i'd be interested to know where raq4 owners keep their upload_tmp_dir these days.
it was recently brought to my attention that the uploaded files don't get the proper site gid after being moved under site directories. since system default is to use /tmp (symlinked to /home/tmp) the group would be root. this doesn't look especially sane to me. besides obvious security concerns, users could upload to their hearts desire without it ever affecting their quota. other opinions? it looks to me the best bet is to set ./tmp in php.ini. does that have any negative sides to it? rgds, netcat _______________________________________________ cobalt-security mailing list [EMAIL PROTECTED] http://list.cobalt.com/mailman/listinfo/cobalt-security
