Currently, to make the screenshot work in the topic view you have to enable dynamic image and add php as a valid image file extension. Enabling dynamic images is a high risk security issue on the forum (it shows up in the most critical color on the Security Center page). Would it be possible to not require these options during topic creation/updates, and instead just set the setting in code to allow dynamic images to yes, and add PHP as a valid image extension to the list right before the post parsing is done? If you want some sample code to understand what I'm on about, just let me know.

That's an interesting point, and I could work around it in other ways. However, quite quickly I got bug reports about people editing those topics and the image wouldn't reparse afterwards...I mean, since it IS a topic, people can edit it via the forums, which of course IP.Downloads does not modify.


I realize we put the dynamic images in the "high security" section, however honestly it's not. You can just as easily link to

http://someurl.com/someimage.gif

And that someimage.gif could be a .php file with .htaccess making it work as a .gif. I'm sure you know what I'm referring to. There is little to nothing that can be done from a remote server with regards to executing a dynamic image, with the more drastic things being page layout stretching (no longer an issue with our JS resizer) and traffic logging (but again, you can't stop that given that even hits to .gif files will register in access logs without actually making a php .gif file).