Xenforo Core Upgrade Package Nulled 2.3.4

XenForo 2.3.4 is now available for all licensed customers to download. We strongly recommend that all customers running previous versions of XenForo 2.3 upgrade to this release to benefit from increased stability.

Some of the changes in XF 2.3.4 include:

• Include embed.php in hashes.json
• Fix error thrown when feed entry is missing an ID
• Use AbstractCollection for type hint on addContentToBookmarks method
• Fix deprecated usage of str_replace with API scopes
• Improve PHP 8.4 compatibility
• Output hsla in the color picker when an alpha channel is present
• Ensure URLs are valid when analyzing image usage
• Coerce nestable group to a number before peforming strict comparison
• Gracefully handle guest username and style variation containing invalid UTF-8
• Attempt to work-around abysmal Firefox form field retention heuristics
• Gracefully handle when an avatar cannot be processed
• Allow changing style variation when the previously selected style is forced to the default style
• Increase date input width further to accomodate Firefox icon clipping
• Fix editor autofocus behavior when in BBCode mode
• Add a note about some permissions not being applicable to guests
• Fix triggering Facebook embeds for document
• Fix calculation of local load time from navigation timing API
• Fix behavior of preview buttons
• Consider read-only number-box inputs as disabled
• Make required and recommended function checks more robust
• Allow null unique ID when enqueuing a job later
• Make report creation notifications easier to extend
• Attempt to work around aggressive Firefox auto-complete heuristics when editing a user
• Fix broken JS handlers when loading comments via AJAX
• Fix an issue with editing newly translated phrases
• Split ExifReader library out of attachment manager bundle
• Attempt to work around aggressive Firefox auto-complete heuristics on control panel index
• Fix number input buttons when step is set to any
• Fix some icon usage analysis issues when editing and deleting editor drop-downs and BBCodes
• Only record icon usage for active BBCodes and editor dropdowns
• Omit itemid microdata attribute when there is no valid user
• Ensure all control panel functionality is covered by permissions
• Handle invalid multiquote input more gracefully
• Attempt to avoid featured content carousel pager text overlap
• Only try to remove double quotes from URL strings once
• Set default color picker color to white instead of transparent
• Fix some issues with the JS icon renderer and BBCode previews
• Handle invalid session IDs more gracefully
• Do not mark unhidden usernames as aria-hidden
• Fix direction of back arrow on RTL languages
• Improve text node handling in XF.setupHtmlInsert
• Ignore Thumbs.db in style archive validator
• Fix structured list icon end cell padding
• Fix an issue with deferred resize event listener after autofocus
• Skip any file duplicates when importing banned emails
• Mark multiple consecutive asterisks as an invalid term word on MySQL full-text searches
• Make the default table collation configurable
• Fix calculation of report closure notifiable users
• Ensure PayPal products are created with a unique ID.

The following public templates have had changes:

• PAGE_CONTAINER
• approval_queue_macros
• carousel.less
• core_input.less
• fancybox.less
• helper_attach_upload
• lightbox.less
• message_macros
• profile_post_macros
• structured_list.less

Where necessary, the merge system within the "outdated templates" page should be used to integrate these changes.

If you are a XenForo Cloud customer, your upgrade will be scheduled automatically.

Some of the changes in XF 2.3.3 include:

• Fix select-to-quote handler error on soft-deleted threads
• Ignore port if Redis host appears to be a file path
• Fix a few cases where hashes were concatenated instead of passed to router
• Fix flickering issue with JS icon renderer
• Fix expandable content transition class callback
• Use correct finder when looking up Stripe subscriber IDs
• Do not attempt to set RSS feed language if no language code is set
• Check if job table exists before attempting to sync structure
• Fix issues serializing nestable elements which contain unrelated lists
• Adjust some automatic alert read-marking behaviors
• Adjust offset of focus-visible tab outline
• Re-enable caching for tag edit overlay
• Fix error handling for fetching/creating PayPal products and plans
• Fix determining locale from language code for string manipulation
• Ensure points phrase is used in trending weights.
• Optimize string transliteration performance
• Override some missing phrases for token inputs.
• Reduce trending content widget queries
• Fix embedding Imgur galleries and applying JS states
• Romanize heading anchors
• Do not force romanization for category anchors
• Fix merging reactions with multiple source reactions from deleted users
• Do not cache report overlays
• Fix Tagify filtering out non-exact matches unexpectedly
• Set 1:1 aspect-ratio on connected account provider icons
• Use the editorButtonSelectedBg property for active editor button backgrounds
• Fix DM icon clipping on desktop Safari
• Fix phrase method casing in icon option handler
• Perform client-size image optimization even when no maximum image width/height is set
• Fix checking if Rocket Loader is disabled in the middle of an upgrade
• Throw an error when attempting to recursively load config file
• Fix string style property variations support for properties without assets enabled
• Prevent double logging of moderator changes for threads when editing first post
• Adjust width of inline time inputs
• Check private use TLDs when determining if a host is local
• Fix some issues with appending filter rows
• Use XF.setupHtmlInsert for filter AJAX responses
• Allow passing HTMLElement objects to alerts
• Fix support for alternative icon variants in custom BB codes
• Fix fetching default avatar when templater style is not set
• Address some phrases which reference conversations
• Handle unexpected values in cookie consent cookie

The following public templates have had changes:

• PAGE_CONTAINER
• account_banner
• app_nav.less
• conversation_message_macros
• core_block.less
• core_button.less
• core_input.less
• core_tab.less
• editor_override.less
• helper_js_global
• member_view
• passkeys_macros
• post_macros
• profile_post_macros
• tag_macros
• token_input

update to xf 2.3.2

no change log for this version

To address a backwards compatibility issue with some add-ons, we are today releasing XenForo 2.3.0 Release Candidate 4. If you are running Release Candidate 3 already we encourage you to upgrade as soon as possible. If you were previously affected by issues with certain add-ons or experience other issues, please let us know via a bug report in the first instance.

This release also fixes the issue with admin search returning an error.

This week in addition to a bunch of bug fixes, we've also been doing a spot of housekeeping in our code. The following is quite technically heavy so if you're a non-developer, shield your eyes and read the less boring bits.

Much wider usage for class strings
As a reminder, XenForo 2.3 brings with it support for using native PHP class strings. For example, originally we used "class short names" to point to certain classes. While these were easy to write, it makes refactoring classes difficult, and you need these PHP doc comments to hint to code editors what object is ultimately returned in the code:

PHP:

/** @var \XF\Entity\User $user **/
$user = \XF::em()->create('XF:User');

Our preference going forwards is using class strings:

PHP:

$user = \XF::em()->create(\XF\Entity\User::class);

Because PHP natively understands these special strings, the issues with type hinting are no more, and doing things like renames of classes or moving classes becomes a much more trivial exercise.

Throughout the core XF code now, starting with RC3, we have replaced the majority of these legacy class short names with native class strings.

Firstly, to clarify some concerns that have arisen:

1. If you did a normal upgrade (either uploading files or via your admin control panel) you do not need to manually edit any files to receive the security fixes.
2. If you upgraded to the initial 2.2.16 release, you are fully protected against the security issues that were being addressed.

Secondly, a second patch is being released to address some minor bug fixes that may not have been correctly applied when upgrading to XenForo 2.2.16. This is only applicable if you performed a normal upgrade to 2.2.16, and this patch is not security related or affected by the security fixes.

You can download that now from your customer area or perform a one-click upgrade through your admin control panel. You can go to Tools > Check for upgrades in order to see the second patch release.

If you are running XenForo Cloud, the fixes have been applied automatically.

Shortly after the release of Release Candidate 1, we identified an issue related to editing node-like permissions. A very minor bug was surfaced by the changes today. Specifically one of our view class names was using a \ instead of a :

Due to a localised shortage of version numbers (we cannot increment the version to a patch release for release candidates) we have released Release Candidate 2 to address this.

The specific files with changes are:

• src/XF/Admin/Controller/Node.php
• src/XF/Admin/Controller/Permission.php

As we get ever closer to the fabled "release candidate" stage and the eventual stable release, today we are releasing the eighth beta for XenForo 2.3! Nothing particularly noteworthy this week other than a number of bug fixes.

We strongly recommend anyone testing 2.3 during this beta period upgrade as each beta version is released.

Welcome to 2.3.0 Beta 7! Since our last release we have been mostly focusing again on bug fixes and stability, though we do have an interesting change to note related to multibyte strings, specifically URL romanization. If available, we now use the intl extension and perform a multi-layered process for normalizing and transliterating strings. This is now much more intelligent as it handles some special cases for certain locales (based on the default language of the forum).

We also have a new option for controlling the output of emojis in URLs. You can leave them URL encoded, remove them, or convert them to a string based on the emoji name. This also requires the intl extension.