WordPress Release: 3.1.2

TL;DR

WordPress 3.1.2 is a maintenance release that addresses several bugs affecting taxonomy queries, user queries, page dropdown functionality, and post editing. This update focuses on fixing issues with data escaping, query prefixes, and hierarchical post type editing, improving overall stability and security of WordPress 3.1.x installations.

Highlight of the Release

• Fixed taxonomy queries with AND operator (issue #17054)
• Corrected user queries ordered by post count (issue #17123)
• Improved security with proper escaping in Walker_PageDropdown (issue #17217)
• Fixed over-escaping of post titles in Quick Edit for hierarchical post types (issue #17218)
• Enhanced security in Press This feature with proper post status validation

Migration Guide

No migration steps are required for this maintenance release. WordPress 3.1.2 is a direct update to WordPress 3.1.1 and focuses on bug fixes and security improvements without introducing any breaking changes or requiring migration actions.

Upgrade Recommendations

This is a security and bug fix release for the WordPress 3.1.x branch. All WordPress 3.1.x users are strongly encouraged to upgrade immediately to WordPress 3.1.2.

The update addresses several security concerns including proper escaping in various components and validation of post status in the Press This feature. Additionally, it fixes important functionality issues with taxonomy queries, user queries, and the admin interface.

The update process should be straightforward with no expected compatibility issues.

Bug Fixes

Taxonomy Query Fixes

• Fixed issues with is_* flags for AND taxonomy queries (#17054)
• Corrected handling of taxonomy operators

User Query Improvements

• Fixed user queries ordered by post count by using proper prefix in query (#17123)
• Props to ziofix and ericmann for the contribution

Admin Interface Fixes

• Applied esc_html properly in Walker_PageDropdown to prevent potential security issues (#17217)
• Removed vestige code and prevented over-escaping of post titles when using Quick Edit for hierarchical post types (#17218)
• Added filter in display_rows rather than _display_rows for better extensibility

Press This Improvements

• Added validation of post status against user capabilities in the Press This feature

New Features

No new features were introduced in this maintenance release. WordPress 3.1.2 focuses exclusively on bug fixes and security improvements to the existing 3.1.x codebase.

Security Updates

Security Enhancements

• Improved escaping in Walker_PageDropdown to prevent potential XSS vulnerabilities
• Added validation of post status against user capabilities in Press This feature, preventing potential privilege escalation
• Fixed proper escaping of post titles in hierarchical post types when using Quick Edit

Performance Improvements

This release does not contain any specific performance improvements. The focus was on bug fixes and security enhancements rather than performance optimizations.

Impact Summary

WordPress 3.1.2 is a targeted maintenance release that addresses specific bugs and security concerns in the 3.1.x branch. The fixes improve the reliability of taxonomy queries, user queries, and admin interface functionality.

The security improvements, while not addressing critical vulnerabilities, enhance the overall security posture of WordPress installations by implementing proper escaping and validation in several components. These changes help prevent potential XSS attacks and privilege escalation issues.

For developers, the fixes to taxonomy queries and user queries resolve inconsistencies that could affect custom themes and plugins. Content editors will benefit from more reliable editing experiences, particularly when working with hierarchical post types and the Quick Edit feature.

This release maintains compatibility with existing themes and plugins while providing important stability and security enhancements.