From code inspection.... _set_upload_path seems designed to insulate against invalid upload_locations in the configuration, by only setting upload_path if the location is traversable. However the code that actually does the upload references the unsanitized upload_location value instead!
From code inspection....
_set_upload_pathseems designed to insulate against invalidupload_locations in the configuration, by only settingupload_pathif the location is traversable. However the code that actually does the upload references the unsanitizedupload_locationvalue instead!