Wordpress Version 2.3.2 Released
Just before the year 2007 ends, Wordpress has released an urgent security version with a fix for a bug that exposes draft posts. The versions DB error page can also be customized with template. It seems that wordpress 2.3.1 has a loop-hole where it can give away your current database’ table structure.
Included in the WP 2.3.2 version were the following fixes:
- sanitize_post and sanitize_post_field are very expensive no-ops
- wp_list_pages – set ‘hierarchical’ to 0 on ‘include’
- Suppress DB errors unless WP_DEBUG is true
- Custom DB Error Page
- Limit post_password exposure in XML-RPC
- etaWeblog.getRecentPosts
- query.php mistakenly uses is_admin() to check for admin privileges
- setup-config.php, install.php don’t check for a valid MySQL connection