Hi @hcl,
Starting with OJS 3.2.0, you can set the following configuration variable to disable uploading to the public area:
[files]
public_user_dir_size = 0
This setting is the number of kilobytes each user is allowed to store; setting it to 0 prevents any upload.
Note that claims to have hacked the site by uploading an image are false. The image upload feature is an intentional feature allowing images to be uploaded in user profiles, abstracts, etc. Claiming it as a hack is analogous to setting your profile image on Twitter to an image claiming to have hacked Twitter.
Regards,
Alec Smecher
Public Knowledge Project Team
Regards,
Alec Smecher
Public Knowledge Project Team