<<

WordPress 2.5 Image Upload Error FIXED!

>>

WordPress 2.5 Image Upload Error FIXED!

Wordpress 2.5 Image Upload ErrorSo far I have been enjoying the new WordPress 2.5 – the only problem is the image upload functionality and the image gallery have not been working for me. I have tried numerous fixed proposed both here and here – common for them all are they focus on .htaccess files changing the mod_security properties or patching WordPress files. Changing these properties are not a good idea from a security point of view – but I tried anyway and none of the proposed solution worked for me.

I messed around a bit and came up with a solution. If your error looks like the one on the screenshot to the left (HTTP error. An error occurred in the upload. Please try again later.), then try these (simple) steps:

1. Download the v2.1.0 beta release of swfupload, from this site (direct link

2. From the v2.1.0 beta release just downloaded go to the FlashDevelop subfolder

3. Upload the plugins folder to /wp-includes/js/swfupload

4. Go to the Flash9 subfolder, upload the swfupload_f9.swf to /wp-includes/js/swfupload

Wordpress upload settingsIf you are still experiencing errors do these addtional steps:

1. Go to /wp-content/ create the folder uploads, CHMOD it to 775.
2. In WordPress -> Settings -> Miscellaneous make sure that the “Store uploads in this folder” is set to wp-content/uploads and that “Full URL path to files (optional)” is http://yoursitehere.com/wp-content/uploads (if WordPress is in the root of your site)

That should do it. Enjoy the new WordPress image upload and gallery! Note that in the upload window you will get an type error (see screenshot below) caused by the mismatch in versions but the uploader still work beautifully. 

If you have any questions do not hesitate to mail Mads Ingwar, or post a comment.

Wordpress Image Uploader with v2.1.0 flash uploader

Update 1: 

After what I can only imagine must have been a marathon of workarounds, hacks and .htaccess tweaks, Francis Potter might have found the solution to a lot of your problems:

Francis Potter says:
Hi Mads,

I wanted to let you know I figured it out (after 5 more hours of work). The problem wasn’t permissions or mod_security or Flash, it was PHP safe mode! I only figured it out when I installed WordPress 2.3.3 and saw the same problem; then I realized it wasn’t something PHP-specific.

 

I suggest the people that the updated flash trick isn’t working for check out their PHP settings.

 

Update 2:

I received an e-mail from a reader, Chris, who would like to know why I consider changing the .htaccess settings a potential security risk. He was kind enough to let me use our e-mail correspondence in this post so the lot of you can benefit:

 

Hi there,

I just read your post about the WP 2.5 upload errors and your comment about changing .htaccess being a security risk.  That’s how I’ve fixed it but I don’t know about Apache to know why it’s a security risk.

Can you clarify this for me please?  :)

Thanks,
Chris

Hi Chris.

Thanks for your e-mail. You are right, it does not state in my post why it is a security risk to disable mod_security, but let me try to clarify:

Mod_security is a module for your Apache server. You can think of mod_security as a firewall for your Apache. It works as a intrusion detection system, and helps to shields you from a number of different attacks, such as SQL injection attacks, cross-site scripting and other nasties.

The problem with disabling mod_security is that you make it easier for hackers to compromise your system. However if you use a .htaccess file consisting of the following code:

<IfModule mod_security.c>
<Files async-upload.php>
SecFilterEngine Off
SecFilterScanPOST Off
</Files>
</IfModule>

The security risk is limited, as you are only disabling mod_security for async-upload.php (the upload script in WordPress), but unfortunately this is a widely distributed solution, so hackers know that people running WordPress 2.5 are likely to have disabled mod_security on that file.

The bottom line is that you *do* make your system more vulnerable, but the threat is not that high. If you run a blog and just want to have an easier time uploading images, by all means go ahead. On the other hand, if your business depends on your website you should weigh ease of use against security and chose what you think is best.

Hope this helps, and again thank you for your e-mail Chirs.

Kind Regards.
Mads Ingwar.

Hope this helps you – and remember if you must modify your .htaccess make sure to do it only on the async-upload.php file, and not entirely.

 

Update 3:

An interesting comment from our reader Tim suggest to turn off the “Bad Behavior Plugin”. It is an easy solution and it might work for some people.

 

Hi,
For reference, how I fixed it on my install.
I did not change mod security settings in .htaccess.
I did not need to change the permissions of folders.
I did not upgrade the flash uploader.
I did not untick “use subfolders to organise” option.
PHP safe mode was already off

But,
I did disable bad behaviour plugin.

It now works!
Thanks for all the clues on this page :)

Tim

Update 4: 

Our reader Sam says that the flash uploader is still a little buggy, but it helps to use the browser uploader:

Sam says:
2. In WordPress -> Settings -> Miscellaneous make sure that the “Store uploads in this folder” is set to wp-content/uploads and that “Full URL path to files (optional)” is http://yoursitehere.com/wp-content/uploads (if WordPress is in the root of your site)

 

That part worked for me. However, I have to use browser upload as its the only one working now and the flash uploaded is still showing me that ‘http error’. They don’t have any difference so I guess I should stick with browser upload instead. Thanks for the tip!

 

Update 5:

Another reader Chiwie has done some extensive testing on this bug on his mac, you can read more about that here:

Chewie says:
Hi all,

 

I have tried every method on this site and pretty much on the web and havent been able to find a solution to fix it. However i did find a way to disable the plugin and use the standard html image uploader as a fix. I also found some very interesting test results when using this on a mac.

 

You can check it out at http://www.chewie.co.uk/general/wordpress-image-upload-http-error/

 

Update 6:

Our reader Will also suggest the no-flash plugin, especially to mac users. And I must wish him good luck on his trip to Iraq :)

Will says:
One Mint Julep might have been the cause of it all for that great 50s R&B group The Clovers, but for the rest of us it might be plugins.

 

I started WP sans plugins with 2.5.1 and had no trouble with image uploading for awhile. But as plugin-o-mania gripped me with the same fervor as sex for an adolescent, they multiplied exponentially, I suddenly started getting that HTTP error. If I had the guts, I would deactivate all plugins to see if it works again. I long ago deactivated Bad Behavior, so that’s not the bad guy.

 

In the end, it was Chewie’s lead (above) that worked for me. Uploading the no-flash plugin ceased the nonsense.

 

I’m using WP 2.5.1 on Mac OS 10.4.11 with Sea Monkey browser for admin. I’d sooner do a tour in Iraq than upgrade to 2.6.