Options->Miscellaneous allows you to set the upload directory to a *relative* path.
If you set it to, say, "../../../var/cache/wordpress/uploads/", it will accept the file and store it, but will make an url like this: http://blog.example.com/../../../var/cache/wordpress/uploads//2007/03/frog.jpg which isn't going to work. This of course means anyone with admin access to wordpress can, by resetting the upload path, write anywhere on the system that www-data can write, and can use the error messages to probe about. It would be best for wordpress to refuse to allow the file system to be scaled via "../". A symlink to a dedicated directory, as suggested above, sounds like a better idea. regards, Douglas Bagnall -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
