[wp-trac] Re: [WordPress Trac] #6473: Wordpress 2.5 fails to allow file uploads if you use .htaccess to secure wp-admin

WordPress Trac wp-trac at lists.automattic.com
Wed Apr 2 10:49:00 GMT 2008 

#6473: Wordpress 2.5 fails to allow file uploads if you use .htaccess to secure
wp-admin
----------------------------+-----------------------------------------------
 Reporter:  hexley          |        Owner:  anonymous
     Type:  defect          |       Status:  new      
 Priority:  low             |    Milestone:  2.6      
Component:  Administration  |      Version:  2.5      
 Severity:  normal          |   Resolution:           
 Keywords:                  |  
----------------------------+-----------------------------------------------
Comment (by hexley):

 @markjaquith, thanks for the reply.  I think it securing wp-admin is used
 by more than one may think.  At any rate, it just all seems related, there
 is now a sticky in the forums about uploading, I would say a lot of people
 are not getting it to work.

 The solution, to disable mod-sec.  Interesting, I have not seen a singe
 post telling people what disabling that mod does.  People are blindly
 turning something off that has the word security in it.  At the very
 least, explain to users what this disable is going to do to them.

 My gut tells me 99% of the image upload problems are that there is some
 security in place, people are not aware, and they are getting 401 errors.

 I will do some poking at it, I do not know the flash lib thing you guys
 are using.

 I will be honest, I will not explore a <files...> style workaround, or a
 mod-sec disable.  It already is well known people are doing this, so it is
 also known which one, or in my case, two files are not secured outside of
 wp-admin built in auth.  I would be just as well served trusting that wp-
 admin is secure with no .htaccess.

 I am yet to find any of the people in the forums that will allow me access
 to their blog and files to test, so I am limited to my personal
 environment.  I will see what I can do to help out, thanks again.

-- 
Ticket URL: <http://trac.wordpress.org/ticket/6473#comment:5>
WordPress Trac <http://trac.wordpress.org/>
WordPress blogging software

More information about the wp-trac mailing list