WordPress Release: 2.0.2

TL;DR

WordPress 2.0.2 is a maintenance release that focuses on security enhancements and bug fixes. This update addresses several security vulnerabilities, improves permission handling, fixes issues with comment feeds, and enhances the Rich Text Editor functionality. It also includes internationalization improvements and fixes for category management.

Highlight of the Release

• Enhanced security with multiple referer checks and input sanitization
• Fixed comment feed rewrite rules generation
• Improved permission handling with current_user_can() implementation
• Added language support for TinyMCE editor
• Fixed Mac compatibility with proper meta key support

Migration Guide

No specific migration steps are required for this maintenance release. WordPress 2.0.2 is a direct update from previous 2.0.x versions and focuses on security and bug fixes rather than introducing breaking changes.

To update to WordPress 2.0.2:

1. Back up your WordPress database and files
2. Download the new version
3. Replace your existing WordPress files with the new ones
4. Visit your site's /wp-admin/upgrade.php page to complete the update process if necessary

No database schema changes are included in this release, making it a straightforward update.

Upgrade Recommendations

Immediate Upgrade Recommended

This release contains several important security fixes and bug fixes that enhance the stability and security of your WordPress installation. All WordPress 2.0.x users are strongly encouraged to upgrade to version 2.0.2 as soon as possible.

The security enhancements in this release address potential vulnerabilities related to input sanitization, referer checking, and permission validation, making this an important update for maintaining the security of your WordPress site.

Bug Fixes

Comment Feed Rewrite Rules

Fixed an issue where comment feed rewrite rules were incorrectly generated due to a bug uncovered when switching from unions to merges.

Category Management

• Fixed category count display issues
• Properly hiding the "Add Category" option for users without the manage_categories capability

Post Management

• Fixed honor of comment_status and ping_status when writing new posts
• Fixed edit and delete buttons for pages
• Improved handling of post previews by ensuring posts array is not empty before checking preview state

Rich Text Editor

• Fixed issues with relative links in the Rich Text Editor
• Added Mac meta keys support for better compatibility with Mac users

Internationalization

• Fixed i18n issues with next month links in calendar navigation
• Added proper charset setting in the Blogger importer iframe

Database Security

• Improved database escaping in fix_attachment_links() function
• Fixed backref isolation for better security

New Features

Language Support for TinyMCE

Added language support for the TinyMCE editor, allowing for a better localized editing experience. This enhancement makes WordPress more accessible to international users by providing editor interface in their preferred language.

Improved Permission Handling

Implemented current_user_can() checks in various parts of the admin interface to ensure proper capability validation, enhancing the security and permission model of WordPress.

Security Updates

Enhanced Input Sanitization

• Added sanitization for user_login in the registration form
• Implemented proper sanitization of comment cookies
• Fixed handling of $_SERVER variables with respect to magic_quotes_gpc

Improved Referer Checking

• Added multiple admin referer checks throughout the admin interface to prevent CSRF attacks
• Implemented proper referer validation in various admin actions

Permission Validation

• Improved usage of current_user_can() for permission validation
• Properly hiding admin features based on user capabilities

Database Security

• Enhanced database escaping in various functions including fix_attachment_links()
• Fixed potential security issues with backref handling

Performance Improvements

No significant performance improvements were explicitly mentioned in this release. The focus appears to be primarily on security enhancements and bug fixes rather than performance optimizations.

Impact Summary

WordPress 2.0.2 is primarily a security and bug fix release that addresses several vulnerabilities and improves the overall stability of the platform. The security enhancements include better input sanitization, improved referer checking, and enhanced permission validation, which collectively strengthen WordPress against potential attacks.

For administrators, the release improves security through better permission handling and fixes issues with category management. Content creators will benefit from fixes to the Rich Text Editor, including better Mac compatibility and fixes for relative links. Developers will appreciate the enhanced database security with proper escaping in various functions and fixes to the rewrite structure for comment feeds.

International users will find WordPress more accessible with the addition of language support for the TinyMCE editor and fixes to internationalization issues with calendar navigation.

While this release doesn't introduce major new features or performance improvements, the security enhancements and bug fixes make it an important update for all WordPress 2.0.x users.