Flash uploader fails on Mac browsers when mod_security enabled

[andy]

 http://swfupload.org/forum/generaldiscussion/363#comment-827

Due to a bug in Flash on Mac browsers, mod_security refuses the upload. We could turn off the Flash uploader if mod_security detected.

On some hosts you can turn of mod_security on a file by file basis using an .htaccess file with the following syntax.

SetEnvIfNoCase Request_URI ^PATH_TO_WORDPRESS/wp-admin/async-upload.php$ MODSEC_ENABLE=Off

Obviously replacing PATH_TO_WORDPRESS with the path to your blog ie. /wordpress or just /

I suppose it would be a bit too much of a kludge for Wordpress to install this .htaccess file itself.

if it looks like a mac and mod_security is on, cripple flash uploader

(In [7396]) Disable flash uploader if mac and mod_security is enabled. Props andy. fixes #6278

From the testers list:

"Testing the image uploader for the March 19 build, using Firefox 2.0.0.12 for Mac. On attempt to upload image from the hard drive, received this message before I had a chance to select a file to upload:

Fatal error: Call to undefined function: apache_getenv() in /home/username/public_html/test/wp-admin/includes/media.php on line 782"

(In [7401]) Make sure apache_getenv() exists before using it. fixes #6278

Apache < 2.0

fatal error: apache_getenv not defined

need another way to detect mod_security

new apache mod detection

(In [7441]) better Apache mod detection from andy. fixes #6278

got_mod_rewrite default changed; patched to add $default arg to apache_mod_loaded

(In [7508]) Reture true from got_mod_rewrite if we can't determine if the module is loaded. Add got_rewrite filter. Props andy. fixes #6278

I don't really know if it's the same as described here, but I've been having serious problems with the flash uploader... it just won't work.

I'm using Firefox 2.0.0.12 on Ubuntu, with the Flash version that's currently on the multiverse repository (9.0.48.0.2+really0ubuntu12.2), and so far, I've tried it on

• a local installation of RC-1, running on XAMPP for Linux 1.6.6

• a remote installation of the trunk

• a remote installation of RC-2

(both of the remote installations were running on PHP 5.2, on DreamHost)

I checked permissions on the uploads folder and tried using Opera 9, where I get the "normal" uploader, and it all worked fine, but when using the Flash uploader, most of the times I just added the files and nothing happened, or my browser crashed when it got to the "crunching" part.

I tried adding the lines that @didocat posted here to my .htaccess, but still nothing happened

Even if no one could reproduce this, I think there should be an option to use the "normal" uploader, just as there is one to dis/able the visual editor

I will be glad to contribute any more info if it's needed

felipelavinz, please open a new ticket, as you haven't included any of the conditions of the issue described here.

Not sure what the need is to disable the flash uploader if mod_security is enabled and the person is using a Mac. Once the .htaccess setup is in place, the flash uploader works fine.

On Safari 3.1, with Flash 9.0 r115 on OS X 10.5.2, the flash uploader works fine, with mod_security enabled and the .htaccess stanzas in place. I actually have to trick my Wordpress install into believing I'm not using a Mac by setting my UserAgent string to a Windows one via Safari Develop in order to take advantage of the flash uploader. That or by defaulting flash to true in wp-admin/includes/media.php.

While I can understand falling back to the non-flash uploader as a fail-safe, it's annoying for people who do have the correct setup with mod_security and have to result to other methods to take advantage of the new uploader. People have the option now via the no-flash-uploader plugin to disable the flash uploader if they can't get it to work with their setup.

Should I open a new ticket to have the blanket statement of mod_security + mac = no flash, removed?

It's been noted elsewhere in the forums, but I wanted to point out in this issue as well: this issue is NOT exclusively related to mod_security.

The same problem happens also if the whole Wordpress installation is password-protected with Apache (in httpd.conf or vhost.conf).

The Mac does not seem to be able to handle the password-protection (does not work with Safari or Firefox on the Mac) but it works with Safari or Firefox on the PC.

Re-closing as fixed, For furthur issues where the flash uploader can fail, Please open a new ticket.

See #7211 - I think I'm seeing this bug in other cases.

There's no detail here on what the bug was, merely how we are avoiding it. Can anyone expand on that?

Reclosing. Whatever the issue currently is, it should be in a new ticket.