WordPress.org

Ready to get started?Download WordPress

Forums

WP 1.2.1 changed files in distro (12 posts)

  1. Anonymous
    Unregistered
    Posted 9 years ago #

    I know the 1.2.1 release addresses the xsite scripting vulnerability, but I am just looking for what files have changes in them in order to figure what is the minimum I can replace without annihlilating the custom stuff I've done.... =}
    Any body know ? I had heard only wp-admin was vulnerable so just wondering what needs to be overwritten before I upgrade.
    Thanks (and I looked in the download but could not see a changefile, so if I just missed it please excuse me )
    Daryl.

  2. lawtai
    Member
    Posted 9 years ago #

    well apparently wp-login.php needs to be changed too

  3. Anonymous
    Unregistered
    Posted 9 years ago #

    Does anyone have the definitive list of changefiles though ?

  4. Anonymous
    Unregistered
    Posted 9 years ago #

    Awesome. Thank you very much. One issue though, I've been posting via xmlrpc.php with several applications.
    What is the trigger file for xmlrpc type postings ?
    I'm going to test this on my laptop first before running havoc on my production system... =}
    thanks again,
    Daryl.

  5. sunshine
    Member
    Posted 9 years ago #

    A quick talk with a dev says this removal:
    "That sounds like a mistake" so, I'd 'stay tuned'. :)

  6. Anonymous
    Unregistered
    Posted 9 years ago #

    Oh, hmm, it seems that I forgot to tell diff to ignore whitespace changes. Oops.

  7. Anonymous
    Unregistered
    Posted 9 years ago #

    **What!!!** Now you tell me ???... just kidding.
    I held back :
    index.php
    wp-layout.php
    wp-config.php
    kubrick-searchform.php (obviously using modified Kubrick)
    /images
    /wp-content/plugins/ (the ones I've added)
    and overwrote everything else. I had a modified xmlrpc.php to fix the inability to upload pics in MarsEdit and have removed this. Not sure how I'm going to post with MJ or MarsEdit... =}
    Everything seems to be ok, though my dp-stats2 plugin seems borked and I need to add back in the code to the comments form to support "subscribe to comments" for my rss challenged friends (ot maybe I *won't*... =} ).
    Everything else seems good though. Any word on he xmlrpc.php ? Need to post some things I've written today. !!! =}
    ciao and thanks for the clarifications !
    Daryl.
    Any word on the

  8. Anonymous
    Unregistered
    Posted 9 years ago #

    I'm sorry. I didn't realize this until I started to upgrade my wordpress. You did have a backup, right?

  9. Anonymous
    Unregistered
    Posted 9 years ago #

    No worries ! Have a backup (**always** make a backup)...
    The upgrade process seems flawless so far though need to alter some files I changed for plugins.
    Any word on the xmlrpc thingy ? Is it an ommission or is there a new way to post via xmlrpc ?
    again... thanks for the clarifications !

  10. dkaye315
    Member
    Posted 9 years ago #

    if you sort the files in windows explorer by date, you can also determine which are the new files and upload accordingly to the respective server locales.

  11. Grobbo
    Member
    Posted 9 years ago #

    Maybe it's a good idea if in the future, small (security) updates like this are not only incorporated in the complete download, but also be made available alongside with the complete package, so users can choose to do a complete upgrade or update just the changed files.
    This is a really easy solution that works very well for phpBB: it allows users to upgrade easy without too much thinking. It would also be clearer where to get the right thing since it is communicated through the main site and developers group, and users don't have to search the messageboards.

  12. plainsman
    Member
    Posted 9 years ago #

    Thanks for the list of files 'truly' being updated (as in - were changed).
    I didn't seek (or find) it until after going ahead and upgrading my site. Thought about looking, but just figured I'd
    (a) backup my whole site,
    (b) hold back my 'modded/hacked' files,
    (c) backup the database, and then
    (d) go back and 're-modify' goofed up files after uploading.
    Not a complaint, honest. The upgrade went without a problem (as far as I can tell).
    I hope that in the future that list will be included in the e-mail sent to all subscribers/users (which was nice to recieve - thanks).
    Other suggestions (if I may be so bold):
    - the list of new files could be on the 'Dev Blog/Developer' front page where the announcement of this upgrade exists
    - a brief explanation (for noobies explaining what, for devs and more seasoned users, are the obvious):
    --- backup all files
    --- backup the database
    --- make it a habit (in the future) to keep a complete list of
    (a) all the files you've hacked / modified
    (b) and what and where those changes were/are in each file
    I just wanted to offer those suggestions. Perhaps, they could make the whole process a bit easier and less intimidating.
    Many thanks to the developers of WordPress. Your blog is the best! I mean that! Just love it!
    Thanks.

Topic Closed

This topic has been closed to new replies.

About this Topic

Tags

No tags yet.