dugs

Just noticed a weird thing in 0.7 version of code that I downloaded from link above: In application_top.php I see $products_options_file->set_destination(DIR_FS_UPLOAD); ; but in configure.php I see define('DIR_FS_UPLOADS', DIR_FS_CATALOG . DIR_WS_UPLOADS); And of course when I add my item (with file input option) to my cart I get: Not writeable! DIR_FS_UPLOAD: Changing to DIR_FR_UPLOAD (with no S at end) in configure.php helps. Besides, In configure.php, code has been changed compared to OSC original file from define('DIR_FS_CATALOG', dirname($HTTP_SERVER_VARS['SCRIPT_FILENAME'])); to define('DIR_FS_CATALOG', $FS_DOCUMENT_ROOT . DIR_WS_HTTP_CATALOG);. I reset this back to original code to have contrib working, ... but I was wondering why these changes... ?

Great contribution ! and excellent remark about file extension. Think of security issues: imagine someone uploading e.g. a php file (or any serverside executable file) and assuming that execute permission exists on upload target directory: could be harmfull ! Regards