#6509 closed defect (bug) (worksforme)
swfupload problems with mod_security
| Reported by: |
|
Owned by: | |
|---|---|---|---|
| Milestone: | Priority: | normal | |
| Severity: | normal | Version: | 2.5 |
| Component: | Upload | Keywords: | needs-test reporter-feedback |
| Focuses: | Cc: |
Description
I got 2 problems with an italian hoster that has hundereds if not thousands users with a WP blog
1) Having mod_security on swfupload fails, the problem get solved using the method suggested at:
http://wordpress.org/support/topic/162373?replies=12 inserting some lines in the .htaccess, I don't know if this could be solved making the uploader to degrade in a non swf uploader.
2) The hoster has suEXEC and we already solved a similar with Ryan with old uploader yeas ago. The directory are created with folowing permission: drwxr_x_ that make the file inside not readable, restoring sitewide permission from hosting CP the dir become drwxr_s_ and file get read correctly. This is a very bad problem that need solution
Change History (10)
#3
@
15 years ago
I checked the old ticket tah solved the same problem state here as #2 in late 2006 it was #2190 and that time changest [3501] solved the problem, thias was keep in new files function.php that subsittute the old admin-function.php where that code was and is used:
Set correct file permissions
$stat = @ stat( dirname( $new_file ) );
$perms = $statmode? & 0007777;
$perms = $perms & 0000666;
@ chmod( $new_file, $perms );
In media.php I've found:
Set correct file permissions
$stat = stat( dirname( $destfilename ));
$perms = $statmode? & 0000666; same permissions as parent folder, strip off the executable bits
@ chmod( $destfilename, $perms );
That looks like it ognore se S flag or I'm wrong? maybe having same code as in function.php will solve the problem? No it dont'... i tried... but.. i feel the problem is around there.
#5
@
14 years ago
- Keywords needs-patch needs-testing added
- Summary changed from swfupload problems to swfupload problems with mod_security
#9
@
14 years ago
- Keywords needs-test added; needs-patch removed
- Priority changed from high to normal
- Resolution set to worksforme
- Status changed from new to closed
maybe umask is missing here as well (see #10170)?
aditionally there is not much way to check for mod_security or at least for the specific configuration that perevents on certain hosts.
to tell you the truth: worksforme. I have wordpress blogs on hosts with mod_security enabled and no problems. This is a server configuration thing so please check your mod_security settings or disable it via .htaccess:
<IfModule mod_security.c> <Files async-upload.php> SecFilterEngine Off SecFilterScanPOST Off </Files> </IfModule>
Logentry of the check enabled in mod_security that prevented file uploads on one host (as only one sole person has reported the real details in her case):
http://wordpress.org/support/topic/162373?replies=12#post-716574
As reported, this is works for me, I have zero/nada/no problem with mod_security and swfupload. Can please someone provide a detailed testcase to reproduce this so that it can be actually confirmed?
1) relates to #6406 ?