> Bo and I have verified this,
The problem is basically that a .php script executed by sf.net can
write to any writable location of sf.net, which are usually
apache-writable directories under the persistent directory of some
projects. sf.net fully understand this, as some casual search turns
out:
There's a security issue with using SF for our web and wiki. It's as
follows.
The web and wiki must be able to write the data somewhere. This data must
be writable by the apache user. Unfortunately, this means that any other
project at SF will also be able to write to our data... oops.
Bo an