feature-update-fuer-das-computerbase-forum-ist-da.2206406/post-30548779

You should use FILTER_FLAG_HOSTNAME, i.e. filter_var($value, FILTER_VALIDATE_DOMAIN, FILTER_FLAG_HOSTNAME), otherwise the check accepts all kinds of funny characters. :)

I think nowadays you could simply check the "Sec-Fetch-Site" header or the "Origin" header that browsers automatically send for POST requests.

I've just disconnected my test account from Google and then connected it again. Seems to have worked fine but two HTTP 401 errors were logged: one for GoogleProviderData->getUsername() and one for GoogleProviderData->getAvatarUrl().

How to reproduce: var_dump(\XF\Util\Ip::binaryToString("*\x02\x124\x124\0\0\0\0\0\0\0\0\0\0", $shorten = false)); What should be returned: string(39) "2a02:1234:1234:0000:0000:0000:0000:0000" What is actually returned: string(24) "2a02:1234:1234:0000:0000" This is an invalid IPv6 address...

How to reproduce: As a moderator, open an assigned report Scroll to the bottom and click the "Handle report" button What should happen: The form is revealed along with its save button. What actually happens: The form is revealed but its save button stays hidden, making it impossible to submit...

The method XF\Entity\Trophy::_postDelete checks the "xf_user_alert" column "extra_data" (which is empty!) although it seems like it should check the "content_id" column because that's where the trophy_id is stored. --- a/src/XF/Entity/Trophy.php +++ b/src/XF/Entity/Trophy.php @@ -92,7 +92,8 @@...

XenForo's PWA back button occupies the same space as the inline mod bar. This makes using both these features a little difficult. Can they be stacked?

There are no double quotes left after the immediately preceeding strtr call (not completely visible in the diff below) which replaces double quotes with a space character. --- a/src/XF/Mvc/Router.php +++ b/src/XF/Mvc/Router.php @@ -581,7 +581,7 @@ class Router...

After adding a Passkey, users can login using the Passkey just fine. But when they attempt to login using their password again (*) they unexpectedly see a 2FA prompt which asks them to provide their Passkey as a second factor. This seems to hit users by surprise because they just clicked "Add...

After some more digging: In the file "js/xf/core.js", two occurences of location.reload(true) were changed to location.reload() in XenForo 2.3. This is what triggers this bug. (This could still be a Firefox bug. Firefox obviously tries to retain form data when calling location.reload() even...

This bug seems to be triggered by the "AjaxSubmit" feature. A possible workaround is to remove ajax="true" from the "approval_queue" template.

This seems totally odd but we've reproduced it on 3 Firefox installations (one with a fresh profile): 1. Open Firefox (tested with Firefox 129 and 130) 2. As an admin/moderator, go to the Approval queue page of your forum 3. Ensure that there are at least 2 posts that need approval 4. For the...

This is about the setting "Include content title in URLs": XenForo 2.2 turned the multiplication sign "×" (U+00D7) into an "x" letter. XenForo 2.3 removes them (the transliterator seems to convert them into an asterisk which then get removed). IMHO the behaviour of XenForo 2.2 made more sense...

That's intentional afaik to prevent nested quotes.