Archive for the 'wordpress' Category
security update for wordpress released
by Justin Silverton
Wordpress 2.1.3 and Wordpress 2.0.10 have been released.
About this release:
“These releases include fixes for several publicly known minor XSS issues, one major XML-RPC issue, and a proactive full sweep of the WordPress codebase to protect against future problems.”
also,
“As an update to the systems issue we had last month, we have taken dozens of additional precautions with the servers and systems that run WordPress.org and they appear to be working well, despite hundreds of hack attempts after we publicly disclosed there had been a problem. We are also now aggressively monitoring all downloads for any changes or modifications, and we are confident the same type of problem won’t happen again”
Downloads
2.1.3 can be found Here
2.0.10 can be found Here
Wordpress 2.0.7
By Justin Silverton
Even though this news is a little old, I think it is important that people know about this release (you should only need to upgrade to this version if you are currently running the 2.0.X Version of wordpress.
Here is the list of updates:
- Security fix for wp_unregister_GLOBALS() to work around the zend_hash_del_key_or_index bug in PHP 4 versions less than 4.4.3 and PHP 5 versions less than 5.1.4 with register_globals set to “On.”
- Feeds now properly serve 304 Not Modified headers instead of mismatched 200/304 headers (a.k.a. the FeedBurner bug).
- Backport of another 304 Not Modified fix from WordPress 2.1
- Deleting WordPress Pages no longer gives an “Are You Sure?” prompt.
- After deleting a WordPress Page, you are now properly redirected to the Edit Pages screen.
- Sending an image at original size in Internet Explorer no longer adds an incorrect “height” attribute.
go here for more details.
wordpress 2.1 to be released on Monday
By Justin Silverton
Wordpress 2.1 is going to be on Monday January 22nd. Here are some great new features that you will see:
Auto-save of Drafts - WordPress 2.1 adds an autosave function that is automatically implemented when writing new drafts. This functionality uses AJAX and operates without new pageloads. The title of the post must be filled out in order for autosaving to occur.
Plugin Compatibility - many plugins will no longer work in 2.1 due to deprecation of database table variables. However, whenever there is a new version of WordPress, the other possible “plugin breaks” extend farther. Fortunately, the WordPress community has been hard at work testing plugins with 2.1 determining compatibility (find out if your plugin is compatible here).
New Visual Editor Interface - A big problem (to many) in the WordPress 2.0 branch was the Rich Text Editor (RTE) powered by TinyMCE. I believe the RTE was a good idea but was before it’s time. Thankfully, the developers have heeded the concerns brought to bear on the RTE in WordPress 2.0 and have significantly improved it. Notably, there is now a tabbed interface in the Write screen that will allow bloggers to switch between the two views seamlessly.
More information on this can be found here.
How to survive the digg effect
By Justin Silverton
If you have a wordpress blog and have gotten to the front page of digg, you may have seen the following error message:
This is usually caused by a large amount of traffic that is overloading your database (because each page that is loaded requires a query or multiple queries).
A great way to not only improve the speed of your entire blog, but help prevent the above error from occuring is to install a plugin called WP-Cache.
Installing
Installing is pretty easy and straight forward:
- Upload to your plugins folder, usually
wp-content/plugins/and unzip the file, it will create awp-content/plugins/wp-cache/directory. - If you have Gzip Compression enabled turn it off (in Options->Reading).
- Activate the plugin on the plugin screen.
- Go to “Options” administration menu, select “WP-Cache” from the submenu, the plugin will try to autoconfigure everything. The plugin will try to autoconfigure everything and guide you through the process. In case of failure –normally due to the lack of files’ privilegies– it tell you and give the instructions to solve the problems.
- A way to make things even faster is to enable gzip compression for wp-cache. It can done by doing the following: (within wp-cache-phase1.php) add the following line: if ( extension_loaded(’zlib’) ) ob_start(’ob_gzhandler’); before this line: foreach ($meta->headers as $header) {
The wp-cache wordpress plugin can be downloaded here
A feedburner fix for wordpress 2.0.6
By Justin Silverton
In a recent article here a recent issue has been discovered with the latest version of wordpress and feedburner:
After upgrading to WordPress 2.0.6 or WordPress 2.1 Beta, your FeedBurner feed will, at times, give you an “invalid xml” error, and “FeedMedic” will show you something like this:
Your server disconnected us before sending the full source feed content.
The Fix
There is a simple way to fix this issue, which involves the following steps:
1) Open /wp-includes/functions.php and find the following code (around line 2231):
if ( substr(php_sapi_name(), 0, 3) == 'cgi')
@header("HTTP/1.1 $header $text");
else
@header("Status: $header $text");
}
2) change to the following:
// if ( substr(php_sapi_name(), 0, 3) == 'cgi')
@header("HTTP/1.1 $header $text");
// else
// @header("Status: $header $text");
}
3) Save the file and exit. Resync your feed at FeedBurner