[wp-trac] Re: [WordPress Trac] #6473: Wordpress 2.5 fails to allow
file uploads if you use .htaccess to secure wp-admin
WordPress Trac
wp-trac at lists.automattic.com
Mon Mar 31 16:10:18 GMT 2008
#6473: Wordpress 2.5 fails to allow file uploads if you use .htaccess to secure
wp-admin
----------------------------+-----------------------------------------------
Reporter: hexley | Owner: anonymous
Type: defect | Status: new
Priority: low | Milestone: 2.6
Component: Administration | Version: 2.5
Severity: normal | Resolution:
Keywords: |
----------------------------+-----------------------------------------------
Comment (by hexley):
Replying to [comment:1 markjaquith]:
> Can you exempt async-upload.php from HTTP auth ?
I wish I knew how, in all my tests. No. Some can, you can setenvifnocase
and some other things with <files> but even then, I would not want to.
This being the only known way to fix this, leaves two files open to anyone
stabbing at them as they please.
For now, the best I can say, is hope your IP is semi-static, and limit via
IP, and dump password realm based auth protection.
--
Ticket URL: <http://trac.wordpress.org/ticket/6473#comment:3>
WordPress Trac <http://trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list