Can someone test and confirm the permissions applied to images uploaded for adverts and products.
 
On our system we have observed that the uploaded images are being set with permissions 0666 for adverts
This gives World Write access !!
 
Scenario:
1. Admin Console - create a new advert and select to upload a Large image and select option to Generate Small Image
 
Doing the same process for products seems to work OK and sets permissions to 0644. But could we confirm that this works for others

Further
 
Images uploaded by end users during ad creation are being set with permissions 0766

The file and folder permissions are defined by ViArt in scripts admin_upload.php and user_upload.php. They were thought through carefully to satisfy different server configurations, display on the web and be accessible via FTP. If you would like to have the permissions from the server then edit the files mentioned above and remove all mentions of chmod function.
 
As for security please share your thoughts why do you think an image with writable permission is a threat to the site?
 
Regards,
ViArt Team