It’s time to upgrade WordPress

WordPress plugins, themes, tips and hacks

It’s time to upgrade WordPress

December 30, 2007 – 1:08 pm | by Miriam Schwab

I logged in to my blog today only to find a disturbing little message at the top of the screen: “A new version of WordPress is available! Please update now.”

Yes folks, despite the goal of not releasing any new versions until 2.3, we now are faced with WordPress version 2.3.2, which fixes the draft vulnerability we wrote about recently, as well as “suppress[ing] some error messages that can give away information about your database table structure and limits and stops some information leaks in the XML-RPC and APP implementations” (from the WordPress blog).

An added bonus in this upgrade is the ability to create a custom template page that will display when users encounter database errors. Instead of some WordPress page filled with database mumbo jumbo, you can have a user-friendly page appear at times of database troubles with a message explaining the problem. This page is called db-error.php, and should be placed in your wp-content folder.

So let’s go upgrade everybody…Fantastico users will have to wait, since Fantastico hasn’t upgraded their WordPress installation yet.

7 Responses to “It’s time to upgrade WordPress”
By Ryan on Dec 31, 2007 | Reply

Miriam - I think you meant 2.4 above, not 2.3.

The customised error template sounds like a great idea. I’ve meaning to figure out how to hack that thing for a while now, but this should make it much easier.

Perhaps WordPress needs to setup a tier of upgrade levels? Perhaps green, yellow, orange and red where red means upgrade fast or your site will get hacked, orange means upgrade due to minor security problems, yellow means upgrade if you use the specific functions of WordPress which have security problems and green means there’s no security updates, but upgrade if you want the extra functions they’ve added.

Under that system I’m assuming this latest update would be a yellow, in which case we could just go check what’s wrong with our current installs and if the security problems aren’t major then wait till the upgrade reaches orange, or red if we’re really keen. Just an idea …
By Miriam Schwab on Dec 31, 2007 | Reply

Ryan, that is such a good idea! But I’m guessing that would cause a lot of problems for WordPress since you’d have people running different versions and there would have to maybe be all sorts of branches of WordPress. But I am getting sick of upgrading for every little thing, especially when we’re managing so many WordPress sites.
By Lynne on Jan 1, 2008 | Reply

I’m not looking forward to this, every time I try anything with this blog something goes terribly wrong! Oh well, what choice do I have?!
By Forrest on Jan 1, 2008 | Reply

Sadly, this one is a compressed archive full of PHP files. If you’ve made changes to some of the core files, outside your template - like I have - this is a much more complicated upgrade than others have been…
By Ryan on Jan 2, 2008 | Reply

Forrest - what do you mean by "compressed archive"? And what makes it different from previous WordPress upgrades?
By Ryan on Feb 5, 2008 | Reply

Looks like 2.3.3 is upon us!

According to WordPress it is an urgent security release due to other registered users of your blog having the ability to edit any page on your blog.

http://wordpress.org/development/2008/02/wordpress-233/

Of course, if you don’t allow people to register then it shouldn’t matter and you won’t need to upgrade - although they haven’t mentioned that in the official release.
By Ryan on Feb 5, 2008 | Reply

In case my interpretation is wrong …

“A flaw was found in our XML-RPC implementation such that a specially crafted request would allow any valid user to edit posts of any other user on that blog.”

My impression from the above quote was that the user would need to be registered with your blog to do any damage.

Subscribe
- Categories
  - Code Snippets (14)
  - CSS (1)
  - CSS Templates (17)
  - Design (17)
  - Good Blogging Practice (10)
  - Monetization (1)
  - News & Views (49)
  - Plugins (95)
  - Shorties (30)
  - Themes (26)
  - Tips (62)
  - Uncategorized (1)
  - WordPress as CMS (16)
- Most Popular
- Recent Posts
- Recent Comments
  - WordPress Modder:Good advice Guy, this is some
  - Ben Greenfield:Anybody know how to do this an
  - Guy:@thee- the most important thin
  - daniel:can you tell me how to convert
  - Brandon Cox:Thanks - I've used other metho
  - sandi:why its not working in my blog
  - Lorenzo:I would like to see a more mod
  - AvenuEmpire:Thanks man... I didn't use you
  - Mayank:nice post, but instead of all
  - Emily:Thank you, this was very helpf

About

There's lots of great stuff out there for WordPress. I put this blog together so that I would have a place to organize the best information so that when I need it, I can easily find it. What better way to do it than with WordPress?

Read more about me and this blog»
Shorties
WordPress Garage comments feed fixed
Ryan Hellyer just pointed out that the comments feed here at WordPress Garage was not working, and apparently hasn't been working since the end of April. I wonder if it had to do with upgrading to 2.5...

In any case, I've fixed the problem and it's working now, so you can subscribe to it if you like at http://feeds.feedburner.com/WordpressgarageComments.

Thanks as always for reading!
Challenge: how to display only authors who have written in a specific category?
Hi all - I was wondering if one of you can help us find a solution to a feature we would like to add to a WordPress site:

The site in question has multiple contributors. Most are dedicated to certain categories. We would like to automatically display on a category page only the authors who have written articles in that particular category.

For example, let's say we have a category called "Cucumbers" and a category called "Tomatoes." When someone clicks on the Cucumbers category we would like only the authors who have written posts categorized as Cucumber posts to appear, and on the Tomatoes category page, we would like only the authors who have written Tomato category posts to appear. There may be some overlap between the pages, since some authors may write posts for both the Cucumber and the Tomato categories.

One solution we thought of is to call the category we want and the number of posts from that category and then display the list of authors. The problem is it shows duplicate authors. Here's the code:

<?php query_posts('showposts=20&cat=3'); ?> <?php while (have_posts()) : the_post(); ?>

<?php the_author_posts_link (); ?>

<div style="clear:both"></div> <?php endwhile;?>

Is there a way to prevent duplicate authors from appearing? Or is there a better way?

Thanks in advance for your help.
Ryan at WordPress mentions Farsi and Hebrew developers for their work on WP admin
Ryan on the WordPress development blog (which is running on Prologue, very nicely I might add) has basically congratulated the "Farsi and Hebrew translation folks" for their hard work making the WordPress admin look good in right-to-left languages.

I'd like to take this opportunity to say that the Hebrew version of WordPress exists mostly, of not completely, thanks to Ran Hartstein. Ran always makes sure the Hebrew speaking audience gets their Hebrew version of WordPress as quickly as possible. Of course, the extended Israeli WordPress community adds a lot of value to the usage of WordPress, with many right-to-left themes, plugins, and the vibrant and helpful wpheb google group.
Security problem with Search Unleashed plugin
Security Focus has reported a security problem with the Search Unleashed plugin. The plugin stores search queries, but does not validate stored data and sends it back "raw" to the browser.

Read more at SecurityFocus
Tags

admin AdSense Automattic backup bad guys blogging categories CMS comments content CSS excerpts facebook feeds file management firefox Flash forms Google icons Images inspiration mobile Monetization navigation networking optimization Pages permalinks phpMyAdmin posts RSS search security SEO sidebar silly stuff social tags unique upgrades uploads video widgets WYSIWYG

WordPressGarage.com

It’s time to upgrade WordPress

7 Responses to “It’s time to upgrade WordPress”

Post a Comment

Subscribe

Categories

Most Popular

Recent Posts

Recent Comments

About

Shorties

Tags