WordPress 2.8.1 contains changes to improve the security of plugins by ensuring that only correctly registered plugin pages can be accessed as well as only showing the link to the page to users who have the capability required in the add_x_page call.
This change has broken a number of plugins which were adding there menus on the wrong action hook bypassing some capability checks.
The correct hook to use, as documented in the codex, is admin_menu. However, some plugins have successfully in the past been using admin_init but this meant that they bypassed some of the capability checking that WordPress does to help limit access to plugins pages.
This capability checking is there to help limit access to plugin added pages but plugins must always use current_user_can() to check the capability they require to ensure they prevent access to incapable users.
The code to look for in your plugins is something like this:
And don’t forget while checking your plugin for this issue go and check to make sure you use current_user_can() to check user capabilities before allowing them to access your plugin page functionality.
The only problem with this method is that you have to redo every time a WordPress release is made because it involves hacking a core file and the update mechanism will only offer you a nightly build if you already appear to be running one.
This got me thinking about whether or not you could create a plugin which would allow a blog to always track a particular type of nightly build stream so as to avoid the need to ever hack core files again. This morning I am please to announce the first release of my WordPress Beta Tester plugin which is inspired by Ryans example but achieves it in a plugin and will keep your blog on one of the two nightly tracks. The choice you have is:
Point release nightlies – This contains the work that is occuring on a branch in preperation for a x.x.x point release. This should also be fairly stable but will be available before the branch is ready for beta.
Bleeding edge nightlies – This is the bleeding edge development code which may be unstable at times. Only use this if you really know what you are doing.
Once you enable the plugin it will by default switch your blog to the “Point release” stream and if you want to switch to the “Bleeding edge” stream then you will need to go to the Tools … Beta Testing page and configure the plugin there:
Please note: Once you have switched your blog to one of these beta versions of software it will not always be possible to downgrade as the database structure maybe updated during the development of a major release.
A Changelog is a very important thing for a project and until recently it wasn’t easy to add one to your WordPress plugin hosted in Extend. Some plugin authors understood the benefit of providing there users with the information and were adding it in different places but it was not easy to track down where it was and it some cases your only hope was a trail of clicks across the web to the plugin Authors site to hunt down the post detailing what had changed in this version.
For me, a changelog is a very important thing it is all about justifying to your users why they should upgrade to the latest version of your plugin as well as reassuring them that the changes made have been made for specific reasons and helping them to understand the impact the changes may have on there usage of your plugin.
This has been a hot topic of late and we were discussing it on last nights WP Weekly podcast so I set off to see if I could track down the right person to get a change made to give all plugins a separate top level Changelog tab on there WordPress extend page.
This morning to my delight I found that a Changelog feature had been added and now we have a standardised way for plugins to add Changelogs. Basically there is a new section in the readme.txt standard which allows for you to document your changelog as your plugin develops. The new section looks like this:
== Changelog ==
= 1.0 =
* A change since the previous version.
* Another change.
= 0.5 =
* List versions from most recent at top to oldest at bottom.
Which produces the follow style of display on the plugins page in Extend:
And the information will also be displayed in a separate tab in the administration section of your WordPress blog by the plugin installer and updater:
So please go forth and update your plugins readme.txt file and let your users benifit from the information about what has changed between versions.