HomeContent Toolkit Logo

Content Toolkit

Home

>

Tools

>

WordPress

>

Releases

>

2.0.5

WordPress Release: 2.0.5

Tag Name: 2.0.5

Release Date: 10/27/2006

View Release
WordPress LogoWordPress

World's most popular open-source content management system powering over 40% of all websites. Offers extensive plugin ecosystem, themes, and robust community support for blogs, e-commerce, and corporate websites. Highly customizable and scalable platform suitable for beginners and advanced developers.

Open SourceBloggingWebsite Builder

TL;DR

WordPress 2.0.5 is a maintenance release that addresses numerous bugs and security vulnerabilities. This update includes important fixes for URL handling, user permissions, data validation, and various interface improvements. It enhances security by preventing directory traversal attacks and improving proxy IP validation, while also fixing several long-standing bugs related to post dates, comment handling, and plugin management. All WordPress 2.0.x users should upgrade immediately to ensure site security and stability.

Highlight of the Release

    • Fixed security vulnerabilities including directory traversal prevention and proxy IP validation
    • Improved URL handling with better encoding of percent signs to avoid broken permalinks
    • Added new filters for comment redirects and bloginfo URLs
    • Fixed numerous bugs related to post dates, special characters, and pagination
    • Enhanced performance with optimized make_clickable() function

Migration Guide

WordPress 2.0.5 is primarily a bug fix and security release that doesn't require any special migration steps. However, here are some recommendations for a smooth upgrade:

  1. Backup Your Site: Before upgrading, create a complete backup of your WordPress files and database.

  2. Plugin Compatibility: Some plugins might be affected by the fixes in this release, particularly those that:

    • Modify URL handling
    • Work with user permissions
    • Interact with the comment system
    • Use custom fields (post meta)

  3. Update Process:

    • Deactivate all plugins before upgrading
    • Upload the new WordPress files, replacing the old ones
    • Visit your site's admin area to trigger any necessary database updates
    • Reactivate plugins one by one to identify any compatibility issues

  4. Post-Update Checks:

    • Verify that permalinks are working correctly
    • Check that comments are functioning properly
    • Ensure user permissions are working as expected
    • Test any custom functionality that relies on the areas fixed in this release

Upgrade Recommendations

Immediate upgrade strongly recommended for all WordPress 2.0.x users.

This release contains multiple security fixes that address important vulnerabilities, including directory traversal prevention and improved input validation. These security improvements are critical for maintaining the security of your WordPress installation.

In addition to security fixes, WordPress 2.0.5 resolves numerous bugs that could affect the stability and functionality of your site, including issues with permalinks, comment handling, and user management.

The upgrade process should be straightforward with minimal risk of compatibility issues, as this is primarily a maintenance release focused on bug fixes rather than new features or architectural changes.

For sites running WordPress 2.0.4 or earlier, upgrading to 2.0.5 is essential to ensure your site remains secure and functions correctly.

Bug Fixes

  • URL and Permalink Handling:

    • Fixed percent stripping in clean_url function
    • Encoded percent signs in permalinks to prevent broken links (fixes #569)
    • Fixed fragment handling to keep fragments at the end of URLs (fixes #3078)
    • Improved URL redirect sanitization (fixes #2994)

  • Post and Page Management:

    • Fixed post date handling issues (fixes #878)
    • Properly cast page_id to integer before deciding if is_page (fixes #2769)
    • Added post_status key for existing installations (fixes #3170)
    • Fixed pound sterling (£) symbol stripping from post slugs (fixes #2735)

  • Comment System:

    • Fixed duplication of nofollow attributes on edit (fixes #2995)
    • Improved comment link counting (fixes #938)
    • Fixed is_feed setting preservation when handling 404 errors (fixes #3019)

  • User Interface:

    • Fixed pagination to prevent paging off the end (fixes #3039)
    • Properly initialized last_result to an empty array (fixes #2913)
    • Fixed special character handling in user descriptions (fixes #3069)
    • Fixed case-insensitive sorting in various areas (fixes #3108)

  • Data Handling:

    • Fixed handling of multi-line options in options.php (fixes #2456)
    • Prevented non-option form elements from being saved to the options table (fixes #2595)
    • Fixed the_meta() to ignore keys that start with an underscore (fixes #2478)
    • Improved post meta caching (fixes #3229)

  • Internationalization:

    • Fixed various i18n issues (fixes #3109)
    • Improved grammar in interface text (fixes #3196)

  • XML-RPC:

    • Fixed array casting in xmlrpc.php (fixes #3266)

New Features

and Enhancements

  • New Filters Added:

    • bloginfo_url filter added to allow modification of URLs returned by the bloginfo function
    • comment_post_redirect and comment_edit_redirect filters added to customize redirect behavior after comment actions

  • User Interface Improvements:

    • Better notifications and links after saving posts and pages
    • Improved phrasing for date format text in settings
    • Clarified comment_max_links option text for better understanding
    • Added HTML IDs to various interface elements for better theme and plugin integration

  • Customization Options:

    • Added ability for users to replace the cockney replacement array
    • Default category now starts out unchecked in post editor
    • Improved plugin sorting by name in both plugin management screens

Security Updates

  • Path Traversal Prevention:

    • Added validation for backup and fragment files to prevent directory traversal attacks
    • Improved file path handling throughout the system

  • Input Validation:

    • Sanitized proxy IP check to prevent potential security issues
    • Added validation for time inputs (fixes #3113)
    • Improved sanitization of inline-uploading parameters
    • Added protection against malformed user input that could be interpreted as serialized arrays/objects (fixes #2591)

  • User Permissions:

    • Fixed user form visibility to prevent showing user forms to users without proper privileges (fixes #3142)
    • Improved permission checking throughout the admin interface

  • Data Handling:

    • Added CDATA stripping from titles to prevent potential XSS issues (fixes #879)
    • Improved handling of special characters in various contexts
    • Better sanitization of redirect URLs

  • Error Handling:

    • Added silencing of gethostbyaddr() to prevent information disclosure (fixes #2759)

Performance Improvements

  • Optimized Link Processing:

    • Significantly improved the performance of the make_clickable() function, which now runs faster and supports more link positions (fixes #3228)

  • Improved Caching:

    • Enhanced post meta caching system to reduce database queries (fixes #3229)

  • Resource Usage:

    • Added check to refrain from reading files of 0 length, reducing unnecessary processing (fixes #1999)
    • Removed unused mkdir_p() function to clean up codebase (fixes #3079)

  • Header Optimization:

    • Improved nocache_headers() function for better cache control (fixes #3027)
    • Better handling of HTTP status headers, with special consideration for IIS servers (fixes #3190)

Impact Summary

WordPress 2.0.5 is a significant maintenance release that addresses over 50 bugs and security vulnerabilities. The primary impact is improved security and stability for all WordPress 2.0.x installations.

From a security perspective, this update closes several potential vulnerabilities, including directory traversal attacks, improper proxy IP validation, and input sanitization issues. These fixes substantially improve the security posture of WordPress sites.

For site administrators and content creators, the numerous bug fixes improve day-to-day operations by resolving issues with permalinks, post dates, comment handling, and user management. The fixes to special character handling and URL processing ensure more reliable content creation and display.

Developers will benefit from the new filters added for comment redirects and URL handling, as well as performance improvements to functions like make_clickable(). The fixes to post meta handling and options management provide more consistent behavior for plugin and theme development.

End users will experience a more stable site with better pagination, improved comment handling, and more reliable RSS feeds. The various interface text improvements also enhance usability.

Overall, this release represents an important maintenance milestone that addresses a wide range of issues across the WordPress platform, with particular emphasis on security and stability improvements.

Statistics:

File Changed52
Line Additions857
Line Deletions283
Line Changes1,140
Total Commits83

User Affected:

  • Improved security with better validation of proxy IP checks and prevention of directory traversal attacks
  • Enhanced user management with fixes to user form permissions
  • Better plugin management with improved sorting by plugin name
  • Fixed issues with options handling and preservation of multi-line options

Contributors:

ryanborenmarkjaquith