Make WordPress Core

Opened 17 years ago

Closed 16 years ago

#6278 closed defect (bug) (fixed)

Flash uploader fails on Mac browsers when mod_security enabled

Reported by: andy's profile andy Owned by: andy's profile andy
Milestone: 2.5 Priority: high
Severity: critical Version: 2.5
Component: General Keywords:
Focuses: Cc:

Description

http://swfupload.org/forum/generaldiscussion/363#comment-827

Due to a bug in Flash on Mac browsers, mod_security refuses the upload. We could turn off the Flash uploader if mod_security detected.

Attachments (3)

6278.diff (1.1 KB) - added by andy 17 years ago.
if it looks like a mac and mod_security is on, cripple flash uploader
6278-1.diff (2.3 KB) - added by andy 17 years ago.
new apache mod detection
6278-default.diff (965 bytes) - added by andy 17 years ago.

Download all attachments as: .zip

Change History (21)

#1 @lloydbudd
17 years ago

  • Owner changed from anonymous to andy
  • Severity changed from normal to critical
  • Version set to 2.5

#2 @ditdotdat
17 years ago

On some hosts you can turn of mod_security on a file by file basis using an .htaccess file with the following syntax.

SetEnvIfNoCase Request_URI ^PATH_TO_WORDPRESS/wp-admin/async-upload.php$ MODSEC_ENABLE=Off

Obviously replacing PATH_TO_WORDPRESS with the path to your blog ie. /wordpress or just /

I suppose it would be a bit too much of a kludge for Wordpress to install this .htaccess file itself.

@andy
17 years ago

if it looks like a mac and mod_security is on, cripple flash uploader

#3 @andy
17 years ago

  • Keywords has-patch added
  • Owner changed from andy to ryan

#4 @ryan
17 years ago

  • Resolution set to fixed
  • Status changed from new to closed

(In [7396]) Disable flash uploader if mac and mod_security is enabled. Props andy. fixes #6278

#5 @ryan
17 years ago

  • Resolution fixed deleted
  • Status changed from closed to reopened

From the testers list:

"Testing the image uploader for the March 19 build, using Firefox
2.0.0.12 for Mac. On attempt to
upload image from the hard drive, received this message before I had a
chance to select a file
to upload:

Fatal error: Call to undefined function: apache_getenv() in
/home/username/public_html/test/wp-admin/includes/media.php on line 782"

#6 @ryan
17 years ago

  • Owner changed from ryan to andy
  • Status changed from reopened to new

#7 @markjaquith
17 years ago

  • Resolution set to fixed
  • Status changed from new to closed

(In [7401]) Make sure apache_getenv() exists before using it. fixes #6278

#8 @andy
17 years ago

  • Keywords has-patch removed
  • Resolution fixed deleted
  • Status changed from closed to reopened

Apache < 2.0

fatal error: apache_getenv not defined

need another way to detect mod_security

@andy
17 years ago

new apache mod detection

#9 @markjaquith
17 years ago

  • Resolution set to fixed
  • Status changed from reopened to closed

(In [7441]) better Apache mod detection from andy. fixes #6278

#10 @andy
17 years ago

  • Resolution fixed deleted
  • Status changed from closed to reopened

got_mod_rewrite default changed; patched to add $default arg to apache_mod_loaded

@andy
17 years ago

#11 @ryan
17 years ago

  • Resolution set to fixed
  • Status changed from reopened to closed

(In [7508]) Reture true from got_mod_rewrite if we can't determine if the module is loaded. Add got_rewrite filter. Props andy. fixes #6278

#12 @felipelavinz
17 years ago

  • Resolution fixed deleted
  • Status changed from closed to reopened

I don't really know if it's the same as described here, but I've been having serious problems with the flash uploader... it just won't work.

I'm using Firefox 2.0.0.12 on Ubuntu, with the Flash version that's currently on the multiverse repository (9.0.48.0.2+really0ubuntu12.2), and so far, I've tried it on

  • a local installation of RC-1, running on XAMPP for Linux 1.6.6
  • a remote installation of the trunk
  • a remote installation of RC-2

(both of the remote installations were running on PHP 5.2, on DreamHost)

I checked permissions on the uploads folder and tried using Opera 9, where I get the "normal" uploader, and it all worked fine, but when using the Flash uploader, most of the times I just added the files and nothing happened, or my browser crashed when it got to the "crunching" part.

I tried adding the lines that @didocat posted here to my .htaccess, but still nothing happened

Even if no one could reproduce this, I think there should be an option to use the "normal" uploader, just as there is one to dis/able the visual editor

I will be glad to contribute any more info if it's needed

#13 @lloydbudd
17 years ago

  • Resolution set to fixed
  • Status changed from reopened to closed

felipelavinz, please open a new ticket, as you haven't included any of the conditions of the issue described here.

#14 @hajducko
17 years ago

  • Resolution fixed deleted
  • Status changed from closed to reopened

Not sure what the need is to disable the flash uploader if mod_security is enabled and the person is using a Mac. Once the .htaccess setup is in place, the flash uploader works fine.

On Safari 3.1, with Flash 9.0 r115 on OS X 10.5.2, the flash uploader works fine, with mod_security enabled and the .htaccess stanzas in place. I actually have to trick my Wordpress install into believing I'm not using a Mac by setting my UserAgent string to a Windows one via Safari Develop in order to take advantage of the flash uploader. That or by defaulting flash to true in wp-admin/includes/media.php.

While I can understand falling back to the non-flash uploader as a fail-safe, it's annoying for people who do have the correct setup with mod_security and have to result to other methods to take advantage of the new uploader. People have the option now via the no-flash-uploader plugin to disable the flash uploader if they can't get it to work with their setup.

Should I open a new ticket to have the blanket statement of mod_security + mac = no flash, removed?

#15 @gboissiere
17 years ago

It's been noted elsewhere in the forums, but I wanted to point out in this issue as well: this issue is NOT exclusively related to mod_security.

The same problem happens also if the whole Wordpress installation is password-protected with Apache (in httpd.conf or vhost.conf).

The Mac does not seem to be able to handle the password-protection (does not work with Safari or Firefox on the Mac) but it works with Safari or Firefox on the PC.

#16 @DD32
16 years ago

  • Resolution set to fixed
  • Status changed from reopened to closed

Re-closing as fixed, For furthur issues where the flash uploader can fail, Please open a new ticket.

#17 @pishmishy
16 years ago

  • Resolution fixed deleted
  • Status changed from closed to reopened

See #7211 - I think I'm seeing this bug in other cases.

There's no detail here on what the bug was, merely how we are avoiding it. Can anyone expand on that?

#18 @santosj
16 years ago

  • Resolution set to fixed
  • Status changed from reopened to closed

Reclosing. Whatever the issue currently is, it should be in a new ticket.

Note: See TracTickets for help on using tickets.