Alice creates a thread in forum 1. The discussion_state is visible, so the forum's last_post_* and last_thread_* fields are updated.
Bob creates a thread in forum 1 after Alice, but during the same second. The discussion_state is moderated or deleted. The latter state should never happen...
$ php cmd.php xf:upgrade
Current version: 2020672
Upgrade target: 2020770 (2.2.7)
Are you sure you want to continue with the upgrade? [y/n] y
All upgrade steps run up to version 2.2.7.
Importing... Master data (Templates)
Rebuilding... Phrases .
Rebuilding... Permissions .
convertIpStringToBinary fails in some scenarios because it tries to handle a situation in which the input has already been converted. It would probably be better if it were just simple wrappers around inet_pton().
In particular, a valid IPv6 address in its string representation can be a valid...
Currently, email queue processing works roughly like this:
Mark entry as being processed by setting send_date 15 minutes into the future.
If marking failed, it's already being processed; skip this item.
If deserialization failed or is not an instance of...
When a thread is deleted, XF\Entity\Thread#_postDelete() fails to clean some tables, such as xf_thread_watch. At the end of the method, it cleans thread reply bans:
$db->delete('xf_thread_reply_ban', 'thread_id = ?', $this->thread_id);
I would expect it to handle xf_thread_watch and...
In PHP, some comparisons with == or in_array may return true when the programmer expects them to return false. For example, "00" == "0000" is true in PHP, as is in_array("00", ["0000"]). XenForo 2 performs loose comparisons in some places that can potentially result in bugs...
The inlinemod cookies, such as xf_inlinemod_conversations, currently have an unbounded size. Cookies aren't really supposed to be > 4 KiB, but it's not too difficult for an end user to end up with a cookie far larger than that just by selecting several pages of conversations for deletion. From...
RSS generated for posts with embedded attachments may contain code such as the following:
<content:encoded><![CDATA[<div class="bbWrapper"><b><i><span style="color: #ff0000">Test</span></i></b><br />
<script class="js-extraPhrases" type="application/json">
Steps to reproduce:
Create a new thread with a unique tag. That tag must not be used anywhere else.
Click the tag edit link in the thread to edit its tags.
Click the "x" next to the tag to remove it.
Submit the form by clicking "Save", but do not refresh or navigate away from the page.
It's possible to create a warning definition with:
1. a title that is longer than the maximum length of a warning title
2. a conversation title that is longer than the maximum length of a conversation title
There won't be any error when the warning definition is created, nor will there be any...
Currently (XF2.2.2), when a user doesn't have a password set for their account and requests a password via the "Password and security" page, they can send any number of requests without any restrictions. Of course, they can only flood their own email account in such a way, but this also...
Running into the same problem as this:
Using Microsoft Edge Version 87.0.664.75 (Official build) (64-bit)
Only way to paste link and have it unfurl is to right click paste as plain text. Identical to the...
I am having this issue where if any link contains ' characters, it auto disables the link and render the link as text.
Not sure if this is a bug or not. Need some help...
Setting a column definition's changeLog property to true results in the wrong code path being taken; it's interpreted as 'changeLog' => 'customFields'. This is problematic when optIn is enabled, since the intention is to set changeLog to true in that scenario.
Lines 58-65 of the ChangeLoggable...
I am getting loads of these error entries on my server after upgrading yesterday to XenForo v2.2.0.
I had no errors whatsoever in the previous v2.1 version, but now these errors appear literally by the dozens in just a few minutes time, it's hogging our server.
The upgrade process to 2.2.0...