Flash Uploader Issue

[lazer]

Hey

We have just upgraded to PHP 5.4.15 and it seems that the only thing to have stopped working is the Flash file uploader. Whenever we try and upload in FF, we are met with this error:



No error is logged for this, in the ACP.

 

[TPerry]

Hey

We have just upgraded to PHP 5.4.15 and it seems that the only thing to have stopped working is the Flash file uploader. Whenever we try and upload in FF, we are met with this error:

View attachment 46958

No error is logged for this, in the ACP.

Does it work via Chrome or another browser?

 

[lazer]

Yes, we have narrowed this down to FF only, at this time.

 

[Mike]

Just to confirm, it doesn't happen in FF with the Flash uploader disabled?

Can you check your web server error log? There might be more information there.

What version of PHP were you running before?

 

[lazer]

Hi Mike,

I can confirm, the non-flash uploader works fine in FF.
We were running 5.2.9 previously.

I will speak to my server guy about getting log information...

 

[Sheldon]

This has to do with the mod_security settings.

Here is the ticket I have had to send it to get it corrected:

If you believe the security rule is affecting the normal operation of your website,
you can disable it by adding the following lines to your .htaccess file:

<IfModule mod_security.c>
# Turn the filtering engine On or Off
SecFilterEngine Off
</IfModule>

Could you disable that please?

 

[lazer]

Cheers Stewart

 

[Biker]

Rather than turning mod_security off entirely for the site, you should find the actual rule that's kicking in and fix that instead.

 

[Floyd R Turbo]

I am getting this issue as well, after searching through this site on attachment uploading issues I've pinned down the problem to the Flash Uploader. If I disable it, I can use the "Upload a File" button. If it is enabled, I cannot use the button, but I can drag & drop the file into the editor window and that works.

So in reference to this statement:

Rather than turning mod_security off entirely for the site, you should find the actual rule that's kicking in and fix that instead.

What rule do I need to look for here?

I know nothing about mod security, does it open up the potential for harm to disable it completely in .htaccess by removing the # from the lines as described in the file?

Is there a better way, like this? https://xenforo.com/community/threads/disabling-mod_security-on-xenforo.41744/#post-449761

 

[Mike]

Are you sure you're having the same problem? (See https://xenforo.com/community/threads/upload-button-problems-in-ff.82898/)

 

[Floyd R Turbo]

No, I saw that one but I have dual monitors and the pop up goes into the other monitor.

My issue is identical to the OP, the photo loads up (the progress bar gets to 100%) and then I get the "problem uploading your file" pop up.

 

[Mike]

Just to note that mod_security can't always be adjusted from .htaccess (probably true more often than not). Your host should be able identify the rule that is being hit and whitelist it for your account.

 

[Biker]

modsec_audit.log will show which rule is causing the issue.

 

[Floyd R Turbo]

I figured this one out. The issue was not related to mod security at all. The issue was occurring on an installation that is currently password protected as it is a dry-run conversion that is under construction. It turns out that password protecting the XF installation directory will interfere with the flash uploader.

I figured this out because another XF license I'm running with the same host did not exhibit the issue. I removed the PW protection and the flash uploader worked, then put the protection back on without refreshing the page and the flash uploader failed.

So just FYI for anyone seeing the same issue on a test installation, that's the reason. Disable the uploader in ACP and then enable it when you go live, problem solved.