Wordpress 2.5 upload fix

Posted by multippt

Looks like even after extensive testing on Wordpress’s side, one nasty bug managed to slip through, and it’s not the fault of Wordpress either. Apparently, anyone using mod_security on Apache will not be able to upload anything on Wordpress 2.5 or Wordpress 2.5.1. This could be because mod_security doesn’t take a liking towards the Flash uploader Wordpress now uses. This is a big problem for Wordpress, since more than 30% of the Internet uses mod_security (courtesy of Hostgator and numerous other Internet web hosts), which means these uploaders won’t work if you simply install Wordpress and do nothing else after.

The fix?

Simply create or edit your .htaccess using your text editor. Insert the following lines to the file:

<IfModule mod_security.c>
<Files async-upload.php>
SecFilterEngine Off
SecFilterScanPOST Off
</Files>
</IfModule>

That should switch off security only for your uploader, and chances are your uploader should work fine.

Alternatively, since the entire problem is caused by Flash, you could try disabling the Flash uploader using a plugin that does that.

—

A second glitch is that sometimes the media gallery in Wordpress 2.5 may not be able to insert images. In addition to that, changes to your post might be lost for unknown reasons after doing that. Nonetheless, you can insert the image in another method by copying the URL of the image in the gallery and inserting it via Add Image in the toolbar.

Wordpress 2.5 released

Posted by multippt

Looks like Wordpress 2.5 went gold earlier than expected. To commemorate the event, Wordpress.org underwent a complete overhaul to match the administration interface in Wordpress. A pretty cool update I must say, since no one expects Wordpress to have a behind-the-scenes planned change for their entire site.

Some features are highlighted as followed:
Administration interface - A complete revamp, so much so that veteran users may need time getting use to it. However, it won’t take long because it is very easy to use.

Revamped Dashboard - The dashboard can be customized as easily as iGoogle (sort of) using Widgets.

File Upload - You can upload several files at once, complete with a progress bar that ensures that your uploads are not stalled.

Image information - If you take photos, Wordpress will attempt to extract information in the photos via information present in EXIF metadata.

Improved search - Search results now include pages as well.

Tag management - You can now edit and delete tags, without the need for plugins.

Password strength - An added safety precaution against weak passwords.

Concurrent editing protection - Prevents several users from editing a post simultaneously.

Plugin update - One click is all it takes to actually update the plugin in place. This depends if the plugin author made their plugins updatable via Wordpress.

Revamped Visual post editor - Made to look similar to Blogger, this editor places several options in convenient to reach places.

Galleries - Wordpress has a built in gallery system that you can use to construct image galleries in your blog.

Password hashing - One step more to protecting your password - making it totally impossible to crack. Cookies are also encrypted as well.

Documentation within Wordpress - A great help to developers, since almost all functions are now documented within the Wordpress install itself.

Wordpress 2.5 next week

Posted by multippt

Looks like Wordpress 2.5 would finally be released next week, most likely on the first of April (and no, it’s not an early April fool’s joke). Wordpress trac no longer gives an accurate time line, but to hint is still there. The release is most likely targetted at 1st of April (though funny that the trac puts it at year 2030). Following Wordpress’s release candidate schedule, if the second release candidate gets the green light, then the final release would most likely occur close to a week after the lastest “stable” release of 2.5, which put the 1st at a very nice place.

In the mean time, Wordpress plugin writers may want to ensure their plugins still works on Wordpress 2.5. The same goes for theme designers, though not much of a problem since nothing much was changed related to the theming system in Wordpress.

Some changes from Wordpress 2.3 to 2.5 that you might want to take note of:
-Easier plugin upgrade (probable): One click and an old plugin is updated to its new version. That is, if the plugin author explicitly states that the plugin supports the new version of Wordpress.
-Revamped administrative interface: One of the most talked about changes in Wordpress 2.5. You’ll have to see it to know what’s change.
-Security change: Your password now even more securely encrypted by Wordpress, keeping your password safe even if a person manages to gain access to the Wordpress database.
-Changes to WYSIWYG editor: The What-You-See-Is-What-You-Get post editor is now revamped to look not too different from the one in blogger. Kinds of makes it easier to switch from Blogger to Wordpress. The location for some features have changed, such as uploading images (now relocated to a small button which when clicked will open up a box for you to upload your stuff immediately).

Wordpress 2.5 delayed

Posted by multippt

Wordpress 2.5 has been delayed, but it should be released within the next few days. The next scheduled release is on the 21st of March, according to Wordpress Trac. Already, some feature changes are now quite visible, particularly the revamped administration panel.

Currently, Wordpress 2.5 have been released as a Release Candidate. By all means try, but it’ll probably be much better to actually wait for the final release which would be due in just 2 days time.

What to expect of Wordpress 2.5

Wordpress 2.5 is a new milestone, and as expected, it’s packed with features. Sadly, these features are visible mainly in the administration interface. However, aside from that, the internals of Wordpress have been changed significantly. The following are some notable changes

-Adminstration interface change: Now much more “Web 2.0″ and professional looking. Some details are removed, particularly those that are not of much use to normal users.
-Posting: The post editor have been revamped and now it looks quite similar to Blogger. Some items will moved, such as image uploading.
-Password protection: More have been done to protect your passwords. New passwords will be stored in a more secure manner. There is also a password strength tool which indicates how good your password is, and ranges from “bad” to “strong”.
-Function profiling: Not really much of a big thing to normal users, but a big help to modders who want to tweak their blog inside out.
-Tag management: The earlier version of Wordpress didn’t have the ability to properly manage tags. Wordpress 2.5 changes that with a nice and convenient way of managing your tags.
-Media management: Same as tag management, and is one of the missing feature of Wordpress. This feature allows you to manage your stuff that you embed in your posts, most commonly images that were uploaded.

Wordpress 2.5 due in one week’s time

Posted by multippt

Looks like the next update for Wordpress 2.5 would be delayed by another week (i.e. to be released on 17th March instead of yesterday). According to the Wordpress trac (the system which tracks Wordpress developments), the new version of Wordpress is about 60% complete, with most issues addressed.

The new release of Wordpress 2.5 consist mainly of bug-fixes and some upgrades to the Wordpress administration system. In short:
-The installation procedure is now much cleaner and more nicer-looking.
-New encryption protection for passwords
-A cool-looking administration interface
-”Grouping” of more important tabs in the administration interface
-More visual feedback (e.g. comments icons to indicate a new comment was made)
-Tons of other enhancements

Another thing of note is that Wordpress 2.5 is developed alongside with 2.3.4. Of course, do not expect 2.3.4 to be released, since most features would probably be carried over to Wordpress 2.5.

Wordpress 2.3.3

Posted by multippt

Within 7 days from the last security update, Wordpress has issued yet another security update. This update fixes a problem that may allow other users to edit your posts. This problem can be fixed easily by replacing the xmlrpc.php file with a newer version. Alternatively, you could always upgrade your Wordpress install to the latest version.

Aside from the major patching of the security problem, some other smaller bugs have been fixed such a registration email problem. There is also a fix for a function which fails to work properly on 64-bit servers.

Wordpress plugin “uninstalls” woes?

Posted by multippt

Looking up at a great post by Weblog tools collection, I’m pretty sure there is a pretty good reason (or reasons) why plug-in authors do not wish to remove the leftover database stuff installed by Wordpress plugins. Entries created by plug-ins serve as a record of settings used by the plugin. Leaving them there ensures that if the user decides to re-install the plugin they do not have to go “oh shoot, what did I do when I last used this”.

The “issue” of space

Of course, saving a little garbage data does take up space, but does it take up much space? Most plugins store at most 1kB of information, but 1 single post like this can pretty much weigh up to 6kB in weight. Wordpress has considered the versatility and resource-consumption of MySQL before choosing MySQL as the platform where Wordpress is built on, so plugin resource consumption was presumably considered as well.

Of course, it can be a slight problem with having tons of plugins installed - causing a wastage of several kB of space when uninstalling them. But certainly that added kB won’t affect your blog in the long run. After all, you do expect your blog to hit a thousand posts some how or rather right?

The “uninstall” button is not a recommendation yet

The Wordpress documentation encouraged the use of using the Wordpress database to store settings. This is great, but the documentation did not promote the use of removing those settings neither. Perhaps Wordpress documentators should highlight uninstallation as a new recommendation, aside from making the options?

Unpredictability in uninstalling settings

Some plugins rely on settings to do the way it is intended to. However, over-dependence on such settings make removing them quite difficult, especially if the plugins are still activated. While this problem might be fixed by making the plugin rely on default settings in such a situation, some plugin authors find it a hassle to add that check in their plugins, especially if they do not know how to. There is also a probability that if the plug-in author do consider the adding of a little extra code to the plug-in just for uninstalling options, chances are it may even outweigh the amount of data consumed by the settings in the first place!

The plugin activation hook is at times buggy (well “at times”) and may not work where intended, resulting in some plugin authors implementing checks if the options were existant and add them if not. While attaching a de-activating hook to plugins is not that hard, is it wise to remove the options saved when de-activating the plugin? Perhaps you de-activated your plugin which deletes options upon de-activation, only to find that after upgrading your plugin you need to re-configure your options again.

Well, some has attached uninstall buttons in plugins as well, but knowing that there is a probability of “accidentally” clicking on it (and the part where we would habitually click “yes” to any dialog we see), we may end up getting our plug-in settings wiped out.

But since it’s such a nice idea

I guess it’s quite a nice idea, though almost no one has complained about plug-ins eating up much database space. Expect updates to my plug-ins. ;)

Though, I still support the idea that plug-ins need not uninstall the options, as such options may be incredibly useful anytime soon, especially if the user has re-considered using the plug-in again (say a wonderful update to an otherwise dull plug-in).