HomeContent Toolkit Logo

Content Toolkit

Home

>

Tools

>

WordPress

>

Releases

>

3.1.4

WordPress Release: 3.1.4

Tag Name: 3.1.4

Release Date: 6/29/2011

View Release
WordPress LogoWordPress

World's most popular open-source content management system powering over 40% of all websites. Offers extensive plugin ecosystem, themes, and robust community support for blogs, e-commerce, and corporate websites. Highly customizable and scalable platform suitable for beginners and advanced developers.

Open SourceBloggingWebsite Builder

TL;DR

WordPress 3.1.4 is a security-focused maintenance release that addresses multiple vulnerabilities and improves data sanitization throughout the codebase. This update enhances WordPress's security posture by implementing proper input validation, sanitization of query parameters, and protection against potential exploits. The release also includes a feature enhancement for WP_Query, allowing the 'post_status' parameter to accept arrays in addition to strings.

Highlight of the Release

    • Enhanced security through improved input sanitization across multiple WordPress functions
    • WP_Query now accepts arrays for the 'post_status' parameter
    • Fixed MIME type sanitization to allow the '+' character
    • Improved user profile JavaScript functionality
    • Added capability checks for media uploads

Migration Guide

No migration steps are required for this update. WordPress 3.1.4 is a maintenance and security release that should be applied as a standard update without any special migration procedures.

Upgrade Recommendations

Immediate Upgrade Recommended

Due to the security-focused nature of this release, an immediate upgrade is strongly recommended for all WordPress 3.1.x installations. This release addresses multiple security vulnerabilities that could potentially be exploited if left unpatched.

To upgrade, use the automatic update feature in your WordPress dashboard or download the release directly from the WordPress.org website.

Bug Fixes

Security-Related Bug Fixes

  • Fixed sanitization in get_terms() to properly handle order and orderby parameters
  • Fixed sanitization in get_bookmarks() to properly handle order and orderby parameters
  • Fixed sanitization in get_pages() to properly handle sort_column and sort_order parameters
  • Added proper escaping for search_term in WP_User_Search
  • Fixed integer casting for blog_id in get_blog_prefix()
  • Implemented proper sanitization for WPLANG and new_admin_email settings
  • Added validation for locale filenames
  • Fixed an issue in wp_edit_attachments_query() to prevent problems with deprecated query_string filter

User Interface Fixes

  • Improved JavaScript functionality in the User Profile section

New Features

Enhanced WP_Query Functionality

The WP_Query class now accepts arrays for the 'post_status' parameter, in addition to the previously supported singular values and comma-separated lists. This provides developers with more flexibility when querying posts by status.

Improved MIME Type Handling

WordPress now allows the plus '+' character when sanitizing MIME types, addressing an issue that previously prevented certain valid MIME types from being properly handled.

Security Updates

Security Hardening

This release includes multiple security enhancements:

  • Added capability checks for attachments in media_upload_form_handler()
  • Implemented proper sanitization for order and orderby parameters in get_terms() and get_bookmarks()
  • Added sanitization for sort_column and sort_order in get_pages()
  • Implemented proper escaping for search_term in WP_User_Search
  • Added type casting for blog_id in get_blog_prefix()
  • Added sanitizers for WPLANG and new_admin_email settings
  • Added validation for locale filenames
  • Prevented unauthorized editing of post_mime_type and guid in bulk_edit_posts()
  • Implemented filter unsets when inserting/updating posts to prevent potential security issues
  • Protected against ID stomping and improved filter handling

Performance Improvements

No significant performance improvements were included in this release. The focus was primarily on security enhancements and bug fixes.

Impact Summary

WordPress 3.1.4 is primarily a security-focused release that significantly improves WordPress's security posture by implementing proper input validation and sanitization throughout the codebase. The release addresses multiple potential vulnerabilities related to input handling, capability checks, and data sanitization.

For developers, the enhancement to WP_Query to accept arrays for the 'post_status' parameter provides additional flexibility when querying posts. The fix for MIME type sanitization also ensures better compatibility with various media types.

Site administrators benefit from improved security measures that protect against potential exploits, particularly in areas related to media uploads, post editing, and site configuration.

While this release doesn't introduce major new features or performance improvements, its security enhancements make it an essential update for all WordPress 3.1.x installations.

Statistics:

File Changed19
Line Additions175
Line Deletions53
Line Changes228
Total Commits17

User Affected:

  • Enhanced security for site configuration settings
  • Improved protection against potential security exploits
  • Better handling of media uploads with proper capability checks

Contributors:

ryanborennacinazaozz