Toluu

WordPress Development Blog

WordPress development and updates

WordPress 2.7 Beta 2November 6

WordPress 2.7 Beta 2 is ready.  Here is a quick rundown of changes since beta 1.

• The Upload button didn’t always show. Fixed.
• JS on the Dashboard broke for blogs with no comments, causing several UI elements to “freeze”. Fixed.
• Recent Drafts Dashboard module didn’t show correct times. Fixed.
• Various Autosave fixes.
• Redirect after deleting a page from the editor went back to the deleted page. Fixed.
• Fixed loading of translations for default TinyMCE plugins.
• Added avatars to the edit users list.
• Added some missing translations.
• Fixed some validation errors.
• Fixed some PHP warnings and notices.
• Handle inconsistent file permissions during auto upgrade
• Change Publish box layout to better accommodate internationalized text
• Fix quick editing of the last page in the Edit Pages list
• Fix Screen Options for IE
• Fixes for choose tag from tag cloud
• Rewrite rules fixes for certain hosts
• Don’t check for updates on every page load
• Easier post box dropping
• Preview fixes
• RTL fixes
• Fixed broken wp-mail
• Plugin update and install fixes
• First draft of contextual help tab

If you have already installed beta 1, you can update to beta 2 via the Tools -> Update menu.  Beta 1 does have a bug in the automatic u

WordPress 2.7 Beta 1November 1

The first public beta of WordPress 2.7 is here at last.  Join the thousands of people already testing 2.7 by downloading 2.7 Beta 1.  As previously mentioned on this blog, 2.7 is bringing a new visual design.  This design is almost completely implemented, but there are still a few areas that aren’t quite finished in Beta 1.  There are also several glitches in certain browsers.  Beta 1 provides the best experience in Firefox and Safari. Don’t worry, we are working on IE and Opera and will have those looking good in time for the final release.

Speaking of the final release, it will not be available on November 10th as originally scheduled.  We are two weeks behind schedule at the moment.  We need a little more time to finish the visual design, do a round of user testing against that finished design, and do a proper round of public beta testing. Our plan is to keep working as if Nov. 10 is still the release date.  However, instead of releasing the final 2.7 on the 10th, we will make a release candidate available instead.  The release candidate is intended to be a high-quality, almost-finished release that we are comfortable recommending for broad use.  After Nov. 10, the focus will be on fixing high impact bugs turned up by those of you testing the release candidate. I suspect 2.7 will be ready for final release by the end of November.  A specific date will be set as we progress through the publi

WordPress 2.6.3October 23

A vulnerability in the Snoopy library was announced today.  WordPress uses Snoopy to fetch the feeds shown in the Dashboard.   Although this seems to be a low risk vulnerability for WordPress users, we wanted to get an update out immediately.  2.6.3 is available for download right now.  If you don’t want to download the whole release to get the security fix, you can download the following two files and copy them over your 2.6.2 installation.

1. wp-includes/class-snoopy.php
2. wp-includes/version.php

The Visual Design of 2.7October 17

It’s finally here, the moment you’ve all been waiting for! The long months of your tolerance and forbearance as you suffered through the inelegance of our hacked-together, leftover Crazyhorse interface are almost at an end. (Was it really that painful?)

This week at the Automattic team’s semi-annual offsite meeting (offsite since we have no office), the visuals you have been craving were finally created and approved. We hope you like them. Mad props to Matt Thomas and Andy Peatling for their visual talents. You can expect these designs to be extended to the rest of the 2.7 screens and implemented over the coming weeks.

So now that we finally nailed down the look, how’s it going to work? The menu system in particular has been the topic of discussion on the hackers and testers lists, so I thought I would take this opportunity to explain how we plan for it to work. As you know, one of the goals of 2.7 was to reduce the necessity to load new screens just to access sub-navigation menus; we wanted the most-used screens to be within a click or two at most. If you’ve been using the nightly builds, you got used to the arrow controls that allowed you to expand and contract the menus. Then you got used to the box-style with icons that not only opened and closed vertically, but could be minimized horizontally as well, leaving a remnant of icons to provide a kind of “advanced mode,” though you don’t need to be particularly advanced to use it. Now that we

WordPress 2.6.2September 8

Stefan Esser recently warned developers of the dangers of SQL Column Truncation and the weakness of mt_rand().  With his help we worked around these problems and are now releasing WordPress 2.6.2.  If you allow open registration on your blog, you should definitely upgrade.  With open registration enabled, it is possible in WordPress versions 2.6.1 and earlier to craft a username such that it will allow resetting another user’s password to a randomly generated password.  The randomly generated password is not disclosed to the attacker, so this problem by itself is annoying but not a security exploit.  However, this attack coupled with a weakness in the random number seeding in mt_rand() could be used to predict the randomly generated password.  Stefan Esser will release details of the complete attack shortly.  The attack is difficult to accomplish,  but its mere possibility means we recommend upgrading to 2.6.2.

Other PHP apps are susceptible to this class of attack.  To protect all of your apps, grab the latest version of Suhosin.  If you’ve already updated Suhosin, your existing WordPress install is already protected from the full exploit.  You should st