When these patches come out I just create a copy (tar) file of my admin directory, just in case, and then extract the patch and then test. This patch works fine with 3.4.7 as I've just tested, but is intended for any 3.4.x as with other patches IPS have produced in the past.
I'd really like an optional setting to enable a "follow this topic" link to appear on email notifications of new topics. I'm not sure if the emailWrapper is the right place for it and should do some testing. I thought I'd ask regardless.
It's great that the system can be set to send notifications of all new topics, but I need to take it a step further for really easy following capacity right within that notification.
Does anyone know how to accomplish this? I was thinking of the the html emailwrapper in the manage system templates area.
Would this be a feature request or something already accounted for in version 4?
I guess the new topic link would have to be creativly caught as a variable for use in the email wrapper, I just don't know how it could be done automatically or if it's possible.
Also, please confirm the /usr/bin definition there, I use ImageMagick as well for mediawiki but I'm not sure if /usr/bin leaves a vulnerability. I'll try it out in the next few days.
One more thing, I hear about root kits installing themselves in /tmp so I'm also wondering about defining something other than /tmp, or are we stuck with that. I'm assuming we're stuck with /tmp and probably need something like selinux to protect the OS. I've gone way too far here. Thanks though for your help!
This might be just me, but I've tested out setting open_basedir = /var/www/html (happens to be my web root default) with some negative side effects. The ability to upload files with ip.downloads or upload avatars seems to not work. Everything else seems to function which is good.
Commenting open_basedir out again from my /etc/php.ini allows things to be uploaded again. Is this expected? The use of ip.downloads is pretty important to me and it would be nice if there is a work around for security sake. Note that I'm running on a physical host and have full control over the OS and files. I've tested this out with the latest and greatest version of IP.Board and IP.Downloads.