Fix in Ticket #6278 breaks the uploader for Mac Users

[jerrek71]

Ticket #6278 states that the Flash Uploader does not work when the visitor is using Mac OSX

This is not correct - I am using OSX and the Flash Uploader with mod_security2 works just fine.

But it's worse than that - at least on my server, apache_mod_loaded() just kills the script silently. I'm using suPHP so I believe that runs PHP as a CGI and so apache_mod_loaded() probably isn't going to work (although one would have hoped it would simply return false rather than crash - but that's not a WP issue).

Nonetheless, I don't believe functionality should be blocked simply because you're on a Mac (a client issue) and the server has mod_security loaded (a server issue). This would be far better solved IF it's an issue, with a .htaccess or apache configuration rule such as SecFilterSelective or similar.

This bug is likely to affect many people using cPanel servers - mine's just a stock server with suPHP configured.

To reproduce you'll need to access a WP installation, attempt to upload media using a Mac OSX machine and be running on a suPHP based server.

[jerrek71]

A quick update...

Running a quick script to test apache_mod_loaded() on my server results in the following being logged into the error_log;

PHP Fatal error: Call to undefined function apache_mod_loaded() in /root/test.php on line 3

It would seem that the fix for ticket #6278 ought to test if the function exists before trying to use it?

[jerrek71]

Replying to jerrek71:

A quick update...

Running a quick script to test apache_mod_loaded() on my server results in the following being logged into the error_log;

PHP Fatal error: Call to undefined function apache_mod_loaded() in /root/test.php on line 3

It would seem that the fix for ticket #6278 ought to test if the function exists before trying to use it?

Sorry, that was dumb - apache_mod_loaded is defined in functions.php in WP itself so it won't work in a standalone script...

As you were :-)

[hakre]

So the server crash is to ignore with your report and the report is about MACOS and MOD_SECURTIY only?

[jerrek71]

A bit more digging has revealed to me that is actually not a WP problem but in fact my server has a problem.

The phpinfo(8) call in apache_mod_loaded() crashes and thus kills the whole script.

Worth keeping the notices of this around in case other people suffer, but if you get a blank screen when trying to upload media, write a quick test script which just contains the phpinfo(8) call and make sure it completes properly. If it doesn't, your server is borked.

Steve.

[nacin]

I keep seeing reports in this for phpinfo(8). Reference:

​http://wordpress.org/support/topic/blank-permalink-admin-page-after-changing-permalink-type/page/2?replies=46#post-1742457

Let's error-suppress that. Does that solve our issue? Patch attached.

[nacin]

Suppress errors for phpinfo(8).

[nacin]

Maybe someone can run var_dump( function_exists( get_loaded_extensions() ) ); and see if it exists on an install this affects. I might need to dig into the PHP internals to see exactly what's going on, how phpinfo(8) gets generated, and where it may fail.

[schmoo2x]

Replying to nacin:

Tried 15038.diff on my affected system with no change in results (note: I'm seeing it with the Permalinks Settings page coming up blank).

I ran var_dump( get_loaded_extensions() ); and this returned:

array(44) {
  [0]=>
  string(4) "Core"
  [1]=>
  string(4) "date"
  [2]=>
  string(4) "ereg"
  [3]=>
  string(6) "libxml"
  [4]=>
  string(7) "openssl"
  [5]=>
  string(4) "pcre"
  [6]=>
  string(7) "sqlite3"
  [7]=>
  string(4) "zlib"
  [8]=>
  string(6) "bcmath"
  [9]=>
  string(8) "calendar"
  [10]=>
  string(5) "ctype"
  [11]=>
  string(4) "curl"
  [12]=>
  string(3) "dom"
  [13]=>
  string(6) "filter"
  [14]=>
  string(3) "ftp"
  [15]=>
  string(2) "gd"
  [16]=>
  string(7) "gettext"
  [17]=>
  string(4) "hash"
  [18]=>
  string(5) "iconv"
  [19]=>
  string(7) "session"
  [20]=>
  string(4) "json"
  [21]=>
  string(8) "mbstring"
  [22]=>
  string(6) "mcrypt"
  [23]=>
  string(5) "mysql"
  [24]=>
  string(3) "SPL"
  [25]=>
  string(8) "standard"
  [26]=>
  string(5) "posix"
  [27]=>
  string(10) "Reflection"
  [28]=>
  string(4) "Phar"
  [29]=>
  string(9) "SimpleXML"
  [30]=>
  string(7) "sockets"
  [31]=>
  string(4) "imap"
  [32]=>
  string(9) "tokenizer"
  [33]=>
  string(3) "xml"
  [34]=>
  string(9) "xmlreader"
  [35]=>
  string(9) "xmlwriter"
  [36]=>
  string(8) "cgi-fcgi"
  [37]=>
  string(7) "suhosin"
  [38]=>
  string(3) "PDO"
  [39]=>
  string(10) "pdo_sqlite"
  [40]=>
  string(6) "SQLite"
  [41]=>
  string(9) "pdo_mysql"
  [42]=>
  string(14) "SourceGuardian"
  [43]=>
  string(14) "ionCube Loader"
}

[nacin]

schmoo2x: Thanks. Wondering if it is apache_get_modules() then.

Can you try:

var_dump( function_exists( 'apache_get_modules' ) );

And if it exists, then suppress errors for that call on line 3356: $mods = @apache_get_modules();

All that said, another ticket just occurred to me -- thinking maybe it's this bug: #15044.

[schmoo2x]

Replying to nacin:

Can you try:

var_dump( function_exists( 'apache_get_modules' ) );

bool(false) 

That something I can compile into Apache? I'll do it if it will help track this thing down.

[nacin]

Unfortunately, there's no way for us to reproduce this, understand why this is failing, or how to fix it. Punting.

[ocean90]

We have now a new uploader, see #18206. Plupload uses HTML5 first.

So still the problem with the permalink page?