XenForo

XenForo 2.0.13

Нет прав для скачивания
Популярный форумный движок.
  • Исправление повышающие безопасность
XenForo 2.0.12 теперь доступен для скачивания. Мы рекомендуем, всем пользователям, работающие с предыдущими версиями XenForo 2.0, обновиться до данной версии, чтобы повысить стабильность. Эта версия вносит ряд изменений для улучшения совместимости с PHP 7.3.0. Однако в настоящее время мы не рекомендуем использовать PHP 7.3.0 в работе из-за ошибки, которая может привести к неправильному выполнению кода, что в свою очередь может привести к потере данных. Мы верим и надеемся, что эта ошибка будет исправлена в PHP 7.3.1.
  • Решает проблему безопасности с уязвимостью (XSS), которая была обнаружена
Some of the changes in XF 2.0.10 include:
  • Improve compatibility with MySQL 8.0.
  • Update to Froala 2.8.4.
  • Canonicalize the favicon URL.
  • Fix unmatched closing tag in like summary HTML.
  • Ensure stats collection job is run as a non-manual job.
  • When highlighting search terms, ensure that HTML entities are not highlighted.
  • Improve support for passive event listeners in JavaScript.
  • Use aria attributes instead of title attributes in some places to avoid unnecessary browser tooltips.
  • In tag / recipient inputs ensure that the Esc key cancels the current item rather than accepting it.
  • Fix issue which may have seen the RTE being disabled on older Android versions even if a modern Chrome/Firefox version was being used.
  • When renaming a user as you delete it, ensure the correct redirect URL is used.
  • When saving a template without changes ensure the last_edit_date is changed.
  • With invalid class names when creating a class extension, provide more elegant and clearer errors.
  • Handle the warnings link on the member profile differently.
  • If a user who does not have an email in their profile is using the contact form, make the email field required.
  • Prevent a duplicate news feed entry when moving or copying a post to a new thread.
  • When romanizing URLs transilterate remaining dubious characters to standard ASCII characters.
  • Ensure moderator log handlers have their content type passed in.
  • Bailout of HTML widget options verification if no widget key has been set.
  • Reduce number of queries in the "Registered members" list.
  • Make oEmbed media sites more responsive.
  • Pass the correct user upgrade end date when reinstating a previously cancelled/reversed payment.
  • When disabling checkboxes use the disabled property rather than readonly.
  • When exporting a user using the data portability tools, strip multibyte UTF-8 characters out to improve compatibility.
  • Ensure the trophies help page is not shown on the help page list if trophies are disabled.
  • Improve support for Apple Music and Soundcloud BB code media sites.
  • When creating/editing a "Registered feed" display an error if the provided user cannot be found.
  • Use inputmode="number" instead of type="number" on two step verification inputs.
  • Support vendor prefixed add-on IDs in the max_length templater function.
  • When editing the currency format for a language, ensure that {value} is accepted if it appears first in the format string.
  • When filtering active/expired user upgrades by username, ensure the correct error is displayed if the user does not exist.
  • Improvements in memory limit adjustment in the GD image adapter.
  • Add noindex to the "Post new thread" pages.
  • Avoid invisible URLs when the inner text for a URL tag is empty.
  • When sending a moderator action alert when copying or moving a post, include a link to the post rather than the thread.
  • If a guest has selected a specific language, ensure this is persisted through to their user account when they register.
  • Fix invalid HTML in the node list.
  • Allow RTE shortcut key modifiers (Ctrl, Alt, Shift) to be translated.
  • When adjusting an attachment file name, use the utf8_ string functions to avoid potential UTF8 errors.
  • Allow two step verification pages to bypass terms/privacy policy acceptance.
  • Increase time limit of dismissed notice cookies to one month and do not clear them when a user logs out.
  • Prevent auto-linking invalid URLs.
  • Trigger a draft save on preview.
  • Attempt to scroll to the page nav page jump menu on Android so it is not hidden by the keyboard.
  • Ensure fixed notice footer offset is only applied to the page level footer element.
  • Adjust position of the select-to-quote tooltip on Android devices.
  • Avoid template errors if an alert/like item template is missing.
  • Ensure Less templates are more resilient to missing options when rendering CSS.
  • Prevent duplicate actions when handling the multi-quote overlay.
  • Add missing error constant in the oEmbed controller.
  • Appropriately escape HTML used in custom field titles.
  • When converting HTML to BB code ensure that we maintain the original list type.
  • Handle dealing with post reports which may no longer have a valid prefix.
  • Add a htmlspecialchars templater filter.
  • Add a new "findRecentlyActiveValidUsers" method.
  • Allow XF\Http\Upload and XF\Attachment\Manipulator to be extended.
  • Add code events for pre/post add-on actions.
  • When selecting a color from the color picker, ensure a change event is fired in JS.
  • Use a different approach to configuring the RTE when there are no permissions to upload attachments.
  • Use rich user name styling on the "Users logged at IP address" page, mostly for banned styling.
  • When editing a thread title, ensure that spam checks are re-performed.
  • Add a new, optional flood check limit for new threads vs new replies.
  • Improve support for newer TLS versions in emails for PHP versions >= PHP 5.6.
  • Add support in the code editor for phrasing certain UI elements.
  • Update EmojiOne artwork used in smilies to the new version 4.0 artwork.
  • In the spam cleaner only show email addresses to admin users who have the users permission.
  • On session creation, recount the unread alert count if needed.
  • Automatically include the "Admin" relation when setting up the Visitor object.
  • Only attempt to use the random_bytes method when generating a random string if using PHP 7.0 and above.
  • Trim string when processing attributes in the templater to avoid certain empty elements.
  • Prevent a DuplicateKeyException resulting from a race condition in the draft system.
  • Canonicalize various permutations of the xf_user_authentication scheme classes to the current name of those classes.
  • Allow the batch removal of thread prefixes in Batch update threads.
  • Support SET column type in the schema manager.
  • Ensure that guest sessions are not invalidated when their IP addresses change.
  • Coerce route paths to have a trailing slash appended when there is not one, so that slash-less route filters match.
  • Ensure that media embeds are not auto-linked if the media tag is disabled.
  • Provide methods to retrieve the welcome message/mail objects from the Welcome service.
  • Improve the BreadcrumbList schema compatibility.
  • Better support for vendor prefixed add-on IDs in the Import classes.
  • When approving the first post in a thread, actually approve the thread.
  • Add support for a whitelist of routes which are allowed to bypass privacy/terms policy acceptance.
  • Fix potential infinite loop in AbstractNotifier service.
  • The state_change field of a report comment was suppressed when reassigning a report.
  • Handle invalid email headers better when processing bounce emails.
  • Use word-break / break-word when dealing with certain cells in the user change log to avoid content breaking out of the cells.
  • Remove nofollow from some internal links.
  • If using the attachment browser filters, always ensure we redirect when the filters are removed.
  • Prevent errors in case the expected data isn't available when checking user criteria.
  • Workaround an issue in iOS which may present smilies at twice the size when loaded dynamically in certain cases.
  • Add a new 'removeCascadedSave' method to entities.
  • When validating templates, ensure we provide more information in case of a compiler exception.
  • Support touch events in the avatar cropper.
  • Bailout of a connected account request if the connected account provider is no longer active.
  • In some contexts, such as the search forms, only display prefixes if the prefixes are usable in content (forums/resources) that the viewing user can actually view.
  • When migrating the XF1 config, check that the target location is writable.
  • No longer assume that the array/collection key when adding attachments to content is the relevant attachment content ID.
  • Fix an off by one (day) error in the user activity statistics.
  • Increase the size of the numberbox buttons by default.
  • Ensure errors are presented if there are some errors when clicking a XF.QuickEditClick link.
  • Revert some recent changes to how recurring payments are handled in the Stripe payment handler.
  • Hide active/expired user upgrade records where the user upgrade no longer exists.
  • Prevent a redirect loop in some cases when accepting terms/privacy policy when the request originates from those pages.
  • Various template changes with reference to the for_attr templater filter usage. Some attributes required it and didn't have it, others had it and did not need it (it only needs to be used on standard HTML tags, XF tag attributes will be escaped separately).
  • Rollback transactions when logging a fatal error to ensure this always gets logged.
  • Suppress errors caused by template modification application when importing an add-on. This prevents the add-on install/uninstall from getting stuck.
  • Don't swallow errors when taking CLI add-on actions that set is_processing. Ensure the full trace is printed and an entry is logged.
  • Ensure postUninstall is called in CLI uninstalls.
  • Change the logging of CLI exceptions to not try to log the URL, _GET, etc, but instead log the command line.
  • Display in the ACP if an add-on is stuck in the "is_processing" state and give a warning about error suppression and unexpected behavior (and to contact the add-on author for guidance).
  • IPv6 conversion produces an incorrect IP if there are trailing 0000 blocks that are shortened
  • Use transactions in the Thread editor.
  • Make the post editor handle saving the thread editor if they're in use together.
  • Fix Line/comma lists so that they use an integer sub-type instead of decoding as strings when pulling from the source database data.
  • Prevent Firefox from displaying thread previews unexpectedly when using the back button in some scenarios.
  • Improve infinite loop detection in the color picker.
  • Ensure entity caches are wiped appropriately when using setAsSaved to avoid serving outdated values.
  • Add a new debug property in JavaScript to disable AJAX submission. Simply run the following command in the browser console: XF.debug.disableAjaxSubmit = true;.
  • Avoid removing too much padding with mergeNext and noPadding form rows.
  • Workaround WebKit/Blink behaviours with regards to queueing color transitions in some scenarios.
  • In the importer EntityEmulator unicode entities were not decoded in some cases.
  • When importing a user, if a language ID hasn't been set (usually it wouldn't) set it to the defaultLanguageId.
  • When merging tags, display the tag auto complete field for the target tag field.
  • Given a threads/post link, if the post does not exist, redirect to the thread instead.
  • Fix thread redirect keys becoming corrupted with the incorrect thread ID after the redirect has been moved.
  • Do not attempt to delete redirects to a redirect thread when the redirect is soft deleted.
  • Do not create a new redirect if the thread being moved is itself a redirect.
  • Add a new "beforeAttachmentDelete" method to attachment handlers.
  • Fix a few issues with new thread insertion when using quick thread in some cases.
  • Improve memory usage for CLI rebuild commands.
  • Fix "Find all threads by X" searches not using the correct results when re-querying for older results.
  • Remove unnecessary list item closing tag in the tag_search template.
  • When creating a thread, if the thread record already has tags, join the tags array to a comma separated string.
  • Fix a potential race condition and return type ambiguity in the Doctrine RedisCache provider. Based on code contributed to Doctrine by @Steffen(thank you!)

The following public templates have had changes:
  • account_alerts
  • account_alerts_popup
  • account_avatar
  • account_likes
  • approval_item_profile_post_comment
  • app_nav.less
  • bb_code_tag_spoiler
  • code_editor
  • contact_form
  • conversations_popup
  • conversation_list_macros
  • conversation_view
  • core_bbcode.less
  • core_datalist.less
  • core_formrow.less
  • core_input.less
  • core_labels.less
  • editor
  • forum_post_quick_thread
  • forum_post_thread
  • forum_post_thread_chooser
  • forum_view
  • helper_account
  • help_index
  • help_wrapper
  • lightbox_macros
  • login
  • member_ip_users_list
  • member_macros
  • member_warnings
  • multi_quote_macros
  • node_list_category
  • notice_cookies
  • PAGE_CONTAINER
  • page_nav
  • post_macros
  • prefix_macros
  • profile_post_macros
  • register_macros
  • search_result_post
  • search_result_profile_post
  • search_result_thread
  • spam_cleaner
  • tag_search
  • thread_list_item
  • thread_list_macros
  • thread_view
  • two_step_backup
  • two_step_email
  • two_step_totp
  • Данный релиз улучшает безопасность форума
Назад
Верх Низ