Peter's Useful Crap - Topic: Flaw in generated error page?

Peter on Flaw in generated error page?

Wed, 01 Jul 2009 02:25:42 +0000

Great tip!

Brian on Flaw in generated error page?

Tue, 30 Jun 2009 23:49:57 +0000

I just encountered this problem. I posted another solution this in http://wordpress.org/support/t.....pic/223669 and wanted to post here as well.

If you have mod_access loaded, you can exclude a specific file(s) from authentication.

In the .htacess in wp-admin, add the following before the authorization rules:
# Allow access to install.css & install-rtl.css for wp_die()
SetEnvIf Request_URI "/css/install\\.css$" css_only
SetEnvIf Request_URI "/css/install-rtl\\.css$" css_only

Then right after the:
Order Allow,Deny
Add:
Allow from env=css_only

Additional files can be added as necessary. Or, if you want to allow access to all .css files , use:
SetEnvIf Request_URI "\\.css$" css_only

jca on Flaw in generated error page?

Thu, 11 Dec 2008 13:02:34 +0000

Thanks for the suggestions and help. Will try out your fix once I update (both WP and your plugin). ;)

Peter on Flaw in generated error page?

Wed, 10 Dec 2008 22:33:56 +0000

Sorry that he’s giving you such a hard time. I don't think extra security practices should be brushed off.

Did you try the fix I suggested?

jca on Flaw in generated error page?

Wed, 10 Dec 2008 22:30:51 +0000

I don't really understand the hostility from Otto42 the Wordpress.org moderator in the Wordpress Support thread when I asked about this issue.

Can I assume his view is the official WP view that this isn't a "bug"?

Are all support threads at WP that "helpful"? :(

Peter on Flaw in generated error page?

Wed, 10 Dec 2008 00:41:54 +0000

You should file a bug report for that as well.

Supposing your site is http://www.yoursite.com, and that you have your .htaccess file specifying the password protection in http://www.yoursite.com/wp-admin, you can copy wp-admin/css/install.css to the root of your directory and then add this rewrite rule to the top of your .htaccess file in wp-admin:

RewriteEngine On
RewriteRule ^css/install\\.css http://www.yoursite.com/install.css [L]

jca on Flaw in generated error page?

Tue, 09 Dec 2008 17:16:05 +0000

Also posted this question here:

http://wordpress.org/support/t.....pic/223669

but so far no help. :(

Peter on Flaw in generated error page?

Tue, 09 Dec 2008 13:04:15 +0000

Sadly I don't know of a way to exclude certain files from the .htpasswd umbrella. If there is a way to do that, I would love to hear about it. I can't think of a non-hackish solution at the moment.

jca on Flaw in generated error page?

Tue, 09 Dec 2008 00:22:19 +0000

I assume there is an .htaccess statement we can add to the .htpasswd statement that will make it exclude the .css file in the wp-admin directory? Would that work?

Peter on Flaw in generated error page?

Mon, 08 Dec 2008 21:09:38 +0000

Good catch. The plugin uses the standard WordPress function wp_die. You'll probably get the same behavior if you don't enter a name or e-mail address along with the comment. The wp_die function is defined in wp-includes/functions.php and you'll see that it has the CSS file hard-coded (and also that WordPress recommends using it over the die function). So I'll have to chalk it up to a WordPress design flaw.

You can get around this by either hacking the functions.php file to use a different CSS file in the wp_die function, or changing all instances of wp_die in my plugin to simply use the die function. You'll just get a plainer error message display.