WordPress Patch Update From 220.127.116.11 to 18.104.22.168 Now AvailableBy Angsuman Chakraborty, Gaea News Network
Thursday, June 30, 2005
WordPress developers have posted yet another “security” update. Again, as always, you have to delete everything (except wp-content/ and config.php) and re-install from scratch. If you are, like me, tired of these frequent updates (after having finally updated to 22.214.171.124) then this patch is for you. With this little patch (24K zipped) (assuming you are already on 126.96.36.199) you will be updating just the 5 affected files.
This time too they are mysteriously silent about the security defect as before. I am tired of re-installing from scratch for every mysterious security defects.
It appears that they are still working on fixing remnants of the old issue where parameters to query string (like ?p= ) were not checked. Well, now you know it!
I suggest that WP developers should do a full code review to find any other bugs associated with non-checking of query strings and issue a single update, if necessary, instead of all these incremental updates.
I have taken the 5 files which were actually updated for WordPress 188.8.131.52 and created a zip file from it. I verified using CSDiff that they are actually the files which were changed. Also they changed readme.html (change: “1.5″ changed to “1.5.1″) which I haven’t included for brevity.
Use this only if you have already updated your WordPress blog to 184.108.40.206. You have been warned!
Download it and unzip to your WordPress root folder (where config.jsp resides). It will overwrite 5 files. If you are on Linux use unzip, on windows use WinZip etc.
My Linux session went like this:
unzip wp-content/upload/WP220.127.116.11PatchFrom18.104.22.168.zip Archive: wp-content/upload/WP22.214.171.124PatchFrom126.96.36.199.zip replace xmlrpc.php? [y]es, [n]o, [A]ll, [N]one, [r]ename: y inflating: xmlrpc.php replace wp-includes/version.php? [y]es, [n]o, [A]ll, [N]one, [r]ename: y inflating: wp-includes/version.php replace wp-includes/functions-post.php? [y]es, [n]o, [A]ll, [N]one, [r]ename: y inflating: wp-includes/functions-post.php replace wp-admin/post.php? [y]es, [n]o, [A]ll, [N]one, [r]ename: y inflating: wp-admin/post.php replace wp-login.php? [y]es, [n]o, [A]ll, [N]one, [r]ename: y inflating: wp-login.php
Note: I could have used the -o flag to overwrite the files silently without prompting. I decided not to as it gives you a visual confirmation that the proper files at proper locations are being overwritten.
I have tested it successfully on two blogs including this one.
Obligatory Warning: Please make backup of WordPress directory and everything else under Sun, if you so desire.
Obligatory Disclaimer: Use at your own risk. No warranty expressed or implied is provided.