Do you have "Prevent CSS tweaks" checked in your group settings?

you mean the box that is checked by default? You mean the box that says

WARNING: if allowed, users can easily deface the site, add hidden text, etc.

Yup.

Bug. What a bunch of crap to run into this late in the game. Has no one hacked a solution yet?

What if you uncheck it?

Wait what if it works the way it is supposed to work?

Plus I think it might work the way it is supposed to work! I saw this happen on a copy of a real installation I'm doing, but it has the motherload of all plugins running so I figured I'd duplicate the settings on a raw installation - and had the same problem.

I just now backed up the real installation and 'restored' it to the copy installation and was able to post an image with the checkbox checked. So now I have no idea.

TOO many installations going at the same time breaks my brain :(

Bear with me on this as I work to the bug starting from completely brand new: as admin I turned on registration and turned off validate email. I then registered via IE. So far so good.

As admin I changed the basic users group to have a visible link. In IE I get to see it now but can't post. As admin I enabled "advanced perms" to get the group settings for blog A, which gave "IE me" dashboard content but no posting perms. So admin changed the "Blog settings -> blog A -> Group perms" for GP#4 to "contributor". IE-me can now write, but has no Files tab or button.

admin uses the 'advanced' button to see that the group4 has media permissions, so I click the group's name because I think that's what I need to do next. AHA! This is where the "tiny little bug" comes in. I now see that the group with default media permissions on the "Blog settings -> blog A -> Group perms" has "files - no access" on the group's settings page. So admin changes it to "add/upload".

Finally IE-me can upload media. A rather nice shot of Summer Glau :D But can I put the image in a post yet? YES! HOORAY!!! This is with all other settings left as they were upon installation, so I don't need them to be in a high level group or have a high level. And I can leave the "prevent css stuff" box checked.

So the bug, if you don't mind it being called a bug, is that when I use my Group Settings subtab to make people be "contributors" it defaults to allowing media permissions, but another default setting - the actual Group Settings (via the Users tab) - conflicts with that. Very complicated, and no easy solution eh?

I still don't know how to recreate the "you can upload but can't insert" problem. So I should try eh? GOT IT! As admin if I change "XHTML validation" on "Users -> group name" to "basic security settings" IE-me is no longer able to insert an image into a post. IE-me can still upload media, and most likely can "make this image be a post", but can't do an old fashioned "insert html for this image into a post" or whatever the button actually says. This clearly counts as a bug right? I mean, if I tell it "use less security" and it chokes on a class statement it provides that's not right. Right?

EdB wrote:

I still don't know how to recreate the "you can upload but can't insert" problem. So I should try eh? GOT IT! As admin if I change "XHTML validation" on "Users -> group name" to "basic security settings" IE-me is no longer able to insert an image into a post. IE-me can still upload media, and most likely can "make this image be a post", but can't do an old fashioned "insert html for this image into a post" or whatever the button actually says. This clearly counts as a bug right? I mean, if I tell it "use less security" and it chokes on a class statement it provides that's not right. Right?

I have this exact problem - is there a way to make it go away? I don't want to change the "XHTML validation" back to strong security, because that was causing other problems for me. Similarly, I don't want to disable the CSS checking etc, for exactly the same reasons EdB said (or implied). I'm on 2.4.6.

Haven't gone after this myself. Perhaps the cure for a related 'bug' concerning bypassing antispam will motivate me to find a solution? Dunno, but I'll give it a go. Might take some time though as I tend to sometimes try esoteric debugs when something I think I can do isn't working. That happens a lot, but the other thing often only serves as a mental exercise.

I'll let you know if I find something.

EdB wrote:

Haven't gone after this myself. Perhaps the cure for a related 'bug' concerning bypassing antispam will motivate me to find a solution? Dunno, but I'll give it a go. Might take some time though as I tend to sometimes try esoteric debugs when something I think I can do isn't working. That happens a lot, but the other thing often only serves as a mental exercise.

I'll let you know if I find something.

Thanks, I'd appreciate it if you find some time. Similarly, I'll post here if I find a solution.

I had this problem and solved by chmodding the image directory.

But permissions only affect the ability to upload, which I had no problem with. The problem is that b2evolution won't allow inserting an uploaded image under the conditions described.