Recent content by Steffen

Not a Safari user myself but one of our forum users has reported that on iOS 26 (currently in beta, will be released within a few days on September 15th) XenForo's text selection tooltips are most of the time covered by Safari's native selection toolbar. Maybe they can be repositioned?

The Lightbox doesn't show thumbnails for images that have not yet been (lazy-)loaded. This is because XenForo sets the data-fancybox attribute (which Fancybox uses to group images into a gallery) only after an image has been loaded (see the XF.Lightbox.imageChecked function). In longer posts...

This add-on needs a small fix for PHP 8.4 compatibility. "XF301VB\Mvc\Router::routeToController(): Implicitly marking parameter $request as nullable is deprecated, the explicit nullable type must be used instead in src/addons/XF301VB/Mvc/Router.php:82" --- a/src/addons/XF301VB/Mvc/Router.php...

I have a script that updates the hashes.json files to reflect all local file modifications: <?php namespace XF\Cli\Command; use Symfony\Component\Console\Command\Command; use Symfony\Component\Console\Input\InputInterface; use Symfony\Component\Console\Output\OutputInterface; class UpdateHashes...

Same report by our users, quotes in spoilers cannot be expanded reliably: https://www.computerbase.de/forum/threads/in-eigener-sache-das-dritte-feature-update-fuer-das-computerbase-forum-ist-da.2206406/post-30548779

You should use FILTER_FLAG_HOSTNAME, i.e. filter_var($value, FILTER_VALIDATE_DOMAIN, FILTER_FLAG_HOSTNAME), otherwise the check accepts all kinds of funny characters. :)

I think nowadays you could simply check the "Sec-Fetch-Site" header or the "Origin" header that browsers automatically send for POST requests.

I've just disconnected my test account from Google and then connected it again. Seems to have worked fine but two HTTP 401 errors were logged: one for GoogleProviderData->getUsername() and one for GoogleProviderData->getAvatarUrl().

How to reproduce: var_dump(\XF\Util\Ip::binaryToString("*\x02\x124\x124\0\0\0\0\0\0\0\0\0\0", $shorten = false)); What should be returned: string(39) "2a02:1234:1234:0000:0000:0000:0000:0000" What is actually returned: string(24) "2a02:1234:1234:0000:0000" This is an invalid IPv6 address...

How to reproduce: As a moderator, open an assigned report Scroll to the bottom and click the "Handle report" button What should happen: The form is revealed along with its save button. What actually happens: The form is revealed but its save button stays hidden, making it impossible to submit...

The method XF\Entity\Trophy::_postDelete checks the "xf_user_alert" column "extra_data" (which is empty!) although it seems like it should check the "content_id" column because that's where the trophy_id is stored. --- a/src/XF/Entity/Trophy.php +++ b/src/XF/Entity/Trophy.php @@ -92,7 +92,8 @@...

XenForo's PWA back button occupies the same space as the inline mod bar. This makes using both these features a little difficult. Can they be stacked?

There are no double quotes left after the immediately preceeding strtr call (not completely visible in the diff below) which replaces double quotes with a space character. --- a/src/XF/Mvc/Router.php +++ b/src/XF/Mvc/Router.php @@ -581,7 +581,7 @@ class Router...

After adding a Passkey, users can login using the Passkey just fine. But when they attempt to login using their password again (*) they unexpectedly see a 2FA prompt which asks them to provide their Passkey as a second factor. This seems to hit users by surprise because they just clicked "Add...

After some more digging: In the file "js/xf/core.js", two occurences of location.reload(true) were changed to location.reload() in XenForo 2.3. This is what triggers this bug. (This could still be a Firefox bug. Firefox obviously tries to retain form data when calling location.reload() even...