jlow99

+Clients
  • Content count

    12
  • Joined

  • Last visited


jlow99's Activity

  1. jlow99 added a comment on a blog entry IP.Board 3.3.x, 3.4.x Security Update   

    When these patches come out I just create a copy (tar) file of my admin directory, just in case, and then extract the patch and then test.
    This patch works fine with 3.4.7 as I've just tested, but is intended for any 3.4.x as with other patches IPS have produced in the past.
  2. jlow99 added a post in a topic Migrating from IPB hosted to self hosted   

    Hi bfarber
    Can you post a link please to this guide?
  3. jlow99 added a topic in Product Feedback   

    Can a "follow this topic" be on the emailWrapper?
    I'd really like an optional setting to enable a "follow this topic" link to appear on email notifications of new topics. I'm not sure if the emailWrapper is the right place for it and should do some testing. I thought I'd ask regardless.

    It's great that the system can be set to send notifications of all new topics, but I need to take it a step further for really easy following capacity right within that notification.

    Does anyone know how to accomplish this? I was thinking of the the html emailwrapper in the manage system templates area.
    Would this be a feature request or something already accounted for in version 4?

    I guess the new topic link would have to be creativly caught as a variable for use in the email wrapper, I just don't know how it could be done automatically or if it's possible.

    Much Obliged,
    ~j
    • 0 replies
    • 377 views
  4. jlow99 added a comment on a blog entry Securing your community   

    Thanks Lindy, Kirito, AncientMariner!!
     
    AncientMariner's suggestion worked but I'm curious about what is more appropriate...
     
    open_basedir = /var/www/html:/usr/bin
    upload_tmp_dir = /tmp
     
    or
     
    open_basedir = /tmp:/var/www/html:/usr/bin
     
    Also, please confirm the /usr/bin definition there, I use ImageMagick as well for mediawiki but I'm not sure if /usr/bin leaves a vulnerability. I'll try it out in the next few days.
     
    One more thing, I hear about root kits installing themselves in /tmp so I'm also wondering about defining something other than /tmp, or are we stuck with that. I'm assuming we're stuck with /tmp and probably need something like selinux to protect the OS. I've gone way too far here. Thanks though for your help!
  5. jlow99 added a comment on a blog entry Securing your community   

    This might be just me, but I've tested out setting open_basedir = /var/www/html (happens to be my web root default) with some negative side effects. The ability to upload files with ip.downloads or upload avatars seems to not work. Everything else seems to function which is good.
     
    Commenting open_basedir out again from my /etc/php.ini allows things to be uploaded again. Is this expected? The use of ip.downloads is pretty important to me and it would be nice if there is a work around for security sake.  Note that I'm running on a physical host and have full control over the OS and files. I've tested this out with the latest and greatest version of IP.Board and IP.Downloads.