Vor drei Tagen ist die neue WordPress Version erschienen.
New features in 4.6 help you to focus on the important things while feeling more at home.
Hm, na dann… :-)
In den paar Installationen, die ich schon aktualisiert habe, lief alles glatt und ohne Auffälligkeiten, daher drücke ich nun auch hier in der Bloghütte den Update Button.
Gestern abend ist eine neue Version mit Sicherheits- und Wartungsfixes erschienen. Bei den diversen Installationen, in die ich involviert bin, hat sich das automatisch aktualisiert, auch bei älteren Versionen als 4.5.2, wie gehabt gibt es die Source aber auch zum Download auf wordpress.org.
WordPress versions 4.5.2 and earlier are affected by several security issues: redirect bypass in the customizer, reported by Yassine Aboukir; two different XSS problems via attachment names, reported by Jouko Pynnönen and Divyesh Prajapati; revision history information disclosure, reported independently by John Blackbourn from the WordPress security
Motivated by the sudden appearance of the "Add to home screen" prompt, I spent the last couple of hours to tune my Service Worker / caching behaviour:
- I can now exclude parts of my site from the service worker. This was an important feature for me, since the WordPress backend didn't sit too well with stubborn cached items.
- I established a number of caches for different items:
-- a "static" cache that has the base css and the page that gets displayed when the network is offline.
-- a "content" cache, that stores up to 25 URLs a visitor has, well, visited, while being online.
-- an "image" cache, that stores up to 45 image files, and finally
-- an "asset" cache for up to 35 files (everything that is not HTML and not an image).
The limits are rather random, but I think each cache has an build-in maximum of 50 entries (?), so to see if it works, I choosed numbers smaller than that.
Ha! It! Really! Works!
I have to admit I was a bit sceptical of the outcome after I tweaked and added things and bits of my website at the Indiewebcamp in Nuremberg, setting up a service worker and offline caching things, adding a manifest file … while in theory I understand what all of this was supposed to do, I felt a bit dumb for not completly grasping how to control the stuff.
So as so often when learning new tricks on the web, it started with copy/pasting a working solution and trying to adapt this to my ideas.
It's about time for a write-up of the latest tweaks and developments on my site to get this note/status posting and syndicating over to twitter working, which is still a little bit messy, a mixture of plugins and self-made hacks.
There's still plenty to do, but slowly it is coming together:
- I am using normal WordPress posts, but with the custom post format of 'status' for the 'tweets'. Maybe I'll switch this to a custom post type, which will make excluding these posts from the 'normal' loop and rss feeds ...
I'm in the process of gradually enhancing my site's markup with microformats, in order to "indiewebify" my site further.
On thing I noticed while working on this at the Düsseldorf Indiewebcamp, is that WordPress (or the way my theme handles) tags on posts has no way to get an additional class inside the link markup. I noticed this while POSSEing to flickr -- my categories were transferred, my tags not so much, because the class="p-category" was missing. I found a way to modify the the_tags output by hooking into WP's term_links-$taxonomy filter in my theme's function.php.
Maybe there's a smarter ...
Heute Nacht ist ein neues Sicherheitsupdate für WordPress erschienen und hat sich hier bei mir auch auf diversen Seiten selbst aktualisiert:
WordPress versions 4.5.1 and earlier are affected by a SOME vulnerability through Plupload, the third-party library WordPress uses for uploading files. WordPress versions 4.2 through 4.5.1 are vulnerable to reflected XSS using specially crafted URIs through MediaElement.js, the third-party library used for media players. MediaElement.js and Plupload have also released updates fixing these issues.