surfalot

It’s a “mediaplayer” folder. all the files in the download should be uploaded to the folder “mediaplayer” under this plugin’s folder.

This worked for me in the comments.php of the theme. Find:
<?php echo get_avatar( $comment, 32 ); ?>
replace with:

<?php
	$the_photo = '';
	if (function_exists('userphoto__get_userphoto') && defined('USERPHOTO_THUMBNAIL_SIZE') && !empty($comment->user_id))
		$the_photo = userphoto__get_userphoto($comment->user_id, USERPHOTO_THUMBNAIL_SIZE, /* before */ '', /* after */ '', array('class' => 'avatar'), /* def src */ '');
	if (!empty($the_photo)) echo $the_photo;
	else echo get_avatar( $comment, 32 );
?>

checks should allow you to deactivate the plugin without having a problem on the template. It also inserts the “avatar” class for your stylesheet that was forgotten in the original plugin. Hope that helps.

My apologies, this should catch it server wide, regardless of the directory WordPress is installed in…

<LocationMatch “wp-admin/async-upload.php”>
SecFilterEngine Off
SecFilterScanPOST Off
</LocationMatch>

<LocationMatch “wp-content/plugins/nggallery/admin/wp25/upload.php”>
SecFilterEngine Off
SecFilterScanPOST Off
</LocationMatch>

If you are a server manager, you can knock this out for everyone with an exclusion in your mod_security config.

Make an exception for only the offending script(s) in the /usr/local/apache/conf/modsec.user.conf (cPanel server) mod_security config file before any of the rules include files as such:

<LocationMatch “/PATH-TO-WORDPRESS/wp-admin/async-upload.php”>
SecFilterEngine Off
SecFilterScanPOST Off
</LocationMatch>

<LocationMatch “/PATH-TO-WORDPRESS/wp-content/plugins/nggallery/admin/wp25/upload.php”>
SecFilterEngine Off
SecFilterScanPOST Off
</LocationMatch>

These two files are the default locations of the WordPress flash upload and the NextGEN gallery plugin flash upload scripts. For any other scripts, change the LocationMatch to suit. Hope this help someone.

Having the same problem, don’t know why it’s happening since I’m new to WordPress and really don’t have the time or a full education at the moment, but at least I know what is causing it.

Apache version 1.3.39
PHP version 4.3.11
register globals: off

When wp_unregister_GLOBALS(); in wp-settings.php executes, it wipes the captcha session var out. If I comment the line it works fine. My guess is that commenting this is bad and has some security consequences. This is my work-around for now. I’ll let yall figure out a real fix.

find wp_unregister_GLOBALS(); in wp-settings.php, and replace with this.

// fix Register-Plus Captcha
if (!empty($_SESSION['1k2j48djh'])) {
  $tmp_store_1k2j48djh = $_SESSION['1k2j48djh'];
}

wp_unregister_GLOBALS();

// fix Register-Plus Captcha
if (!empty($tmp_store_1k2j48djh)) {
  $_SESSION['1k2j48djh'] = $tmp_store_1k2j48djh;
  $_SESSION['OK'] = 1;
  unset($tmp_store_1k2j48djh);
}

Great plugin, by the way. You might learn a little from this FreeCap captcha: www(dot)puremango(dot)co(dot)uk. It does basically the same thing, but a few more features and security measures. The GP has really put it through the ringer over the years.

One more thing that is off-topic, but should be mentioned. IE reports a JS error on the register page. It’s pointing to the code on line 1407 of register-plus.php. The error is the ‘year:’ is not getting a value (blank). So $regplus['calyear'] is empty at that point.

year:<?php echo $regplus['calyear'];?>,

Happy Coding!