Kaynak ikonu

XF2Released XenForo 1.5.2 1.5.2

indirmek için izniniz yok
xfversion 13, xfversion 14, xfversion 15
Today, we are pleased to release XenForo 1.5.2. This release fixes a number of bugs and issues that were found since the release of 1.5.1.

Importantly, this release includes a fix for a potential security issue discovered by
Lütfen içeriği görebilmek için Giriş yap veya üye ol.
Lütfen içeriği görebilmek için Giriş yap veya üye ol.
). The issue employs a tactic known as "reverse tabnabbing" in which a link that opens in a new tab contains code that can redirect the original tab to another URL, which could be used as a phishing attempt. We strongly recommend all customers follow one of the below methods to fix this security issue.

Method 1: Upgrade to the New Version

You may upgrade to XenForo 1.5.2 to fix this issue. You should upgrade as you would to any other release. See further below in this announcement for more details on this release.

Method 2: Install the Patch (for 1.5 Users)

Download the patch zip file attached to the end of this message. It contains 2 files:
  • js/xenforo/xenforo.js
  • js/xenforo/full/xenforo.js
These 2 files should be uploaded to your server, overwriting the existing files of the same names.

Note that with this method there is no outward indication that the patch has been applied. We recommend upgrading if possible.

Other Changes in 1.5.2

In addition to smaller bug fixes, 1.5.2 changes how the link proxy system works. It will no longer attempt to manipulate the URL of the target before it is clicked, instead using a background ajax request to log the click when it happens. This improves accuracy with logging, including successfully logging details that previously weren't logged, and reduces interference with systems that change URLs dynamically (such as inserting affiliate links). However, this may cause add-ons that manipulate the link proxy (such as to show intersitial pages) to no longer function. They will need to be updated to use their own technique for this.

Some of the bugs fixed in 1.5.2 include:
  • Add a "quiet zone" to the QR code shown when enabling two-step verification via an app.
  • Ensure that spam checking is run when editing a thread title.
  • Do not autolink across "[" to prevent problems when a URL is surrounded by something that looks like a BB code.
  • In PHP 5.4+, decode HTML5 entities when converting links to page titles.
  • Ensure that report threads are created even if the content would exceed the maximum message length.
  • Correctly identify a few additional patterns as bounced emails or challenge requests.
  • When sending messages (via conversations) to users, do the autolinking only at the beginning to avoid making unnecessary page title resolution requests.
  • Change the IPv6 information URL to a different, more complete service.
  • Add indication to various administrative user actions to make it clearer when an action has been taken.
See the
Lütfen içeriği görebilmek için Giriş yap veya üye ol.
forum for further information.

The following templates have had changes:
  • two_step_totp
  • xenforo.css
Where necessary, the merge system within the "Outdated Templates" page should be used to integrate these changes.

Please note that we are now formally recommending that you upgrade to PHP 5.4 or newer. Our intention with XenForo 2.0 is to require PHP 5.4 or newer. If you are running PHP 5.3 or 5.2, you will receive a warning when installing or upgrading XenForo.
İlk yayınlama
Son güncelleme
0.00 yıldız(lar) 0 rating
Üst Alt