Controlling access to blogs.dir
-
I am working with a plugin that stores certain site-specific files like uploads, user images, etc in /blogs.dir/3/files/some-folder-name, where 3 is the blog ID.
These folder locations are part of the plugin setup.
Is there something in WP multisite that insures that a site admin for blog ID only enters that ID #? Or is that something that the plugin author has to control? Or did I mess something up in my multisite config?
In my tests, a site admin for blog ID 3 could change the folder locations to that of 4 and using the plugin-provided features, change the files for blog ID 4, even though he’s not a user of that site.
Viewing 4 replies - 1 through 4 (of 4 total)
Viewing 4 replies - 1 through 4 (of 4 total)
- The topic ‘Controlling access to blogs.dir’ is closed to new replies.