Due to a quirk of my Windows shared hosting provider that is impacting one WordPress blog and not another…I hacked functions.php.  Now, as with hacking Drupal core, I’m not proud of this, but despite the fact that both sites claim to be reading the same php.ini file, one has the open_basedir restriction in effect, and the other does not.  So here’s my hack to get around image uploads blowing up because IIS is putting them in temp and php can’t get there…

// /wp-includes/functions.php
// ~ line 1716

function wp_check_filetype_and_ext( $file, $filename, $mimes = null ) {

	$proper_filename = false;

	// Do basic extension validation and MIME mapping
	$wp_filetype = wp_check_filetype( $filename, $mimes );
	extract( $wp_filetype );

// hack
return compact( 'ext', 'type', 'proper_filename' );

	// We can't do any further validation without a file to work with
	if ( ! file_exists( $file ) )
		return compact( 'ext', 'type', 'proper_filename' );

In case there’s any question, dropping a custom php.ini into the web root didn’t work. Neither did one in each folder, or in the cgi folder or anywhere else I could think to stuff a php.ini…