Official News XenForo 2.0.3 Released - Includes Security Fix


Apr 3, 2018
    • Ensure that development output is always removed as appropriate when an entity is deleted.
    • In the vBulletin importer, handle blog tables not existing.
    • Do not attempt to notify users of conversation messages if they do not have an email address.
    • Add missing phrase when a log entry cannot be found.
    • When reverting a phrase in the translation system, and it has no parent, hide it to avoid template errors.
    • Improve error output for development JS.
    • Ensure a user "location" link always opens in a new window.
    • Catch a "duplicate key" race condition when watching a thread.
    • Display question in poll widget by default if no other title is entered.
    • Re-count number of unread conversations when opening the conversations pop up.
    • Deprecate the use of jQuery.proxy in favour of XF.proxy.
    • Update LightGallery to latest version.
    • Ensure the add-on cache is updated on XF upgrade to ensure it reflects the correct XF version.
    • Ensure a consistent position for the "Edit avatar" link overlay.
    • When filtering the user list, pass the specified order and direction in.
    • Adjust sub node list to inline-block to resolve some spacing issues on some browsers.
    • Improve validation of incoming PayPal IPN calls.
    • Adjust moderator logging when copying/moving posts.
    • Process additional attributes on xf:datarow tags.
    • Ensure permissions and privacy are respected on the server side when posting profile posts.
    • Only attempt to render alerts if the alert handler is available.
    • Re-implement the ability to "Show older items" when viewing a date limited thread list.
    • Update the styles last modified date on language changes to ensure certain values which affect CSS take effect.
    • In some cases, a Solve Media CAPTCHA challenge would erroneously pass if the HTML was tampered with (such as via a spam bot).
    • Re-implement quick "Ban / Discourage IP" links on the list of a user's IP addresses in the Admin CP.
    • Add a message to the notice list in the Admin CP if we detect some notices may contain invalid criteria, such as templates which do not exist, or PHP classes/methods that cannot be found.
    • Ensure advanced colour functions in property values are supported when styling Stripe's secure forms and a site's "theme color".
    • Add new bb_code_processor_action_map and bb_code_renderer_map code events.
    • Ensure conversation message links redirect to the correct page in a conversation.
    • Ensure a user is redirected to the forum list properly if they click login/register and they are already logged in.
    • Improve compatibility with other JavaScript libraries in the two_step_totp template.
    • Re-implement escapeClose option on overlay handlers.
    • When CodeMirror is initialised, ensure it is loaded with any specified mode automatically.
    • If a payment profile does not have a display title, display the payment profile title instead of the payment provider title.
    • In the vBulletin importer, convert [THREAD] and [POST] BB codes to BB codes.
      [*]In the vBulletin importer, convert [NOPARSE] BB codes to BB codes.
      [*]Abort a click handler if the click was issued with a modifier key (Ctrl/Cmd etc.) or anything but a left click. You can opt in to allowing modifier keys/clicks by adding the data-click-allow-modifier="true" attribute.
      [*]Display the connected account providers on the login/login page.
      [*]Avoid a regex error when processing some email bounces.
      [*]Suppress user change logging for user bans when importing.
      [*]Prevent code editor scrollbars from overlapping the code editor contents.
      [*]When detecting whether we can retain IDs for a forum import, ensure the correct max thread ID value is checked.
      [*]Ensure that the user title ladder cache is updated when entries are deleted.
      [*]Update to CodeMirror 5.35.0.
      [*]If an empty max height value is in Attachment options, do not attempt to resize the image to 0 height.
      [*]Ensure the "From name" is displayed correctly in all cases when a user sends an email via the contact form.
      [*]Import attachments from vBulletin with the correct upload_date.
      [*]When viewing a user's activity on the member tooltip or their profile, indicate if they are viewing an error page.
      [*]Properly cache the noticeLastReset value in the registry to avoid unnecessary re-querying.
      [*]Note that the {email} placeholder is supported in the new user welcome email.
      [*]Prevent an error when using the silent flag when inserting master phrases.
      [*]Prevent an error when attempting to delete a payment profile that has no purchasable items assigned yet.
      [*]Do not show the News feed link in the visitor menu when the news feed is disabled.
      [*]New getPaymentParams() method in the XF\Payment\AbstractProvider class so the default view/link params can be more easily extended.
      [*]Fix an issue which prevented the "Warnings" tab from activating on the member profile when the warnings count was clicked.
      [*]Fix a missing word in the mail_has_been_disabled_warning phrase.
      [*]Better support for empty string values in the <xf:numberbox> tag.
      [*]Prevent unselectable styles from being selected in some cases.
      [*]Add rel="nofollow" to prefix links.
      [*]Ensure Apple Pay buttons have the correct height.
      [*]Workaround a flex bug in messages in Internet Explorer 11 that caused unnecessary whitespace below an embedded image.
      [*]Prevent the Contact service validations from running more than once.
      [*]Update to Froala 2.7.6.
      [*]Prevent rich text editor from loading on Android 4 and below unless a modern browser such as Chrome or Firefox are being used.
      [*]Fix an error if an entity structure primary key is defined as an array with a single element, and a simple un-keyed array is passed in to Finder's whereId and whereIds methods.
      [*]Security: Disable use of js/videojs/video-js.swf.
      [*]Skip and log certain Stripe events coming in from Stripe web hooks.
      [*]Prevent an error when parsing URLs in the smilie import data helper.
      [*]Prevent prefixes from being lost when moving or copying posts into an existing thread.
      [*]Try to generically prevent invalid UTF-8 errors during import.
      [*]When enabling an add-on, check that it still meets requirements.
      [*]When displaying birthday users in the "Today's birthdays" member stat, increase the