mistahp 0 Posted March 31, 2008 Share Posted March 31, 2008 I've been working with svn and beta builds of WordPress 2.5 for a few weeks and now that it's final I have an issue. Part of the admin revamp is an all new interface for uploading images and other media. In browsers that support the feature (Firefox and Safari) a Flash-based multi-file uploader is used. In browsers that don't support the Flash uploader fully (Opera and Internet Explorer), a one-file-at-a-time HTML uploader is used. The HTML uploader works perfectly, but the Flash uploader does not. The multi-file uploading capability introduced in recent versions of Flash contains a bug that sends a malformed header to the server. Because of that header, Apache's mod_security rejects the upload out of hand with a 406 error. Following the troubleshooting advice of one of the WordPress developers, I've temporarily disabled mod_security by adding to my .htaccess >SecFilterEngine Off SecFilterScanPOST Off and this changes the problem but does not resolve it. Instead of a 406 error, the upload fails with a 403 error. In the testing surrounding this issue, the WP dev team eventually added to the default .htaccess rules ><IfModule mod_security.c> <Files async-upload.php> SecFilterEngine Off SecFilterScanPOST Off </Files> </IfModule> and this resolves the issue for most people, but not for me. Uploading images with Internet Explorer and Opera works fine because WordPress falls back to serving the HTML uploader to those browsers, but it always fails when WordPress serves the Flash uploader to Firefox and Safari. Through many e-mails with the developer who built the uploader (not the Flash applet itself, but all the parts of WordPress that use it), I've begun to suspect that this is a server configuration issue, that there's something about how TCH configures their machines that may be exacerbating the problem. All the potential fixes that I've seen fail to do anything for me. Does anyone have an idea on what might be the problem? Failing that, can anyone else confirm or refute this behavior on their own sites? (I'm hosted on grievous.) Quote Link to post Share on other sites
TCH-Thomas 25 Posted March 31, 2008 Share Posted March 31, 2008 Welcome to the forum, mistahp. Sorry, but I have only begun testing version 2.5 so I have no answer on this, but hang on and someone might know. Quote Link to post Share on other sites
TCH-Bruce 16 Posted March 31, 2008 Share Posted March 31, 2008 Welcome to the forums mistahp You might want to open a ticket with the help desks where one of the techs can determine if it is a server configuration or not. Link at top of this page or in my signature. I don't use the file uploader built into WordPress, I prefer to FTP my files up. Quote Link to post Share on other sites
mistahp 0 Posted March 31, 2008 Author Share Posted March 31, 2008 Thanks for the welcome, fellas. Bruce, I used to FTP all my images and other files, but the new media handling features in 2.5 are enough incentive to get me to switch. Quote Link to post Share on other sites
TCH-Bruce 16 Posted March 31, 2008 Share Posted March 31, 2008 I haven't played with it but does it log you in to do the uploads? If not you are going to have to set your upload folder to 777 for the server to write the files to the folder. Quote Link to post Share on other sites
mistahp 0 Posted March 31, 2008 Author Share Posted March 31, 2008 It authenticates as the appropriate WordPress user, but does not perform any other login steps. The HTML uploader works just fine with 777 permissions on the relevant folders, but the Flash uploader doesn't. I've messed around adjusting permissions on all sorts of things to no avail. I have a ticket open with the help desk. We'll see what they have to say. Quote Link to post Share on other sites
TCH-Bruce 16 Posted March 31, 2008 Share Posted March 31, 2008 Let us know what you find out. I use Firefox for my browser and FireFTP plugin for FTP. So it's not like I have to start another application to upload any files. Quote Link to post Share on other sites
mistahp 0 Posted March 31, 2008 Author Share Posted March 31, 2008 The help desk wasn't as helpful as I would have expected, but I got it resolved anyway. The solution was a combination of three things. 1. .htaccess needs this rule: ><IfModule mod_security.c> <Files async-upload.php> SecFilterEngine Off SecFilterScanPOST Off </Files> </IfModule> ...which selectively turns off mod_security for only the uploader. 2. wp-content must be chmod to 777. The Flash uploader uses wp-content to store uploads temporarily before moving them to whatever's consistent with the blog's user-specified upload settings. The HTML uploader does not do this, so 755 is ok on that folder. 3. The newest version of the Bad Behavior plugin (2.0.13) rejects the "Shockwave Flash" user agent, so one line in Bad Behavior's blacklist.php needs to be commented or removed. This one really threw me, because normally Bad Behavior returns a 417 error, not a 403. But, either way... the issue is now resolved and Flash uploads are working swimmingly for me. Quote Link to post Share on other sites
TCH-Bruce 16 Posted March 31, 2008 Share Posted March 31, 2008 1. seems reasonable 2. I would not allow my wp-content folder to be set to 777 so I won't be using that unless that changes (just asking for trouble) 3. no issue there, don't use that plugin Thanks for the update Quote Link to post Share on other sites
TCH-Bruce 16 Posted April 1, 2008 Share Posted April 1, 2008 Thomas posted a link today to Web Tools Collection While reading through it I found this: Q. I get a "403 Forbidden" error when uploading files. I am also using the Bad Behavior plugin.A. May need to delete the "Shockwave Flash" from the Bad Behavior blacklist file. See Rick Beckman's post for a detailed description. Don't know if this will help you but check it out. Quote Link to post Share on other sites
mistahp 0 Posted April 1, 2008 Author Share Posted April 1, 2008 Yup, all square. The issue is resolved, due in part to that Bad Behavior hack. Quote Link to post Share on other sites
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.