WordPress Release: 3.4.2

TL;DR

WordPress 3.4.2 is a maintenance and security release that fixes approximately 20 bugs from the previous version. This update addresses several critical issues including TinyMCE image caption handling, theme directory path encoding problems, oEmbed functionality, and multisite security improvements. The release focuses primarily on bug fixes and stability improvements rather than introducing new features.

Highlight of the Release

• Fixed TinyMCE editor to prevent fatal errors with malformed image caption shortcodes
• Resolved issues with theme directory paths containing spaces
• Fixed oEmbed functionality for providers that only support XML responses
• Improved security for unfiltered HTML in multisite installations
• Reinstated paged rewrite rules for post permalink structures
• Updated ImgAreaSelect to version 0.9.9 to fix IE7 stack overflow errors

Migration Guide

No specific migration steps are required for this maintenance release. WordPress 3.4.2 is a direct update that fixes bugs and improves security without introducing breaking changes. Users can update through the WordPress dashboard or by downloading the update from wordpress.org.

Upgrade Recommendations

This is a security and maintenance release that addresses approximately 20 bugs from the previous version. All WordPress users are strongly encouraged to update to version 3.4.2 as soon as possible to benefit from the security improvements and bug fixes.

The update process should be smooth for most users as this release focuses on fixing issues rather than introducing new features or changing existing functionality. As always, it's recommended to back up your site before performing the update.

Bug Fixes

• TinyMCE Editor: Fixed handling of malformed/invalid image caption shortcodes to prevent fatal errors
• Internal Linking: Fixed search spinner position by reverting the search field's type to "text"
• Theme Compatibility: Added requirement for class-wp-editor.php in wp-langs.php to support themes and plugins that copied code from core
• ImgAreaSelect: Updated to version 0.9.9 to fix IE7 stack overflow errors
• WP_Theme: Fixed get_template_directory_uri() method
• Theme Directories: Added proper URL encoding for theme stylesheet directories to handle spaces in paths
• Update Process: Fixed issues with self_admin_url() and esc_url() function calls during WordPress updates
• XML-RPC API: Added missing fields (post_parent, menu_order, guid, post_mime_type) to wp.getPost() responses
• Permalinks: Reinstated paged rewrite rules for post permalink structures to fix pagination for category URLs
• oEmbed: Fixed functionality when providers only support XML responses by properly converting SimpleXMLElement objects
• Trackbacks: Fixed multiple trackback URL usage by properly delimiting URLs in sanitize_trackback_urls()
• jQuery: Modified selectors to prevent overflows and lagging
• PHP4 Compatibility: Ensured code is parseable by PHP4 until wp_check_php_mysql_versions() runs
• Network Administration: Improved security by only allowing operations on network plugins through the network admin
• Theme Preview: Fixed old-school Preview links and theme-editor.php links when theme directories contain spaces
• Uploads: Improved error messaging for wp_upload_dir()
• Taxonomy: Added validation for $order parameter in wp_get_object_terms()

New Features

No significant new features were introduced in this maintenance release. WordPress 3.4.2 focuses on bug fixes, security improvements, and stability enhancements to address issues discovered in the previous version.

Security Updates

• Improved security in multisite installations by ensuring unfiltered HTML is only valid for super admins
• Enhanced API usage in wp-app.php for post operations and attachment deletion with proper capability checks
• Fixed network plugin management to only allow operations through the network admin interface
• Improved validation of parameters in various functions to prevent potential security issues

Performance Improvements

• Modified jQuery selectors to prevent overflows and lagging in the admin interface
• Updated ImgAreaSelect library to version 0.9.9 for better performance and compatibility
• Improved handling of theme directory paths for more efficient processing
• Enhanced oEmbed handling for better performance with XML-only providers

Impact Summary

WordPress 3.4.2 is primarily a maintenance and security release that addresses approximately 20 bugs from the previous version. The impact is largely positive, focusing on fixing issues that affected various aspects of WordPress functionality.

Key improvements include fixing TinyMCE editor issues with image captions, resolving theme directory path handling with spaces, fixing oEmbed functionality for XML-only providers, and enhancing multisite security. The release also addresses pagination issues with certain permalink structures and improves compatibility with older browsers like IE7.

For developers, the release restores the 'allowed_themes' filter for backward compatibility and fixes several API-related issues. Content creators will benefit from fixes to the editor, internal linking, and trackback functionality.

This update is particularly important for multisite installations due to security improvements related to unfiltered HTML permissions and network plugin management. The changes are focused on maintaining stability and security rather than introducing new features or changing existing workflows.