Ticket #472 (closed defect: fixed)
InsertPicture and security
|Reported by:||niko||Owned by:||gocher|
currently you can write in ANY directory where the www-user has write-rights by setting the localpicturepath, which is a big security hole.
you could use the same algorithm as ImageManager does to protect the settings.