Free Xenforo - Forum Software (Full & Upgrade) Nulled Edition By XenBD 2.3.6

Some of the changes in XF 2.3.6 include:

• Fix upgrades from XF 1 not having the correct xf_job table schema changes applied
• Fix an issue with updating multiple variation menu icons
• Fix some issues with HCaptcha
• Fix cookie third-party for X media site
• Remove bluesky_logo from template function list
• Attempt to sync PayPal REST API with current product name.
• Fix an issue with Less_Tree_Dimension

XenForo 2.3.5 includes a critical security fix for any customers making use of OAuth2 where client applications may be able to request unauthorized scopes. This will affect any customer using OAuth2 clients on any version of XenForo 2.3 prior to 2.3.5.

Some of the changes in XF 2.3.5 include:

• Fix unassociated attachment limit checks
• Clamp client-side color contrast evaluations
• Appropriately load tweets after page load.
• Update Twitter connected account references to X.
• Fix X (formerly Twitter) connected account
• Ensure xf_oauth_client and xf_oauth_request have primary keys.
• Allow a Passkey credential_id to occupy up to 1024 characters.
• Make code editor search highlighting similar to editor selection color.
• Remove unused jQuery snippet.
• Fix reactions tabs for direct message replies.
• Support multiple variation menus when updating variations
• Fix number box handling when step value is any
• Fix a server error when no custom error phrase is specified for an error response
• Improve type hinting of schema manager closures
• Properly reset write-pending status when calling Entity::saveIfChanged
• Fix server error when log search results return a record for a deleted user
• Properly represent field and prefix user group IDs as a list of unique sorted integers
• Support lazy-loading variation pictures
• Suppress PhpStorm warnings in class extension hint files
• Fix unstable sort order for class extension output
• Fix potentially undefined array key when determining an entity cover image
• Properly validate OAuth client redirect URIs
• Pass import command interactive state to import-finalize command
• Improve BBCode HTML rendering PHP 8.3 compatibility
• Do not escape HTML when rendering custom field titles in the control panel
• Allow saving cookie preferences when board is inactive
• Fix duplicate moderated icon in article preview thread titles
• Allow fetching all server globals using \XF\Http\Request::getServerInfo
• Fix incorrect phrase in user change log handler
• Fix handling of null auto-complete results
• Do not scroll to last viewed image when closing the lightbox
• Fix error 'TemplateFinder::searchTitle() accepts 1 parameters but 2 are passed'
• Fix server error getting conversations by ID via API.
• Fix incorrect route format for the OAuth2 account/applications route
• Fix issue where code challenges for public OAuth2 clients could not be verified

The following public templates have had changes:

• code_editor.less
• connected_account_associated_x
• connected_account_macros
• core_button.less
• editor_insert_gif
• helper_js_global
• login
• passkeys_macros
• post_article_macros
• share_page_macros
• style_variation_macros

Where necessary, the merge system within the "outdated templates" page should be used to integrate these changes.

Some of the changes in XF 2.3.4 include:

• Include embed.php in hashes.json
• Fix error thrown when feed entry is missing an ID
• Use AbstractCollection for type hint on addContentToBookmarks method
• Fix deprecated usage of str_replace with API scopes
• Improve PHP 8.4 compatibility
• Output hsla in the color picker when an alpha channel is present
• Ensure URLs are valid when analyzing image usage
• Coerce nestable group to a number before peforming strict comparison
• Gracefully handle guest username and style variation containing invalid UTF-8
• Attempt to work-around abysmal Firefox form field retention heuristics
• Gracefully handle when an avatar cannot be processed
• Allow changing style variation when the previously selected style is forced to the default style
• Increase date input width further to accomodate Firefox icon clipping
• Fix editor autofocus behavior when in BBCode mode
• Add a note about some permissions not being applicable to guests
• Fix triggering Facebook embeds for document
• Fix calculation of local load time from navigation timing API
• Fix behavior of preview buttons
• Consider read-only number-box inputs as disabled
• Make required and recommended function checks more robust
• Allow null unique ID when enqueuing a job later
• Make report creation notifications easier to extend
• Attempt to work around aggressive Firefox auto-complete heuristics when editing a user
• Fix broken JS handlers when loading comments via AJAX
• Fix an issue with editing newly translated phrases
• Split ExifReader library out of attachment manager bundle
• Attempt to work around aggressive Firefox auto-complete heuristics on control panel index
• Fix number input buttons when step is set to any
• Fix some icon usage analysis issues when editing and deleting editor drop-downs and BBCodes
• Only record icon usage for active BBCodes and editor dropdowns
• Omit itemid microdata attribute when there is no valid user
• Ensure all control panel functionality is covered by permissions
• Handle invalid multiquote input more gracefully
• Attempt to avoid featured content carousel pager text overlap
• Only try to remove double quotes from URL strings once
• Set default color picker color to white instead of transparent
• Fix some issues with the JS icon renderer and BBCode previews
• Handle invalid session IDs more gracefully
• Do not mark unhidden usernames as aria-hidden
• Fix direction of back arrow on RTL languages
• Improve text node handling in XF.setupHtmlInsert
• Ignore Thumbs.db in style archive validator
• Fix structured list icon end cell padding
• Fix an issue with deferred resize event listener after autofocus
• Skip any file duplicates when importing banned emails
• Mark multiple consecutive asterisks as an invalid term word on MySQL full-text searches
• Make the default table collation configurable
• Fix calculation of report closure notifiable users
• Ensure PayPal products are created with a unique ID.

The following public templates have had changes:

• PAGE_CONTAINER
• approval_queue_macros
• carousel.less
• core_input.less
• fancybox.less
• helper_attach_upload
• lightbox.less
• message_macros
• profile_post_macros
• structured_list.less

Where necessary, the merge system within the "outdated templates" page should be used to integrate these changes.

• Fix select-to-quote handler error on soft-deleted threads
• Ignore port if Redis host appears to be a file path
• Fix a few cases where hashes were concatenated instead of passed to router
• Fix flickering issue with JS icon renderer
• Fix expandable content transition class callback
• Use correct finder when looking up Stripe subscriber IDs
• Do not attempt to set RSS feed language if no language code is set
• Check if job table exists before attempting to sync structure
• Fix issues serializing nestable elements which contain unrelated lists
• Adjust some automatic alert read-marking behaviors
• Adjust offset of focus-visible tab outline
• Re-enable caching for tag edit overlay
• Fix error handling for fetching/creating PayPal products and plans
• Fix determining locale from language code for string manipulation
• Ensure points phrase is used in trending weights.
• Optimize string transliteration performance
• Override some missing phrases for token inputs.
• Reduce trending content widget queries
• Fix embedding Imgur galleries and applying JS states
• Romanize heading anchors
• Do not force romanization for category anchors
• Fix merging reactions with multiple source reactions from deleted users
• Do not cache report overlays
• Fix Tagify filtering out non-exact matches unexpectedly
• Set 1:1 aspect-ratio on connected account provider icons
• Use the editorButtonSelectedBg property for active editor button backgrounds
• Fix DM icon clipping on desktop Safari
• Fix phrase method casing in icon option handler
• Perform client-size image optimization even when no maximum image width/height is set
• Fix checking if Rocket Loader is disabled in the middle of an upgrade
• Throw an error when attempting to recursively load config file
• Fix string style property variations support for properties without assets enabled
• Prevent double logging of moderator changes for threads when editing first post
• Adjust width of inline time inputs
• Check private use TLDs when determining if a host is local
• Fix some issues with appending filter rows
• Use XF.setupHtmlInsert for filter AJAX responses
• Allow passing HTMLElement objects to alerts
• Fix support for alternative icon variants in custom BB codes
• Fix fetching default avatar when templater style is not set
• Address some phrases which reference conversations
• Handle unexpected values in cookie consent cookie

The following public templates have had changes:

• PAGE_CONTAINER
• account_banner
• app_nav.less
• conversation_message_macros
• core_block.less
• core_button.less
• core_input.less
• core_tab.less
• editor_override.less
• helper_js_global
• member_view
• passkeys_macros
• post_macros
• profile_post_macros
• tag_macros
• token_input

Where necessary, the merge system within the "outdated templates" page should be used to integrate these changes.

Some of the changes in XF 2.3.2 include:

• Make PCRE character class check more robust.
• Do not attempt to redefine UTF-8 string shim functions if they already exist
• Rename search forum node type handler as expected
• Fix utf8_isASCII return type
• Fix an issue where the batch size for search rebuilds could grow unbounded
• Strip BBCode from trending content article displays
• Fix a regression with PWA orientation/screen rotation
• Set recommended PHP version dynamically
• Fix profile post position tracking
• Use absolute URLs in approval item emails
• Fix behavior of API keys with all scopes allowed
• Fix thread context support for featured and trending widgets
• Apply inline style to document.head correctly
• Fix type error for file clean counts.
• Attempt to have Cloudflare Rocket Loader automatically ignore scripts
• Don't try to ping IndexNow if no API key is set
• Gate search engine indexing settings for threads behind their own permission
• Fix error on shared IPs list when matching user has been deleted
• Allow the variation menu to open above fixed notices
• Fix saving permissions from the edit user page
• Fix passing \DateTime objects into \XF\Language::getDateTimeParts
• Use XF custom events for overlay and transition events
• Hydrate user relations when setting up base user
• Redirect to the first active option group when viewing an option
• Fix behavior of search short-name conversion
• Handle older SMTP option values more gracefully
• Fix responsive sidebar margins
• If a user can see the thread created by a report, respect their auto watch preference
• Mark threads as nofollow if they are non-indexable
• Support WebP images when uploading images for featured content
• Address several issues with XF.ajax
• Address even more one-click upgrade issues when caching is enabled
• Fix attachment list filter bar dates being displayed in wrong timezone
• Fix using hotkeys to submit a message in the plain text editor
• Fix event handling on auto-complete autosubmission
• Fix importing webp smilies
• Fix implicit join behavior of finder order clauses
• Fix addon_get_install_data code event description
• Only process the color scheme mixin when variations are enabled
• Position BBCode quote expansion link at bottom of quote
• Fix some issues when toggling variations when an active variation is selected
• Pass handler in params when rendering thread edit extra data templates
• Include type data definitions when rendering thread edit extra data templates

Today we are very pleased (and relieved) to announce the stable release of XenForo 2.3.0. It has been a long time coming so we thank you for your patience and support.

Shortly after the release of Release Candidate 1, we identified an issue related to editing node-like permissions. A very minor bug was surfaced by the changes today. Specifically one of our view class names was using a \ instead of a :

Due to a localised shortage of version numbers (we cannot increment the version to a patch release for release candidates) we have released Release Candidate 2 to address this.

The specific files with changes are:

• src/XF/Admin/Controller/Node.php
• src/XF/Admin/Controller/Permission.php

As we get ever closer to the fabled "release candidate" stage and the eventual stable release, today we are releasing the eighth beta for XenForo 2.3! Nothing particularly noteworthy this week other than a number of bug fixes.

We strongly recommend anyone testing 2.3 during this beta period upgrade as each beta version is released.

More specific details regarding bugs fixed in this release can be found in the resolved bugs forum.

This is beta software. It is not officially supported.
We do not recommend running it in production.

Welcome to 2.3.0 Beta 7! Since our last release we have been mostly focusing again on bug fixes and stability, though we do have an interesting change to note related to multibyte strings, specifically URL romanization. If available, we now use the intl extension and perform a multi-layered process for normalizing and transliterating strings. This is now much more intelligent as it handles some special cases for certain locales (based on the default language of the forum).

We also have a new option for controlling the output of emojis in URLs. You can leave them URL encoded, remove them, or convert them to a string based on the emoji name. This also requires the intl extension. You can see an example of that in the URL below.

This week (and a bit) we have been extremely busy working towards that enticing milestone of a stable release. There's still a little while to go with a healthy number of bugs, feedback and other bits in our backlog that we'd like to work through, but each release represents a significant amount of effort and progress towards the end goal.

While we have mostly focused on bug fixes and other stability improvements, this has resulted in some notable changes which you should be aware of.

We have been deferring this handling to a third party piece of code for a number of years which has done a great job, but after a recent discussion and bug report about it we have decided to modernise this code and bring it into the XF core itself. Developers will now find most of this functionality under the new XF\Util\Str class. Worried about your code that no doubt has used various utf8_ functions in the past? Fear not because we now ship a shim file which proxies those legacy function names to their analogous functions in the new Str class. Though we highly recommend updating existing code to utilise the new Str class as soon as possible as the utf8.php shim is already deprecated and will be removed in XenForo 3.0.

Some of the new Str class has been rewritten to, wherever possible, make use of methods provided by the PHP mbstring extension. This means that, much like many other modern PHP applications and frameworks, XenForo 2.3 now has a hard requirement for the mbstring extension to be available. While not shipped by default, it's highly likely you already have it available. To check if it is, all you have to do is look at the "Server environment report" on your admin control panel index.

The new Str class is making use of modern PHP syntax including enforcing return types and argument types. This may mean that you could see an increase in the number of server error logs related to these string functions. This is intentional. Those logs will likely represent a bug in an add-on's code and therefore should be reported to the add-on developer in the first instance.

Click here to read more about these changes.

Any entity which is configured to be "indexable` via the XF:Indexable entity behavior and is configured to enqueueIndexNow now requires the implementation of the new ViewableInterface. This is to ensure that your entity has an appropriate canView method so that we can determine content is viewable by a guest before submission to IndexNow. Developers will need to implement this interface and add a canView method (if needed) to ensure content can be submitted to IndexNow.

There is no longer a manual step required to configure webhook verification when using the new PayPal payment provider. Upon creating a payment profile, we use API calls to create and configure the webhook automatically, no longer requiring that as a separate manual step and copy/pasting the webhook ID. If you happen to receive payment provider logs about webhooks not being able to be verified, it will be worth toggling off and on the checkbox for enabling webhook verification to see if that resolves the issue.

That's it for this week, we're off to swat some more bugs. Please read the rest of this post for the standard upgrade boilerplate text

We strongly recommend anyone testing 2.3 during this beta period upgrade as each beta version is released.

More specific details regarding bugs fixed in this release can be found in the resolved bugs forum.