Search results

  1. PaulB

    ChangeLoggable behavior broken with optIn = true

    Setting a column definition's changeLog property to true results in the wrong code path being taken; it's interpreted as 'changeLog' => 'customFields'. This is problematic when optIn is enabled, since the intention is to set changeLog to true in that scenario. Lines 58-65 of the ChangeLoggable...
  2. PaulB

    Add support for Etc/UTC timezone

    Currently, there's no locale-invariant timezone. The available UTC-ish timezones are subject to change and discrepancies such as DST; for example, Europe/London is currently in DST, so it's UTC+1 instead of UTC. This isn't great for global forums. We'd like to have a culture-agnostic...
  3. PaulB

    Fixed Users can bump each other out of conversations under certain circumstances

    This was initially submitted as a potential security vulnerability via the contact form, but it was deemed to be a standard bug, not a vulnerability. Under certain circumstances, users can bump each other out of conversations. When this happens, there is no way for a user to rejoin the...
  4. PaulB

    Minor security vulnerability

    Appears to affect all versions of 2.x; probably also affects 1.x. It's minor but can be a nuisance. What's the correct procedure for reporting details?
  5. PaulB

    Third party Some controls activate on mouse up even if the cursor has moved off of them

    Typically, I expect the following behavior: Mouse cursor is over a button. Left mouse button is depressed. Mouse cursor is moved elsewhere on the page. Left mouse button is released. Nothing happens. Some websites, including XenForo, perform one of the following unexpected actions in place of...
  6. PaulB

    Fixed Error phrases fail to bubble for profile posts

    XF\Pub\Controller\ProfilePost#assertViewableProfilePost: protected function assertViewableProfilePost($profilePostId, array $extraWith = []) { // ... if (!$profilePost->canView($error)) { throw $this->exception($this->noPermission($error)); } // ... }...
  7. PaulB

    Fixed Very minor: XF\Repository\Notice#rebuildNoticeLastResetCache fails to return a value

    XF\App#initialize: $container['notices.lastReset'] = $this->fromRegistry('noticesLastReset', function(Container $c) { return $c['em']->getRepository('XF:Notice')->rebuildNoticeLastResetCache(); } ); XF\Repository\Notice#rebuildNoticeLastResetCache: public function...
  8. PaulB

    Fixed Minor logic error in $container['config']

    In XF\App#initialize, definition for $container['config']: $container['config'] = function (Container $c) { $default = $c['config.default']; $file = $c['config.file']; $legacyFile = $c['config.legacyFile']; if (file_exists($file)) { $config = []...
  9. PaulB

    XF 2.1 Override options from config.php

    Is it possible to override options from config.php in XF2? For XF1 development, we patched XenForo to permit options to be overridden from config.php; we could then distribute a template config.php to our developers with sane defaults. However, this required us to maintain a variety of...
  10. PaulB

    Duplicate WYSIWYG editor doesn't use image proxy

    This also applies to 1.x, which is what I'm personally interested, but it seems to be an issue on as well, which I assume uses 2.x. We're getting CSP reports indicating that when users attempt to embed images in posts using the WYSIWYG editor, the image is loaded directly without...
  11. PaulB

    Fixed Duplicate key error while following

    In Model/User.php, function follow, around line 1760: The ordering of beginTransaction and removeDuplicateFollowUserIds is wrong. Because removeDuplicateFollowUserIds is performed outside the transaction, a race condition occurs. If the user is experiencing internet connectivity issues and...
  12. PaulB

    Won't fix Moderation queue doesn't use approveUnapprove permission

    Anyone who can see an item in the moderation queue can approve or delete it. The permissions required to view a thread or post in the moderation queue are view, edit any, and delete any. approveUnapprove should probably be in there as well, but that's only used for the inline moderation tool...
  13. PaulB

    XF 1.5 DNSBLs

    In XenForo_DnsBl, the necessary code for three blacklists exists: Spamhaus Tornevall Project Honey Pot The method for Spamhaus isn't referenced anywhere, so that leaves Project Honey Pot and Tornevall. This is what the control panel says on those: Looking at the code, that description is...
  14. PaulB

    As designed Cron task run frequencies reset on each upgrade

    Exactly what the title says. Each time an update is performed, all the cron task run frequencies reset to default.
  15. PaulB

    Fixed Infinite redirect when accepting terms/privacy policy

    If the accept form is visited without a redirect querystring parameter (e.g., /misc/accept-privacy-policy), an infinite redirect loop will occur when the user accepts, resulting in an ERR_TOO_MANY_REDIRECTS error in Chrome.
  16. PaulB

    Fixed htmlspecialchars corrupts avatar URLs

    Searching for a user results in a dropdown in several places (/members/, @-tags, /admin.php?users/). This results in a JSON response, in the form: { "results": [ { "avatar": "...", "username": "..." }, ... ] } Both the avatar and username...
  17. PaulB

    Fixed Missing contactUrl param terms_rules_text in accept_terms template

    In the accept_terms template, the terms_rules_text phrase is missing a contactUrl param: {xen:phrase terms_rules_text}
  18. PaulB

    Not a bug GDPR: Have to accept privacy policy/terms multiple times

    This is probably the same as, but I've included steps for reproducing it. The user has to accept the privacy policy/terms once for each time the admins have forced users to accept the privacy...
  19. PaulB

    Not a bug Title changes aren't logged consistently

    If a moderator edits a title by clicking Edit -> More Options... and then editing the title in the thread form, it doesn't appear in the Moderator Log, and clicking Thread Options -> Moderator Actions in the thread doesn't show the change. However, if a moderator edits the title by clicking...
  20. PaulB

    Fixed Wrong variable in XenES_Search_SourceHandler_ElasticSearch

    File: library/XenES/Search/SourceHandler/ElasticSearch.php Line: 1113 Class: XenES_Search_SourceHandler_ElasticSearch Method: isIndexSuccessful Problematic line: $typeAndId = XenES_Api::getTypeAndIdFromHit($result); $record is the wrong variable here and will result in an exception...