There is no validation code in IPB to check the content of image files.
The only way to protect these exploits is using ACP -> Security Center -> IP.Board PHP/CGI .htaccess Protection but this is useless for Windows server. Blocking scripts in uploads file is a solution, but IPB should block before that.
A simple search for <php or base64 inside any image file being uploaded is enough.
As IP.Gallery can´t handle multiples resolutions for a single image (needed for a wallpaper area), I created a custom solution with many benefits. Obviously you have to use Photoshop to create a few different resolutions from a single image and then apply a script to convert to all other resolutions, but the result is amazing.
1. Each image has 28 different resolutions, but there is no limit
2. Images are divided in areas of use: Facebook cover, Smartphones, Tablets, Netbook, PC/Notebook 4:3 and PC/Notebook 16:9/16:10
3. Each image has their own thumbnail applied in a picture as example how it will appear
4. Current monitor resolution is selected to help the use decide the correct image resolution
5. A script convert all current images to a new resolution, so it´s very easy to have all images with a new resolution (for a new device)
6. Another script applies a watermark to selected resolutions (greater than 1024x768)
IPB should have an option to unsubscribe topics and forum from a member who didn't login after X days. Why send emails forever to someone who doesn't participate anymore (and probably is using other e-mail address)?
Gallery 4 should allow us to upload different resolutions of the same picture and automatically create a drop-down menu with the resolutions. This is very useful to have a desktop wallpaper gallery.
Also the resolution of the user monitor should be the default resolution selected in the drop-down menu. Example: http://interfacelift.com/wallpaper_beta/downloads/date/any/
There is just a few applications can be used to create and handle a desktop wallpaper gallery, and Gallery 4 can easily beat them. And maybe it can bring new customers just because of this feature, as no discussion group provides a decent plug-in/App to handle desktop wallpaper gallery.
Lindy, I just expect a real IPS commitment regarding our case. If my issue requires a higher level of attention, that´s exactly what you should provide in the day we´re finally installing 3.12 in our production server. Jason Lombardozzi has provided an excelent support for our ticket, but the day we needed most his skills, unfortunately we couldn´t reach him during working hour.
Now it´s Monday afternoon and the status is absolutely the same from 3 days ago. Don´t blame me not being happy with IPS support.
I understand IPB is a LAMP company and we use Windows and MSSQL, but we should not be penalized because of this. Our discussion board is listed in global Microsoft Case Study website because of the excelent performance we´ve achieved (22,000 concurrent users in one server) using Windows Server 2008/IIS7 with PHP (http://www.microsoft.com/casestudies/Case_Study_Detail.aspx?CaseStudyID=4000003003) and after almost 10 years online, our board is the only discussion board listed in Brazilian Microsoft website for helping users: http://windows.microsoft.com/pt-BR/windows/help/community. We work hard to provide an excelent service for our users.
If you have limited support in IPS to handle Windows/MSSQL scenario, just hire a consultant and he will do the job for you - after all, the MSSQL script must be created once, and the problem would be over in a week. 74 days to correct a MSSQL script and crush a few bug is simply unacceptable. I think the goal of IPS in our "unique case" should be helping us to migrate from 2.x to 3.x asap and close the ticket. The priority in our case should be higher just because probably we have the oldest ticket open.
Don´t get me wrong: IPB is an awesome product and we always tell anyone who ask us. It has some problems (as any product), but it works fine and has some impressive features. And in my opinion IPS was great before the ticket we opened on July 5th. We´re now looking forward to have all bugs solved and close the ticket.
Magician? Only for kids!! They don't LEAVE SOMETHING UNFINISHED?? You must be kidding!!!
We´re trying to update our 2.35 board to 3.12 since July 5th (72 DAYS AGO), but due to the probably worst piece of code wrote by IPB (MSSQL upgrade script from 2.x to 3.x), we are unable to do that. Our board is huge (3 million messages and 500,000 registered users) and we have Business License, but even so the Support team was AWFUL.
During the first *41 DAYS*, Giuseppe, Logan, Mark, Matt and Brandon tried to help us without succcess. Then Jason Lombardozzi was assigned to assist us in our huge ticket, and he took almost ONE MONTH to finally solve the problems.
TODAY (Friday Sept 17th) we finally moved from 2.35 to 3.12, but we had a problem with all modules (Downloads, Gallery, Blog..). I posted the problem at 4:22pm and until now we had NO ANSWER from IPS - and obviously will not have any response until next Monday. Now we will have to figure out the problem because we need to publish our board asap.
1. Why IPS client doesn´t have a REAL CUSTOMER COMMITMENT when they need most??
2. After *72 DAYS* waiting for this day, why IPS doesn´t get us a decent attention??
3. Isn´t Tech Support Hours listed as "Monday - Friday: 9am - 6pm EST" on http://www.invisionpower.com/company/contact.php??
I don´t care about magicians in IPS, because magicians are for kids. I want something for grown ups: where is the Support Team on friday afternoon??
Gallery 4 should allow us to upload different resolutions of the same picture and automatically create a drop-down menu with the resolutions. This is very useful to have a desktop wallpaper gallery. Also the resolution of the user monitor should be the default resolution selected in the drop-down menu.