Lester Chan’s WordPress Plugins

WordPress 2.3.2 has been released and this release includes a number of changes including one security fix.

• Performance improvements for post sanitization when raw content is required.
• Changes to is_admin() to ensure that it is only true for admin pages thereby protecting against exposing draft posts.
• Suppression of database errors unless WP_DEBUG is true.
• Check for valid database connection information during install and display and error if the install fails due to database rights.
• Support for a custom database down page to be displayed on database connection errors.
• Changes to make sure we are more selective in what we make clickable, this introduces different rules for different uri types.
• Changes to wp-mail.php to escape the error messages when displaying them to avoid a possible XSS attack.
• Changes to ensure that the post password is only exposed by the xmlrpc method metaWeblog.getRecentPosts to users with rights to edit a post.
• Changes to the information exposed the wp.getAuthors xmlrpc method to reduce the information exposed and add a capabilites check.
• Addition of extra capabilites checks to xmlrpc methods.
• Addition of extra capabilites checks to APP server.
• Changes to validate_file() to improve its traversal attempt detection when running on windows.

Get yours today.

Tags: 2.3, release

 

This entry was posted on Sunday, December 30th, 2007 at 19:13 and is filed under Site, WordPress. It has accumulated a total of 7,664 views. You can follow any responses to this entry through the RSS 2.0 feed. Both comments and pings are currently closed.