It's available

Forum Rules

Helios_Multi TPoxygen11final

[Snoskred]

I just think it is a bit of a dangerous door to open when they have had more than enough security problems with Wordpress. And I can guarantee you the hackers will quickly work out how it can be used to their great advantage. That's what they do.  :rwink:

I don't know about you but we usually look at the code before we install these plugin updates. Most people won't/don't do that because they have no idea what they're looking at and probably wouldn't be able to spot anything potentially malicious.

[FormerAdmin]

Sephy wrote about it in his post -

Gaping security hole

One of the more ballyhooed new features in this new version is the ability to automatically upgrade plugins from your plugin page. On my site, I had tried out a different plugin that allowed me to do just that, but it didn’t work because of server permissions that there are.

However, WordPress have made a great decision to usurp any server’s security when it comes to running zip files by including its own unzipping program in the WordPress install - that’s got to be part of the reason why the zip file is 30% larger than it was previously. By doing this, anyone running a plugin has the potential of opening themselves up to a major problem with their server by upgrading to a new version of a plugin that has a malicious file in it.

The chances of this happening are slim, but it is not outside of the possible realm of things that can happen. Fortunately, there is a way to fix this and to break the plugin upgrade function - set the permissions of the wp-content/plugins folder to 555, thus making it read only, and forcing an error on the update page.

Yep, it is a scary one - I referred to it in my WP 2.5 Issues Roundup post.

Cheers, Andrew

[Snoskred]

I just spotted this thread over in the Wordpress forums - 2.5 image/media uploading problems.

It has a big list of things to check and try. At the end of all that, it says -

But most importantly, stay tuned. If any new developments or fixes come to light, we'll update this post. For now, not all problems can be solved. Patience.

I would have thought you would want to have all problems solved before releasing an update. Especially one that breaks the image uploader to the point that people cannot upload images at all. How about you show the patience before you release the darn thing?  :rundecided:

In the forums there is also a statement that if you do not have a backup of your 2.3.3 database, you will be unable to revert back to 2.3.3 if you want to. So if you are updating make sure you have a good backup of the database.

[scotty]

Okay. Enough!

I am going back to hand-coding HTML for my blogs.

[scotty]

Actually I have just re-read the code (in wp-admin/update.php and wp-admin/includes/update.php), the plugin updater is actually not automated.

Yes, figuring out which plugin needs to be updated is automated when you go into the plugin page, but actual downloading, unzipping and applying the update still require manual action (running wp-admin/update.php?action=upgrade-plugin&plugin=<plugin-name>). URL needs a nonce so it can be difficult to put an XSS attack on it.

Not that it is a good idea to do the plugin upgrade on a live site for obvious reason, but it does not make it as bad as it seems to be.

[Cellobella]

but the plugin updater is the best bit...

Well... too late now!

[Anonymum]

Ok, well have had a chance to look at it now because I have a few other blogs on w/press.com.
Don't like the posting screen
Don't like the new edit comments screen
Don't like the new dashboard
I haven't tried to change anything in any of them yet so the jury is out on that side of it, but initial impression?
Bloody confusing for newbies, and hard to navigate if you were just starting and getting used to it, although that would always be an issue not matter what they changed I guess. I can see if you were self hosting where it would be a pain, and yes, i would be reluctant to upgrade to it {if ever I work out HOW to of course!}
Overall impression? Disappointing

[Anja]

I was all ready to do Lightening's "Smiley Saturday" and I gave up in dismay. I'm a luddite at the best of times, and I like things "rooooooolly simple" or I will ditch the whole idea.

I do not know for the life of me how to put an image in a post, the new dashboard confuses the f*** out of me and the overall impression - I hate it.

I'm with Anonymum, it's disappointing. And for someone with absolutely zilch technical expertise, it's horrible.

[Snoskred]

So they've changed wordpress.com now? Without fixing the image issues etc?

[Snoskred]

Yep, I guess they did.. after taking a look at the wordpress.com forums.

Some of the more memorable post topics currently seen there -

New Dashboard Issues

I hate the new dashboard

Problems Putting in Pictures

The New Dashboard is HORRIBLE

New Dashboard Won't Allow Post Changes After Publication

Dashboard Improvements Requested

What the heck happened to the format of my blog? (in which the sidebars have ended up at the bottom of the page without the blog author making any changes at all)

Sign This Petition And Stop Wordpress

Will they listen? I sincerely doubt it.

While some of us on wordpress.org aren't thrilled with 2.5 - at least we have a choice whether we want to upgrade or not. These bloggers have all had 2.5 shoved in their faces - complete with bugs and non fixed issues.

For those of you wanting 2.3.3 back, I am still able to install that for you if you want to move to self-hosting. Then you're in control.

[Anonymum]

As I said, disappointing now that it's in.
To this point I've been very impressed with W/press overall, however I'm glad I have a choice on my main blog. I would HATE to think I was stuck with it on there
I'll head on over and have a look at the forums. Thanks for the links Snos
 

[Anonymum]

My, my, my, there is much discontent!
On the issue of the sidebar diving, I've just been to Bettina's and that's exactly what's happened to her. I've also had a couple of emails from friends complaining about the new bashboard too. I've advised they go straight to the forums and add their complaints to the ever growing list of people in the same boat.
Like others, I'm waiting to see what, if any, repsonse comes from W/press in relation to alterations and fixes

[Anja]

My, my, my, there is much discontent!
On the issue of the sidebar diving, I've just been to Bettina's and that's exactly what's happened to her. I've also had a couple of emails from friends complaining about the new bashboard too. I've advised they go straight to the forums and add their complaints to the ever growing list of people in the same boat.
Like others, I'm waiting to see what, if any, repsonse comes from W/press in relation to alterations and fixes

Was bashboard a Freudian slip? About right, though.

It's bloody infuriating. 

[Anonymum]

My, my, my, there is much discontent!
On the issue of the sidebar diving, I've just been to Bettina's and that's exactly what's happened to her. I've also had a couple of emails from friends complaining about the new bashboard too. I've advised they go straight to the forums and add their complaints to the ever growing list of people in the same boat.
Like others, I'm waiting to see what, if any, repsonse comes from W/press in relation to alterations and fixes

Was bashboard a Freudian slip? About right, though.

It's bloody infuriating. 

Was wondering if anyone noticed...it does seem to be like bashing your head against a wall, so I felt it approprite..

[Anja]

Oh heck, I just took a peek at Bettina's blog.

She's going to be such a happy camper when she sees that. 

[Anonymum]

Apparently there are quite a few like that from what I'm reading over at the forums. It only seems to be some themes, and not all, but that's not the point is it?
And I've just posted a new topic on the theme viewer as well. Not sure what's going on there

[Snoskred]

What I don't understand is, they already knew many of these issues existed and weren't fixed.

They also knew the reaction from many people re 2.5 was not positive.

Yet, they went ahead and changed wordpress.com anyway.

And I thought Blogger was bad..  :rundecided:

[Anonymum]

I've just done a quick post on one of the other blogs I have. Talk about mass confusion! I may have a problem with the technical side of things at times, but I have the W/press.com down pat, and what a mongrel it is to post in!
I don't doubt with time that it will become easier as people {including myself} get used to it, but the issues with side bars dropping and images should have been looked at before they released it, let alone upgrade everybody.
Not 100% convinced it's "quite" as bad as blogger just yet, but I'm leaning that way...the emails are coming quick from others I know who are with W/press. As with the previous ones I received, I'm sending them in the direction of the forums to voice their displeasure.  Perhaps if enough people make enough noise?
There is little else they can do other than move to another platform. Sometimes easier said than done if they want to take 2 years of blogging with them....

[Sephyroth]

Hmm...this is odd, to say the least -

The thread about the Dashboard being Horrible has been closed. No explanation given - just notes that the thread is closed...

[Anonymum]

For those of you wanting 2.3.3 back, I am still able to install that for you if you want to move to self-hosting. Then you're in control.

You can have any access you want to my blog if you'll upgrade me TO 2.3.3
 

[FormerAdmin]

Hi folks,

I am currently assessing two WordPress alternatives:
Majestic (from our own Ben Barden), and
Symphony.

Both are free or have a free version, both work, neither have the total plugin coverage that WordPress offers, but neither is troubled by WordPress' arrogance.

Best regards, Andrew

[Anonymum]

Hmm...this is odd, to say the least -

The thread about the Dashboard being Horrible has been closed. No explanation given - just notes that the thread is closed...

It was getting quite heated over there among members.
 

[scotty]

I am currently assessing two WordPress alternatives:
Majestic (from our own Ben Barden), and
Symphony.

Neither are free/liberal/open source software. 'nuff said.

With WordPress -- don't like it? How about forking your own from WP 2.3.3 so you can back port all the security issues? Or make it into another open source product, like how WordPress was evolved from b2 5 years ago? WordPress is GPL'ed, and you are free to do whatever you want with it, as long as you are not limiting other people's freedom.

Majestic and Symphony -- they might be fine product, but if one day they "messed up" just like WordPress 2.5 (although I have not yet convinced it is inferior) you will be left with no choice.

[Lee]

I thought I might put myself out there as the lone voice in the wilderness:

I like 2.5

The plugin that broke when I upgraded was fixed with the removal of one word and I haven't had any other dramas with it since upgrading.

I don't mind the layout either it actually feels pretty natural to me.

Just thought I'd put that out there.   

[FormerAdmin]

I am currently assessing two WordPress alternatives:
Majestic (from our own Ben Barden), and
Symphony.

Neither are free/liberal/open source software. 'nuff said.

With WordPress -- don't like it? How about forking your own from WP 2.3.3 so you can back port all the security issues? Or make it into another open source product, like how WordPress was evolved from b2 5 years ago? WordPress is GPL'ed, and you are free to do whatever you want with it, as long as you are not limiting other people's freedom.

Majestic and Symphony -- they might be fine product, but if one day they "messed up" just like WordPress 2.5 (although I have not yet convinced it is inferior) you will be left with no choice.

Scott,

being the best of a bad bunch is not a position that I would aspire to. All that WP had to recommend it (prior to 2.5) was that it was the best of a bad bunch.

What I want is a blogging platform is this: that it is good. That's all, nothing more, just good

It might sound like heresy, especially coming from me, but the FOSS movement has not yet produced a truly remarkable blogging platform. Multi-user CMS success stories abound - government use of Plone and Drupal is something that I am proud to mention to clients - but I think that the world still awaits a simple useful blogging platform. WP lost me as a fan when they abused me for raising an issue. I don't care who they are or what they have done, this was wrong.

Best regards, Andrew