Looks like even after extensive testing on Wordpress’s side, one nasty bug managed to slip through, and it’s not the fault of Wordpress either. Apparently, anyone using mod_security on Apache will not be able to upload anything on Wordpress 2.5 or Wordpress 2.5.1. This could be because mod_security doesn’t take a liking towards the Flash uploader Wordpress now uses. This is a big problem for Wordpress, since more than 30% of the Internet uses mod_security (courtesy of Hostgator and numerous other Internet web hosts), which means these uploaders won’t work if you simply install Wordpress and do nothing else after.
The fix?
Simply create or edit your .htaccess using your text editor. Insert the following lines to the file:
<IfModule mod_security.c>
<Files async-upload.php>
SecFilterEngine Off
SecFilterScanPOST Off
</Files>
</IfModule>
That should switch off security only for your uploader, and chances are your uploader should work fine.
Alternatively, since the entire problem is caused by Flash, you could try disabling the Flash uploader using a plugin that does that.
—
A second glitch is that sometimes the media gallery in Wordpress 2.5 may not be able to insert images. In addition to that, changes to your post might be lost for unknown reasons after doing that. Nonetheless, you can insert the image in another method by copying the URL of the image in the gallery and inserting it via Add Image in the toolbar.
{ 1 comment… read it below or add one }
I would be very happy to determine exactly what is causing those problems, provided you can share some information with me (e.g. error messages, version numbers, etc). From your workaround I see you are using ModSecurity 1.x; this version is very strict about the format of requests used for file uploads. We’ve relaxed this a bit in 2.x, so you might be fine with that version.
Please get in touch with me via email. Thanks.
By the way, the 1.9.x is very old, as the first 2.x version was released in October 2006.