• Downloading from our site will require you to have a paid membership. Upgrade to a Premium Membership from 10$ a month today!

    Dont forget read our Rules! Also anyone caught Sharing this content will be banned. By using this site you are agreeing to our rules so read them. Saying I did not know is simply not an excuse! You have been warned.

Xenforo 2.1.9 full nulled by tuoitreit.vn

Xenforo 2.1.9 full nulled by tuoitreit.vn 2.1.9

No permission to download
Today, we are releasing XenForo 2.1.9 and XenForo 2.0.13 to address a potential security vulnerability that may affect any customer who makes use of our PayPal payment handler.

As well as user upgrades, this may affect add-ons you have installed which process payments using our PayPal payment handler.

We recommend that all affected customers running XenForo 2.1 or XenForo 2.0 upgrade to 2.1.9 or 2.0.13 or use one of the attached patch files as soon as possible.

Specifically, the issue relates to a specially crafted callback (or IPN) which is then processed successfully using PayPal's sandbox validation endpoint instead of their live system. If successful, a purchase could be completed without your PayPal account actually receiving any funds.
XenForo 2.1.8 is now available for all licensed customers to download. We recommend that all customers running previous versions of XenForo 2.1 upgrade to this release to benefit from increased stability.

Some of the changes in XF 2.1.8 include:
  • Attempt to merge reactions when merging posts
  • Only hydrate autoIncrement relation fields if there is no value in the parent entity. If the field has a value in the parent, an exception is now thrown.
  • Use \ZipArchive:
    :=o
    VERWRITE flag when creating add-on zip to maintain compatibility with newer libzip versions
  • Ensure more consistent sorting is used for class extensions, code event listeners and template modifications.
  • Fix method checking when looking for API methods with versions appended.
  • Use optimal batch sizing when rebuilding templates and phrases.
  • Don't allow moderators to delete / edit warnings they have given if they have no permission to.
  • Update GitHub OAuth implementation to use header authorisation.
  • Handle rebuilding the active warning points in the User rebuild job.
  • Supress warnings when closing file pointer after copying file
  • Ensure a boolean value is returned when checking viewing permissions for conversations.
  • When importing deletion log entries, ensure the username and reason do not exceed the allowed max lengths.
  • Update register navigation item to ensure registration is enabled
  • Add widget data attributes to expanded new thread widget
  • Only fetch member stat results once on the overview page
  • Allow connected account providers to provide additional auth params
  • Only enqueue a reaction score rebuild when a reaction's score has changed, and simply rebuild scores for all reactions
  • Correctly identify Android version in the attachment manager
  • Upgrade jQuery to 3.4.1.
  • Validate parent IDs correctly when inserting tree structured data.
  • Prevent spam cleaner error when deleting a thread started by a spammer which has a redirect thread pointing to it.
  • Add a content template for user reports to improve extensibility.
  • Prioritize quick reply editor when multi-quoted quotes are inserted.
  • Add a minimum width to user change log cells
  • Add account email check to various places before sending mail
  • Offset the select-to-quote tooltip whenever touchevents are supported.
  • When rendering an unfurl do not double escape the proxied version of the URL.
  • Force max length constraint when handling a user ban reason.
  • Re-implement shortening of display text for very long URLs.
  • Log moderator attachment deletions to the moderator log.
  • Display error when trying to add template modification when not in development mode.
  • Workaround an issue with multiple color pickers which could prevent some color pickers from behaving as expected.
  • When previewing, ensure that sticky form submit rows stay stuck to the right place.
  • When importing paid subscriptions from vBulletin ensure user group changes are correctly logged.
  • Add a separate 'following' phrase for members others follow
  • Check preg_last_error() when processing template modifications
  • Improve news feed handler attachment handling
  • Prevent an error related to cache clearing of entity relations with an empty condition.
  • Reverse some changes related to template editing syntax highlighting which may actually break syntax highlighting entirely in some cases.
  • Echo a list of allowed extensions back in the error message given when a file that does not have an allowed extension is uploaded.
  • Include file and line number in exception XML response
  • Throw an error exception when a ban fails to apply
  • Handle failed bans in the warning point change service
  • Ensure that emoji conversions are done as expected for all characters.
  • Prevent a URL parsing error when following an HTTP request redirect to a path that starts with a "/" and contains a ":".
  • Improve styling of responsive data lists, particularly with checkboxes that have headings
  • Allow attachment data manipulation before copying files
  • Implement search source method to determine if a query is empty
  • Do URL canonicalization on the contact page and ensure that we link to misc/contact consistently (no trailing slash).

The following public templates have had changes:
  • core.less
  • core_button.less
  • core_collapse.less
  • core_datalist.less
  • core_fa.less
  • core_input.less
  • core_list.less
  • core_utilities.less
  • font_awesome_setup
  • member_about
  • post_edit
  • report_content_user
  • setup.less
  • setup_fa.less
  • thread_edit
  • thread_move
  • widget_new_threads
Where necessary, the merge system within the "outdated templates" page should be used to integrate these changes.

As always, new releases of XenForo are free to download for all customers with active licenses, who may now grab the new version from the customer area.

Note: add-ons, customizations and styles made for XenForo 1.x are not compatible with XenForo 2.x. If your site relies upon these for essential functionality, ensure that a XenForo 2 version exists before you start to upgrade. We strongly recommend you make a backup before attempting an upgrade.

Current Requirements

Please note that XenForo 2.1.x has higher system requirements than XenForo 1.x.

The following are minimum requirements:
  • PHP 5.6 or newer (PHP 7.3 recommended)
  • MySQL 5.5 and newer (Also compatible with MariaDB/Percona etc.)
  • All of the official add-ons require XenForo 2.1.
  • Enhanced Search requires at least Elasticsearch 2.0.
Note that when upgrading from XenForo 1.x, all add-ons will be disabled and style customizations will not be maintained. New versions of add-ons will need to be installed and customizations will need to be redone. We strongly recommended that you make a backup before attempting an upgrade. Once upgraded, you will not be able to downgrade without restoring from a backup.
  • Like
Reactions: Waplangson
Top