WordPress Release: 2.2.1

TL;DR

WordPress 2.2.1 is a maintenance release that addresses numerous bug fixes and security improvements. This update focuses on fixing widget functionality, enhancing XML-RPC security, improving comment handling, and addressing various UI issues. It's an important update for all WordPress 2.2 users that improves stability, security, and overall functionality.

Highlight of the Release

• Enhanced security for XML-RPC with proper capability checks
• Fixed widget functionality including text widgets and category widgets
• Improved compatibility with Internet Explorer 7
• Added proper sanitization and escaping throughout the codebase
• Fixed issues with desktop publishing clients

Migration Guide

Upgrading to WordPress 2.2.1

This is a maintenance release focused on bug fixes and security improvements. No special migration steps are required beyond the standard WordPress update process:

1. Back up your WordPress database and files
2. Deactivate plugins
3. Replace WordPress core files with the new version
4. Run the upgrade script by visiting your site
5. Reactivate plugins

If you've made any customizations to core files, you'll need to reapply those changes after upgrading.

No database schema changes are included in this release.

Upgrade Recommendations

Priority: High

All WordPress 2.2 users should upgrade to version 2.2.1 as soon as possible. This release contains important security fixes that protect against potential vulnerabilities, particularly in the XML-RPC system and meta data handling.

The update also addresses numerous bugs that could affect site functionality, especially for users of widgets, comment management features, and desktop publishing clients.

Given the security improvements and wide range of bug fixes, this update is considered essential for all WordPress 2.2 installations.

Bug Fixes

Widget and UI Fixes

• Fixed widget admin layout for Internet Explorer 7
• Corrected attribute misnamings in various components
• Restored proper argument passing to register_sidebar_widget()
• Fixed TinyMCE colorpicker functionality
• Ensured proper option selection in dropdown menus

Comment and Post Management

• Maintained editing mode when paging through comments
• Fixed comment text filtering when editing comments
• Prevented current authors from claiming authorship of other users' posts
• Explicitly stated Zulu time for desktop editors
• Fixed handling of blank widget titles

Feed and URL Improvements

• Corrected Atom feeds' categories
• Fixed RSD link issues
• Improved handling of comments_atom_url
• Enhanced URL query argument handling
• Fixed wp_title single post title filters

System and Security Fixes

• Added proper capability check for metaWeblog.newPost
• Prevented WP-Cache setup failures
• Fixed permission checks for theme switching
• Added proper integer casting and escaping
• Implemented sanitize_user() function
• Protected meta keys from unauthorized editing
• Improved JavaScript escaping

New Features

Enhanced Widget Functionality

• Added option to exclude pages in the pages widget
• Improved text widget handling with proper texturize and autop formatting
• Added ability to sort pages by specified fields
• Fixed blank title handling in widgets

Email Improvements

• Enhanced wp_mail() to handle HTML emails properly
• Improved email security with proper escaping of sender information

Security Updates

Security Enhancements

• Added capability checks for XML-RPC operations, particularly for metaWeblog.newPost
• Implemented proper escaping of REQUEST_URI
• Added escapeshellarg for email sender information
• Improved sanitization with new sanitize_user() function
• Protected meta keys from unauthorized editing, including _wp_page_template
• Enhanced JavaScript escaping to catch various encodings of single quotes
• Added proper extraction with EXTR_SKIP to prevent variable overwrites
• Implemented proper escaping before variable extraction
• Fixed user permission checks before allowing attachment overwrites

Performance Improvements

Performance Optimizations

• Improved category handling with proper sorting by cat_ID for permalinks and by name for get_the_category()
• Enhanced JavaScript performance with proper parseInt usage
• Optimized query string handling with wp_parse_str()
• Improved extraction handling with EXTR_SKIP flag to prevent variable overwrites

Impact Summary

WordPress 2.2.1 is primarily a maintenance and security release that addresses numerous bugs and potential vulnerabilities found in WordPress 2.2. The update focuses on improving widget functionality, enhancing XML-RPC security, fixing issues with comment handling, and addressing various UI problems.

Key security improvements include better capability checks for XML-RPC operations, proper escaping of user inputs, and protection of meta keys from unauthorized editing. These changes significantly reduce the risk of potential exploits.

The release also fixes several usability issues, particularly with widgets, comment management, and desktop publishing clients. Internet Explorer 7 compatibility has been improved, and various feed-related bugs have been addressed.

For developers, the update includes better JavaScript handling, enhanced query argument processing, and improved sanitization functions. These changes make WordPress more robust and secure for plugin and theme development.

Overall, this release represents an important step in maintaining WordPress's security and stability without introducing major new features or breaking changes.