security

You are currently browsing articles tagged security.

2.3 Release

August 10, 2008 by Benedict Eastaugh | 33 comments

Tarski 2.3 adds full compatibility with the SSL admin enhancements from WordPress 2.6, and adds a number of security, stability and compatibility improvements. Details are available in the changelog. Please note that WordPress 2.6 is required for this release.

WordPress 2.6 introduced better support for a secure connection to the administrative area, which Ryan Boren covered pretty thoroughly in this article. Tarski 2.3 adds full support for this functionality, so you should now be able to save your Tarski options when using the admin area over SSL. However, due to the use of a number of new functions, WordPress 2.6 is a requirement.

A couple of minor security improvements have also been made. The Tarski options page can now only be accessed by users with the edit_themes capability. WordPress’ role system wraps around a capability-based user model, and it’s more secure to tie functionality to those capabilities than to roles which are more malleable.

As well as fixing a bug in the Links template, a number of tweaks have been made to improve Tarski’s performance and reliability. A long-standing problem with the upgrade process, where widget sidebar settings might be lost, has now been fixed. Tarski is also more reliant on WordPress’ own APIs, which should allow it to take advantage of performance and stability improvements made in the WordPress core.

In addition to this, the new navbar selector introduced in Tarski 2.2 is now fully compatible with Internet Explorer 6 and 7. There weren’t any reports of problems, presumably because Tarski users are more discriminating than the median internet citizen, but good cross-browser compatibility is a worthy goal nonetheless.

Thank you to everyone who tested the release candidates; I can only assume from the lack of responses that everything worked perfectly. Enjoy the new release.

Please post bugs and suggestions on the forum.

Tags: , , ,

1.6 Release

August 17, 2007 by Benedict Eastaugh | 10 comments

Despite only releasing the previous version a month or so ago, we decided to call this release Tarski 1.6 since there have been some fairly major changes. You can obsess over the details in the changelog as usual.

Perhaps most importantly, the header selection code in the Tarski Options page has been almost completely rewritten, although it preserves the same functionality as before. Where before it relied on JavaScript being enabled in the user’s browser, it now degrades gracefully—when JavaScript and CSS are disabled, it will still be functional, building up from an HTML skeleton rather than down from a JavaScript implementation. For this you can thank Chris Erwin, author of the Checkbox & Radio Input Replacement script that makes our new header selection code tick, and Richard Fliam who did some sterling work making our implementation compatible with Internet Explorer.

In line with other changes being phased into the WordPress admin panel, we’ve switched our required JavaScript library to jQuery, which now does the show and hide legwork for the sidebar options selection. The comments file has also been rewritten, stripping out some forty lines of code and resulting in a cleaner, leaner and more maintenance-friendly file.

We’ve also fixed several bugs, including both a recently introduced one where the ‘Author’ field in the comments form was being filled by the author link of the last commenter, and a very long-standing one where comments display was screwed up for users of the ‘Recent Articles’ sidebar widget (many thanks to Peter Cawley for providing this and other fixes).

The new update notification system will hopefully pass unnoticed, as a seamless replacement for the old one. Essentially it’s just an Atom feed, which Tarski checks whenever you visit the Dashboard or Tarski Options page (I may look into caching results for the next version). This is more secure, and allows the notification text to be translated—something that wasn’t possible with the old system. Niels Leenheer’s Feedparser does the heavy lifting.

1.5 translations have been frozen and the latest translations can be found in the translations trunk directory as usual. Just as a heads-up, this will probably be our last major release before WordPress 2.3 comes out. Enjoy the rest of your summer, and we’ll see you in September for Tarski 1.7.

Bugs, suggestions and new translations to the forum please.

Tags: , , , , , , , , , , , , , ,