I think you can prevent this for the moment with a checking of files. So when people try to upload this package, you just restrict that folder usage. Is not a best way, but still work I think.
Also if you use mod_security maybe suhosin, this can help as well as a security layer
I did not checked this but I think is not quite possible even if is safe mode OFF to bypass the folders, because open_basedir.
Also if you use mod_security maybe suhosin, this can help as well as a security layer
I did not checked this but I think is not quite possible even if is safe mode OFF to bypass the folders, because open_basedir.