WordPress 2.3.2 in detail

WordPress 2.3.2 has been released and includes a number of changes including one security fix, here is a list of most of the changes in detail:

  • Performance improvements for post sanitization when raw content is required (#5325).
  • Changes to is_admin() to ensure that it is only true for admin pages thereby protecting against exposing draft posts. (#5487).
  • Suppression of database errors unless WP_DEBUG is true (#5473).
  • Check for valid database connection information during install and display and error if the install fails due to database rights (#5495).
  • Support for a custom database down page to be displayed on database connection errors (#5500).
  • Changes to make sure we are more selective in what we make clickable, this introduces different rules for different uri types ([6450]).
  • Changes to wp-mail.php to escape the error messages when displaying them to avoid a possible XSS attack (#5484).
  • Changes to ensure that the post password is only exposed by the xmlrpc method metaWeblog.getRecentPosts to users with rights to edit a post (#5535).
  • Changes to the information exposed the wp.getAuthors xmlrpc method to reduce the information exposed and add a capabilites check (#5534).
  • Addition of extra capabilites checks to xmlrpc methods ([6504]).
  • Addition of extra capabilites checks to APP server ([6508]).
  • Changes to validate_file() to improve its traversal attempt detection when running on windows ([6521]).

For a complete list of all the changes you can read this section of the branches/2.3 log.

68 thoughts on “WordPress 2.3.2 in detail

  1. @BigDog: We don’t offer an official list or download of changed files because this can often be a more difficult way to upgrade. You can however generate a zip file containing the changed files or a unified diff using trac from the links at the bottom of the differences page linked from the dev blog post.: Zip File Unified Diff

  2. Thanks a lot for the changelog. I ended up finding this through Google, as it wasn’t listed anywhere in the update announcement I found in my Site Admin console! What’s the point of telling me an update is available if there’s no reasoning as to why I should perform the upgrade? Newer doesn’t always mean better.

  3. @Cyde: Ryan couldn’t really link to this from the update announcement as it wasn’t written until after the release. However, you should find this linked from your dashboard as well in the “Other WordPress news” section at the bottom.

  4. @News Corpse: You can yes – you should be able to get those files from the Zip File link in the same comment.

    In general it is always best to avoid modifying the core files and use the hooks/filters available within a plugin to make the changes you want.

  5. I saw this on my Dashboard, and I was wondering if you had come across this problem-I upgraded to 2.3.2, and lost all of my categories. As in, all of my posts now show as uncategorized. I asked at WP Support, and got one reply suggesting that I do something involving dropping tables and rebuilding them. Is there possibly an easier solution?

  6. @Elizabeth: Which version of WordPress did you upgrade from? There were no database changed in 2.3.2 so you should not have lost you categories like that.

Comments are closed.