Hugo Mills wrote: (snip)
Themes.
From my limited investigation so far, it seems that Drupal themes
are basically PHP. Allowing users to upload themes directly is therefore a no-no. Is there a non-executable type of theme that we can support direct uploads for safely, or will all uploaded themes have to be audited before we allow them up? How flexible would the system be if we were to prevent theme uploads completely?
I think, for the moment, all drupal themes must contain PHP code. Maybe you can pre-install some popular theme and suggest user to request other themes by mail to admin ? Maybe you can use some themes from themegarden ? For more flexibility to can allow users to upload personal images for theme.
What else have I forgotten or overlooked?
The chances of having a malicious user are probably fairly small in
this set-up, but I'd like to keep it as "clean" as possible, so pointing out any other glaring holes that would allow a site administrator to execute arbitrary code on the server would be useful.
I've never use multisite-mode but i'm interested by your experience return.
Gwen