Scalar offers simple configuration with .htaccess rules and localDir configuration to place user uploaded files in a subdirectory or other location, but by default creates user directories in the root of the Scalar site. As a matter of good practice, I suggest by default separating user uploads from application code by enabling these settings out-of-the-box. There's no functional benefit to placing the user files in the root directory.
Suggested changes:
Set "localDir" in system/application/config/local_settings.php to "uploads".
Uncomment the lines in .htaccess that route file requests to the uploads directory.
Scalar offers simple configuration with .htaccess rules and localDir configuration to place user uploaded files in a subdirectory or other location, but by default creates user directories in the root of the Scalar site. As a matter of good practice, I suggest by default separating user uploads from application code by enabling these settings out-of-the-box. There's no functional benefit to placing the user files in the root directory.
Suggested changes: