WordPress Release: 2.7.1

TL;DR

WordPress 2.7.1 is a maintenance release that addresses numerous bugs and issues found in WordPress 2.7. This update includes over 70 bug fixes, improving stability, security, and user experience across the platform. Key improvements include fixes for comment navigation, SSL handling, PHP compatibility, and various UI enhancements. This release is recommended for all WordPress 2.7 users to ensure optimal performance and security.

Highlight of the Release

• Fixed SSL detection and handling with improved is_ssl() function
• Enhanced security with refactored filters to prevent potential XSS attacks
• Improved comment navigation with new functions get_previous_comments_link() and get_next_comments_link()
• Fixed PHP compatibility issues with better error reporting configuration
• Numerous UI improvements including fixes for the plugin management interface

Migration Guide

WordPress 2.7.1 is a maintenance release that focuses on bug fixes and does not introduce any breaking changes that would require special migration steps. To upgrade from WordPress 2.7 to 2.7.1:

1. Backup your site: Always create a complete backup of your WordPress files and database before upgrading.

2. Standard upgrade process: You can use the automatic update feature in your WordPress dashboard or download the update and install it manually.

3. Plugin compatibility: While this is a minor release, it's always good practice to check that your plugins are compatible with the new version.

4. Theme compatibility: If you've made customizations to your theme that interact with comment navigation or other fixed features, you may want to test these after upgrading.

No database schema changes are included in this release, so the upgrade process should be quick and straightforward.

Upgrade Recommendations

Recommendation: Immediate upgrade recommended for all WordPress 2.7 users.

WordPress 2.7.1 is a maintenance release that addresses numerous bugs and security issues present in WordPress 2.7. With over 70 bug fixes, this update significantly improves the stability, security, and functionality of your WordPress installation.

The security improvements alone make this update important, particularly the refactored filters that prevent potential XSS attacks and improved SSL handling. Additionally, the numerous bug fixes for comment handling, PHP compatibility, and UI issues will provide a better experience for both administrators and site visitors.

Since this is a maintenance release with no breaking changes, the upgrade process should be smooth and straightforward. The benefits of improved security and fixed functionality far outweigh any minimal risks associated with the update process.

Bug Fixes

• Comment Handling:

  • Fixed comment links when displaying first page of comments
  • Corrected paginate comment link slashing
  • Fixed comment page determination to include only approved comments
  • Improved comment link cleaning

• SSL and Security:

  • Fixed is_ssl() function to better detect secure connections
  • Updated to use secure.gravatar.com for SSL avatar requests
  • Added HTTPS for secret-key service
  • Set Content-Length to 0 for null body requests

• PHP Compatibility:

  • Updated error_reporting configuration for newer versions of PHP
  • Fixed PHP 5.3 compatibility issues
  • Improved PHP4 compatibility by explicitly returning references where needed

• UI and Display:

  • Fixed missing closing tag in theme-editor.php
  • Fixed background color for active plugins table rows in IE
  • Corrected categories postbox styling when in right sidebar
  • Fixed Thickbox positioning for browsers pretending to be IE6
  • Added white-space:nowrap to plugins table action links

• Admin Functionality:

  • Fixed port reset when saving credentials
  • Corrected "Delete All Spam" button visibility based on user permissions
  • Fixed non-critical JavaScript error when loading Thickbox on plugins page
  • Fixed reinstallation issues

• Content Management:

  • Fixed uploaded media relative links when site has been moved
  • Corrected handling of orphaned attachments
  • Fixed empty feed after MT import
  • Improved handling of drafts with post_date population

• JavaScript:

  • Explicitly declared JavaScript variables when created
  • Fixed disabling of submit buttons while auto-saving for pages

• Other:

  • Fixed theme preview functionality for themes in subdirectories
  • Corrected ASC/DESC tag ordering by count
  • Fixed chunked decoding
  • Improved URL checking
  • Fixed plugin menu creation to ignore index.php in plugins directory

New Features

New Functions and Capabilities

• Comment Navigation Functions: Added get_previous_comments_link() and get_next_comments_link() functions to improve comment pagination functionality.

• Category Exclusion Options: Added exclude_tree parameter for categories and fixed exclude behavior when hierarchical to restore pre-2.7 functionality.

• CSS Classes for Edit Links: Added CSS classes to "edit_comment_link" and "edit_post_link" for better theme customization.

• Comment Reply Link Class: Added CSS class to comment-reply-link for improved styling options.

• Tools Menu Access: Improved Tools menu visibility to ensure all users can access Turbo functionality.

Security Updates

• XSS Prevention: Refactored filters to avoid potential cross-site scripting (XSS) attacks, improving overall security of the platform.

• Eval Replacement: Replaced preg_replace with eval modifier with safer preg_replace_callback, eliminating potential security vulnerabilities.

• SSL Improvements: Enhanced SSL detection with improved is_ssl() function and updated avatar requests to use secure.gravatar.com for SSL connections.

• Magic Quotes Handling: Turned off magic_quotes_sybase as it prevents addslashes from escaping backslashes properly, which could lead to security issues.

• Input Validation: Improved validation of user inputs across various parts of the application, particularly in comment and URL handling.

Performance Improvements

• Caching Optimization: Fixed issue where filtered post objects were being cached, which could lead to unexpected behavior and performance issues.

• wp_clone Function: Improved the performance of the wp_clone() function by running version_compare only once, making object cloning more efficient.

• Plugin Menu Creation: Enhanced performance by ignoring index.php files in the plugins directory when creating menus, reducing unnecessary processing.

• Comment Counting: Optimized comment counting logic when determining the page of a comment, improving performance on posts with many comments.

• URL Processing: Improved URL handling and canonical URL generation, reducing unnecessary processing and redirects.

Impact Summary

WordPress 2.7.1 delivers significant improvements to the stability, security, and user experience of WordPress 2.7. This maintenance release addresses over 70 bugs across various aspects of the platform.

The security enhancements, particularly the refactored filters to prevent XSS attacks and improved SSL handling, strengthen the overall security posture of WordPress installations. These changes are especially important for sites handling sensitive information or conducting e-commerce activities.

For content creators, the fixes to the post editor, autosave functionality, and Press This tool provide a more reliable content creation experience. The corrected handling of timestamps for revisions and autosaves ensures that content history is accurately preserved according to the site's timezone settings.

Administrators will benefit from numerous fixes to the admin interface, including improved plugin management, better error reporting, and fixed theme preview functionality. These changes make day-to-day site management more efficient and less prone to errors.

Site visitors will notice improved comment navigation and pagination, enhancing the overall user experience when engaging with content. The added CSS classes for edit links and comment reply links also provide theme developers with more styling options to create better-looking sites.

Overall, WordPress 2.7.1 is an essential update that addresses key functionality issues while improving security and performance across the platform.