WordPress 2.5 was finally released today, after much anticipation. Matt Mullenweg did a comprehensive post on the WordPress Blog about this new update and the changes to 2.5. I won’t go through all the major changes – - just read Matt’s post.. he’s done a nice job of explaining a few things and includes a video on some the enhancements. The WordPress.Org website has undergone a brand new re-design that coordinates with the new design of the WordPress Dashboard, as well. Some very nice improvements in the design you’ll notice when you upgrade to WordPress 2.5 – - it’s a little difficult to get used to, at first, but it’s a lighter interface with, overall, some very nice improvements. I think once users get over the initial shock of everything looking different and being moved around and renamed… the old design will be a distant memory as we all move forward. My only sticky point on the new interface design is that it is all left aligned. On my 1280 monitor – - it’s a little hard to take. But if that’s the worst of it – I’m good.
I ran into a little buggy issue with the image uploader in 2.5 that seems to revolve around the fact that my server runs mod_security. The new image uploader uses a Flash interface and mod_security was rejecting it completely. I could not upload images at all and kept getting errors. (Read my post in the WordPress Support Forum about this issue and the errors).
If you find this to be the case in your situation – disabling mod_security on one file, in particular, has solved the problem for me and I accomplished that by adding the following rules to the .htaccess file in my WordPress installation directory:
<IfModule mod_security.c>
<Files async-upload.php>
SecFilterEngine Off
SecFilterScanPOST Off
</Files>
</IfModule>For me, that worked like a dream – - now the image uploader works fine and I’m able to take advantage of the gallery features with 2.5. Though, if everyone is shutting off security on that one single file – - it will become a file targeted for foolery and exploit, and it won’t take long, so the hole will need to be closed, eventually. Locking that file down to a particular IP is a solution for someone who has that kind of access.
When this weekend is over, I will have completed a PDF chapter that covers the changes in WordPress 2.5. This chapter will be available as a free, downloadable PDF document on Dummies.com, as well as being available here on my site for free download.
This free PDF chapter update for WordPress For Dummies is being done in tandem to the planning and writing of the second edition of WordPress For Dummies, due to be released a bit later this year. This weekend, I am revising the Table of Contents as I plan the content inclusion for the second edition, which will, of course, include WordPress 2.5 updates. Though, due to much feedback I’ve recieved from readers – - there’s much demand for more information on WordPress theme information: tweaking, modifying existing themes, theme development, CSS information , etc. Themes were covered in the first edition – - but on a pretty basic level. We’ll be looking at more in-depth information on themes, template tags and the like with the second edition, as well as more information on upgrading, using custom fields and plugin information.
I’m thrilled that the fine folks at Wiley Publishing recognize the popularity of the WordPress blogging platform and understand the community and the progressive nature of the software development, so much so that they want to keep the book project moving forward, rather than stagnating on the shelves with only a first edition that covers outdated development. This was one of my main concerns when entering into this book project – and they have answered the call. Good on them, I say!
Cross-posted to WPAssist and Blogs About Hosting
Good luck with it.
3:27 pm on March 29th, 2008
[...] to Lisa Sabin-Wilson’s blog and Blogs About [...]
12:12 am on March 30th, 2008
Hi Lisa,the new editon of wordpress has been a milestone and it can be still used with Xmark well.But as I know that the current Xmark theme has been released for quite long time.So do you have any idea on upgrading Xmark in the near future?As a user of Xmark,I hope to see more surprises from you.Thanks.
(» Read liciece’s last blog post..ä¹ æƒ¯äº†)
9:45 am on March 30th, 2008
[...] a dummy, like Roger – Or myself, TheBlogSearcher. lol. Last night, I noticed a tweet came in from Lisa Sabin-Wilson about the new Wordpress 2.5. And I followed her link to her site and read about the new [...]
2:02 pm on March 30th, 2008
I’m really looking forward the second edition. I bought the 1st ed. of the book so I could learn about themes. So I’m exited that the second ed. will go more in depth about them. Hopefully someday you can write a ‘WordPress for Pros’ book, or something like that.
(» Read Zeke’s last blog post..SXSW ‘08: Friday Plus the Last 24hrs)
2:21 pm on March 30th, 2008
@liciece – Been planning to update xMark for quite sometime, now… finding the time to do it is a whole different story altogether. Although, I can say when I do find the time, I do plan on making upgrades and improvements to the theme and will update users on the xMark theme site – thanks for using it!
@Zeke – thanks for dropping by and I’m excited about the second edition, as well
Thanks for reading!
4:43 pm on March 30th, 2008
I was here looking for your thoughts on 2.5, I knew they’d be here
I’ll be looking for your updated chapter for the changes…
(» Read Gary LaPointe’s last blog post..I’m looking for Detroit Local Tweeters (Twitters))
9:49 pm on March 30th, 2008
Yay it worked! thnks! I copy pasted the code into the htaccess file above most of the text there and reuploaded. This worked on an add-on domain I have. yay.
10:50 pm on March 30th, 2008
@Gary – have I become so predictable?
@michin – happy it worked for you
11:49 pm on March 30th, 2008
Thanks for the fix, Lisa.
The gallery is working and it’s a great improvement.
12:40 am on March 31st, 2008
Hello, WP 2.5 is good relase?
(» Read Http500’s last blog post..Juventus – Parma sospesa per lutto)
12:44 am on March 31st, 2008
Now install it!
(» Read Http500’s last blog post..Juventus – Parma sospesa per lutto)
1:43 am on March 31st, 2008
You Rock!
That fix worked a treat. Let’s hope a better option comes up without the risk.
Cheers!
4:58 am on March 31st, 2008
Thanks, Lisa.
That fix saved my day!
6:01 pm on March 31st, 2008
[...] about in the Wordpress forums however if you are having a similar problem I suggest checking out Lisa Sabin-Wilson’s blog as she seems to have found a solution to the problem she was having with the media [...]
6:48 am on April 1st, 2008
Thanx ! This really helped. For code dummies as myself I would like to add my .htaccess as example how the code implementation can look like. To be honest, I had to try & error a bit.
I had to put the 2 new rules
SecFilterEngine Off
SecFilterScanPOST Off
to the end of my code. – Hope this helps
RewriteEngine On
RewriteBase /
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
SecFilterEngine Off
SecFilterScanPOST Off
7:29 am on April 1st, 2008
Pajama MOmmy just updated thanx to my assistant. I like the new look it is definitely something to get used to but I haven’t had any issues with it yet *croses fingers*
(» Read Pajama Mommy’s last blog post..Tostito’s Recipes and Contest!)
3:34 am on April 4th, 2008
[...] upload any image through the new AJAX image uploader. After i search through internet, i found this post, which teach user how to fix this [...]
6:02 pm on April 6th, 2008
A better fix?
This morning I go to a client’s site and my server is deleting the htaccess file. This is happening on all my wordpress blogs. Even when I delete the fix. I have a ticket in with my parent host. Anyone else run into this?
If there is a new fix for this issue (which worked till the auto delete thing began)? I assume, my perent host saw the exploit and took action.
(» Read 12thharmonic’s last blog post..Follow Up: The Green Scare – The Government and Eco-Terrorism)
11:37 pm on April 20th, 2008
I have altered the htaccess code many times now and I still get this message.
Fatal error: Call to undefined function wp_constrain_dimensions() in /home2/newyorka/public_html/wp-admin/includes/image.php on line 173
I’m using safari and FF on a Mac OS 10.5
Help please.
(» Read Sage’s last blog post..Adi visits)
11:42 pm on April 20th, 2008
@Sage – I did a quick Google search on that error message and found this. Give it a shot – good luck!
12:04 pm on April 28th, 2008
Hi Lisa,
It seems like everyone is advocating the fix by editing .htaccess. I tried that but it gives me fatal error and worsens the matter further – it couldn’t even show the upload box.
Sad
6:27 pm on May 1st, 2008
Hi Lisa,
This is a major problem and there are thousands of Google entries reporting it. Your solution worked for me but I have seen other proposed solutions that open mod_security for every file, which seems quite dangerous.
I’m amazed that there is no mention of this issue in the official release notes, and I have no idea how to reach the developers in order to escalate the problem. Perhaps you might be able to elevate it further.
Wonderer
P.S. Loved your book!
9:21 pm on May 1st, 2008
Lisa,
Does 2.5.1 fix this?
8:25 am on May 3rd, 2008
Gary,
The problem is still there in 2.5.1, unless you apply the htaccess mod. I doubt there is any way to fix it within the Wordpress code unless they develop a different method of uploading files.
One has to assume that Wordpress 2.5 and 2.5.1 were only tested on servers with mod_security disabled, otherwise this bug would have been a show-stopper.
Wonderer
8:30 am on May 3rd, 2008
I haven’t installed it yet. But when implementing something nice a new Flash unloader I can’t believe they didn’t leave in the code for the old uploader (just in case); especially with more and more mobile devices coming out I’d hate to exclude WordPress from my choices someday since I need it to work with an non-Flash device.
Gary
10:12 pm on May 3rd, 2008
Just wanted to say thanks so much for publishing that fix. My site requires a lot of images to be posted, and I thought I was up the creek without a paddle for a moment there!
12:55 pm on May 26th, 2008
Here’s the weird thing for me.
Mine uploads the files fine (did not mod anything). I can FTP in to the site and see them, and when I look in the “media library” they’re there.
It’s when I hit “insert into post” the flash frame goes blank and it never inserts my photos. This happens on my leopard Mac in Safari and Firefox (flash 9.x).
Very strange….
Gary
1:39 pm on May 26th, 2008
2 more things:
1) The files are in my media library and appear to be tied to the post.
2) did you stop using the “Read Gary’s last blog post” plug-in? If so, any reason why? (I was thinking of using it, but if the cool kids aren’t using it any more…)
11:34 pm on July 14th, 2008
[...] I still require the .htaccess fix in order to successfully utilize the flash-based image uploader. I posted about this issue when 2.5 first came out (Although, you can now toggle between the Flash uploader and the classic browser-based uploader [...]
3:30 am on August 2nd, 2008
Hi Lisa,
It seems like everyone is advocating the fix by editing .htaccess. I tried that but it gives me fatal error and worsens the matter further – it couldn’t even show the upload box.