WordPress 2.8.5 has been released and is up for download. Nothing exciting to see as it just addresses the exploit that was published this morning plus a few minor things. From the WordPress.org post:
- A fix for the Trackback Denial-of-Service attack that is currently being seen.
- Removal of areas within the code where php code in variables was evaluated.
- Switched the file upload functionality to be whitelisted for all users including Admins.
- Retiring of the two importers of Tag data from old plugins.
So get your installs up to date by downloading or upgrade in the admin panel!
Posted 284 days ago | Topics: Release, Wordpress | Tags: Release, Wordpress, wordpress 2.8.4, wordpress exploit | No Comments »
Around 9am (CST) this morning we were alerted via the wp-hackers mailing list that there is an exploit out that affects the latest version of WordPress, v 2.8.4.
If you want to read more about all the technical stuff you can find the original blog post detailing the exploit here.
I wouldn’t say this is critical since your data is not at risk but anytime someone can put heat on your server it is not good.
No word yet if a patch is going to be released in the form of WordPress 2.8.5. There are a few fixes out already however.
There is a chunk of code you can paste into your theme’s functions.php file.
function ft_stop_trackback_dos_attacks(){
global $pagenow;
if ( 'wp-trackback.php' == $pagenow ){
// DoS attack fix.
if ( isset($_POST['charset']) ){
$charset = $_POST['charset'];
if ( strlen($charset) > 50 ) { die; }
}
}
}
add_action('init','ft_stop_trackback_dos_attacks');
There is also already a fix on trac.
Posted 284 days ago | Topics: Wordpress | Tags: Wordpress, wordpress exploit, wordpress fix | No Comments »
So apparently you can’t change category slugs in WordPress MU. At least not without using phpmyadmin.
If you run into this problem and you don’t have access to phpmyadmin (or don’t want to give users access to it) the Edit Category Slug plugin is your answer. Works flawlessly in WPMU 2.8.4a.
Posted 285 days ago | Topics: Wordpress, Wordpress MU | Tags: Wordpress MU, wordpress plugin | No Comments »
WordPress 2.9 is right around the corner. The fearless and brave have already upgraded to 2.9-rare. I think I’ll wait for the beta to come out before I upgrade, which should be in a week or two.
Anyways, Doug Campbell is one of these people who has to live on the bleeding edge I guess. Actually I have no idea – but he did upgrade his blog to 2.9-rare.
He’s posted a quick article about 2.9 and tacked on a very handy feature list. Probably nothing new if you keep up with WordPress, but a good break down never-the-less.
To summarize what’s new in 2.9:
- Post thumbnails
- “trash” status.
- Image editing (resize, crop, flip)
- widgets outside the sidebar
- custom post types
- better media embeds (think viper’s video quicktags)
- register_theme_directory() function
You can read a few more details in his write up. WordPress 2.9 is expected to be beta by end of October and hopefully released a month after that.
Posted 288 days ago | Topics: Wordpress | Tags: wordpress 2.9 | No Comments »