I don't have a problem with the current system. I've never had feedback that my users are unable to find how to attach. Just suggesting an easy way someone could mod their board to help users who are unable to work out how to attach from quick reply without adding any overhead :)
The how to install post was fine, but I agree with the OP. Some more context about what the patch did and a pointer to how to check if you'd already been hacked would have been preferable. The attacks reported on this forum and the rest of the internet in relation to this patch all appear to have similar symptoms.
My server is very nicely locked locked down and I was feeling pretty smug as I applied the patch on the 27th. Then I spent hours trying to work out if I'd already been hacked...just to be sure. I had - on the 25th. But I found out that it usually manifested itself in the cache and how to check and fix this from an non-Invision forum. There is still no official "check" or recommendation aside from "install patch". It's easy enough to update the patch post to say. "From tickets we've investigated, the most common result of recent hacks are X, here are some tips for cleaning it up. If you need additional help please file a ticket for support").
Average users shouldn't be running forums. If a user is in the ACP, seeing a warning message, browsing a forum, reading about a patch and using FTP/SFTP to upload a php file I'm pretty sure they could cope with some context and a cautionary click on the "rebuild skins" button if that was a common fix post-patch :D Again, without non-IPB member support I still wouldn't know what I was looking for and that this would be required on my site...
My forum is programming language based and makes extensive use of code related functionality (hence why I'm always posting code tag bugs :smile: ) 80% of the posts on my forum are code and I need what the user types to be stored and parsed properly.
For the the RTE editor - I've finally got my head around the <pre> design decision. But as long as a user can physically type in [ code ] in the RTE and have it do something then you are just going to get bug after bug logged to the point where the bug tracker will need to scan every entry and auto-reply with the "Don't type code in RTE" template... On my test forum the only way I can think of preventing this has been to make the following modifications:
1. Remove the bbcode tag for [ code ] so that when a user types it in RTE it clearly does nothing - no code formatting appears which is a clear indication to the user that they (and not the forum) is doing something wrong. It still works in STD mode because that is not a real bbcode it's just a signal for CKEditor for use <pre>
2. Modify the rebuildposts functionality so that it goes through existing posts and converts old [ code ] to <pre>
This is fine for my needs and my community, but I doubt other admins will have the stomach for that approach as it has to be done straight after the upgrade and rebuildposts is risky (it currently breaks code entirely in 3.4.1 - http://community.invisionpower.com/resources/bugs.html/_/ip-board/code-tags-from-33-are-double-spaced-in-34-r40163 ) - so even with my modifications I'm still putting off my upgrade,
My members are used to just being able to start typing code. Clicking a button and selecting a language type, and then typing it in a dialog is a bit annoying. Is it possible to add a shortcut key that at least starts the code block in the editor.
Not directly editor related, but relevant to anyone fighting with custom bbcode. Take a look at an example post on my forum: http://www.autoitscript.com/forum/topic/146866-best-coding-practices-in-autoit/
I use a custom bbcode of [ autoit ] to use geshi to syntax highlight my language. Default code tags incorrectly highlight it so I gave up on those years ago. I wish there was a prettyprint force plain option, auto detect is awful. If I post a text file why would I want something to guess and randomly highlight it?
In 3.3.x I simply added a custom bbcode, took the input, ran it though my geshi class, and passed back the output. It works great. In 3.4 this is completely broken. The input to the bbcode plugin has been so preprocessed to such an extent that it is missing input that that user typed, or it has been mangled. I spent a few weeks writing functions that allow the custom bbcode functions to work around these issues until it became clear that even when my function outputted html in the right format that there were just too many places in the other source files that had this kind of logic:
1. Do some stripping, purifiying, XSS check, n to BR conversion, < p > wrap, < p > dewrap, etc.
2. Unless it's a <pre> tag, in which case do something else or nothing at all,
Once I got that far and read Matt's comments about wanting to work natively with <pre> I decided that custom bbcodes are no longer usable for what I need and it was too much effort fighting the parsing. I then starting trying to add my language to work as a CKeditor <pre> style.