WordPress 2.3.2 升級

WordPress 2.3.2 is an urgent security release that fixes a bug that can be used to expose your draft posts. 2.3.2 also suppresses some error messages that can give away information about your database table structure and limits and stops some information leaks in the XML-RPC and APP implementations. Get 2.3.2 now to protect your blog from these disclosures.

As a little bonus, 2.3.2 allows you to define a custom DB error page. Place your custom template at wp-content/db-error.php. If WP has a problem connecting to your database, this page will displayed rather than the default error message.

For more detail on what’s new in 2.3.2, view the list of fixed bugs and see the changes between 2.3.1 and 2.3.2.

Special thanks to Alex Concha for his help on this release.

From http://wordpress.org/development/2007/12/wordpress-232/

今天收 RSS 發現在 11 個小時前 WP 發佈了 2.3.2 的 Release 。這次的變更是修改了一個安全性的 bug 。在 WP 的 trac 上面,有人發表了「query.php mistakenly uses is_admin() to check for admin privileges.」,他是在兩個禮拜前發現這個問題的,這個問題在兩天前被解決,然後,過沒多久, 2.3.2 就發佈了。

當然 2.3.2 還有修改了一些地方,像是改善了 XML-RPC 和 APP 的資訊暴露(Information Leaks)的問題。

還有,2.3.2 供了一個貼心小功能,我們可以自己修改 wp-content/db-error.php 裡面的內容,來取代原本預設的 Error Message ,如此一來日後在 DB 連線錯誤或是 Query 有問題的時候,我們可以用很幽默的方式告訴大家,這一切爆炸了 :mrgreen:

P.S. 我真的很愛 2.3 的一些工能,像是 Plugins 升級的提醒,版本升級的提醒…我真的愛死了 😎

Posted in WordPress

Leave a Reply

Your email address will not be published.