2.x XenForo 2.1.10 Patch 2 Nulled By XenForo.Info 2.1.10 | Patch 2

[Chollongarn]

Сегодня мы выпускаем XenForo 2.1.10 Patch 2 для решения проблемы безопасности из-за потенциальной уязвимости XSS, которую мы обнаружили. Мы рекомендуем всем пользователям, работающим с XenForo 2.0 обновиться до версии до версии 2.1.10 Patch 2, как можно скорее.

Так же было исправлено ряд серьёзных ошибок, более подробно на английском под спойлером.

Список изменений на английском

• Properly support disabling memory limits when calling setMemoryLimit with -1.
• Prevent a race condition related to double clicking when reacting to content.
• Prevent a server error when trying to edit a super admin via a non-super admin. (Also, allow the bypass permissions option of the API request to bypass this constraint.)
• Do not display unsupported media sites in approved site list
• Properly set average tooltips in stats graphs
• Allow the message body '0' in report comments
• Allow searches for '0' in template and phrase titles and contents
• Don't throw an error when trying to view reactions on a conversation message by a deleted user.
• When deleting warning actions, correctly redirect to the warnings list.
• When deleting template modifications, redirect to the correct template modification type list.
• Set a maximum length for content_type field in the spam trigger log entity.
• Allow users to reconfirm their existing email addresses if emails have previously bounced to it.
• Opt not to show a title for HTML widgets if no explicit title is set.
• Avoid throwing a template error for approval queue items with no user relationship.
• Ensure the MySQL replication adapter throws the correct exception on failure and supports the charset option.
• Adjust the display of conversation filter checkboxes.
• Use the correct modifier when building attachment URLs for the editor.
• Ensure full thumbnail URLs are used when rendering the ATTACH BB code, notably for rendering in emails.
• Properly check required PHP, PHP extension, and MySQL versions during add-on installation
• Don't allow double backslashes for PHP callbacks.
• Redirect back to the option group list after deleting an option group.
• Redirect back to the option group when deleting an option.
• Ensure arrays are always returned from title pair methods
• Don't strip HTML tags on post content choosers.
• Correctly check permissions on user report page
• Correctly handle chargebacks for PayPal Funds Now accounts
• Log IP when TFA check is triggered
• Avoid table locking when checking if the error log table is populated
• Correct our auto-timezone data so that UTC+3 returns Europe/Moscow as expected.
• Slightly adjust the explain text for the boardDescription option to clarify it applies to the "Forums default page".
• Ensure we mark all forum descendants read when marking a forum read - not just its children.
• Opt for more desirable defaults when emailing users
• Fix incorrect type hint on App::service method.
• Attempt to convert incoming <code> tags to relevant BB code.
• Extend the color_picker.js infinite loop protection to allow colors to be resolved more than once up to a limit of 3 times each.
• Expand support for our share buttons to include the page image and send that along with the Pinterest share button clicks.
• Make query for finding newest/next posts in a thread more performant.
• Slightly adjust phrase about unique ad position keys to suggest the key may already be in use.
• Ensure "No permission" placeholder buttons correctly wrap text.
• Throw a clearer error if closure compiler returns an unexpected response when minifying JS.
• Load images when rebuilding recent emoji
• Use a consistent function when checking if CAPTCHA should be shown.
• Add title attributes to most of the style property edit fields to make clearer the specific CSS property being adjusted.
• Allow moderators to expire/delete warnings they issued
• Ensure alt text is correctly displayed when hovering over thumbnail attachments.
• Display field name in required custom field error message
• Ensure integer and float values are correctly casted when using searchers.
• Properly normalize page action criteria
• Implement the ability to extend all XF\CustomField\* classes - specifically Set and DefinitionSet.
• Avoid an error if a user has 25 incomplete subscription purchases with Stripe
• Make the appropriate usage of a language's currency_format value more clear.
• Check breadcrumb hrefs against the full request URI (including scheme and host) as well as the partial request URIs to determine when they should be automatically hidden.
• Prevent table overflow on the user change log with wide browser windows.
• Allow manually triggered rebuild jobs to be resumed via the command line.
• Support URLs being used in moderator log action params.
• When creating a new payment profile, only show providers from active add-ons.
• Fix LESS compilation failure when form input padding is blank
• Allow auto focus into tagging/token input elements.
• Make sure that iOS opens reactions on long press (consistent with previous versions and other mobile devices).
• Disable the CodeMirror code editor (with a fallback to a standard textarea) on Android devices due to compatibility issues.
• Make improvements to the moderator list especially when there are large numbers of moderator records.
• When importing users with invalid email addresses, correctly set their user states.

Список изменённых шаблонов

• _help_page_bb_codes
• app_body.less
• bb_code_tag_attach
• code_editor
• conversation_list
• core_datalist.less
• core_input.less
• core_menu.less
• core_overlay.less
• editor.less
• editor_base.less
• editor_dialog_media
• forum_post_quick_thread
• forum_post_thread
• forum_post_thread_chooser
• forum_view
• lightbox.less
• lost_password_confirm
• PAGE_CONTAINER
• payment_cancel_recurring_confirm
• payment_initiate.less
• quick_reply_macros
• share_page_macros
• thread_reply
• thread_view
• widget_html

Текущие системные требования

Минимальные системные требования:

• PHP 5.6 или новее (мы рекомендуем PHP 7.4)
• MySQL 5.5 и новее (так же совместимо с MariaDB/Percona и т.д. )
• Все официальные плагины требуют для своей работы XenForo 2.1
• Enhanced Search требует последнюю версию Elasticsearch 2.0.

Скачать: https://ftmbox.top/file/31-05-2020/...ro 2.1.10 Patch 2 Nulled By XenForo.Info.zip#