Support » Fixing WordPress » WP 1.2.1 changed files in distro

  • I know the 1.2.1 release addresses the xsite scripting vulnerability, but I am just looking for what files have changes in them in order to figure what is the minimum I can replace without annihlilating the custom stuff I’ve done…. =}
    Any body know ? I had heard only wp-admin was vulnerable so just wondering what needs to be overwritten before I upgrade.
    Thanks (and I looked in the download but could not see a changefile, so if I just missed it please excuse me )

Viewing 11 replies - 1 through 11 (of 11 total)
  • well apparently wp-login.php needs to be changed too

    Does anyone have the definitive list of changefiles though ?

    Awesome. Thank you very much. One issue though, I’ve been posting via xmlrpc.php with several applications.
    What is the trigger file for xmlrpc type postings ?
    I’m going to test this on my laptop first before running havoc on my production system… =}
    thanks again,

    A quick talk with a dev says this removal:
    “That sounds like a mistake” so, I’d ‘stay tuned’. 🙂

    Oh, hmm, it seems that I forgot to tell diff to ignore whitespace changes. Oops.

    **What!!!** Now you tell me ???… just kidding.
    I held back :
    kubrick-searchform.php (obviously using modified Kubrick)
    /wp-content/plugins/ (the ones I’ve added)
    and overwrote everything else. I had a modified xmlrpc.php to fix the inability to upload pics in MarsEdit and have removed this. Not sure how I’m going to post with MJ or MarsEdit… =}
    Everything seems to be ok, though my dp-stats2 plugin seems borked and I need to add back in the code to the comments form to support “subscribe to comments” for my rss challenged friends (ot maybe I *won’t*… =} ).
    Everything else seems good though. Any word on he xmlrpc.php ? Need to post some things I’ve written today. !!! =}
    ciao and thanks for the clarifications !
    Any word on the

    I’m sorry. I didn’t realize this until I started to upgrade my wordpress. You did have a backup, right?

    No worries ! Have a backup (**always** make a backup)…
    The upgrade process seems flawless so far though need to alter some files I changed for plugins.
    Any word on the xmlrpc thingy ? Is it an ommission or is there a new way to post via xmlrpc ?
    again… thanks for the clarifications !

    if you sort the files in windows explorer by date, you can also determine which are the new files and upload accordingly to the respective server locales.

    Maybe it’s a good idea if in the future, small (security) updates like this are not only incorporated in the complete download, but also be made available alongside with the complete package, so users can choose to do a complete upgrade or update just the changed files.
    This is a really easy solution that works very well for phpBB: it allows users to upgrade easy without too much thinking. It would also be clearer where to get the right thing since it is communicated through the main site and developers group, and users don’t have to search the messageboards.

    Thanks for the list of files ‘truly’ being updated (as in – were changed).
    I didn’t seek (or find) it until after going ahead and upgrading my site. Thought about looking, but just figured I’d
    (a) backup my whole site,
    (b) hold back my ‘modded/hacked’ files,
    (c) backup the database, and then
    (d) go back and ‘re-modify’ goofed up files after uploading.
    Not a complaint, honest. The upgrade went without a problem (as far as I can tell).
    I hope that in the future that list will be included in the e-mail sent to all subscribers/users (which was nice to recieve – thanks).
    Other suggestions (if I may be so bold):
    – the list of new files could be on the ‘Dev Blog/Developer’ front page where the announcement of this upgrade exists
    – a brief explanation (for noobies explaining what, for devs and more seasoned users, are the obvious):
    — backup all files
    — backup the database
    — make it a habit (in the future) to keep a complete list of
    (a) all the files you’ve hacked / modified
    (b) and what and where those changes were/are in each file
    I just wanted to offer those suggestions. Perhaps, they could make the whole process a bit easier and less intimidating.
    Many thanks to the developers of WordPress. Your blog is the best! I mean that! Just love it!

Viewing 11 replies - 1 through 11 (of 11 total)
  • The topic ‘WP 1.2.1 changed files in distro’ is closed to new replies.