Yes, that's what we did. We uploaded all of the main level php files with the exception of the config files (and also didn't upload install.php and upgrade.php).
We also made the function un_htmlspecialchars edit (in pp-inc) above to allow the script tag (and another to allow the iframe tag since we use that too) in our products (to "<script><iframe><b><table>.....).
I think our setup is similar to yours in that we are the only ones who post products but we want HTML off in the reviews since users can post those.
Hope this helps.
Have a good weekend.
Last edited by WB; October 9th, 2005 at 07:53 AM.