WordPress 2.3.2

WordPress 2.3.2 has been released and this release includes a number of changes including one security fix.

  • Performance improvements for post sanitization when raw content is required.
  • Changes to is_admin() to ensure that it is only true for admin pages thereby protecting against exposing draft posts.
  • Suppression of database errors unless WP_DEBUG is true.
  • Check for valid database connection information during install and display and error if the install fails due to database rights.
  • Support for a custom database down page to be displayed on database connection errors.
  • Changes to make sure we are more selective in what we make clickable, this introduces different rules for different uri types.
  • Changes to wp-mail.php to escape the error messages when displaying them to avoid a possible XSS attack.
  • Changes to ensure that the post password is only exposed by the xmlrpc method metaWeblog.getRecentPosts to users with rights to edit a post.
  • Changes to the information exposed the wp.getAuthors xmlrpc method to reduce the information exposed and add a capabilites check.
  • Addition of extra capabilites checks to xmlrpc methods.
  • Addition of extra capabilites checks to APP server.
  • Changes to validate_file() to improve its traversal attempt detection when running on windows.

Get yours today.

1 Star2 Stars3 Stars4 Stars5 Stars (132 votes, average: 3.57 out of 5)

WorPress Plugin Development With PHP

I spoke about WorPress Plugin Development with PHP on Wednesday, 12th December 2007 at the Singapore PHP User Group, Decemember 2007 meetup.

That is the first time I am speaking publicly and hence I was quite nervous and spoke very fast.

During normal days, I speak very fast (all my friends said that) + my nervous = super fast speaking

Anyway, enjoy this fast paced video:

And yes, embedding this video breaks my site XHTML validation!

*UPDATE* The slides can be downloaded here.

1 Star2 Stars3 Stars4 Stars5 Stars (87 votes, average: 3.67 out of 5)

Packed Javascript For WP-Polls

As I have received many request to optimized the Javascript for WP-Polls (I will also do it for other plugins but I will beta test it with WP-Polls first), I have used Dean Edwards Packer to pack my Javascript for WP-Polls and then I have moved the Dynamic Javascript variables out of the Javascript file and into the PHP page and now I can renamed it back to .js extension instead of .php.

These 2 things that I have done should help reduce the load on the server.

If are interested to test it out, you can download WP-Polls 2.30 Beta 1.

1 Star2 Stars3 Stars4 Stars5 Stars (66 votes, average: 3.73 out of 5)

Kila Morton Wrote About Me

Kila Morton of PureBlogic has written an article about me and the article is being submitted to digg.

Lester Chan is a student. While attending school, he decided to start developing WordPress plug-ins to support himself. These plug-ins offer great functionality that extend the WordPress platform. For instance, at the bottom of this blog there is a rating system. Where did that come from boys and girls? Lester Chan! Need polls for your blog? Who can you turn to? Lester Chan! In fact, Lester has developed over a dozen plug-ins for WordPress users. These are plug-ins that make it easier for people like you and I to blog about what we love and make money blogging .

THANK YOU Kila Morton!

View: Lester Chan Makes Great WordPress Plug-ins For Your Blog

1 Star2 Stars3 Stars4 Stars5 Stars (45 votes, average: 3.40 out of 5)