Tag Archives: WordPress

Changelog: Upgrade WordPress 3.2 to 3.2.1

Posted on by
1

The famous point 1 release. 8 days after the suppose to be major release. WordPress 3.2.1 is new available with couple of maintenance and compatibility fixes.

 

In a Nutshell

  • WordPress uncompressed folder size has increased by 0.06 MB to 9.42 Mb
  • 1 file added, 38 files modified and 1 file renamed. Within the wp-admin folder 22 files modified.

 

The Full Length

This will cover only the logical changes. Texture and style changes will be overlooked. Minor code refactoring may also be ignored if the changes are for standardisation. A complete diff’ing coverage is available on WordPress trac.

/wp-admin

  • includes/nav-menu.php
    • Validate original title upon start_el() function.

/wp-content/themes/twentyeleven

  • content-aside.php, content-image.php, content-link.php, content-status.php, content.php
    • Validate display of comment module upon password requirement

/wp-includes

  • class-json.php
    • Add new Service_JSON class for handling data requests in  JSON format.
  • compat.php
    • Add encode and decode functions on usage of Service_JSON class.
  • nav-menu.php
    • Validate original title upon wp_setup_nav_menu_item() function.

Summary

This is a technical blog post covering implementation changes of latest WordPress, version 3.2.1 from its pervious version 3.2. I will line out code changes to help enthusiast PHP developer understanding the techniques and security concerns.

 

Changelog: Upgrade WordPress 3.1.4 to 3.2

Posted on by
Reply

Less than a week from release of 3.1.4, WordPress decide to mark it’s next milestone on the Independence Day of America. And instead of calling 3.2 version 3.0 (where 3.0, 3.1 should be 2.10, 2.11 respectively), this will be the most important WordPress upgrade to-date.

WordPress 3.2 will have new system requirements:

  • PHP 5.2.4 from PHP 4.3
  • MySQL 5.0.15 from 4.1.2
  • Remove support for IE 6 with degradation

Detailed list of new features are summarised on WordPress 3.2 release page, but as highlight:

  • New admin interface
  • A new theme “Twenty Eleven”
  • Full screen editor feature
  • Out-of-date browser notification
  • Cache RSS output

 

In a Nutshell

  • WordPress uncompressed folder size has increased by1.13 MB to 9.36 Mb
  • 134 files added, 374 files modified and 11 files deleted. Within the wp-admin folder 17 files were added, 210 files modified and 4 files deleted.
  • 2 additional table record added and 2 records are deleted.

 

The Full Length

Unlike the usual changelogs, this article will not cover file by file changes and majority of modifications are new features and refactor to PHP 5.2. A complete diff’ing coverage is available on WordPress trac.

 

Summary

This is a technical blog post covering implementation changes of latest WordPress, version 3.2 from its pervious version 3.1.4. I will line out code changes to help enthausiast PHP developer understanding the techniques and security concerns.

Changelog: Upgrade WordPress 3.1.3 to 3.1.4

Posted on by
Reply

WordPress 3.1.4 is yet another security update before WordPress 3.2 gets finalised. Meanwhile, version 3.2 is in its third release candidate.

This fix addresses concern on malicious ability for editor-level user.

 

In a Nutshell

  • WordPress uncompressed folder size remains at 8.24 Mb
  • 19 files are modified. Within the wp-admin folder 8 files are modified.

 

The Full Length

This will cover only the logical changes. Texture and style changes will be overlooked. Minor code refactoring may also be ignored if the changes are for standardisation. A complete diff’ing coverage is available on WordPress trac.

root

  • wp-settings.php
    • Strict validation on getting blog locale.

/wp-admin

  • /includes/deprecated.php
    • Increase sanitation on building query on WP_User_Search() function.
  • /includes/media.php
    • Check for unset of attachment ID upon new media file handling.
    • Validate whether user can edit post with attachment upload on media_upload_form_handler() function.
  • /includes/post.php
    • clear out any data in internal variables

/wp-include

  • bookmark.php
    • Add ability to sort bookmarks by link ID on get_bookmarks() function.
  • formatting.php
    • Add option to sanitise new admin email on sanitize_option() function.
  • post.php
    • clear out any data in internal variables
  • query.php
    • Validate post_status variable to be an array on parse_query() function.
  • wp-db.php
    • Sanitise $blog_id variable to make sure its an integer.

 

Summary

This is a technical blog post covering implementation changes of latest WordPress, version 3.1.4 from its pervious version 3.1.3. I will line out code changes to help enthusiast PHP developer understanding the techniques and security concerns.

 

Changelog: Upgrade WordPress 3.1.2 to 3.1.3

Posted on by
1

WordPress 3.1.3 is yet another security update before WordPress 3.2 is finalised.

Stated fixes are:

  • Various security fixes
  • Taxonomy query hardening
  • Cleans up old WordPress import files if the import does not finish

 

In a Nutshell

  • WordPress uncompressed folder size has increased by 10 Kb to 8.24 Mb
  • 26 files are modified and 30 files are removed. Within the wp-admin folder 12 files are modified and 16 files are removed.

 

The Full Length

This will cover only the logical changes. Texture and style changes will be overlooked. Minor code refactoring may also be ignored if the changes are for standardisation. A complete diff’ing coverage is available on WordPress trac.

root

  • wp-login.php
    • Apply login_init action upon initialisation.

/wp-admin

  • admin-ajax.php
    • Prevent deletion to post metadata that has been marked as protected.
  • ms-delete-site.php
    • Checks admin referer upon initialisation.
  • /include/import.php
    • Add daily schedule clean up on possible failed imports.
  • /include/media.php
    • Escape filename upon get_media_item() function.
  • /include/post.php
    • Uses ‘post_mine_type’ property in edit_post() function.
    • Checks for protected metadata upon edit_post() function.
    • Checks current user state upon wp_edit_attachments_query() function.
  • /include/template.php
    • Checks for protected metadata in _list_meta_row() function.

/wp-include

  • canonical.php
    • Checks and stops canonical redirect if user is post author.
  • default-filters.php
    • Sanitise mine type before and upon post mine type.
  • meta.php
    • Sanitise meta value upon assignment in add_metadata() function.
  • post.php
    • Add support of  ’private’ status to attachments
  • theme.php
    • Escape file URL in get_header_image() function.

 

Summary

This is a technical blog post covering implementation changes of latest WordPress, version 3.1.3 from its pervious version 3.1.2. I will line out code changes to help enthusiast PHP developer understanding the techniques and security concerns.

 

Changelog: Upgrade WordPress 3.1.1 to 3.1.2

Posted on by
2

This is a security update since last WordPress release 3 weeks ago. WordPress 3.1.2 comes with couple of bug fixes and no database changes. Fixes stated are:

  • Fix a vulnerability that allowed Contributor-level users to improperly publish posts.
  • Fix user queries ordered by post count.
  • Fix multiple tag queries.
  • Prevent over-escaping of post titles when using Quick Edit for pages.

 

In a Nutshell

  • WordPress uncompressed folder size remains relatively unchanged at 8.23 Mb
  • 8 files are modified. Within the wp-admin folder 3 files are modified

 

The Full Length

This will cover only the logical changes. Texture and style changes will be overlooked. Minor code refactoring may also be ignored if the changes are for standardisation. A complete diff’ing coverage is available on WordPress trac.

 

/wp-admin

  • /includes/class-wp-posts-list-table.php
    • Tweak position of HTML escape on post title in display_rows() function.
  • /press-this.php
    • Validate user authority when setting post status in press_it() function.

/wp-include

  • /query.php
    • Logic tweak on query parsing in parse_query() function.

 

Summary

This is a technical blog post covering implementation changes of latest WordPress, version 3.1.2 from its pervious version 3.1.1. I will line out code changes to help enthusiast PHP developer understanding the techniques and security concerns.