[wp-trac] Re: [WordPress Trac] #6473: Wordpress 2.5 fails to allow file uploads if you use .htaccess to secure wp-admin

WordPress Trac wp-trac at lists.automattic.com
Mon Mar 31 16:36:13 GMT 2008 

#6473: Wordpress 2.5 fails to allow file uploads if you use .htaccess to secure
wp-admin
----------------------------+-----------------------------------------------
 Reporter:  hexley          |        Owner:  anonymous
     Type:  defect          |       Status:  new      
 Priority:  low             |    Milestone:  2.6      
Component:  Administration  |      Version:  2.5      
 Severity:  normal          |   Resolution:           
 Keywords:                  |  
----------------------------+-----------------------------------------------
Comment (by markjaquith):

 Replying to [comment:2 hexley]:
 > I am confused about setting this to 2.6, seems a long way out.  Look at
 the thread linked ab uploader ove, most are resorting to disabling mod
 sec, and I have a feeling they have no idea what they are disabling.
 >
 > This is saying we should all no longer follow the numerous posts out
 there to secure your ap-admin area, and rely on the built in security of a
 wp login and pass form.
 >
 > Is this a confirmation that my analysis of the bug is correct in that
 the auth'd credentials are not getting passed to the flash?

 2.5.1 is for major bugs.  While I appreciate that it is very inconvenient
 for you that the flash uploader doesn't work, securing the wp-admin with
 HTTP authentication is utilized by a very small number of people, and the
 bug only affects a small portion of the wp-admin, so it's not going to be
 a huge priority for 2.5.1  If you find a WordPress-based solution, please
 share it.  And if you find a .htaccess workaround, please share that as
 well.  If a WP solution is found and it is both simple and unlikely to
 affect others, it might be considered for 2.5.1

 If you can't find a workaround, IP-based auth might be a reasonable
 facsimile.  Another way you could go is requiring a special secret cookie
 (that isn't set by wp-admin).

-- 
Ticket URL: <http://trac.wordpress.org/ticket/6473#comment:4>
WordPress Trac <http://trac.wordpress.org/>
WordPress blogging software

More information about the wp-trac mailing list