Author: Lester Chan

WordPress 2.6.5

WordPress 2.6.5 has been released. This release fixes a security problem as well as 3 other minor fixes.

he security issue is an XSS exploit discovered by Jeremias Reith that fortunately only affects IP-based virtual servers running on Apache 2.x. If you are interested only in the security fix, copy wp-includes/feed.php and wp-includes/version.php from the 2.6.5 release package.

2.6.5 contains three other small fixes in addition to the XSS fix. The first prevents accidentally saving post meta information to a revision. The second prevents XML-RPC from fetching incorrect post types. The third adds some user ID sanitization during bulk delete requests. For a list of changed files, consult the full changeset between 2.6.3 and 2.6.5.

Note that we are skipping version 2.6.4 and jumping from 2.6.3 to 2.6.5 to avoid confusion with a fake 2.6.4 release that made the rounds. There is not and never will be a version 2.6.4.

5 files have been changed:

  1. /wp-admin/users.php
  2. /wp-includes/feed.php
  3. /wp-includes/post.php
  4. /wp-includes/version.php
  5. xmlrpc.php

You can just download this 5 files and upload it to your server

1 Star2 Stars3 Stars4 Stars5 Stars (30 votes, average: 3.43 out of 5)

WordPress 2.7 Beta 3

WordPress 2.7 Beta 3 has been released.

  • Numerous style improvements and refinements.
  • All admin notices now go under the page title.
  • PHP Notice fixes.
  • Dashboard widget options now properly save.
  • Menu fixes.
  • New design for Quick Edit.
  • Canonical feed URL fixes.
  • Walker fixes.
  • An update for Hello Dolly.
  • Plugin installer updates.
  • Numerous font updates.
  • Updated login logo.
  • Switch position of “Save Draft” and “Preview” buttons in publish module.
  • File upload support for MS Office 2007+ file formats.
  • Media upload buttons won’t show if the user doesn’t have the upload capability.
  • Canonical redirects only do yes-www or no-www redirection for domains.
  • Shift-click checkbox range selection improvement.
  • Add New User page now separate.
  • Tag suggest only suggests tags (not other taxonomy terms).
  • QuickPress shows “Submit for Review” if user cannot publish.
  • Private posts/pages, and password-protected posts/pages are rolled into new “Visibility” section of publish module.

I got a feeling beta 3 will be a last beta and an RC1 will hit us next week.

Download: WordPress 2.7 Beta 3

1 Star2 Stars3 Stars4 Stars5 Stars (76 votes, average: 3.72 out of 5)

WordPress 2.7 Beta 2

WordPres 2.7 Beta 2 has been released.

Here are the changelog since beta 1:

  • The Upload button didn’t always show. Fixed.
  • JS on the Dashboard broke for blogs with no comments, causing several UI elements to “freeze”. Fixed.
  • Recent Drafts Dashboard module didn’t show correct times. Fixed.
  • Various Autosave fixes.
  • Redirect after deleting a page from the editor went back to the deleted page. Fixed.
  • Fixed loading of translations for default TinyMCE plugins.
  • Added avatars to the edit users list.
  • Added some missing translations.
  • Fixed some validation errors.
  • Fixed some PHP warnings and notices.
  • Handle inconsistent file permissions during auto upgrade
  • Change Publish box layout to better accommodate internationalized text
  • Fix quick editing of the last page in the Edit Pages list
  • Fix Screen Options for IE
  • Fixes for choose tag from tag cloud
  • Rewrite rules fixes for certain hosts
  • Don’t check for updates on every page load
  • Easier post box dropping
  • Preview fixes
  • RTL fixes
  • Fixed broken wp-mail
  • Plugin update and install fixes
  • First draft of contextual help tab

Download: WordPress 2.7 Beta 2

You can do the automatic upgrade via WP-Admin -> Tools -> Update.

PS: I would always recommend manually upgrade instead of automatic upgrade as it is more prone to errors.

1 Star2 Stars3 Stars4 Stars5 Stars (87 votes, average: 3.99 out of 5)

WP-CommentNavi 1.00 Beta

I have created a new plugin called WP-CommentNavi for WordPress 2.7. What it basically does is to have nicer/advanced pagination for your comments in WordPress 2.7. It is basically a copy of my WP-PageNavi plugin replaced with variables from the comments API of WordPress. I whipped out this plugin within an hour through lots of “Finding & Replacing” of texts.

Here is a demo of the plugin in action.

You can download it from here:

Do remember to read the readme.html

I have already applied for this plugin on the WordPress repository. Still waiting for a reply.

*UPDATE* Committed the plugin, SVN is at http://plugins.trac.wordpress.org/browser/wp-commentnavi/

1 Star2 Stars3 Stars4 Stars5 Stars (64 votes, average: 3.92 out of 5)

My Plugins And WordPress 2.7

I tested both 1.31/2.31 version as well as 1.40/2.40 version of my plugins and they appear to work fine in WordPress 2.7 EXCEPT for WP-Email and WP-Print. It is because for some reasons the canonical redirect happens before my template redirect and hence /email/ will always be an invalid page in WordPress eyes. This issue is not present in WordPress 2.6.

My efforts had paid off when my plugins undergo major cosmetic changes back in WordPress 2.5 to accommodate the new WordPress 2.5 design. It is because for WordPress 2.7, I need not do anything and the design just fits right in. I just need to add in the icon for the admin menu for WP-DBManager, WP-DownloadManager, WP-Email, WP-Polls and WP-PostRatings.

Here are the fixes to get WP-Email 2.31 and WP-Print 2.31 to work with WordPress 2.7. I will not update WP-Email 2.31 and WP-Print 2.31 with this fix, instead I will just leave the fix to be downloadeded on this site. Do note that the fix will make WP-Email and WP-Print work for WordPress 2.7 ONLY.

Here is the fix for WP-Email 2.31:

In wp-email.php:

Find (Line 106, Line 120, Line 134 & Line 147):

$rewrite_rules = array_slice($rewrite_rules, 4, 1);

Replace:

$rewrite_rules = array_slice($rewrite_rules, 5, 1);

Find (Line 758):

add_action('template_redirect', 'wp_email');

Replace:

add_action('template_redirect', 'wp_email', 5);

Alternatively you can download the fixed wp-email.php:

Here is the fix for WP-Print 2.31:

In wp-print.php:

Find (Line 79 & Line 95):

$rewrite_rules = array_slice($rewrite_rules, 4, 1);

Replace:

$rewrite_rules = array_slice($rewrite_rules, 5, 1);

Find (Line 395):

add_action('template_redirect', 'wp_print');

Replace:

add_action('template_redirect', 'wp_print', 5);

Alternatively you can download the fixed wp-print.php:

After uploading the fix, you need to regenerate permalink. Go to (WP-Admin -> Settings -> Permalinks -> Save Changes)

I have already committed these changes to WP-Email 2.40 and WP-Print 2.40 to the SVN.

Tentatively WP-DBManager, WP-DownloadManager, WP-Email, WP-Polls and WP-PostRatings will work for WordPress 2.7 only because of the new icon in the admin menu.

1 Star2 Stars3 Stars4 Stars5 Stars (50 votes, average: 4.18 out of 5)