It's available

Forum Rules

Helios_Multi TPoxygen11final

[Kelley]

Good lord  I just noticed I have 57 posts in draft... I would be lost without draft.

[guera]

The drafts are all still there - it's just the link to them is in a different place. You won't lose them.

[Sephyroth]

I've been playing around with it as well, and my initial verdict is that it's not coming to my site anytime soon.

Whatever happened to "if it ain't broke, don't fix it"?

[FormerAdmin]

The war on WordPress 2.5 continues - I've documented the BS previously handed out to me as WordPress 2.5: Broken under OSX.

Cheers, Andrew

[FormerAdmin]

teh war on bodgy 2.5 continues - Budgie Smugglers've documented teh BS previously handed out to me as bodgy 2.5: Broken under OSX.

Cheers, Andrew

...and I've since found others having the same issues - WordPress 2.5 Issues Roundup - keep en eye out for w.o.r.d.p.r.e.s.s.b.u.g.s.com

Revenge is mine, saith the Nerd

Cheers, Andrew

[kylie]

Good to read this and all the links you guys have added.  I WAS going to upgrade the blogs of some photographer clients I have (and they are just learning WP) - but now I won't.  I'll wait till it is all working just fine!  Especially  since I know alot of the upload huge amounts of images and use FF!   

[Cellobella]

Sorry Andrew and Sephy - I actually like 2.5

Seems to work fine for me and the features like - automatically update plugins and the image gallery are great.

The only thing I can't make work is the centre image feature - but that could be my theme overriding it.


CB

[John Lampard]

I actually like 2.5

I was beginning to think I was the only one ...

[Cellobella]

Its you me and Guera! 

[Snoskred]

That's ok - to each their own.

But did you look at the widgets thingy?  :rundecided:

[Cellobella]

yep.  I admit it's not the best part of the upgrade - but still workable and the other features make up for it.

[guera]

I am definitely in the "like it" camp. It seems to me that a lot of problems people are having with it is just that "it's different".

I get that some people don't like different, but I love it! I get bored easily  so new software is fun for me. I know, nerdy!!! 

I only had a problem with one plugin (slickr gallery) and its minor, with a workaround until the author updates it. The only other plugin that didn't work immediately (Next Gen Gallery) was updated within hours by its author so that's all good.

I guess if other people are experiencing bugs its pretty annoying, but hopefully they'll be fixed soon. For all the other complaints about moving things around, before long everyone will be used to it and have forgotten how it used to be!

[FormerAdmin]

A question: of those of you that like it, are you using it under Mac OSX with Firefox? If so, are the popups in the editor window working for you? I'm trying to isolate the symptoms.

[guera]

Sorry Andrew, using it under Windows Vista with Firefox and popups are working fine.

[FormerAdmin]

Sorry Andrew, using it under Windows Vista with Firefox and popups are working fine.

And they work fine under Vista, Windows XP and Ubuntu 7.10 Linux for me on Firefox too

My issue is with OSX, which is my preferred leisure time operating system on my larger laptop. WP 2.5 doesn't work that well under it.

We will probably have to agree to disagree about people having an issue with it just because it is different. There are years of research available to support not changing things just for the sake of changing them, and not looking at the way people work prior to implementing change. I will forgive WordPress 2.5 its numerous design flaws if they can get it working under OSX - albeit that I am looking at alternatives to WP now.

Best regards, Andrew   

[Cellobella]

Andrew, I too am using a PC with Firefox and IE... no probs.
 
But will log on to my daughters Mac and have a look.

[FormerAdmin]

Andrew, I too am using a PC with Firefox and IE... no probs.
 
But will log on to my daughters Mac and have a look.

Thanks

[scotty]

For those who are sticking with 2.3.3 and are unwilling to upgrade to 2.5, I have found this article:

http://smackdown.blogsblogsblogs.com/2008/03/23/new-wordpress-233-exploitvulnerability-adds-spam-directory-wp-content1/

Basically WordPress 2.3.3 is vulnerable. I have been getting 250+ spam trackbacks over the last 24 hours coming from those hacked WordPress 2.3.2/2.3.3 sites -- check whether there is a directory "1" under your wp-content directory. Akismet has been useless defending against those trackback spams as they are actually legitimate blogs.

From past experience WordPress.org is usually not interested to fix old releases (unless it is 2.0 which is also a stable branch). So you might have to upgrade regardless whether you like the new interface or not.

[FormerAdmin]

For those who are sticking with 2.3.3 and are unwilling to upgrade to 2.5, I have found this article:

http://smackdown.blogsblogsblogs.com/2008/03/23/new-wordpress-233-exploitvulnerability-adds-spam-directory-wp-content1/

Basically WordPress 2.3.3 is vulnerable. I have been getting 250+ spam trackbacks over the last 24 hours coming from those hacked WordPress 2.3.2/2.3.3 sites -- check whether there is a directory "1" under your wp-content directory. Akismet has been useless defending against those trackback spams as they are actually legitimate blogs.

From past experience WordPress.org is usually not interested to fix old releases (unless it is 2.0 which is also a stable branch). So you might have to upgrade regardless whether you like the new interface or not.

The timing of the discovery of this new exploit is suspiciously serendipitous... I have to ask myself who will benefit from the announcement within a week of the release of 2.5.

Cheers, Andrew

[miscmum]

Erm - I don't even know what version of Wordpress I'm running 

I wonder what's so important about upgrading anyway? I mean, I'd like too (although the idea terrifies me) but for me it might be a case of "if it ain't broke....?"

[Snoskred]

Yes, very interesting Andrew.

I will check out the blogs to make sure all is well.

The trouble is, 2.5 has a HUGE security hole in it that nobody's talking about much yet - the automatic plugin update option..

[scotty]

The trouble is, 2.5 has a HUGE security hole in it that nobody's talking about much yet - the automatic plugin update option..

You mean, automatic plugin update no longer works properly after 2.5? That would be a bug/incompatibility with the automatic plugin update plugin, rather than WordPress 2.5, wouldn't it? And it is only a security hole if a plugin you use has security issue and has not been patched/updated.

Personally I cannot stand anything automated on the live site. All service-based software deployment need to be staged, and should not rely on an automated process without supervision. Plugins might have conflict with each other and render the site unusable if not tested -- my plugins do that all the time to the other plugins

[StephenCronin]

The trouble is, 2.5 has a HUGE security hole in it that nobody's talking about much yet - the automatic plugin update option..

You mean, automatic plugin update no longer works properly after 2.5? That would be a bug/incompatibility with the automatic plugin update plugin, rather than WordPress 2.5, wouldn't it? And it is only a security hole if a plugin you use has security issue and has not been patched/updated.

Personally I cannot stand anything automated on the live site. All service-based software deployment need to be staged, and should not rely on an automated process without supervision. Plugins might have conflict with each other and render the site unusable if not tested -- my plugins do that all the time to the other plugins

I think Snos is talking about the built in automatic plugin update facility which was added to the core in WP2.5.

I know that there are concerns about this breaking some plugins because they haven't been designed to be updated that way, but I haven't heard about any security issues per se. Got any more info Snos?

[Snoskred]

Sephy wrote about it in his post -

Gaping security hole

One of the more ballyhooed new features in this new version is the ability to automatically upgrade plugins from your plugin page. On my site, I had tried out a different plugin that allowed me to do just that, but it didn’t work because of server permissions that there are.

However, WordPress have made a great decision to usurp any server’s security when it comes to running zip files by including its own unzipping program in the WordPress install - that’s got to be part of the reason why the zip file is 30% larger than it was previously. By doing this, anyone running a plugin has the potential of opening themselves up to a major problem with their server by upgrading to a new version of a plugin that has a malicious file in it.

The chances of this happening are slim, but it is not outside of the possible realm of things that can happen. Fortunately, there is a way to fix this and to break the plugin upgrade function - set the permissions of the wp-content/plugins folder to 555, thus making it read only, and forcing an error on the update page.

[StephenCronin]

Sephy wrote about it in his post -

Gaping security hole

One of the more ballyhooed new features in this new version is the ability to automatically upgrade plugins from your plugin page. On my site, I had tried out a different plugin that allowed me to do just that, but it didn’t work because of server permissions that there are.

However, WordPress have made a great decision to usurp any server’s security when it comes to running zip files by including its own unzipping program in the WordPress install - that’s got to be part of the reason why the zip file is 30% larger than it was previously. By doing this, anyone running a plugin has the potential of opening themselves up to a major problem with their server by upgrading to a new version of a plugin that has a malicious file in it.

The chances of this happening are slim, but it is not outside of the possible realm of things that can happen. Fortunately, there is a way to fix this and to break the plugin upgrade function - set the permissions of the wp-content/plugins folder to 555, thus making it read only, and forcing an error on the update page.

Hmm, I see. I'm no security expert, but the automatic upgrade will only work with plugins in the official repository, so in theory, the only person who could add the malicious code would be the plugin author. Unless of course, hackers break into repository. But if they do that, then you'll get the same mailicious file if you go to the repository, download the plugin, and upgrade it yourself.

I guess the threat is in some very clever people working out a way to trick WordPress to request a file from a different site somehow? I'm not sure how it could be done, but then again, I couldn't hack my way into a paper bag...