WordPress weekly digest 26th November to 2nd December 2007

It has been a busier week for WordPress 2.4, the changes this week were:

  • Use of ‘Log in’ instead of ‘Login’ for verb form (#5296).
  • Modifications to the way in which the login process determines if it is handling a POST request (#5365).
  • Addition of a get_user_by_email() function and clean up for the other get_user*() functions (#5392).
  • Correct support for mt_allow_comments to cover all possible values (#5366).
  • When posting by email, publish only if user has publish caps, otherwise set status to pending (#4642).
  • Changes to the hashing function used when storing the users password in the database (#2394).

The last change means that the next time you login the value stored in the database will change – this means that if you do upgrade passed this point reverting back to an old version will invalidate all users passwords and they will need reseting. Therefore it is a good idea to backup up your users table before updating to the latest trunk.

For even more information on some of the other little changes that went in this week you can read the whole weekly trac timeline.

18 thoughts on “WordPress weekly digest 26th November to 2nd December 2007

  1. Hi Peter,
    Is any thought being given to allow tagging/categories for pages? My site is about (semi magizine style) content pages, with a diary i.e. blog. Given the nature of the th (magazine) content, it would be ideal to categorize those pages by e.g. region, though I don’t currently see a way…
    Cheers, Bill

  2. Bravo for use of “log in” instead of “login” for the verb. I never thought I’d see the day.

  3. I like both ‘log in’ and ‘login’. They both sound good, even if they are grammatically incorrect ^_^

  4. @bill: There is no reason why pages cannot support tags/categories – WordPress already supports the storage of tags/categories for Pages it just doesn’t provide the user interface to enable them to be edited. It would be a very simple plugin that enabled these features.

    @mikko: Currently WordPress does use md5 to hash the passwords – unfortunately the hash used is not salted and it is very easy to reverse the md5 with a simple google search so we are switching to a portable hashed encryption scheme to provide better protection of peoples passwords.

  5. Thanks for that Peter – so the codex

    Pages are not Posts nor are they excerpted from larger works of fiction. They do not cycle through your blog’s main page, nor can they be associated with Categories

    is out of date then. I did a quick search and found only one plugin (http://www.stuff.yellowswordfish.com/page-category-plus/) that might do the job, but this uses the same cat list as for posts – I’d like a separate list – if only so the list of cats doesn’t exponentially extend on my main blog/diary page. Do you see this as possible or not? Out of interest is there a ‘page’ where users can request features in subsequent updates? I’ll stop buggin’ you now ;-)
    Many thanks, Bill

  6. Bill, I agree with Westi’s suggestion of submitting an idea, but I will share that similar ideas have been suggested many times, and have always previously been found to best live in plugin country.

    “The last change means”: Although technically it has been been possible from time to time to go back to an older subversion revision of trunk without restoring a database, it has never been recommended, and has seldom been possible for major versions. The only reason I mention this is because it being called out here [1] is the exception, not, unfortunately, the usual — so always be careful with upgrades, particularly if you live on the trunk ;-) . The wonderful thing is it is really easy to setup a WordPress development/testing environment on any computer — LAMP/WAMP is all you need.

    1. Ironically, I don’t recall seeing the same message sent to wp-hackers/wp-testers.

  7. @lloyd: Indeed it is unusual that we highlight something that stops you reverting – this is because you would normally have to go through wp-admin/upgrade.php to have performed the change so it is obvious that is has happen.

    In this case though the change happens the next time you login so you wouldn’t know it had happened if we didn’t highlight it.

    I believe Ryan sent a message to wp-hackers and wp-testers warning of the change.

  8. Ryan sent a message: you are quite right, I missed it previously, but found it now.

    Very interesting points about it normally being obvious with a database schema change, though given how many support requests we end up getting on the forums, obvious is relative ;-)

  9. From my admittedly limited understanding, it seems that youŕe replacing the current md5 hashing function with a portable (phpass) hashed encryption scheme using md5 + salt added. What do you foresee the timetable to be for moving away from md5 completely?

  10. I saw that admin panel will be redesigned, but where can we take a look closer on these new screens ?

    Will be the shuttle project implemented ?
    ps.: thanks for keep us up to date with 2.4

  11. @Jacob: At present due to the php versions we support we cannot move away from md5 as that is the only suitable functionality available in all these versions of php.

    When it is sensible to increase our php requirements we would then be able to consider switching to something other than md5

  12. @Giovanni: At present none of the new admin stuff has been checked in so we can’t see it yet! I will post some screenshots when it is.

    Some of shuttle did make it into an earlier WordPress version but I don’t expect any more of it to now.

Comments are closed.