WordPress.org

Ready to get started?Download WordPress

Forums

Cheatin uh? (When trying to upload media via 3rd party theme) (31 posts)

  1. producerism
    Member
    Posted 1 year ago #

    I had a problem exactly as described in this thread:

    http://wordpress.org/support/topic/cheatin-uh

    Since the topic was closed, it will end up sinking to the bottom of the forum - so I wanted to point out the ONLY FIX I'm aware of so far, without waiting for the theme developers to make updates. Fix thanks to crazy.adeel:

    open media-upload.php from admin folder.
    goto line# 125
    remove line#125 and replace it with below
    if ( ! empty( $_REQUEST['post_id'] ) && current_user_can( 'edit_post' , $_REQUEST['post_id'] ) )

    don't change line#126 ..

    That's it. Basically, the change was removing "!" in front of current_user_can('edit_post' ... so that it doesn't care whether or not you can edit a post.

    Obviously this is less than ideal of a fix since it opens up a security hole - however, some of us don't have the luxury of explaining to clients that they have to wait for a wordpress or a theme update.

    Hope this helps someone else out there as much as it helped me! Note to mods - please don't close threads on active issues. If you want to point the finger at theme developers, fine. But don't squash the conversation. Please.

  2. Nikolaii
    Member
    Posted 1 year ago #

    I had this problem with wp3.4 and 3.4.1. So I decided to install wp 3.3 and that helped. Good luck ;)

  3. Ryan
    Member
    Posted 1 year ago #

    Thanks producerism,

    That fixed my issue temporarily.

    Hopefully something is updated soon so we don't require a security hole to be able to upload things.

  4. kevinslane
    Member
    Posted 1 year ago #

    The fix should reside in the theme, not in core. WordPress changed post_id to post_ID so the uppercase ID will through off the upload function.

    Note this post here: http://wordpress.org/support/topic/cheatin-uh/page/2?replies=39#post-2905925.

    Simply changing the line towards the bottom that reads tb_show('', 'media-upload.php?post_id=0&type=image&TB_iframe=true'); to tb_show('', 'media-upload.php?post_ID=0&type=image&TB_iframe=true'); will solve the issue and you won't have to touch core. The code assumed that the admin would have a hidden field called 'post_id' but the WordPress upgrade changed that field so it chokes.

    If you modify core the next time you do an upgrade the same issue will more than likely occur unless it's fixed from the theme side because WP change the id from lowercase to uppercase.

    Hope this helps users on this forum and others.

  5. Ryan
    Member
    Posted 1 year ago #

    Thank you kevinslane!

    Turns out that was the problem in a custom plugin we had.

    All fixed now and no changes to core required.

    Cheers

  6. attosoft
    Member
    Posted 1 year ago #

    To kevinslane,

    The fix should reside in the theme, not in core. WordPress changed post_id to post_ID so the uppercase ID will through off the upload function.

    Could you show me the source? I think you're wrong.

    Media Uploader restricts post ID for some reason in WordPress 3.3.3 or later. See Changeset 21048 for trunk/wp-admin/media-upload.php that is core in you-speak.

    When you replace post_id with post_ID, Media Uploader seems to work because post_ID is invalid name and equal to no parameter.

    • Without post_id parameter, it works as post_id=0
    • If post_id=0, it works
    • If post_id=123, it does not work since post ID is restricted
    • If post_ID=0, it works since post_ID is invalid name
    • If post_ID=123, it works since post_ID is invalid name
  7. anish_annu
    Member
    Posted 1 year ago #

    @ kevinslane

    tb_show('', 'media-upload.php?post_id=0&type=image&TB_iframe=true');

    Can you please help me to locate the file where we need to make those changes and at which line.

  8. kevinslane
    Member
    Posted 1 year ago #

    If you zip your theme and send to me @anish_annu I will be happy to update and send back. Just zip your theme and I can download and I will send back the appropriate file that will be modified.

    Thanks,
    -Kevin

  9. anish_annu
    Member
    Posted 1 year ago #

    Thanks @ kevinslane for your response and asking me for the following0-

    If you zip your theme and send to me @anish_annu

    But i would appreciate if you could let me know, i can do it on my own also, if you would like to help me further on this.
    Regards

  10. kevinslane
    Member
    Posted 1 year ago #

    You will need to find the file in your theme that does the custom upload which will more than likely be a .js file. I have know way of knowing what the name of that is w/o seeing the theme structure as all themes are built differently. Or you could grep for a specific term on all of the files in your theme to find out where this function resides.

    Thanks,
    -Kevin

  11. prbenson
    Member
    Posted 1 year ago #

    Hi Kevin---
    I am also having the same problem and do not have much of a background in work on the web. Am I looking for the "id" to capitalize under the "editor" tab on WP?

  12. anish_annu
    Member
    Posted 1 year ago #

    @ kevinslane
    Thanks again for responding so fast.
    I have found the file and code but that seems slightly different than what is explained in your post.
    Here goes the link for the file

    Can you please help me to address the issue in the coding of this file.
    Regards

  13. anish_annu
    Member
    Posted 1 year ago #

    The link seems not working, i am attaching it again, if it didn't work again, then let me know how can i send that file.
    Link goes
    Here

  14. mayur6578
    Member
    Posted 1 year ago #

    thanks a lot Producerism it really helped me on http://freepremiumwordpressthemes.in

  15. kevinslane
    Member
    Posted 1 year ago #

    Please see here anish_annu:

    Follow this link and download the new file.

    Thanks,
    -Kevin

  16. kevinslane
    Member
    Posted 1 year ago #

    @prbenson, you will not be able to do anything within WordPress. You will need to modify your theme and have some basic knowledge of the structure of your theme and locating the appropriate file. Without knowing how to do either you will need to ask the editor of your theme or send me the theme as a zip via transferbigfiles.com and I can try to assist just as I did with anish_annu.

    Thanks,
    -Kevin

  17. anish_annu
    Member
    Posted 1 year ago #

    Thanks @ kevinslane for really quick work and fast response.
    I will download and replace the file.
    Once after checking the upload logo, favicon, media i will let you know whether it is working or not.
    Thanks a lot

  18. kevinslane
    Member
    Posted 1 year ago #

    I hope this works out for you anish_annu...the power of WordPress and Open Source communities, we all help each other out where possible.

    Thanks,
    -Kevin

  19. anish_annu
    Member
    Posted 1 year ago #

    @ kevinslane
    Unfortunately that change didn't work for me at all.
    One change that is working is change in line 126 from the core file that is being discussed. But that too is temporary solution and vulnerable to security as suggested by wordpress community too.
    Can you please help me out and let me know other possibility so that i can get rid of that message.

    Regards

  20. kevinslane
    Member
    Posted 1 year ago #

    Please shoot over your theme and I can test anish_annu and let me know where in the theme you are experiencing the problems so I know where to look to test. Please send through transferbigfiles.com and send to h1506118@govector.com.

    Thanks,
    -Kevin

  21. mgebers
    Member
    Posted 1 year ago #

    Many thanks to you @kevinslane. Fixing the post_id to post_ID in my themes works great, without having to touch core.

    For anyone using Elegant themes...go to themename>epanel>js>custom_uploader

    and change all occurences of post_id to post_ID. Worked great for me. I recommend you edit through 7-zip or similar, when i rezipped the theme and uploaded, i began getting a missing css file error.

  22. prbenson
    Member
    Posted 1 year ago #

    @kevinslane... I figured out the _id to _ID stuff as well THANKS TO YOU... phew! I am MUCH indebted to you.
    and thanks mgebers for the tips as well.

  23. attosoft
    Member
    Posted 1 year ago #

    Hey, don't spread wrong information. As I said before, replacing post_id with post_ID is a wrong solution even if it seems to work fine at a glance. If you think it's right, you should show us the source about post_ID parameter.

  24. anish_annu
    Member
    Posted 1 year ago #

    @ kevinslane, i will attach the screenshot of the error what i am receiving and where soon as i am facing few other issues currently.

    As other members @mgegers, @prbenson also states they found it helpful and were using elegant themes and the change is required in the same file which i have already uploaded and posted as link, i also think this alternative should work for me too. Hope by that time you can figure out and other members may help me.

    Regards

  25. attosoft
    Member
    Posted 1 year ago #

    This issue is caused by changeset 21048. So correct solution is removing added (green) lines in "wp-admin/media-upload.php", or using post_id=0. You should not use post_ID since it does not exist in WordPress.

  26. techjam
    Member
    Posted 1 year ago #

  27. KemiKill
    Member
    Posted 1 year ago #

    I deleted a picture from media that had been uploaded to the front page under "custom logo". I relized this error and went to the place in the striking under custom logo and tried to add a new picture and get the error Cheatin eh? I need this fixed ASAP...it's the logo on the front of our website and it looks terrible.
    [Contact details retracted by moderator]

  28. vagdesign
    Member
    Posted 1 year ago #

    If you're using an Elegant Themes theme, then use this fix described on this above post:
    http://wordpress.org/support/topic/cheatin-uh-when-trying-to-upload-media-via-3rd-party-theme?replies=27#post-3052611

  29. sgb02
    Member
    Posted 1 year ago #

    I have another theory after realizing that my admin user does not have the problem but another user with different privileges was having the problem.

    Most of the images and other changes that were previously successfully submitted were performed by the admin. But more recently I was using a different user with less privileges.

    I have the plug-in User Role Editor installed, and the user that was having the problem has a role based on Editor, but did not have the permission Manage Options checked.

    I tested by using two different computers to test: 1) one logged in as Administrator role to change permissions, 2) another logged in with Editor role to submit changes. I have able to successfully create or fix the problem by simply unchecking or checking the Manage Options permission in the User Role Editor.

    So at least my version of the problem can be fixed by checking the Manage Options permission for the role where you are having the problem.

    I am using: WP 3.5.1 User Role Editor 3.10 (and some other plug-ins).

    I would be interested in your thoughts on the above observations, and whether adding the above User Role Editor plug-in, and manipulating the Manage Options permission is the real cause/fix.

  30. renzxius
    Member
    Posted 1 year ago #

    Simply changing the line towards the bottom that reads tb_show('', 'media-upload.php?post_id=0&type=image&TB_iframe=true'); to tb_show('', 'media-upload.php?post_ID=0&type=image&TB_iframe=true'); will solve the issue and you won't have to touch core. The code assumed that the admin would have a hidden field called 'post_id' but the WordPress upgrade changed that field so it chokes.

    Thank You Kevin, this definitely solve the issue.
    To have it clearer for other since I was looking for it for sometime

    Find this file inside your "themefolder"/lib/admin/assets/js/admin.js(I'm using elegance theme)

    Then just search the following
    tb_show('', 'media-upload.php?post_id=0&type=image&TB_iframe=true');
    or
    tb_show('', 'media-upload.php?post_id=-629834&type=image&mysite_upload_button=1&TB_iframe=true');

    and then replace it with
    tb_show('', 'media-upload.php?post_ID=0&type=image&TB_iframe=true');

    Hope this solve people issues :D

Topic Closed

This topic has been closed to new replies.

About this Topic