Hi @novikoffav,
That’s a dangerous configuration – authors will be able to upload malicious files (e.g. .phtml code) and then construct a URL to cause the server to execute them. Not to mention that you’d expose pre-publication content without any access controls.
Regards,
Alec Smecher
Public Knowledge Project Team