1. PaulB

    Fixed "twitter" BbCodeMediaSite missing x.com in match_urls

    We're starting to see Twitter links that use x.com instead of twitter.com posted on our forums, despite the fact that x.com redirects to twitter.com. The "Share" button on tweets now gives an x.com URL. As such, match_urls should be updated to include x.com. Other XF customers also appear to...
  2. PaulB

    Users can easily create duplicate subscriptions

    Here’s an example with PayPal: Alice subscribed to an upgrade with monthly payments. For whatever reason, Alice’s bank declines the payment the following month. XenForo downgrades Alice when payment lapses, as it should. Alice notices that she no longer has an active upgrade and goes to the...
  3. Tempritscher

    XF 2.2 ReCaptcha double verification (Bug?)

    Good Morning Community. After upgrading to latest forum build i face an strange bug. did someone having the same issue?
  4. PaulB

    Confirmed ALLOW_DEADLOCK_RERUN combined with Entity#save

    Several calls to AbstractAdapter#executeTransaction in the UserAlert repository pass the ALLOW_DEADLOCK_RERUN option, but that option can't be combined with entities unless forceSet is set on the affected entities. Any attempt to re-run the closure in response to a deadlock will result in a...
  5. PaulB

    Fixed escapeLike fails to escape backslashes

    Replacements it performs: % -> \% _ -> \_ However, it neglects to perform: \ -> \\ This means input such as this: \% Will become: \\% Which MySQL/MariaDB will interpret as a literal backslash followed by a LIKE wildcard. While this could theoretically result in security vulnerabilities in...
  6. PaulB

    Help URLs with invalid UTF-8 cause exceptions in MySQL 8

    The following URL will result in a 404 with MariaDB but an exception with MySQL 8.0.x: https://xenforo.com/community/help/%c0a Furthermore, the exception may fail to log to the database and third-party monitoring services (in our case, Datadog). This tends to be triggered often by...
  7. El Porcharo

    XF 2.2 Enable registration unchecked doesn't completely prevent registrations with associated account

    Facebook use to periodically verify their developers applications compliance, so one of their staff members contacted me complaining that I had to provide a test user account, so they could verify my application work flow and compliance as it seemed that it wasn't being used properly by my app...
  8. PaulB

    Fixed Moderated/deleted threads can be displayed as the last post/thread of a forum

    Alice creates a thread in forum 1. The discussion_state is visible, so the forum's last_post_* and last_thread_* fields are updated. Bob creates a thread in forum 1 after Alice, but during the same second. The discussion_state is moderated or deleted. The latter state should never happen...
  9. PaulB

    Not a bug Upgrade from 2.2.6 Patch 2 to 2.2.7: [E_WARNING] Undefined array key "push_on_conversation"

    $ php cmd.php xf:upgrade Current version: 2020672 Upgrade target: 2020770 (2.2.7) Are you sure you want to continue with the upgrade? [y/n] y All upgrade steps run up to version 2.2.7. Importing... Master data (Templates) Rebuilding... Phrases . Rebuilding... Permissions . Rebuilding...
  10. PaulB

    Fixed convertIpStringToBinary fails in some scenarios

    convertIpStringToBinary fails in some scenarios because it tries to handle a situation in which the input has already been converted. It would probably be better if it were just simple wrappers around inet_pton(). In particular, a valid IPv6 address in its string representation can be a valid...
  11. PaulB

    Fixed Emails can get stuck in the queue indefinitely

    Currently, email queue processing works roughly like this: Mark entry as being processed by setting send_date 15 minutes into the future. If marking failed, it's already being processed; skip this item. Deserialize mail_data. If deserialization failed or is not an instance of...
  12. PaulB

    Fixed Zombie records remain when a thread is deleted

    When a thread is deleted, XF\Entity\Thread#_postDelete() fails to clean some tables, such as xf_thread_watch. At the end of the method, it cleans thread reply bans: $db->delete('xf_thread_reply_ban', 'thread_id = ?', $this->thread_id); I would expect it to handle xf_thread_watch and...
  13. PaulB

    Partial fix Buggy string comparisons

    In PHP, some comparisons with == or in_array may return true when the programmer expects them to return false. For example, "00" == "0000" is true in PHP, as is in_array("00", ["0000"]). XenForo 2 performs loose comparisons in some places that can potentially result in bugs...
  14. PaulB

    Fixed Unbounded inlinemod cookie size

    The inlinemod cookies, such as xf_inlinemod_conversations, currently have an unbounded size. Cookies aren't really supposed to be > 4 KiB, but it's not too difficult for an end user to end up with a cookie far larger than that just by selecting several pages of conversations for deletion. From...
  15. PaulB

    Fixed RSS: content:encoded can contain unnecessary JavaScript for attachments

    RSS generated for posts with embedded attachments may contain code such as the following: <content:encoded><![CDATA[<div class="bbWrapper"><b><i><span style="color: #ff0000">Test</span></i></b><br /> <br /> <script class="js-extraPhrases" type="application/json"> {...
  16. PaulB

    Tag editor may show tag multiple times

    Steps to reproduce: Create a new thread with a unique tag. That tag must not be used anywhere else. Click the tag edit link in the thread to edit its tags. Click the "x" next to the tag to remove it. Submit the form by clicking "Save", but do not refresh or navigate away from the page. The tag...
  17. PaulB

    Fixed Warning definition fields can have text that is too long for the warning or conversation

    It's possible to create a warning definition with: 1. a title that is longer than the maximum length of a warning title 2. a conversation title that is longer than the maximum length of a conversation title There won't be any error when the warning definition is created, nor will there be any...
  18. B

    bug on documentation

    not sure where to report this... https://xenforo.com/docs/dev/general-concepts/ links to 'controller-basics' pages here are 404's.
  19. e-Dewan

    Fixed The gradually hidden text issue.

    Hi, I don't know how to explain the issue but you can see the image below: My forum is RTL (Arabic) and the feature seems not RTL compatible. Best Regards,
  20. enivid

    Fixed Restrict password request rate for registered users who currently have no password set.

    Currently (XF2.2.2), when a user doesn't have a password set for their account and requests a password via the "Password and security" page, they can send any number of requests without any restrictions. Of course, they can only flood their own email account in such a way, but this also...
Top Bottom