[wp-testers] WordPress 2.0.7-RC1

Mark Jaquith mark.wordpress at txfx.net
Thu Jan 11 06:53:41 GMT 2007 

I know we said 2.0.6 would be the last release before 2.1 launches,  
but a handful of bugs floated to the surface and a PHP security issue  
for certain configurations was recently identified, so we're going  
forward with a very small 2.0.7 update.  Here's our first release  
candidate.

	http://wordpress.org/beta/wordpress-2.0.7-RC1.zip

Changes:

	1. worked around a PHP bug for PHP4 < 4.4.3 and PHP5 < 5.1.4 with  
register_globals ON
	  that could lead to SQL injection or other security breaches
	2. Feeds should properly show 304 Not Modified headers (a.k.a. the  
FeedBurner bug)
	   instead of mismatched 200/304 headers
	3. Backport of another 304 Not Modified fix from trunk (Etag  
mismatch on certain hosts would
	   cause 200 OK and content to always be served, a waste of bandwidth)
	4. Deleting WP Pages no longer gives an "Are You Sure?" prompt
	5. After deleting a WP Page, you are properly redirected to the Edit  
Pages screen
	6. Sending an image at original size in IE no longer adds an  
incorrect "height" attribute

And that's it.  Test this one NOW.  We want to release it as soon as  
possible.  I'm particularly interested in:

	- PHP < 4.3.5 (Apache w/ mod_php, Apache w/ CGI, Apache w/ FastCGI,  
IIS)
	- IIS
	- Lighttpd/LiteSpeed

To test feeds' 304 Not Modified headers, I recommend getting the Live  
HTTP Headers extension for Firefox:

	http://livehttpheaders.mozdev.org/

A. Warming up:

	1. Make sure that Firefox will display feeds (and not pipe them to  
an external RSS viewer)
	2. Disable any caching plugins on your site like WP-Cache
	3. Upload the 2.0.7 files (no need to run an upgrade)
	4. Clear your Firefox cache

B. Testing procedure:

	1. Open up Live HTTP Headers (Tools > Live HTTP Headers)
	2. Visit http://yoursite.com/wp-rss2.php?test=123
	3. Verify that the response header for /wp-rss2.php?test=123 is 200 OK
	4. Clear the Live HTTP Headers output
	5. Reload the feed
	6. Verify that the response header for /wp-rss2.php?test=123 is 304  
Not Modified

There should be no conflicting Status: header (that is, any Status  
header should match the response code of the main HTTP response header).

NOTE: The ?test=123 part is just to make sure that your first request  
isn't already cached.

Next, try basic WordPress functions like logging in, writing an  
entry, writing a page, and deleting a page.

Let me know how it goes.  Please include PHP version, server, and  
server API (e.g. PHP 5.2/Apache/FastCGI)  If you're unsure about your  
headers, paste the Live HTTP Headers output in your response, or send  
me your feed's URL to check out.

(BE SURE TO REMOVE ANY COOKIE-RELATED HEADERS!  IF YOU ARE UNSURE,  
SEND YOUR RESPONSE DIRECTLY TO ME)

--
Mark Jaquith
http://markjaquith.com/

Covered Web Services
http://covered.be/

More information about the wp-testers mailing list