WordPress 3.4.2 has been release and it is both a maintenance release that fixes 21 bugs and security release that fixes vulnerabilities that includes potential privilege escalation and a bug that affects multisite installs with untrusted users.
Some of the 21 bugs include:
- Fix some issues with older browsers in the administration area.
- Fix an issue where a theme may not preview correctly, or its screenshot may not be displayed.
- Improve plugin compatibility with the visual editor.
- Address pagination problems with some category permalink structures.
- Avoid errors with both oEmbed providers and trackbacks.
- Prevent improperly sized header images from being uploaded.
Version 3.4.2 also fixes a few security issues and contains some security hardening. The vulnerabilities included potential privilege escalation and a bug that affects multisite installs with untrusted users. These issues were discovered and fixed by the WordPress security team.
Download: WordPress 3.4.2
Auto Update: Dashboard -> Updates
ManageWP wrote an article entitled, Show Your Love for the Top 100 WordPress Plugin Developers. I am ranked 5th on the charts =D
We’ve spent rather a lot of time gathering and sorting data for the top 100 WordPress plugin developers, based upon total number of downloads. Unless you are brand new to WordPress, it is likely that you use at least one plugin created by the developers below.
All you need to do is pick out one (or more) of your favorite developers, and take a moment to thank them. We’ve collected all of the Twitter accounts we could find, but we are sure you can find other ways of getting in touch if your chosen developer doesn’t have an account listed.
Firing off a quick tweet to thank a developer for developing great free products will only take a moment, so why not do it?
Furthermore, if you’re on the hunt for plugins to check out, you will find a comprehensive list below of the most popular plugins available for WordPress. Just remember to thank the developer if you start using one!
Thanks for the support guys =D
Some of the 18 bugs include:
- Fixes an issue where a theme’s page templates were sometimes not detected.
- Addresses problems with some category permalink structures.
- Adds early support for uploading images on iOS 6 devices.
- Allows for a technique commonly used by plugins to detect a network-wide activation.
- Better compatibility with servers running certain versions of PHP (5.2.4, 5.4) or with uncommon setups (safe mode, open_basedir), which had caused warnings or in some cases prevented emails from being sent.
Version 3.4.1 also fixes a few security issues and contains some security hardening. The vulnerabilities included potential information disclosure as well as an bug that affects multisite installs with untrusted users. These issues were discovered and fixed by the WordPress security team.
Download: WordPress 3.4.1
Auto Update: Dashboard -> Updates
WordPress 3.4 has been released.
The biggest change in 3.4 is the theme customizer which allows you to play around with various looks and settings for your current theme or one you’re thinking about switching to without publishing those changes to the whole world. For themes that support it, you can change colors, backgrounds, and of course custom image headers. We have more planned for the customizer down the road.
Throughout the rest of the admin you’ll notice tweaks to make your everyday life easier. For example, if you have lots of themes we’ve made it quicker to browse them all at once without paging. We’ve made it possible to use images from your media library to populate custom headers, and for you to choose the height and width of your header images.
We’ve expanded our embed support to include tweets: just put a Twitter permalink on its own line in the post editor and we’ll turn it into a beautiful embedded Tweet. And finally, image captions have been improved to allow HTML, like links, in them.
There are hundreds of under-the-hood improvements in this release, notably in the XML-RPC, themes, and custom header APIs, and significant performance improvements in WP_Query and the translation system. The Codex has a pretty good summary of the developer features, and you can always dive into Trac directly.
Download: WordPress 3.4
PS: My plugins should work with WordPress 3.4, if you discovered any bug, just drop me an email, lesterchan AT gmail.
About 2 weeks ago, I release an update to r WP-Email, WP-Polls, WP-PostRatings and WP-PostViews which added some nonce check and moved the AJAX request to be handled by /wp-admin/admin-ajax.php.
3 common issues that users are facing.
“-1″ or “Failed To Verify Referrer”
Password Protected /wp-admin/ Will Not Work
If you are using .htpasswd to protect your /wp-admin/ folder, AJAX request to /wp-admin/admin-ajax.php will not work. This problem is not unique to my plugin. Any WordPress Plugins that uses the WordPress AJAX API will break. As mentioned in this Codex, Hardening WordPress:
Simply securing the wp-admin/ directory might also break some WordPress functionality, such as the AJAX handler at wp-admin/admin-ajax.php
To bypass this, check out this tutorial, Password protecting the wp-admin directory, this tutorial will teach you how to whitelist admin-ajax.php in your /wp-admin/ using .htaccess.
I still hope in the future version of WordPress, they will separate front facing AJAX requests vs backend AJAX requests.
Your WP-Admin Is HTTPS While Your Site Is Not
If your WP-Admin is behind SSL aka HTTPS and you have the following config in your wp-config.php
define('FORCE_SSL_ADMIN', true);, the AJAX will fail because https://yoursite.com is different from http://yoursite.com and the browser treat it as different domain.
To solve this issue do the following:
'ajax_url' => admin_url('admin-ajax.php'),
'ajax_url' => admin_url('admin-ajax.php', (is_ssl() ? 'https' : 'http')),
What the code does is basically forcing http to be used when calling admin-ajax.php for AJAX request. Again this is a hack, I am trying to figure a way around it.
I have pushed the code to trunk of all the respective plugins.
I have updated the following plugins:
Now all AJAX requests are handled by /wp-admin/admin-ajax.php. Previously it is handled via the plugin PHP file itself by assuming that wp-load.php is always 2 levels down from the plugin file. But since you can have your WordPress in any folders, custom loading of wp-load.php is not possible as the path to wp-load.php varies from server to server.
While I am at it, I added nonce check for AJAX calls to WP-Polls, WP-PostRatings and WP-Email. Let me know if you run into problems via WordPress Support Forums, My Forums (if you are already registered) or via email (lesterchan AT gmail).
PS: Kindly refer to http://lesterchan.net/wordpress/2012/06/05/ajax-not-working-for-wp-email-wp-polls-wp-postratings-or-wp-postviews/ if you ran into problems.
WordPress 3.3.2 & 3.4 Beta 3 has been released
- Plupload (version 1.5.4), which WordPress uses for uploading media.
- SWFUpload, which WordPress previously used for uploading media, and may still be in use by plugins.
- Limited privilege escalation where a site administrator could deactivate network-wide plugins when running a WordPress network under particular circumstances, disclosed by Jon Cave of our WordPress core security team, and Adam Backstrom.
- Cross-site scripting vulnerability when making URLs clickable, by Jon Cave.
- Cross-site scripting vulnerabilities in redirects after posting comments in older browsers, and when filtering URLs. Thanks to Mauro Gentile for responsibly disclosing these issues to the security team.
vSWFObject, which WordPress previously used to embed Flash content, and may still be in use by plugins and themes.
WordPress 3.4 Beta 3
- 90 bugs have been fixed since beta 2
WordPress 3.4 Beta 1 has been released! The final version is expected to ship sometime next month (May 2012).
- Theme Customizer with Previewer
- Flexible Custom Header Sizes
- Selecting Custom Header and Background Images from Media Library
- Better experience searching for and choosing a theme
- New XML-RPC API for external and mobile applications
- New API for registering theme support for custom headers and backgrounds
- Performance improvements to WP_Query by splitting the query (Please test!)
- Internationalization improvements (improved performance and locale support)
- Performance and API improvements when working with lists of installed themes
- Support for installing child themes from the WordPress Themes Directory
Download: WordPress 3.4 Beta 1
WordPress 3.3 has been released! I have upgraded this site to WordPress 3.3. My plugins should be working fine with WordPress 3.3.
Experienced users will appreciate the new drag-and-drop uploader, hover menus for the navigation, the new toolbar, improved co-editing support, and the new Tumblr importer. We’ve also been thinking a ton about what the WordPress experience is like for people completely new to the software. Version 3.3 has significant improvements there with pointer tips for new features included in each update, a friendly welcome message for first-time users, and revamped help tabs throughout the interface. Finally we’ve improved the dashboard experience on the iPad and other tablets with better touch support.
There is a ton of candy for developers as well. I’d recommend starting your exploration with the new editor API, new jQuery version, better ways to hook into the help screens, more performant post-slug-only permalinks, and of course the entire list of improvements on the Codex and in Trac.
Download: WordPress 3.3
WordPress 3.3 Beta 4 has been released!
With all our major tickets closed, we are very close to a release candidate. In Beta 4 we’ve fixed a bunch of bugs, cleaned up the UI, added real text in some of the screens that still had placeholder text in Beta 3 (post-update screen, the Dashboard welcome area, new feature pointers), and generally tightened things up. We updated to jQuery 1.7.1 and addressed a LOT of bugs.
WordPress 3.3 Beta 2 has been released!
- Updated the Blue theme
- Fixed IE7 and RTL support
- Improved flyout menu styling and fixed several glitches
- Finished the Pointers implementation
- Landed the Welcome screen
- Improved contextual help styling
- Tweaked the admin bar a little more
- Fixed a bunch of bugs
WordPress 3.3 Beta 1 has been released!
WordPress 3.3 is ready for beta testers.
As always, this is software still in development and we don’t recommend that you run it on a production site — set up a test site just to play with the new version. If you break it (find a bug), please report it, and if you’re a developer, try to help us fix it.
If all goes well, we hope to release WordPress 3.3 by the end of November. The more help we get with testing and fixing bugs, the sooner we will be able to release the final version. If you want to be a beta tester, you should check out the Codex article on how to report bugs.
Here’s some of what’s new:
- Media uploader
- Improved admin bar
- Fly out admin menus
Remember, if you find something you think is a bug, report it! You can bring it up in the alpha/beta forum, you can email it to the wp-testers list, or if you’ve confirmed that other people are experiencing the same bug, you can report it on the WordPress Core Trac. (We recommend starting in the forum or on the mailing list.)
Theme and plugin authors, if you haven’t been following the 3.3 development cycle, please start now so that you can update your themes and plugins to be compatible with the newest version of WordPress.
Download: WordPress 3.3 Beta 1
WordPress 3.2.1 has been released!
After more than a million downloads of WordPress 3.2, we’re now releasing WordPress 3.2.1 into the wild. This maintenance release fixes a server incompatibility related to JSON that’s unfortunately affected some of you, as well as a few other fixes in the new dashboard design and the Twenty Eleven theme. If you’ve already updated to 3.2, then this update will be even faster than usual, thanks to the new feature in 3.2 that only updates files that have been changed, rather than replacing all the files in your installation.
- JSON, the admin
- A little bit tidier
- Edge cases covered