Ticket #6278 (reopened defect)

Opened 4 months ago

Last modified 5 days ago

Flash uploader fails on Mac browsers when mod_security enabled

Reported by: andy Assigned to: andy
Priority: high Milestone: 2.5
Component: General Version: 2.5
Severity: critical Keywords:
Cc:

Description

http://swfupload.org/forum/generaldiscussion/363#comment-827

Due to a bug in Flash on Mac browsers, mod_security refuses the upload. We could turn off the Flash uploader if mod_security detected.

Attachments

6278.diff (1.1 kB) - added by andy on 03/19/08 05:51:15.
if it looks like a mac and mod_security is on, cripple flash uploader
6278-1.diff (2.3 kB) - added by andy on 03/21/08 04:03:19.
new apache mod detection
6278-default.diff (0.9 kB) - added by andy on 03/24/08 23:36:43.

Change History

03/18/08 16:46:22 changed by lloydbudd

  • owner changed from anonymous to andy.
  • version set to 2.5.
  • severity changed from normal to critical.

03/18/08 18:41:07 changed by ditdotdat

On some hosts you can turn of mod_security on a file by file basis using an .htaccess file with the following syntax. 

SetEnvIfNoCase Request_URI ^PATH_TO_WORDPRESS/wp-admin/async-upload.php$ MODSEC_ENABLE=Off

Obviously replacing PATH_TO_WORDPRESS with the path to your blog ie. /wordpress or just /

I suppose it would be a bit too much of a kludge for Wordpress to install this .htaccess file itself.

03/19/08 05:51:15 changed by andy

  • attachment 6278.diff added.

if it looks like a mac and mod_security is on, cripple flash uploader

03/19/08 05:52:39 changed by andy

  • keywords set to has-patch.
  • owner changed from andy to ryan.

03/19/08 06:18:05 changed by ryan

  • status changed from new to closed.
  • resolution set to fixed.

(In [7396]) Disable flash uploader if mac and mod_security is enabled. Props andy. fixes #6278

03/19/08 18:00:41 changed by ryan

  • status changed from closed to reopened.
  • resolution deleted.

From the testers list:

"Testing the image uploader for the March 19 build, using Firefox 2.0.0.12 for Mac. On attempt to upload image from the hard drive, received this message before I had a chance to select a file to upload:

Fatal error: Call to undefined function: apache_getenv() in /home/username/public_html/test/wp-admin/includes/media.php on line 782"

03/19/08 18:10:01 changed by ryan

  • owner changed from ryan to andy.
  • status changed from reopened to new.

03/19/08 18:19:00 changed by markjaquith

  • status changed from new to closed.
  • resolution set to fixed.

(In [7401]) Make sure apache_getenv() exists before using it. fixes #6278

03/21/08 01:39:32 changed by andy

  • keywords deleted.
  • status changed from closed to reopened.
  • resolution deleted.

Apache < 2.0

fatal error: apache_getenv not defined

need another way to detect mod_security

03/21/08 04:03:19 changed by andy

  • attachment 6278-1.diff added.

new apache mod detection

03/21/08 04:10:01 changed by markjaquith

  • status changed from reopened to closed.
  • resolution set to fixed.

(In [7441]) better Apache mod detection from andy. fixes #6278

03/24/08 23:36:31 changed by andy

  • status changed from closed to reopened.
  • resolution deleted.

got_mod_rewrite default changed; patched to add $default arg to apache_mod_loaded

03/24/08 23:36:43 changed by andy

  • attachment 6278-default.diff added.

03/25/08 00:22:37 changed by ryan

  • status changed from reopened to closed.
  • resolution set to fixed.

(In [7508]) Reture true from got_mod_rewrite if we can't determine if the module is loaded. Add got_rewrite filter. Props andy. fixes #6278

03/27/08 00:10:01 changed by felipelavinz

  • status changed from closed to reopened.
  • resolution deleted.

I don't really know if it's the same as described here, but I've been having serious problems with the flash uploader... it just won't work.

I'm using Firefox 2.0.0.12 on Ubuntu, with the Flash version that's currently on the multiverse repository (9.0.48.0.2+really0ubuntu12.2), and so far, I've tried it on

- a local installation of RC-1, running on XAMPP for Linux 1.6.6

- a remote installation of the trunk

- a remote installation of RC-2

(both of the remote installations were running on PHP 5.2, on DreamHost)

I checked permissions on the uploads folder and tried using Opera 9, where I get the "normal" uploader, and it all worked fine, but when using the Flash uploader, most of the times I just added the files and nothing happened, or my browser crashed when it got to the "crunching" part.

I tried adding the lines that @didocat posted here to my .htaccess, but still nothing happened

Even if no one could reproduce this, I think there should be an option to use the "normal" uploader, just as there is one to dis/able the visual editor

I will be glad to contribute any more info if it's needed

03/27/08 00:48:34 changed by lloydbudd

  • status changed from reopened to closed.
  • resolution set to fixed.

felipelavinz, please open a new ticket, as you haven't included any of the conditions of the issue described here.

04/09/08 06:43:01 changed by hajducko

  • status changed from closed to reopened.
  • resolution deleted.

Not sure what the need is to disable the flash uploader if mod_security is enabled and the person is using a Mac. Once the .htaccess setup is in place, the flash uploader works fine.

On Safari 3.1, with Flash 9.0 r115 on OS X 10.5.2, the flash uploader works fine, with mod_security enabled and the .htaccess stanzas in place. I actually have to trick my Wordpress install into believing I'm not using a Mac by setting my UserAgent? string to a Windows one via Safari Develop in order to take advantage of the flash uploader. That or by defaulting flash to true in wp-admin/includes/media.php.

While I can understand falling back to the non-flash uploader as a fail-safe, it's annoying for people who do have the correct setup with mod_security and have to result to other methods to take advantage of the new uploader. People have the option now via the no-flash-uploader plugin to disable the flash uploader if they can't get it to work with their setup.

Should I open a new ticket to have the blanket statement of mod_security + mac = no flash, removed?

04/10/08 19:05:13 changed by gboissiere

It's been noted elsewhere in the forums, but I wanted to point out in this issue as well: this issue is NOT exclusively related to mod_security.

The same problem happens also if the whole Wordpress installation is password-protected with Apache (in httpd.conf or vhost.conf).

The Mac does not seem to be able to handle the password-protection (does not work with Safari or Firefox on the Mac) but it works with Safari or Firefox on the PC.

06/25/08 03:48:12 changed by DD32

  • status changed from reopened to closed.
  • resolution set to fixed.

Re-closing as fixed, For furthur issues where the flash uploader can fail, Please open a new ticket.

06/30/08 14:25:43 changed by pishmishy

  • status changed from closed to reopened.
  • resolution deleted.

See #7211 - I think I'm seeing this bug in other cases.

There's no detail here on what the bug was, merely how we are avoiding it. Can anyone expand on that?