\n

Archive for September, 2007

The first post 2.3 IRC meetup just took place. It was a very constructive meeting in which we discussed a few of the things we want to accomplish for version 2.4.

A few of the proposed things that I like:

  • Implement the usage of $wpdb->prepare. (improves security)
  • Use jQuery for our AJAX (Asynchronous Javascript And XML) stuff
  • Admin interface redesign
  • Basic undo functionality
  • ...

A complete transcript of the meeting can be found here.

It's too early to really comment on any of the stuff, but I like the general direction.

As you've probably noticed, version 2.3 of WordPress has been released to the general public.

Next to the new features which I blogged about before, we welcome native tagging, update notifications, canonical URLs, pending review and a lot of other big and small changes. Take a look at the 2.3 codex page for an overview.

As this blog has been running pre-releases of 2.3 for some time, all the issues I had during upgrades have been fixed in the final version. So upgrading should be relatively pain free. There is a catch with plugins and themes that reference the now defunct categories (and link2cat and post2cat) tables. They will break your blog. So as always, disable all plugins before upgrading and activate them one by one afterwards to see if they cause issues. Most of those plugins have newer versions which are compatible with 2.3 and if they haven't, notify the author so he can make one.

Another issue that's popped up for a small group of upgraders is that they're unable to log into their blog after upgrading. If you experience this issue please report here, so we can pinpoint what's causing it and fix it!

All in all the first reactions to 2.3 are positive although some negative remarks are to be expected as well. I personally believe the positive things outweigh the negative things by far, so I'm quite pleased with the new release.

Another article on a new feature in the soon to be released 2.3 version. This time we'll be talking about something new called Unfiltered upload.

Let's take the following scenario: We wan't to write an article about something (we'll use geocaching in this example) and want to suplement that post with a file (gpx in this case) that your users can download and use.
Our first step would be to go to the Write Post screen, start typing and upload that file using the build-in uploader:

Upload file

In the 2.2.x version (and earlier) when we press Upload we get the following result:

Upload file failed

Due to security reasons we're only allowed to upload a pre-defined list of file types. And that's a Good thing ™. You wouldn't want a Contributer for instance to be able to upload a PHP file and take over your blog, or worse, your machine. Looking at the 2.3 sources shows us that the following types of files are allowed:

$mimes = is_array($mimes) ? $mimes : apply_filters('upload_mimes', array (
	'jpg|jpeg|jpe' => 'image/jpeg',
	'gif' => 'image/gif',
	'png' => 'image/png',
	'bmp' => 'image/bmp',
	'tif|tiff' => 'image/tiff',
	'ico' => 'image/x-icon',
	'asf|asx|wax|wmv|wmx' => 'video/asf',
	'avi' => 'video/avi',
	'mov|qt' => 'video/quicktime',
	'mpeg|mpg|mpe' => 'video/mpeg',
	'txt|c|cc|h' => 'text/plain',
	'rtx' => 'text/richtext',
	'css' => 'text/css',
	'htm|html' => 'text/html',
	'mp3|mp4' => 'audio/mpeg',
	'ra|ram' => 'audio/x-realaudio',
	'wav' => 'audio/wav',
	'ogg' => 'audio/ogg',
	'mid|midi' => 'audio/midi',
	'wma' => 'audio/wma',
	'rtf' => 'application/rtf',
	'js' => 'application/javascript',
	'pdf' => 'application/pdf',
	'doc' => 'application/msword',
	'pot|pps|ppt' => 'application/vnd.ms-powerpoint',
	'wri' => 'application/vnd.ms-write',
	'xla|xls|xlt|xlw' => 'application/vnd.ms-excel',
	'mdb' => 'application/vnd.ms-access',
	'mpp' => 'application/vnd.ms-project',
	'swf' => 'application/x-shockwave-flash',
	'class' => 'application/java',
	'tar' => 'application/x-tar',
	'zip' => 'application/zip',
	'gz|gzip' => 'application/x-gzip',
	'exe' => 'application/x-msdownload',
	// openoffice formats
	'odt' => 'application/vnd.oasis.opendocument.text',
	'odp' => 'application/vnd.oasis.opendocument.presentation',
	'ods' => 'application/vnd.oasis.opendocument.spreadsheet',
	'odg' => 'application/vnd.oasis.opendocument.graphics',
	'odc' => 'application/vnd.oasis.opendocument.chart',
	'odb' => 'application/vnd.oasis.opendocument.database',
	'odf' => 'application/vnd.oasis.opendocument.formula',
));

But I do want to attach that gpx file to that post. I know it's safe. So how can I do this? That's where unfiltered uploads come into play. Version 2.3 introduces a new capability which let's you upload any type of file you want. But for security reasons that capability is by default only given to users in the Administrators role. So if I try the previous as an Administrator in 2.3 I get the following screen:

Upload file succeeded

That's in short what the new unfiltered_upload capability does.

Please note that if you use a certain filetype often, but don't want to give the unfiltered_upload capability to somebody, try the WordPress mime-config plugin. It allows you to extend the default list of allowed file types.