WordPress 2.8.1 contains changes to improve the security of plugins by ensuring that only correctly registered plugin pages can be accessed as well as only showing the link to the page to users who have the capability required in the add_x_page call.
This change has broken a number of plugins which were adding there menus on the wrong action hook bypassing some capability checks.
The correct hook to use, as documented in the codex, is admin_menu. However, some plugins have successfully in the past been using admin_init but this meant that they bypassed some of the capability checking that WordPress does to help limit access to plugins pages.
This capability checking is there to help limit access to plugin added pages but plugins must always use current_user_can() to check the capability they require to ensure they prevent access to incapable users.
The code to look for in your plugins is something like this:
And don’t forget while checking your plugin for this issue go and check to make sure you use current_user_can() to check user capabilities before allowing them to access your plugin page functionality.
A Changelog is a very important thing for a project and until recently it wasn’t easy to add one to your WordPress plugin hosted in Extend. Some plugin authors understood the benefit of providing there users with the information and were adding it in different places but it was not easy to track down where it was and it some cases your only hope was a trail of clicks across the web to the plugin Authors site to hunt down the post detailing what had changed in this version.
For me, a changelog is a very important thing it is all about justifying to your users why they should upgrade to the latest version of your plugin as well as reassuring them that the changes made have been made for specific reasons and helping them to understand the impact the changes may have on there usage of your plugin.
This has been a hot topic of late and we were discussing it on last nights WP Weekly podcast so I set off to see if I could track down the right person to get a change made to give all plugins a separate top level Changelog tab on there WordPress extend page.
This morning to my delight I found that a Changelog feature had been added and now we have a standardised way for plugins to add Changelogs. Basically there is a new section in the readme.txt standard which allows for you to document your changelog as your plugin develops. The new section looks like this:
== Changelog ==
= 1.0 =
* A change since the previous version.
* Another change.
= 0.5 =
* List versions from most recent at top to oldest at bottom.
Which produces the follow style of display on the plugins page in Extend:
And the information will also be displayed in a separate tab in the administration section of your WordPress blog by the plugin installer and updater:
So please go forth and update your plugins readme.txt file and let your users benifit from the information about what has changed between versions.