WordPress Release: 2.6.1

TL;DR

WordPress 2.6.1 is a maintenance release that addresses numerous bugs and issues found in WordPress 2.6. This update includes fixes for tag handling, image captions, AtomPub functionality, upload directory handling, and various UI improvements. It enhances compatibility with different server configurations and browsers while resolving several security concerns. This release is recommended for all WordPress 2.6 users as it improves stability and security across the platform.

Highlight of the Release

• Fixed tag handling to prevent duplication when using custom slugs
• Improved AtomPub functionality to prevent auto-publishing draft posts
• Enhanced upload directory handling and image sideloading
• Added ability to disable password reset per user
• Fixed issues with image captions in the editor
• Improved Press This functionality for better image handling in IE7
• Enhanced SSL awareness for edit links and RSD links

Migration Guide

WordPress 2.6.1 is a maintenance release that focuses on bug fixes and minor enhancements. No specific migration steps are required when upgrading from WordPress 2.6.

If you're using custom plugins that interact with the revision system, tag management, or AtomPub functionality, you may want to test these after upgrading to ensure compatibility with the fixes in this release.

For developers who have implemented workarounds for issues fixed in this release (such as tag duplication with custom slugs or AtomPub draft publishing), you may want to review your code to remove redundant fixes that could potentially conflict with the core fixes.

Upgrade Recommendations

Recommendation: Immediate upgrade recommended for all WordPress 2.6 users.

WordPress 2.6.1 contains numerous bug fixes and minor enhancements that improve the stability, security, and functionality of your WordPress installation. The release addresses several important issues related to tag handling, image captions, AtomPub functionality, and upload directory management.

The security improvements alone make this update worthwhile, as they address potential vulnerabilities in query handling and HTML sanitization. Additionally, the performance optimizations for plugin updates will benefit all administrators by reducing overhead on admin pages.

This is a maintenance release with no known breaking changes, making it a safe and recommended upgrade for all WordPress 2.6 users.

Bug Fixes

• Tag and Category Handling:

  • Fixed tag duplication when saving posts with multiple tags that have custom slugs.
  • Fixed handling of tag slugs containing percent signs.
  • Improved slashless normalization of tag/category bases.
  • Increased term name length for better compatibility.
  • Fixed category assignment for links when a category is deleted.
  • Prevented empty term names from being saved.

• Post and Page Management:

  • Fixed revision handling to store current user rather than original post author.
  • Added "Page restored" message when restoring from revisions.
  • Fixed redirection after post save to handle URL ID type variations.
  • Prevented redirection back to permalink after editing from Edit This link.
  • Ensured meta is added to the post, not a revision.
  • Fixed timestamp handling to prevent 0000 values when publishing.

• Media and Editor:

  • Fixed stripping of slashes when inserting media into the editor.
  • Resolved issues with image captions in Internet Explorer.
  • Added hooks to allow plugins to easily disable captions.
  • Fixed TinyMCE CSS image path.

• Comments:

  • Fixed Gravatar display for infinite comments.
  • Prevented applying checkboxes to invisible comments.
  • Improved comment moderation to stay on the same page after action.

• AtomPub and API:

  • Ensured AtomPub does not auto-publish draft posts when edited.
  • Updated AtomPub authentication to use the latest API.

• Uploads and File Handling:

  • Fixed upload directory handling to derive URL from path if none given.
  • Improved image sideloading functionality.

• Plugin Management:

  • Fixed plugin update cache invalidation when plugins are deleted.
  • Improved plugin inclusion to only include valid plugins.
  • Implemented cron for asynchronous update plugin requests.

• HTML and Output:

  • Fixed invalid HTML and removed duplicate fields.
  • Prevented adjacent hyphens in HTML/XML comments.
  • Fixed handling of duplicate attributes in HTML.
  • Fixed extra closing brace in query.

• Press This:

  • Fixed image insertion in IE7.
  • Set appropriate textarea height.
  • Fixed issues with trailing slashes breaking the image tab.

• Compatibility:

  • Added workaround for fatal error caused by mbstring.func_overload = 2.
  • Fixed Text/Diff includes to prevent fatal errors.
  • Used ORIG_PATH_INFO if PATH_INFO is not available.
  • Improved compatibility when importing custom colors CSS.
  • Fixed Gears integration to not cache TinyMCE if deleted.

• Localization:

  • Fixed string concatenation issues in translatable strings.
  • Allowed merging of similarly named text domains.
  • Used WP_LANG_DIR for better language file handling.
  • Fixed handling of empty role names in translation.

• URL and Permalink Handling:

  • Made RSD links and edit links SSL-aware.
  • Fixed canonical redirect code to properly pass information to user_trailingslashit.
  • Prevented prepending /archives/ to category/tag URLs unless slug is missing.

New Features

• User-specific password reset control: Added ability to disable password reset functionality on a per-user basis, providing more granular security control.
• Context parameter for edit links: Added context parameter to the get_edit_post_link filter, allowing for more flexible customization of edit links.
• Private post checkbox ID: Added a specific ID (private-checkbox) to the private checkbox wrapping paragraph, enabling plugins to hide it with CSS when needed.

Security Updates

• HTML Sanitization: Improved handling of HTML attributes to take the first attribute and ignore later duplicate attributes, preventing potential security issues.

• Query Preparation: Fixed is_term query preparation to properly handle tag slugs with percent signs, preventing potential SQL injection vulnerabilities.

• Prophylactic Measures: Added protective addslashes when evaluating queries to prevent potential code injection.

• Tag Stripping: Enhanced security by stripping tags from summary content to prevent XSS vulnerabilities.

Performance Improvements

• Plugin Update Optimization: Prevented running get_plugins() on every admin page load, significantly reducing overhead on admin pages.

• Asynchronous Plugin Updates: Implemented cron for asynchronous update plugin requests, improving admin dashboard loading times.

• Gears Integration Updates: Updated Gears integration in anticipation of Safari support, with improved detection and handling to enhance browser caching capabilities.

Impact Summary

WordPress 2.6.1 is a significant maintenance release that addresses over 50 bugs and issues found in WordPress 2.6. The update focuses on improving stability, security, and compatibility across the platform.

Key improvements include fixes for tag handling and custom slugs, which resolves issues with tag duplication that affected many content creators. The AtomPub functionality has been enhanced to prevent draft posts from being auto-published when edited, a critical fix for developers using external editing tools.

Administrators will benefit from improved upload directory handling, better plugin management, and the new ability to disable password reset on a per-user basis. Content creators will appreciate fixes to image captions, Press This functionality, and post revision tracking.

The release also includes several security enhancements, such as improved HTML sanitization and query preparation, making WordPress more resistant to potential attacks. Performance optimizations, particularly around plugin updates, will result in faster admin page loading times.

Overall, WordPress 2.6.1 represents a comprehensive refinement of the 2.6 release, addressing pain points across the platform while maintaining backward compatibility. The absence of breaking changes makes this an easy and recommended upgrade for all WordPress 2.6 users.