WordPress.org

Ready to get started?Download WordPress

Forums

NEW: Upgrade to 1.5.2 (95 posts)

  1. ionic
    Member
    Posted 8 years ago #

    masquerade, errare humanum est.

    WordPress 1.5.2 does NOT fix the remote code execution exploit.

  2. ionic
    Member
    Posted 8 years ago #

    Ohh, I just realise, that the WordPress developers have silently updated the tarball with the fixed version.

    Very nice action. So now some of the people that upgraded to 1.5.2 are vulnerable and some not...

  3. Dougal Campbell
    Member
    Posted 8 years ago #

    ionic: the faulty archive was only up for a very short time window.

    The problem was corrected and a new archive put in place before the announcement of the new version went public.

  4. PetLvr
    Member
    Posted 8 years ago #

    ..further to mySql error ... I have fixed my problem. The error (as usual) was me - I was required to edit one of the newly replaced files listed in the 'unofficial' upgrade suggestions - wp-settings.php ... my USERONLINE script required that I modify that file, and add $wpdb->useronline = $table_prefix . 'useronline'; in there after the $wpdb->postmeta line. I did that on the first one, but not on the second - or, I thought I did on both but uploaded the new file without saving the changes first, so it was like not changing anything.

  5. cloudhopper
    Member
    Posted 8 years ago #

    Dougal: just to clarify (since I was, for once, reasonably quick on the ball with the announcement & upgrade) ~ if I reacted to the announcement in these forums and downloaded after that time, I should be OK?

    Can I verify this with time-stamps or anything? Damn, sorry to pick up on the panic... *sigh*

  6. ionic
    Member
    Posted 8 years ago #

    Dougal you are a liar.

    The blog entry about WordPress 1.5.2 is from 14th. The fix was commited to the subversion tree on the 15th. After that point the tarball was silently replaced at an unknown point in time.

    Actually I learned about the new version from the blog entry. So please don't lie to the WordPress users.

  7. Beel
    Member
    Posted 8 years ago #

    I hate to be the one to say this but time for some to take a break - and preferably cut back on the coffee. This has become childish and doesn't belong here. At least please take it backchannel so the rest of us don't have to be exposed to it.

  8. masquerade
    Member
    Posted 8 years ago #

    ionic, Dougal is correct. The hackers list all covers this, Matt said on the hackers list that the problem was fixed immediately after it was reported and the only people that would have the old package were people who may have been on IRC at the time. Now, if you have any more silly accusations, take them to the hackers list. The date of a subversion commit is nothing more than the time that it was committed.

  9. Beel
    Member
    Posted 8 years ago #

    masquerade, your post was fine... up to the end. Please edit out the inflammatory remark and let's all move on.

  10. ionic
    Member
    Posted 8 years ago #

    masquerade... the timestamp in the tarball I have and the timestamp in the current tarball are 9 hours different.

    How should that be possible if it was a very fast replaced...

    And how should it be fixed before the announcement. I read the blog entry, downloaded it and then reported the bug to Matt. So I am capable of time travelling...

  11. Ionic, you're not the only one capable of submitting security bug reports. You didn't time travel, someone else beat you to the punch. Please, let's just drop it and move on.

  12. ionic
    Member
    Posted 8 years ago #

    macmanx: thats why the fix is credited to me in the subversion tree. nice try...

  13. Firas
    Member
    Posted 8 years ago #

    ionic: thanks for pointing out the issue. The information we have is that the current archives are updated with a fix, and that people who downloaded it earlier on the release date may not have had the final version.

    Now please take it to blogs, or mailing lists, and whatnot; leave this forum thread alone. It is an avenue to get help with upgrading. Thanks.

  14. srpittman
    Member
    Posted 8 years ago #

    To PetLvr - You may want to check your "wp-settings.php" file. Some plugins ask you to add content to that file and you may have forgotten about adding the content back into the updated file.

    Added: Nevermind - I saw you figured it out....

  15. tomhanna
    Member
    Posted 8 years ago #

    Thanks for the changed files zip and link, Firas and podz. This upgrade went great.

  16. dyrer
    Member
    Posted 8 years ago #

    Is there any language .po file changes?

  17. PetLvr
    Member
    Posted 8 years ago #

    To srpittman: thanks for responding, even though you figured it out that I figured it out .. :-D It's nice knowing that someone is out there looking at our queries and trying to help .. much appreciated to you and everybody here participating at the wordpress.org .... // HART

  18. altjira
    Member
    Posted 8 years ago #

    After my upgrade to 1.5.2 from 1.5.1.3, my Write Post subpanel disappeared from the write post tab in Write. I followed the update guidelines on the Codex but admit that I forgot to disable plugins, however none modify the write post function.

    Then I found that if I changed from advanced controls to simple controls, the write post subpanel reappears. But if I try to access my drafts, the write post subpanel does not appear, even with simple controls selected in options. I had a few hacks, basically only format changes - change the font in the admin.css, for instance, all precisely documented ( I saved my fc /N outputs in text files.) Any clues where to start troubleshooting this?

  19. mahalie
    Member
    Posted 8 years ago #

    I'm no hacker, but probably waiting and upgrading to 1.5.2 would be a good possible start.

    I had similar problems with a plugin a while ago - some just don't work on new builds till they get updated too.

  20. cnm
    Member
    Posted 8 years ago #

    the upgrade was swift and painless... thanx!

  21. war59312
    Member
    Posted 8 years ago #

    Thanks a ton,

    Worked pefectly. :)

  22. Dgold
    Member
    Posted 8 years ago #

    When I upgraded to 1.5.2 I forgot to disable my plugins but everything worked fine, except two things I am trying to troubleshoot now:

    ShortStat quit counting. It keeps saying I have 0 visitors everyday, I think since I upgraded, maybe since I did something else that was bad (not sure).

    Headline Images Admin link went away (was it under Manage > Headlines, or Options > Headlines?). It's gone. But I can still go to my Plugins page, and the description of this plugin has the link to it's admin panel, and it still works! Just no tab in the main Admin.

    Any ideas?

  23. Beel
    Member
    Posted 8 years ago #

    Need to edit the files, like add '-image-' to the_title(), remember?

    I don't use Shortstat but I bet you need to add something to the footer or header there, too?

  24. Dgold
    Member
    Posted 8 years ago #

    Thanks Beel, I'll check it (the www I got ShortStat from doesn't have any instructions beyond put it in plugins and activate). There may be a thread here that reminds me what needs to be in Header.php for ShortStat to run, I'm guessing that's it.

    To clarify on Headline Images (I might make a new thread for this), the headlines are working great, I still had the -image- code in my Theme. It's the Headline Image Admin Control Panel that disappeared.

  25. Joebar
    Member
    Posted 8 years ago #

    You're talking about WP-Shortstat right? (there is another one just called Shortstat)

    I just upgraded to 1.5.2 and WP-Shortstat 1.2 (the latest I believe) is still working fine for me.

    This one doesn't require anything to be inserted to run. Just copy the one file to plugins dir and activate..

  26. Dgold
    Member
    Posted 8 years ago #

    Exactly. Thanks Joebar. Unfortunately that's my set-up too, but WP-Shortstat quit counting. Still says 0 after several days. I deleted the 2 tables it had created in the database, reactivated the wp-shortstat plugin, and it recreated the tables, but still sitting at zero hits.

    WP-Shortstat 1.3 (I just checked the version)
    WP1.5.2

    followed instructions, it used to work, now it's not counting. The stats page is there, just 0 hits??

  27. Joebar
    Member
    Posted 8 years ago #

    I'm using version 1.2 -- If you wanna try that, contact me with your email addy via my website and I'll send it to ya.

  28. Amit Gupta
    Member
    Posted 8 years ago #

    I've updated 3 blogs using the Un-Official Method posted by Podz in the first post, 1 is running on Windows & other 2 on Linux, and it all went smoothly, no hiccups & no problems so far!! :)

  29. slobizman
    Member
    Posted 8 years ago #

    I just want to make sure I've got this right before I upgrade. I have 1.5.1.2 and I want to go to 1.5.2. Are the following the correct instructions?

    >>>
    Overview

    1. Download (http://wordpress.org/download/) and extract update files to a folder on your computer's hard drive.
    2. On your host server site, delete your old WordPress files, but DO NOT DELETE:
    * wp-config.php
    * The wp-content folder
    3. Upload the new files from your computer's hard drive to the appropriate WordPress folder on your site.
    4. In your browser, navigate to /wp-admin/upgrade.php.
    5. Follow the instructions.
    6. You wanted more, perhaps? That's it!
    7. Having trouble? Read Troubleshooting: Common Installation Problems.

  30. eragle
    Member
    Posted 8 years ago #

    You actually wouldn't need to run the upgrade, it will occur naturally. And be sure NOT to upload the new wp-content folder, just move it somewhere else before you start the upload.

Topic Closed

This topic has been closed to new replies.

About this Topic

Tags