Custom Header – Uploading Error – Permission

  • Resolved guitar7man

    (@guitar7man)


    14 years, 3 months ago

    For the life of me, I can’t figure this out.

    Bone stock installation. From scratch. Nothing special. All the keys are defined in the config file, and permissions are correct within the file structure.

    When uploading a custom header, I get the error message “You do not have sufficient permissions to access this page.“. It doesn’t matter which browser etc… ModSecurity isn’t killing it, and I can reproduce on demand. I can even work around it by messing with the URL. More on that later.

    Now – when I just go to the page normally, the URL shows:

    /wp-admin/themes.php?page=custom-header

    In the source code, I see the following in the form action:

    <form enctype="multipart/form-data" id="upload-form" method="post" action="/wp-admin/themes.php?page=custom-header%3Fpage%3Dcustom-header&step=2">

    And so consequently, once the file is specified and submitted, the URL displays:

    /wp-admin/themes.php?page=custom-header%3Fpage%3Dcustom-header&step=2

    And the error is displayed saying that I do not have sufficient permissions. In my mind, I’m thinking… What? Really? That’s either some really bad programming, or there is something going askew somewhere. Now, if I manually alter the initial page to:

    /wp-admin/themes.php?page=custom-header&step=1

    … meaning I added &step=1 to the end of it… the form action changes to:

    <form enctype="multipart/form-data" id="upload-form" method="post" action="/wp-admin/themes.php?page=custom-header&step=2">

    Now I can specify the image to upload as the custom header, hit upload, and success!

    So my question is…. WTF? Is this normal? Is there a bug? Is it possible I have a configuration issue? Like I said, this thing is stock as stock can be. I even re-installed the DB/files, reapplied permissions, etc. So I be at loss mang.

Viewing 1 replies (of 1 total)
  • Thread Starter guitar7man

    (@guitar7man)

    Found the problem.

    Fix by way of sabinevi’s comment:

    https://www.ads-software.com/support/topic/sudden-you-do-not-have-sufficient-permissions-to-access-this-page-error?replies=29

    —-
    I had a the same problem with saving some plugin settings. In my case it was a funny server setting that caused the problem: my WP installation is hosted on a Linux server running Apache but the hosting company tries to mislead hackers saying (through a server setting or something like that) that Internet Information Server (IIS) is installed as server software. You can find this information running a phpinfo() or if you don’t know how to do that, calling your hosting company.

    In wp-settings.php there are a few lines of code that double the querystring for sites on IIS (don’t ask me why) and that is where things go wrong because the website is not actually on IIS but the script thinks it is. I commented out lines 89-91 in wp-settings.php and my problem was solved. Like so:

    // Append the query string if it exists and isn’t null
    /*if (isset($_SERVER[‘QUERY_STRING’]) && !empty($_SERVER[‘QUERY_STRING’])) {
    $_SERVER[‘REQUEST_URI’] .= ‘?’ . $_SERVER[‘QUERY_STRING’];
    }*/

    Hope this helps someone!
    —-

    Except, as of 3.1.1 it’s in wp-includes/load.php via line 73-75

    Thanks sabinevi!

Viewing 1 replies (of 1 total)
  • The topic ‘Custom Header – Uploading Error – Permission’ is closed to new replies.