Welcome to My iptv forum

  • Everyone is invited! My iptv forum is for everyone, new and advanced user alike!
  • Searching is key! Before you post a question, use the forum search feature to determine whether your topic has already been covered.
  • Do not start flame wars! If someone has engaged in behavior that is detrimental to the discussion -- spamming, harassment, etc -- report the post and we'll take a look.
  • Resource icon

    xF2 Add-on in Credit XenForo 2.2.16 Released (Security Fixes) 2.2.16 Patch 1 2.2.16 Patch 1

    xF2 Add-on

    Security Fix​

    Today we are advising all customers running XenForo that a potential security vulnerability has been identified. All affected customers should either upgrade to XenForo 2.1.15 or XenForo 2.2.16.

    If you are a XenForo Cloud customer, a fix has been rolled out automatically, and no further action is required to address this issue.

    If you are running a pre-release version of XenForo 2.3, you should follow the instructions in the announcement thread for the
    Please, Log in or Register to view URLs content!
    .

    The issue relates to a potential cross-site request forgery and code injection vulnerability which could lead to a remote code execution (RCE) or cross-site scripting (XSS) exploit.

    XenForo extends thanks to independent security researcher, Egidio Romano (EgiX), working with
    Please, Log in or Register to view URLs content!
    .

    We recommend doing a full upgrade to resolve the issue, but a patch can be applied manually to any version. See below for further details.

    Applying a patch manually​

    To patch this issue manually you will need to edit one file manually and upload some changed files.

    Step 1: Edit src/XF.php​

    Find the following line in this file:

    PHP:
    Please, Log in or Register to view codes content!

    Replace that line with the following:

    PHP:
    Please, Log in or Register to view codes content!

    Note: This file is not included in the patch download attached to this post as it contains install-specific data. You must apply this change manually to any XenForo installation running XenForo 2.1 or 2.2 to effectively fix the issue. This only applies if you are unable to do a normal upgrade.

    Step 2: Upload XF files​

    • Download either 2115-patch.zip (for XenForo 2.1) or 2216-patch.zip (for XenForo 2.2).
    • Extract the .zip file
    • Upload the contents of the upload directory to the root of your XenForo installation

    Step 3: Upload XFMG files (for XenForo Media Gallery customers only)​

    • Download either xfmg219-patch.zip (for XenForo Media Gallery 2.1) or xfmg226-patch.zip (for XenForo Media Gallery 2.2).
    • Extract the .zip file
    • Upload the contents of the upload directory to the root of your XenForo installation


    Note: If you decide to patch the files instead of doing full upgrades, your "File health check" will report these files as having "Unexpected contents". Because these files no longer contain the same contents your version of XF was shipped with, this is expected and can be safely ignored.

    As always, new releases of XenForo are free to download for all customers with active licenses, who may now grab the new version from the
    Please, Log in or Register to view URLs content!
    or upgrade from your Admin control panel (Tools > Check for upgrades...).

    XenForo 2.2.16 Released​

    XenForo 2.2.16 is now available for all licensed customers to download. We strongly recommend that all customers running previous versions of XenForo 2.2 upgrade to this release to benefit from increased stability.

    Please, Log in or Register to view URLs content!

    Please, Log in or Register to view URLs content!


    If you are a XenForo Cloud customer, your upgrade will be scheduled automatically.

    Some of the changes in XF 2.2.16 include:

    As always, new releases of XenForo are free to download for all customers with active licenses. You may now
    Please, Log in or Register to view URLs content!
    or grab the new version from the
    Please, Log in or Register to view URLs content!
    .

    Current requirements​

    Please note that XenForo 2.2 has higher system requirements than earlier versions.

    The following are minimum requirements:
    • PHP 7.2 or newer (PHP 8.2 recommended)
    • MySQL 5.5 and newer (Also compatible with MariaDB/Percona etc.)
    • All of the official add-ons require XenForo 2.2.
    • Enhanced Search requires at least Elasticsearch 2.0.
    Hot on the heels of yesterday's XF 2.2.14 release and subsequent patches, we are today making XenForo 2.2.15 available for all licensed customers to download. We strongly recommend that all customers running previous versions of XenForo 2.2 upgrade to this release to benefit from increased stability, particularly if you already upgraded to XenForo 2.2.14.

    As of this point, XenForo 2.2.14 and its patches are no longer available for download. We are still planning a final XF 2.2 release at some point around the release of XenForo 2.3!

    Some of the changes in XF 2.2.15 include:
    • Avoid setting duplicate List-Unsubscribe headers.
    • Include first post QA schema items unconditionally.
    • Make outdated PHP version notice in admin control panel clearer.
    • Retain the original unsubscribeEmailAddress option for backwards compatibility.
    • New unsubscribeEmailHandling option to replace the new unsubscribeEmail option and conclusively fix issues arising from yesterday's XF 2.2.14 release.
    • Fix URL unfurls no longer unfurling.

    Current requirements​

    Please note that XenForo 2.2 has higher system requirements than earlier versions.

    The following are minimum requirements:
    • PHP 7.0 or newer (PHP 8.2 recommended)
    • MySQL 5.5 and newer (Also compatible with MariaDB/Percona etc.)
    • All of the official add-ons require XenForo 2.2.
    • Enhanced Search requires at least Elasticsearch 2.0.
    Sincere apologies. A further issue has been identified in which initial upgrades to 2.2.14 may have set the default 'http' option for the unsubscribe option incorrectly.

    The latest patch will workaround this issue if you are affected.

    Alternatively, going to Options > Email options in your admin control panel and setting the "Unsubscribe email handling" option as desired will fix the issue without needing to upgrade.

    This is being rolled out to existing Cloud customers automatically if affected.

    XenForo 2.2.13 Released​

    XenForo 2.2.13 is now available for all licensed customers to download. We strongly recommend that all customers running previous versions of XenForo 2.2 upgrade to this release to benefit from increased stability.

    In addition to the fixes listed below, we have a few other aces up our sleeves this time around.

    Full iOS PWA compatibility with push notification support​

    iOS 16.4 finally introduced push notifications for iOS devices. To facilitate this, your members need to install your site as a PWA (by utilising the Add to Home Screen feature in Safari). XenForo 2.2.13 now satisfies all of the prerequisites for this to support push notifications which can be enabled by your members once they log in through the PWA and enable push notifications in their Preferences.

    The PWA (progressive web app) has now been enhanced with additional gesture based or UI controls, including pull down to refresh and a floating back button.

    Structured data metadata improvements​

    With many thanks to
    Please, Log in or Register to view URLs content!
    we have made a number of improvements to structured data metadata. Structured data enriches the pages we output with additional information which enables Google and other search engines to better understand the structure of the information that is rendered. This helps Google provide rich search results and helps provide additional context to users who may find your content during their Google searches.

    Support for OAuth authentication for Microsoft 365 business email accounts​

    Microsoft has deprecated the ability to send emails over SMTP using traditional username/password authentication. This is similar to what Google did a while ago. In light of this we have now added an additional option when setting up either your email transport or automated mail handlers (automated unsubscribe/bounce handling) which will enable you to authenticate with OAuth.

    Note: The set up for this is fairly complex, requiring you to set up an Azure Active Directory application within the Azure developer portal. There is a link to the documentation when setting this up.

    Please, Log in or Register to view URLs content!

    Please, Log in or Register to view URLs content!


    If you are a XenForo Cloud customer, your upgrade will be scheduled automatically.

    Some of the changes in XF 2.2.13 include:

    The following public templates have had changes:
    • PAGE_CONTAINER
    • account_confirm_resend
    • account_connected_associate
    • account_details
    • account_email
    • account_request_password
    • account_two_step_authy_config
    • account_visitor_menu
    • app_body.less
    • app_content_vote.less
    • approval_item_user
    • approval_queue_macros
    • connected_account_macros
    • contact_form
    • content_vote_macros
    • core.less
    • core_button.less
    • core_list.less
    • custom_fields_macros
    • editor_base.less
    • email_stop_confirm
    • google_analytics
    • helper_js_global
    • lost_password_confirm
    • member_about
    • member_recent_content
    • member_view
    • member_warn
    • message_macros
    • notice_confirm_email
    • notice_email_bounce
    • poll_macros
    • post_macros
    • post_question_macros
    • register_confirm
    • register_connected_account
    • security_lock_resend
    • security_lock_reset
    • spam_cleaner
    • tag_macros
    • tel_box.less
    • two_step_email
    • widget_find_member
    Where necessary, the merge system within the "outdated templates" page should be used to integrate these changes.

    As always, new releases of XenForo are free to download for all customers with active licenses. You may now
    Please, Log in or Register to view URLs content!
    or grab the new version from the
    Please, Log in or Register to view URLs content!
    .

    Current requirements​

    Please note that XenForo 2.2 has higher system requirements than earlier versions.

    The following are minimum requirements:
    • PHP 7.0 or newer (PHP 8.0 recommended)
    • MySQL 5.5 and newer (Also compatible with MariaDB/Percona etc.)
    • All of the official add-ons require XenForo 2.2.
    • Enhanced Search requires at least Elasticsearch 2.0.

    Installation and upgrade instructions​

    Full details of how to
    Please, Log in or Register to view URLs content!
    XenForo can be found in the
    Please, Log in or Register to view URLs content!
    . We strongly recommend
    Please, Log in or Register to view URLs content!
    .
    • The issue relates to HTML attribute injection which can be triggered when rendering editor content, such as when a post is edited or quoted.
    Shortly after we released XenForo 2.2.10 we became aware of a number of minor issues that may have affected a number of customers.

    Therefore, today, we have released XenForo 2.2.10 Patch 1 to rectify these issues.

    XenForo 2.2.9 Released​

    Some of the changes in XF 2.2.9 include:
    • Fix fatal error when viewing debug page on PHP 8.1
    • Revert previous change so that actioning conversation message report still relies on the 'warn' permission.
    • Reset file hash when pruning proxied images
    • Correctly remove duplicated relations when fetching the user entity within the Member controller
    • Ensure there's a breadcrumb to return to the help pages list when modifying a help page
    • When a suggested answer only contains an attachment, make sure the suggested schema text isn't blank
    • Update various phrases to point to the new location of Google's Developer Console
    • Fix an error that could occur when navigating search results after performing an exact match search for users but not providing a value for the username or email
    • When registering with a connected provider, correctly redirect to the specified return URL
    • When writing before registering but then logging in with an existing account, redirect to the newly created content
    • When sending a push notification about a post being merged, avoid rendering the prefix as HTML
    • Correctly mark the use_tfa field as a boolean value in the API documentation
    • Patch Froala to workaround an issue which prevents "recently used" smilies from being stored as expected.
    • Include $template in $params sent to email container templates
    • Workaround a potential issue when upgrading from older versions due to new code in newer versions.
    • Improve accessibility of inline spoilers.
    • Fix Vimeo time-based links and support unlisted videos via the key portion of the URL.
    • Append content link and title to report closure alerts.
    • Workaround an undefined array key error that may happen during upgrade
    • Do not display view count for directly viewed attachments (video and audio).
    • When opening a page in an overlay that contains share buttons, override the page URL to the URL of the overlay loaded.
    • Update Asia/Novosibirsk timezone to UTC+7
    • Adjust job-related type hints to int|float.
    • Log payment callbacks that come from an unknown source
    • Document where scrolling notices are located
    • Implement __isset() in the Finder class
    • Make it easier to load additional relations with the search forum user cache
    • Improve cross-table data consistency when threads are created
    • Allow feed reader entries without a title to fallback to the description, and vice-versa
    • Pass referrer through poll creation form
    • Default to the first option value for read-only select inputs
    • Improve PHP 8.1 compatibility when logging payment callbacks
    • Fix null query parameter handling on the debug page
    • Correct the IRR currency precision
    • Include a content setter for report entities
    • Fix attributes on the registration defaults option not referring to unique inputs
    • Don't re-save avatars if the crop positioning hasn't changed
    • Redirect to page 1 if a non-number value is passed to the "Go to page" form
    • List the events a Stripe webhook endpoint should listen for
    • Improve PHP 8.1 compatibility within the Register controller
    • Work around an upstream issue in WinCache
    • Always throw an exception when a file fils to copy to an abstracted file path
    • Attempt to determine first proxyable favicon when fetching page metadata
    • Canonicalize proxied thread cover image URLs
    • Prevent search engines from attempting to index thread preview URLs
    • Throw an exception when add-on requirement errors or warnings are not arrays
    • Update watch notifier getDefaultWatchNotifyData method visibility to match parent class
    • Fix route normalization in policy acceptance bypass check
    • Improve PHP 8.1 compatibility in template trim tag/function
    • Add response documentation to the POST posts/ API route
    • Adjust maximum width of board title in control panel header
    • Normalize root breadcrumb URL before checking if it matches the current page
    • Make unfurl usage analysis more robust
    • Improve PHP 8.1 compatibility within template filters
    • When logging a failed email exception, include the from email in the exception message
    • Add embed support for public Spotify playlists
    • Make the default cookie same-site behavior configurable
    • Always allow top-level categories which are not displayed in the node list to be accessed at their dedicated URL
    • Fix article preview text fade not applying to articles without a cover image
    • Strip AJAX query params from password confirmation redirects
    • Avoid decreasing user message count twice when moving a thread in/out of a forum that does not count messages
    • Improve PHP 8.1 compatibility within the API docs generator
    • Fix potential stale recompilation of grouped phrases
    • Include some missing entries in the hashes file
    • Ensure zlib output compression is disabled to prevent interference with XF output compression
    • Hide the article forum snippet length option when using the preview display style
    • Correct the description for the user_content_change_init code event description
    • Reword the "this_accounts_email_is_already_associated_with_another_member" phrase
    • Add option to disable appending a CAPTCHA provider's privacy policy to the site's privacy policy
    • Only send certain moderator action alerts when the content is or was visible to the author
    • Improve PHP 8.1 compatibility within the unsharp image mask algorithm
    • Improve PHP 8.1 compatibility within the route filter entity
    • Remove stray XF.Element.register() in password_box.js
    • Improve PHP 8.1 compatibility when resizing and cropping an image
    • When converting tables to utf8mb4, only show the prompt to add fullUnicode to config.php if the value isn't set already
    The following public templates have had changes:
    • PAGE_CONTAINER
    • alert_user_report_rejected
    • alert_user_report_resolved
    • attachment_macros
    • browser_warning_macros
    • core_block.less
    • core_datalist.less
    • core_menu.less
    • core_tab.less
    • editor_base.less
    • login_password_confirm
    • member.less
    • message.less
    • page_nav
    • poll_create
    • post_article_macros
    • progress_bar.less
    • progress_bar_macros
    • push_user_post_merge
    • push_user_report_rejected
    • push_user_report_resolved
    • thread_preview
    • widget_html
    Where necessary, the merge system within the "outdated templates" page should be used to integrate these changes.

    Current requirements​

    Please note that XenForo 2.2 has higher system requirements than earlier versions.

    The following are minimum requirements:

    • PHP 7.0 or newer (PHP 8.0 recommended)
    • MySQL 5.5 and newer (Also compatible with MariaDB/Percona etc.)
    • All of the official add-ons require XenForo 2.2.
    • Enhanced Search requires at least Elasticsearch 2.0.
    Shortly after releasing 2.2.8, we became aware of an issue that may affect the expected operation of the image proxy system which may cause cached images to no longer refresh as expected.
    18,955Threads
    66,960Messages
    64,462Members
    Goku2885Latest member
    Top