· Prevent scheduled posts from being stripped of certain HTML, such as video embeds, when they are published.
· Work around some misconfigurations that may have caused some JavaScript in the WordPress admin area to fail.
· Suppress some warnings that could occur when a plugin misused the database or user APIs.
· Editor: Prevent certain HTML elements from being unexpectedly removed or modified in rare cases.
· Media: Fix a collection of minor workflow and compatibility issues in the new media manager.
· Networks: Suggest proper rewrite rules when creating a new network.
· New default theme, Twenty Twelve.
· Refreshed the dashboard styles.
· Retina-ready high resolution graphics.
· A new color picker.
· New Media Manager.
· Fixed some issues with older browsers in the administration area.
· Fixed an issue where a theme may not preview correctly, or its screenshot may not be displayed.
· Improved plugin compatibility with the visual editor.
· Address pagination problems with some category permalink structures.
· Avoid errors with both oEmbed providers and trackbacks.
· Prevent improperly sized header images from being uploaded.
· Fixes an issue where a theme’s page templates were sometimes not detected.
· Addresses problems with some category permalink structures.
· Better handling for plugins or themes loading JavaScript incorrectly.
· Adds early support for uploading images on iOS 6 devices.
· Allows for a technique commonly used by plugins to detect a network-wide activation.
· Better compatibility with servers running certain versions of PHP (5.2.4, 5.4) or with uncommon setups (safe mode, open_basedir), which had caused warnings or in some cases prevented emails from being sent.
· New theme customizer.
· Throughout the rest of the admin you’ll notice tweaks to make your everyday life easier.
· Expanded embed support to include tweets.
· Image captions have been improved to allow HTML, like links, in them.
· There are hundreds of under-the-hood improvements in this release, notably in the XML-RPC, themes, and custom header APIs.
· Fixed a few lingering issues with the new live preview feature, as well as with custom headers and backgrounds.
· Fixed bugs.
· Improved Polish translation.
Security updates:
· Plupload (version 1.5.4), which WordPress uses for uploading media.
· SWFUpload, which WordPress previously used for uploading media, and may still be in use by plugins.
· SWFObject, which WordPress previously used to embed Flash content, and may still be in use by plugins and themes.
· Theme Customizer with Previewer
· Flexible Custom Header Sizes
· Selecting Custom Header and Background Images from Media Library
· Better experience searching for and choosing a theme
· This maintenance release fixes 15 issues with WordPress 3.3, as well as a fix for a cross-site scripting vulnerability that affected version 3.3.
· New drag-and-drop uploader
· Hover menus for the navigation
· New toolbar
· Improved co-editing support
· New Tumblr importer
· New editor API
· New jQuery version
· Better ways to hook into the help screens
· More performant post-slug-only permalinks
· WP 3.3 RC!, now with more icons.
· Fixed a bunch of bugs.
· Cleaned up the UI.
· Added real text in some of the screens that still had placeholder text in Beta 3 (post-update screen, the Dashboard welcome area, new feature pointers).
· Updated to jQuery 1.7.1.
· Updated the Blue theme
· Fixed IE7 and RTL support
· Improved flyout menu styling and fixed several glitches
· Finished the Pointers implementation
· Landed the dashboard Welcome box for new installs
· Improved contextual help styling
· Tweaked the admin bar a little more
· Fixed a bunch of bugs
· Media uploader
· Improved admin bar
· Fly out admin menus
· A little bit tidier code.
· Edge cases covered.
Fixes for:
· JSON handling.
· The admin interface.
· Refreshed dashboard design.
· Faster and lighter.
· Distraction-free writing or zen mode.
· New Twenty Eleven theme.
· Few minor RTL, JavaScript, and user interface fixes.
· Ensure graceful failures if 3.2 is run on PHP4.
· Additional Twenty Eleven tweaks.
· A new theme support option for defaulting to randomized headers.
· Various RTL fixes.
· Various security hardening.
· Taxonomy query hardening.
· Prevent sniffing out user names of non-authors by using canonical redirects.
· Media security fixes.
· Improves file upload security on hosts with dangerous security settings.
· Cleans up old WordPress import files if the import does not finish.
· Introduce “clickjacking” protection in modern browsers on admin and login pages.
· Performance improvements like you wouldn’t believe. What’s that mean? Things are faster!
· Distraction-free Writing. The visual editor’s full-screen composing experience has gotten a major overhaul, and is now available from HTML mode, too. More than ever, WordPress allows you to focus on what matters most — your content.
· Admin UI Refresh. The last major redesign of the WordPress admin was in 2008. This isn’t a major redesign, just a little facelift to keep us feeling young. WordPress turns 8 later this month, you know.
· New Default Theme. Introducing Twenty Eleven, based on the popular Duster theme. Rotating header images, post format support, and more.
· Browse Happy. WordPress is made to work with modern browsers. If you visit your Dashboard using an outdated web browser, we’ll let you know there’s a newer version available.
· Admin Bar. We’ve added more links to the admin bar to make it even more useful.
· Fix a vulnerability that allowed Contributor-level users to improperly publish posts.
· Fix user queries ordered by post count.
· Fix multiple tag queries.
· Prevent over-escaping of post titles when using Quick Edit for pages.
· Some security hardening to media uploads.
· Performance improvements.
· Fixes for IIS6 support.
· Fixes for taxonomy and PATHINFO (/index.php/) permalinks.
· Fixes for various query and taxonomy edge cases that caused some plugin compatibility issues.
· The security fixes included in WordPress 3.0.4
· Fix issues related to handling a static front page
· Fixes and enhancements for the pagination buttons
· Fix searching for partial usernames
· Properly reactivate plugins after editing them
· Always show the current author in the author dropdown when editing a post
· Fixes for attachment taxonomies
· Fix node removal for the admin bar
· Fix the custom post type show_in_menu argument
· Various fixes for right-to-left languages
This includes fixes for:
· Deleting a user and reassigning their posts to another user.
· Marking multiple users or sites as spam in multisite.
· PHP4 compatibility.
For users:
· AJAX has been entirely disabled for the list tables. We hope to bring this back again, in a form that is properly and fully implemented, in a future release. Column sorting remains, but everything else has returned to its 3.0 state.
For developers:
· The entire list table API is now marked private. If you attempt to leverage new components of the API, you are pretty much guaranteeing that your plugins will break in a future release, so please don’t do that.
· The security fixes included in WordPress 3.0.4
· Fix issues related to handling a static front page
· Fixes and enhancements for the pagination buttons
· Fix searching for partial usernames
· Properly reactivate plugins after editing them
· Always show the current author in the author dropdown when editing a post
· Fixes for attachment taxonomies
· Fix node removal for the admin bar
· Fix the custom post type show_in_menu argument
· Various fixes for right-to-left languages
· It fixes a core security bug in the HTML sanitation library, called KSES. The release is “critical.”
The new features included:
· Post Formats
· Theme Search
· Internal Linking
· Admin Bar
· Ajaxified Admin
· Updated Tiny MCE
· Multi-taxonomy Queries
· Custom Post Type Index Pages
· Admin CSS Cleanup
· User Admin
· Network Admin
· Password Reset Redux
· Fixes issues in the XML-RPC remote publishing interface which under certain circumstances allowed Author- and Contributor-level users to improperly edit, publish or delete posts.
· Fixed on day zero.
· One-click update makes the user safe.
· This used to be hard.
· Post Formats
· Theme Search
· Internal Linking
· Admin Bar
· Ajaxified Admin
· Updated Tiny MCE
· Multi-taxonomy Queries
· Custom Post Type Index Pages
· Admin CSS Cleanup
· User Admin
· Network Admin
· Password Reset Redux
· For Version 3.0.1, the database version (db_version in wp_options) changed to 15477. This is a maintenance release.
Highlights:
· WordPress and WordPress MU have merged, allowing the management of multiple sites (called Multisite) from one WordPress installation.
· New default theme "Twenty Ten" takes full advantage of the current features of WordPress.
· New custom menu management feature, allows creation of custom menus combining posts, pages, categories, tags, and links for use in theme menus or widgets.
· Custom header and background APIs.
· Contextual help text accessed under the Help tab of every screen in the WordPress administration.
· Ability to set the admin username and password during installation.
· Bulk updating of themes with an automatic maintenance mode during the process.
· Support for shortlinks.
· Improved Custom post types and custom taxonomies including hierarchical (category-style) support. (Try the Custom Post Type UI or GD Custom Posts And Taxonomies Tools plugins to see the possibilities.)
· A lighter admin color scheme to increase accessibility and put the focus more squarely on your content.
User Features:
General:
· Check required php and mysql versions in the update and notify if the server environment does not meet those requirements
· New wp_login_form() provides a simple login form for use anywhere
· New WordPress logo for admin header
· Place "Search Engines Blocked" mini-alert in the wp-admin header to prevent people from accidentally delisting themselves
· Remove 'Turbo' link from admin header and remove Turbo section from the Tools->Tools panel
· Renamed various menu items, for example Posts->Edit becomes Posts->Posts, and Links->Edit becomes Links->Links, and so on
· Revised administration menu icons
· Revised Gray Admin Color Scheme
· Revised information in readme.html file
· Show login form upon email-sent for recover/reset passwords
Dashboard:
· Add link so user can visit Dashboard after core upgrade
· Move Tools->Upgrade menu option to Dashboard->Updates and overhaul of user interface so themes, plugins, and core upgrades under one panel
· New menu management (navigation) via Menus option under Appearances Menu
· Password nag for newly registered users
· Split Right Now widget into Content | Discussion
Posts:
· Allow for removing all tags in quick edit
· Allow themes to style the visual editor with editor-style.css file, using add_editor_style() function
· Enable custom taxonomy UI for pages as well as for posts
· Improved revision comparison user interface
· Shortlinks enabled, but still requires a plugin or theme support to fully realize this feature
· Added capital_P_dangit() filter to change 'Wordpress' to 'WordPress'.
Media:
· Add FunnyOrDie.com oEmbed support
· Allow Deletion of Media Alt text
· Change Media UI labels from "Post Thumbnails" to "Featured Image"
· Cleanup of the edit media screen
· Don't let "Crunching" overlap image name while uploading
· Optimize scan for lost attachments
· Support for additional file type extensions
Links:
· Order link categories by name, not count, on Add New/Edit Link page
Comments:
· Add additional columns to the Posts Comments view
· Allow configuration of number of comments to display Recent Comments dashboard module
· Block comments for future posts and password protected posts (when password not provided)
· Change to comments UI to show when a comment is replying to another, and link to the parent comment
Appearance:
· Add meta_value_num and meta_key ordering for WP_Query to allow natural numeric ordering of results
· Add filter to get_avatar() to allow avatars for custom comment types
· Allow Tab indenting, Shift-Tab (outdenting), and multi-line tabbing, in theme editor
· Allow the Tag Cloud Widget to support non-tag taxonomies
· Allow theme background customization via new Background panel under Appearance menu
· New template file, front-page.php, for the front page of a site
· New template file, single-{post_type}.php, for custom post types
· New template files, author-{nicename}.php, and author-{id}.php, for author specific templates
· New template files, taxonomy.php, taxonomy-{taxonomy}.php and taxonomy-{taxonomy}-{term}.php for custom taxonomies
· Style tweaks to theme editor
· Tab interface for Manage Themes and Install Themes in Appearance->Themes panel
· Improved child theme support; child theme use is highly encouraged and as described in the Child Themes article, very simple to accomplish
· New comment_form() that outputs a complete commenting form for use within a theme template
· The Default (Kubrick), and Classic themes, are no longer included in the WordPress distribution, but are available in the Theme repository
Plugins:
· Add Details and Install Now action links under each plugin listed in Install Plugins
· Allow Tab indenting, Shift-Tab (outdenting), and multi-line tabbing, in plugin editor
· Upgrade plugins in bulk from the Plugins->Installed panel
· When deleting plugins, check for uninstall hooks, and warn of data deletion
Tools:
· Add tag-to-category and category-to-tag converters to the Tools panel, add tag-to-category converter links to Posts->Post Tags panel
· Clean up OPML link export script
· Expanded filter criteria in Administration > Tools > Export panel
· Import WordPress fixes notices, attachments, and users
· Removed Turbo menu item, but because Turbo files weren't removed, Turbo may still work
· All importers moved to the plugin repository (e.g. WordPress Importer)
Users:
· Allow "No role for this blog" to be chosen in Users->Add New panel
Settings:
· Removed Settings->Miscellaneous admin menu, moved uploads settings to Settings->Media panel
· Revise Settings->General panel, change "Blog" reference to "Site"
· Revise Gray Admin Color Scheme
Install Process:
· Choose username and password during installation rather than using 'admin'
· Show "Log In" button on install.php when "Already Installed"
· Automatic generation of Security Keys during installation
· Validate table_prefix in wp-config.php generator
· Standardize information in wp-config-sample.php
Multisite:
· New Tools->Network panel to 'install' mulitsite/network ability, and is available only if WP_ALLOW_MULTISITE is defined in wp-config.php
· New Super Admin menu with Admin, Sites, Users, Themes, Options, Update, sub-menus (available only if is_multisite() && is_super_admin() )
· New Dashboard->My Sites panel
· New Tools->Delete Site panel
· Configure a Network (multisite/WPMU) using wp-config.php file
· Terminology changes regarding Sites, Blogs, Networks
Development, Themes, Plugins:
· A better default excerpt; remove multiple white spaces from the excerpt as well as splitting safely on UTF8 strings
· Add Child theme support for theme header registrations, second call to register_theme_headers() should add more headers, and not replace existing headers.
· Add add_plugins_page() function to allow adding a submenu to under Plugins menu
· Add get_search_link() with Permastruct (/search/) support, update get_search_link(), get_search_feed_link() and get_search_comments_feed_link()
· Add is_comment_feed()
· Add redirect_to and associated filters to registration and password recovery
· Add a wp_loaded action that fires once WordPress init has finished
· Add an INDEX on comment_parent (wp_comments table) to speed up wp_delete_comment() and reparenting queries
· Add argument hide_if_empty to wp_dropdown_categories() to hide dropdown if no terms to display
· Add argument id to wp_dropdown_users() and wp_dropdown_categories()
· Add argument post_type to get_page_by_title()
· Add argument taxonomies to register_post_type()
· Add argument taxonomy to wp_list_categories() and wp_dropdown_categories() to be custom taxonomy aware
· Add capability 'edit_theme_options' (see developer discussion on this)
· Add capability 'list_users' to provide more controls over listing users vs. editing users
· Add compatibility code for old themes that relied on templates from the default theme without expressly identifying it as the parent theme (Note: the fallback to these template files is now deprecated and will be removed in a future version)
· Add custom hierarchical post type support to get_pages()
· Add defaults for 'post_content' and 'post_title' in wp_insert_post()
· Add email and login duplicate checking to wp_insert_user()
· Add extra hooks to "Right Now" dashboard widget
· Add filter to the links in paginate_links() and to the arguments in wp_link_pages()
· Add filter post_updated_messages to allow changes to the $messages array in wp-admin/edit-form-advanced.php
· Add filter post_updated action fires when a post is updated; post ID, current and previous post objects are passed and wp_check_for_changed_slugs() updated to use new hook
· Add flag to taxonomy registration allowing permalinks to be prepended with front, or not
· Add initial WP_DEBUG define to wp-config-sample.php and suggest plugin/theme developers use it
· Add mobile webkit styles for twentyten theme
· Add more orderby and select options to get_comments
· Add Multisite capabilities
· Add new protocols for kses and make the list of protocols filterable
· Add optional comment ID argument to comment template functions
· Add replace method to $wpdb
· Add support to get_terms() to allow 'include' & 'exclude' args to be arrays()
· Add support to is_singular() to allow testing of specific post_types such as is_singular('book') or is_singular( array( 'newspaper', 'book' ) )
· Add the generator element in feeds through the {rss2|atom|rdf|rss|opml}_head hooks
· Add 'themes_loaded' hook to run after parent/child themes have been included
· Add ?ver=DATE query strings to all images that changed since 2.9, to expire browser cache and bump versions on all CSS/JS files modified in that process
· Admin support for custom post types
· Admin support for hierarchical taxonomies
· Allow custom post types to have custom icons
· Allow enabling/disabling title and editor per post type, introduce remove_post_type_support(), add enable/disable for author override
· Allow include/exclude arguments for get_posts() and get_pages() to be an array
· Allow methods to be used as a callback in wp_unique_filename()
· Allow more special characters in wp_generate_password()
· Allow multiple To: recipients in wp_mail() and improve handling of \r\n in headers and multiple CC/BCC headers
· Allow people to attach PHP 5.3 Closures to filters and actions
· Allow plugins to modify the query run by WP_User_Search
· Allow themes to specify a menu fallback other than wp_page_menu()
· Better inline documentation for WP_DEBUG, WP_DEBUG_DISPLAY, and WP_DEBUG_LOG.
· Better POST_BY_EMAIL logic
· Check PHP and MySQL versions in upgrade.php
· Convert Terms page to use WP_Ajax_Response(), hierarchical terms will now appear under their parent OR have the parents prefixed
· Create metaboxes for hierarchical taxonomies
· Create post_status=auto-draft when creating a new post item and status changes to draft on first auto-save
· Customizable death (wp_die() is now pluggable)
· Deprecate get_alloptions()
· Deprecate get_profile() for get_the_author_meta()
· Deprecate trackback_rdf()
· Deprecate add_option_update_handler() and remove_option_update_handler() in favor of register_setting() and unregister_setting()
· Deprecate automatic_feed_links() in favor of add_theme_support('automatic-feed-links')
· Deprecate get_bloginfo('text_direction') in favor of is_rtl()
· Deprecate set_current_user() in favor of wp_set_current_user()
· Deprecate MagpieRSS in favor of Simplepie
· Deprecate Snoopy
· Deprecate User Levels (use Roles and Capabilities instead)
· Deprecate clean_url() in favor of esc_url() and esc_url_raw()
· Deprecate VHOST in favor of a boolean, SUBDOMAIN_INSTALL (Note: core will keep VHOST defined for plugins' sake, but you should only define SUBDOMAIN_INSTALL; will throw notice if VHOST is defined, and a warning if they somehow conflict; sunrise can still handle them
· Deprecate is_term and is_taxonomy in favor of term_exists and taxonomy_exists
· Don't check for the existence of index.php in the htaccess rewrite rules
· Don't query against entire users table in wp_dropdown_users()
· Don't require a default category for post types other than 'post'
· Ensure that for multiple sidebar additions, the ID is unique
· Extend the_modified_date() to support before/after/echo
· Fallback to wp_page_menu() from wp_nav_menu() if no menus are setup
· Fix Press This entity encoding
· Fix DST/Standard transition display in Settings->General
· Fix recursive chmod for WP_Filesystem
· Flag post statuses as public, private, protected, or internal
· Functon get_usernumposts() is now deprecated in favor of count_user_posts() for naming consistency
· Improve user listing performance
· In Twenty Ten theme, don't use post thumbnail as the custom header if it's smaller than the header size
· Introduce *_user_meta() functions, deprecate *_usermeta() family
· Introduce _ex(), a hybrid between _e() and _x(), to translate with context, then echo.
· Introduce add_editor_style() to easily register a stylesheet for the visual editor
· Introduce add_permastruct() and flush_rewrite_rules(), wrappers for the corresponding WP_Rewrite methods
· Introduce disabled() form helper, move selected() and checked() out of wp-admin and into full scope
· Introduce delete_user_option()
· Introduce get_available_languages()
· Introduce get_comment_id_fields() to get comment_id_fields() and introduce a filter on the output to add extra fields
· Introduce get_index_template() to allow child themes to override a parent theme's index.php
· Introduce get_intermediate_image_sizes() for getting all the intermediate image sizes to be used both when adding attachements and deleting
· Introduce get_post_types() function to get a list of registered post types
· Introduce get_super_admins() and allow hard-coding a global super_admins array and bypassing site options
· Introduce get_taxonomies() function to get a list of all registered taxonomies
· Introduce get_template_part() function to include generic files (other than header, sidebar, footer)
· Introduce get_term_feed_link() and use it in wp_list_categories()
· Introduce get_the_author_link()
· Introduce get_the_date()
· Introduce home_url()
· Introduce is_child_theme()
· Introduce is_post_type_hierarchical() to use to check if a post type support hierarchical
· Introduce is_rtl() and becomes defined when locale is loaded
· Introduce is_super_admin()
· Introduce is_textdomain_loaded()
· Introduce menu_page_url() for plugins to use to get the URL for the pages they have added
· Introduce remove_theme_support()
· Introduce post_type_exists()
· Introduce sanitize_key()
· Introduce set_current_screen(). Set current screen for inline edit ajax requests so post rows can be properly displayed.
· Introduce taxonomy_exists() to replace is_taxonomy()
· Introduce term_exists() to replace is_term()
· Introduce the_shortlink() template tag
· Introduce unload_textdomain() and add plugin_locale and theme_locale filters to load_*_textdomain() functions
· Introduce unregister_theme_headers()
· Introduce update_blog_details()
· Introduce wp_check_filetype_and_ext() to handle mime/ext image comparisons and corrections for upload and sideload
· Introduce wp_reset_postdata() to reset the post global for the current query_posts() call after using a loop with a new WP_Query object
· Introduce constant DISALLOW_FILE_MODS for disabling all ops that modify core, theme, or plugins files
· Introduce constant DISALLOW_FILE_EDIT flag for enabling/disabling the theme and plugin editors
· Introduce constant DISALLOW_UNFILTERED_HTML to disallow unfiltered_html for all users, even admins and super admins
· Introduce constant SUBDOMAIN_INSTALL boolean to replace VHOST
· Introduce constant WP_DEFAULT_THEME to use to set 'default' theme when installing new sites
· Introduce Custom Taxonomies translation strings
· Introduce theme compatibility files so incomplete themes that need to inherit templates will inherit them from wp-includes/theme-compat
· Introduce WP_User::for_blog() and current_user_can_for_blog() to avoid calls to WP_User::_init_caps()
· Introduce wpdb::tables() to fetch table names on a global or blog scope
· Introduce ZipArchive version of unzip_file() (more efficient on memory usage for supporting hosts)
· Make get_bloginfo('wpurl') use site_url(), not get_option('siteurl')
· Make better use of $wp_query->get_queried_object()
· Make calendar valid HTML 5
· Merge clear_global_post_cache() into clean_post_cache()
· Merge Categories/Hierarchical taxonomies into edit-tags.php
· Merge edit-page-form.php into edit-form-advanced.php
· Merge edit-pages.php into edit.php
· Merge page.php into post.php
· Merge page-new.php into post-new.php
· More powerful version of is_tax()
· Move send_nosniff_header() into wp-includes so it can be used in wp-ajax.php
· New $required_mysql_version global in wp-db.php
· New comment_form() that outputs a complete commenting form for use within a template
· New posts_search filter in query.php
· Numerous functions deprecated and changes to not use those deprecated functions
· Optimize single_post_title(), single_tag_title() & single_cat_title() to use WP_Query globals if available
· Pass default post to default_content, default_title, and default_excerpt filters, to allow filtering by post_type and other attributes
· Prevent page(\d+) slugs, and force a suffix
· Recommended reading from a theme developer's view regarding navigation menus; see Ryan Boren's recommendation
· Redirect ?page_id=xx for the Posts page to the posts page
· Refactor get_available_languages() to use glob() instead of *dir functions
· Reminder that escaping rules for options and transients changed so see Ryan Boren's explanation
· Reminder to plugin authors to test and make sure they do not generate unexpected output; see Ryan Boren's explanation
· Remove STYLE_DEBUG constant, SCRIPT_DEBUG now handles both scripts and CSS
· Remove wp-ajax.php. admin-ajax.php can be used (and is better for) for front-end/nopriv AJAX requests
· Rename get_post_link() to get_post_permalink() to avoid conflict with bbPress
· Rename the new 'themes_loaded' hook to 'after_setup_theme' to prevent confusion as to what it actually does & where its fired from
· Revised Coding Standards: no camelcase variables, use lowercase for variables
· Serve a real 404 for ?p=does-not-exist, ?cat=does-not-exist, etc
· Show custom hierarchical taxonomies in the menus
· Show theme installer only to super admins
· Suffix and version bump for ie.css
· The Settings API now supports automatic error display for validation problems with add_settings_error()
· Tidy up logic for defining WP_DEBUG
· Update wp_popular_terms_checklist() to handle custom taxonomies
· Update jQuery to 1.4.2
· Update jQuery UI to 1.7.3
· Update json lib
· Update phpass to 0.2
· Update Prototype.js to 1.6.1
· Update Scriptaculous.js to 1.8.3
· Update SWFobject JS to 2.2
· Update wp_clear_scheduled_hook calls to use array when passing args
· Use admin_url() for images in wp-admin, to allow for filtering
· Use get_terms() in wp_count_terms()
· Various phpDoc updates
· Various changes to wp-includes/http.php
2.9.2:
· gzuncompress() error on http.php line 1824
· Invalid HTML at [12228]
· Some users able to comment on unpublished posts
· Asymmetric Slashing in [12052]
· rss_update_frequency FILTER
· I18n: Message contains unescaped '100%', translation fail
· Pages Hooked by add_menu_page() Have No Security
3.0 RC3:
· Fixed final bugs before stable release
· Custom menus are finished.
· Multi-site is all set.
· The look of the WordPress admin has been lightened up a little bit, so you can focus more on the content.
· There are a ton of changes, so plugin authors, please test your plugins now, so that if there is a compatibility issue, we can figure it out before the final release.
· Plugin and theme *users* are also encouraged to test things out. If you find problems, let your plugin/theme authors know so they can figure out the cause.
· There are a couple of known issues.
· Update-core.php small validation fix.
· Lack of escaping in _wp_comment_row()
· Some buttons have gone square in 2.9.
· Rotate image buttons don't show up on PHP installs without imagerotate()
· Code editor bug in Safari.
· Need confirmation/undo/something for media delete.
· Upload Handling. Use is_numeric instead of ctype_digit.
· Increase download timeout.
· Add parameter "separator" to "wp_tag_cloud()"
· Subdir listing in Theme Editor
· We now have rel=canonical support for better SEO.
· There is automatic database optimization support, which you can enable in your wp-config.php file by adding define('WP_ALLOW_REPAIR', true);.
· Themes can register “post thumbnails” which allow them to attach an image to the post, especially useful for magazine-style themes.
· A new commentmeta table that allows arbitrary key/value pairs to be attached to comments, just like posts, so you can now expand greatly what you can do in the comment framework.
· Custom post types have been upgraded with better API support so you can juggle more types than just post, page, and attachment. (More of this planned for 3.0.)
· You can set custom theme directories, so a plugin can register a theme to be bundled with it or you can have multiple shared theme directories on your server.
· We’ve upgraded TinyMCE WYSIWYG editing and Simplepie.
· Sidebars can now have descriptions so it’s more obvious what and where they do what they do.
· Specify category templates not just by ID, like before, but by slug, which will make it easier for theme developers to do custom things with categories — like post types!
· Registration and profiles are now extensible to allow you to collect things more easily, like a user’s Twitter account or any other fields you can imagine.
· The XML-RPC API has been extended to allow changing the user registration option. We fixed some Atom API attachment issues.
· Create custom galleries with the new include and exclude attributes that allow you to pull attachments from any post, not just the current one.
· When you’re editing files in the theme and plugin editors it remembers your location and takes you back to that line after you save. (Thank goodness!!!)
· The Press This bookmarklet has been improved and is faster than ever; give it a try for on-the-fly blogging from wherever you are on the internet.
· Custom taxonomies are now included in the WXR export file and imported correctly.
· Better hooks and filters for excerpts, smilies, HTTP requests, user profiles, author links, taxonomies, SSL support, tag clouds, query_posts and WP_Query
· 2.8.6 fixes two security problems that can be exploited by registered, logged in users who have posting privileges.
· The first problem is an XSS vulnerability in Press This discovered
· The second problem is an issue with sanitizing uploaded file names that can be exploited in certain Apache configurations.
· A fix for the Trackback Denial-of-Service attack that is currently being seen.
· Removal of areas within the code where php code in variables was evaluated.
· Switched the file upload functionality to be whitelisted for all users including Admins.
· Retiring of the two importers of Tag data from old plugins.
· Fixed admin password reset glitch
· Fixes privilege escalation issues in some areas.
Bug fixes:
· Comment author URLs were not fully sanitized when displayed in the admin. This could be exploited to redirect you away from the admin to another site.
· Certain themes were calling get_categories() in such a way that it would fail in 2.8. 2.8.1 works around this so these themes won’t have to change.
· Dashboard memory usage is reduced. Some people were running out of memory when loading the dashboard, resulting in an incomplete page.
· The automatic upgrade no longer accidentally deletes files when cleaning up from a failed upgrade.
· A problem where the rich text editor wasn’t being loaded due to compression issues has been worked around.
· Extra security has been put in place to better protect you from plugins that do not do explicit permission checks.
· Translation of role names fixed.
· wp_page_menu() defaults to sorting by the user specified menu order rather than the page title.
· Upload error messages are now correctly reported.
· Autosave error experienced by some IE users is fixed.
· Styling glitch in the plugin editor fixed.
· SSH2 filesystem requirements updated.
· Switched back to curl as the default transport.
· Updated the translation library to avoid a problem with mbstring.func_overload.
· Stricter inline style sanitization.
· Stricter menu security.
· Disabled code highlighting due to browser incompatibilities.
· RTL layout fixes.
· (The listed changes are only the ones rated highest, priority-wise)
Task related:
· increase number of results returned from Plugin installer API
· Update Comments screen
Enhancements:
· Feeds should be canonical
· cron improvement
· get_categories does not allow exernal taxonomy types
· Allow posts to be ordered by meta_key
· Update phpMailer
· Allow wp_list_bookmarks() to show images AND names
· Paged comments should show the LATEST page of comments by default, not the EARLIEST
· Enable pretty permalinks for comment paging
· Delete unused images and update Gears Manifest
· Fix fonts on menu system
Bug fixes:
· Canonical Redirect causes continual 301 redirect loop
· preg_replace in wpautop deletes all the text in the post
· Using stripslashes malforms arrays for post metadata
· plugin menu is broken
· Old Slug Redirect fails with Close Old Comments enabled
· Bad character in alt attribute of an img tag
· WP does not properly encode UTF-8 mail per RFC 2047
· Comment link cannot contain IRIs
· Endless Redirect
· Automatic Plugin Upgrade could break new plugins that require special instructions for upgrading
· IE7 and "Enter a link URL or click above for presets" not working
· Author loses image alignment - admin doesn't
· Flash Player 10 breaks the media uploader
· the_category ignores seperator
· Admin removed from authors list and logged in as author
· Japanese Tag Slugs
· Patch for fixing most out of memory errors when importing
· Manage Pages - advanced options does not react
· get_permalink should pass $leavename variable to filter
· check_and_publish_future_post() doesn't check that timestamp is in the past
· Impossible to clear list of recently active plugins
· "Settings saved" box appears outside div#wpbody, messing up page layout when displayed
· Export blog feature produces invalid XML file
· Upgrade performed with empty database creates database
· Easy to lose draft post if logged off for some reason
· scriptaculous-root loads the wrong mainfile and forces loading all the time all components instead of specific component
· All Comments Missing After 2.6.1 Upgrade
· WordPress should implement HttpOnly Cookies to slow down XSS
· edit_user_profile_update action not defined
· Install error with 2.6.1 or 2.6.2 "WordPress database error Table 'wpmu.wp_options' doesn't exist"
· Press This 2.7 redesign
· Clicking Preview before Save will result in Blank, New Post
· Interupted update leaves blog in maintenance mode
· add_menu_page and Dashboard menu item
· Impossible to go from one Write Post column to two in Safari
· get_attached_file bug
· plugin install information dialog strips some valid HTML
· wp_page_menu different results from echo and other parameters
· Hitting Return in Edit Post text field saves draft post as status="pending"
· Errors and infinite loop during import WXR including image where image doesn't exist
· Admin menus using admin.php anonymous
· Press This fixes and enhancements
· no buttons on tinymce when using translations for the dashboard and plugin's added buttons
· get_comment_link() should be paged comments aware
· put back the author search
· "File URL" button not working
· XML-RPC call to getRecentPosts does not return drafts in order
· Delete page from editor gives erroneous error message
· Admin menu has issues with long top level titles
· Page disappears on Quck Edit
· RTL CSS for 2.7
· Aesthetic issue with button-primary background image
· General feed doesn't work with permalink without mod_rewrite
· 2.7 HTML errors anonymous
· Plugin Installer failed
· Check all checkbox never becomes checked
· Dashboard slow with 2.7.
· screen_meta and plugins and columns and 2.7beta3 ???
· WXR import is broken and tags are not imported for posts correctly
· Quickedits being rendered vertically in IE7
· Cannot convert from single-column to dual-column
· Thumbnails are not removed when main picture is deleted
· ?feed=comments-rss2 redirects to /feed
· Visual Editor: Backspace with no content kills focus in Safari. Additional backspaces sends the user backwards in history
· Edit pages cuts off special characters
· Flash uploader not displaying progress or completed uploads
· "Tools" Icon difficult to see when active
· No UI feedback when a new Page is published
· No UI feedback when a post or page is deleted
· wp_mkdir_p function endless recursion
· Publish button gives 404
· Plugin update info not fetched/Wrong code in $raw_response?
· Media Library - Attached/Unattached logic is flawed
· Page Parent field: Incorrectly ordered
· Edit Link Error
· Fixed a "_httpsrequest()" Shell Command Execution Vulnerability in the Snoopy library that is used for feed fetching.
Bugs fixed:
· Can't control where a user redirects to when they log in
· Bug in textpattern import
· include mysql version in version check query string
· RSS widget shouldn't link if there isn't a link
· get_post_meta fails to unserialize when $single=false
· typing error in wp-settings.php
· comment_max_links causes confusion when zero
· get_posts not working properly
· Insert image into post always inserts full size
· Filter news on templates cant work
· Typo in post revisions anonymous
· admin account exploit
Find us on Google+
