On a second note I think that the default install of the files directory should be in sites/default just as the default settings.php is. This would also making it easier just to give write permissions to that directory and the files in it, and that won't give you the full write access to all drupal files. This is not to say that you should be not be able to pick your files directory path just as you normally can, I just think the default place should be sites/default/files instead of files Alan On 12/8/07, DragonWize <dragonwize@gmail.com> wrote:
I don't see it as any different as the big red neon hack me sign on the file that contains your database username and password.
We still do that as a convenience and then warn the user to set the permissions back. And it is not like more work, the user is already setting permissions to write then back it would just be one more done the same way, unless you do it all manually which is always an option.
Alan
On 12/8/07, Larry Garfield <larry@garfieldtech.com> wrote:
Because then Drupal requires write access to the entire drupal directory where all code is stored. That's a big red neon "hack me" sign.
On Saturday 08 December 2007, DragonWize wrote:
Why not just require write permission just as we require write permission of settings.php (unless you do it manually). Then use the install script to write a files directory. That way there is not a file directory in the distro and won't cause any problems with copying files over for upgrades.
-- Larry Garfield AIM: LOLG42 larry@garfieldtech.com ICQ: 6817012
"If nature has made any one thing less susceptible than all others of exclusive property, it is the action of the thinking power called an idea, which an individual may exclusively possess as long as he keeps it to himself; but the moment it is divulged, it forces itself into the possession of every one, and the receiver cannot dispossess himself of it." -- Thomas Jefferson
-- Alan Doucette Koi Technology, LLC www.KoiTech.net
-- Alan Doucette Koi Technology, LLC www.KoiTech.net