New Year's gift for bloggers - WordPress 2.3.2

    As always, I trudge at the very end of the WP-movement, it's about the speed of reaction to the announcements of releases)
    Already managed to post two different versions of the Russian WordPress 2.3.2, which just got off the assembly line ( from Maxim and from mywordpress.ru ), but, nevertheless, I still risk being not original and once again unsubscribing the changes with my comments.
    And so, the data is taken from the official announcement .


    Improved performance when processing posts before displaying to the user.

    I hope I understood correctly what is written in this ticket .
    When displaying a post, or any other page, a multiple call to the get_post function is madethrough which functions such as the_title , get_permalink , etc. work. Moreover, even though the data received from get_posts is cached, the filtering / selection of data occurs after ALL data is received, and not BEFORE, which naturally affects performance. In 2.3.2 this was fixed.
    Improved is_admin () function . Now there is no way to get access to the "Drafts" of administrators to the ordinary user.

    I already wrote about the “hole” with access to drafts , now it’s not a hole at all.
    Database errors are now shown only when WP_DEBUG is enabled.
    Another reinsurance from “very cunning-hackers” so that they could not find out the names of the tables of your WordPress installation when trying sql injections.
    During the installation of WordPress, if there is a lack of rights for the database user, an error will be generated.
    And, therefore, the “curve” config will not be created.
    A template has appeared for displaying errors when connecting to the database.
    Now any user can make changes to the wp-content / db-error.php file , which will be shown if it is not possible to connect to the database (for example, if the number of simultaneous connections is exceeded).

    An additional check is added when processing text that is converted to a link.
    There is a place to be an event when you insert text with http: //, and it is automatically converted to a similar link. Improved performance due to the fact that now the conversion function distinguishes between regular links, ftp and mailboxes. It is worth noting that, apparently, such links (with the exception of mailboxes) will automatically be displayed with rel = "nofollow", in any case, everything here points to this.
    Changes have been made to the POP3 mail distribution to avoid possible XSS attacks .
    Another bug is closed.
    A request for a password for a record will be issued only to those users who have rights to change this particular record. All this applies only to third-party client programs that work through XML-RPC.
    Another change in XML-RPC that is associated with the display of user data when wp.getAuthors is called .

    The data is now displayed in a more limited format, as well as the verification that the user has minimal rights (editing posts) to limit the distribution of information such as user name, username and so on.
    And a whole bunch of checks in the XML-RPC and App methods to improve security.
    And very little additions when checking file paths on win-servers.


    That's all. It seems to be not much, but not a little. I think it’s worthwhile to bet, but ... only after the head and hands act actively and correctly, after the celebration of NG, otherwise you can do things)

    Original article "New Year's gift to bloggers - WordPress 2.3.2"

    Also popular now: