Problems with media uploader
|Reported by:||pishmishy||Owned by:||pishmishy|
I've a customer who's having problems with mod_security and WordPress. This manifests itself in the new media uploader. Whilst there's a published workaround using .htaccess (see http://wordpress.org/support/topic/164999), their host won't allow them to bypass the global mod_security settings in this way.
There's a not-unpopular set of mod_security rules for securing WordPress that haven't been uploaded to cater for 2.5.1 (http://blogsecurity.net/wordpress/modsecurity-and-wordpress-defense-in-depth/).
I'm still looking to root out all the conflicts I can spot but in the first instance
which is designed to protect against SQL injections, matches against the "Insert into Post" button and blocks the HTTP request (this appears to be a common rule outside of the WordPress specific paper referenced above).
Change History (17)
comment:9 @pishmishy — 7 years ago
- Priority changed from high to normal
- Summary changed from Common mod_security rules, conflicts with media uploader to Problems with media uploader
comment:13 @pishmishy — 7 years ago
- Milestone 2.7 deleted
- Resolution set to invalid
- Status changed from assigned to closed