I would like to suggest removing the requirement that CSV files (e.g. in the node and user imports) be in the Drupal filesystem path. In the case of user imports, this means that user data must be kept in a place where it is accessible to anyone who happens to know the file path.

Since feeds accesses the file via PHP, it would be more secure to have the option of storing these files outside of the web root.

Comments

twistor’s picture

twistor CreditAttribution: twistor as a volunteer commented
Issue summary: View changes
Status: Active » Closed (outdated)