XF dev questions


Well-known member
Had two questions in particular but left the title more general in case others appear later.

Not having developed addons for XF myself, I would like to ask this:

  1. Is this the correct understanding of how an addon is installed?
    1. read the included XML into the db, & remove it from local-storage.
    2. use the XML to construct the AdminCP 'options' object.
    3. when the specified hooks are invoked, load respective php code from local storage.

  2. How does an addon install its CSS and phrases? The only thing I've found in /library were just the php files. How can we remove addon CSS and phrases when it is uninstalled?

(N.B. WOW, the above nested lists were next to impossible to make, even in our new Redactor. Why can't web editors match basic desktop functionality...)


Well-known member
The add-on XML stores a lot more than just options and is used to insert a ton on data into the database.

After install, the XML isn't used again, it's all done via the database.

CSS is advised to be placed in templates which are assigned to your add-on and removed upon uninstall automatically. Phrases are also removed automatically.

JavaScript should be in the /js/ folder on the server and needs to be removed manually.


Well-known member
Ok so:

  1. the XML stores all the config info for the addon. Once it is parsed into the database, it's removed from the file system. At uninstall it gets removed from the database automatically.

  2. The CSS and phrases are ingested into the DB (in a similar way to the XML), and at uninstall will be removed automatically.

  3. Javascript will be in the /js/ folder and needs to be removed manually.

  4. The files are in the /library/ folder and need to be removed manually.

Did I miss anything?


Well-known member
I forgot to add one crucial item: the database.

On the heels of my recent discussion with @Mike and @King Kovifor, turns out that addons have full database write permissions. So item 5 is:

5. Addons can write into the database, and those entries will not be easily visible, or removed automatically. The user needs to investigate the addon source code (in /library/), and determine where the addon writes its data. There are three possible locations, from worst to best (from the user's perspective):
  1. Using a custom SQL query; storing into anywhere in the database it wants.
    This is.. really bad. Consider not installing the addon if it does this.

  2. Not using a custom SQL query; using a provided XF method, storing into the Registry.
    This still creates a unique record that you will have to remove manually, but you only need to look through xf_registry to find it. So, not that big of a big deal.

  3. Not using a custom SQL query; using a provided XF method, storing into simpleCache.
    This merely adds data to a single record within the Registry (xf_registry), called simpleCache. This even further localizes where you have to look. What's more, simpleCache isn't used by the XF core, it's just there for the addons to use, so you can delete it if you want to clear unused/obsolete data within it. According to @Jake (here), XF will automatically rebuild simpleCache if it is missing.
To sum up, ideally the addon will store data in the Registry (or even better, in simpleCache within the Registry). You should confirm that it does, and consider rejecting it if it doesn't.

If you want to uninstall it, go into your database, navigate to the said Registry or the simpleCache, and clear out the information.​


Well-known member
Ideally, add-ons have install and uninstall codes which will remove any information they've added to the database. If not, its a bug and should be reported to the necessary developer.

Also, none of the above points are necessarily bad.


Well-known member
Not really. They're well known devs with multiple products, and I seemed to be the only one with anxiety over this. Add to it the revelation that by PHP architecture any code has database access, and I just jumped to the conclusion that it's a wild west out there, and every man for himself ... :)


Well-known member
Yes. That's what I was trying to get across in the Suggestion thread too.

I'll get in touch with them. But this thread is still a useful "self defence" manual in case addon devs continue to be sloppy, since forums shouldn't be left at the mercy of some person who just learned to write PHP.