[wp-trac] Re: [WordPress Trac] #6473: Wordpress 2.5 fails to allow
file uploads if you use .htaccess to secure wp-admin
WordPress Trac
wp-trac at lists.automattic.com
Wed Apr 2 10:49:00 GMT 2008
#6473: Wordpress 2.5 fails to allow file uploads if you use .htaccess to secure
wp-admin
----------------------------+-----------------------------------------------
Reporter: hexley | Owner: anonymous
Type: defect | Status: new
Priority: low | Milestone: 2.6
Component: Administration | Version: 2.5
Severity: normal | Resolution:
Keywords: |
----------------------------+-----------------------------------------------
Comment (by hexley):
@markjaquith, thanks for the reply. I think it securing wp-admin is used
by more than one may think. At any rate, it just all seems related, there
is now a sticky in the forums about uploading, I would say a lot of people
are not getting it to work.
The solution, to disable mod-sec. Interesting, I have not seen a singe
post telling people what disabling that mod does. People are blindly
turning something off that has the word security in it. At the very
least, explain to users what this disable is going to do to them.
My gut tells me 99% of the image upload problems are that there is some
security in place, people are not aware, and they are getting 401 errors.
I will do some poking at it, I do not know the flash lib thing you guys
are using.
I will be honest, I will not explore a <files...> style workaround, or a
mod-sec disable. It already is well known people are doing this, so it is
also known which one, or in my case, two files are not secured outside of
wp-admin built in auth. I would be just as well served trusting that wp-
admin is secure with no .htaccess.
I am yet to find any of the people in the forums that will allow me access
to their blog and files to test, so I am limited to my personal
environment. I will see what I can do to help out, thanks again.
--
Ticket URL: <http://trac.wordpress.org/ticket/6473#comment:5>
WordPress Trac <http://trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list