Welcome, visitor! [ Login | Sign Up ]

WordPress 2.32 Released – Update Your Blog Now

wordpress database error page If you haven’t already heard, the latest version of WordPress has been released. It includes a number of changes including one security fix (vulnerability for people to see your draft posts), and my favorite new addition — support for a custom database error page. The error page (db-error.php) will be displayed when WordPress has a problem connecting to your database, instead of cryptic and embarrassing php coded and WordPress branded error message.

Typically if you’ve wanted to have a custom error page you needed to edit the /wp-includes/wp-db.php and /wp-includes/functions.php files. This isn’t difficult to do but it’s editing the core WordPress files which typically get overwritten the next time you upgrade your instance of WordPress. I’ve actually done this for my blog so it’s been a pain when it comes time to upgrade but in my opinion it’s worth the trouble. Now with this new db-error.php addition, it will save me the hassle!

After upgrading to the latest version of 2.32, I discovered that the db-error.php page isn’t included. You need to create a db-error.php file and then create the appropriate html code and place it in the wp-content directory such that its location will be wp-content/db-error.php. I’m not sure why it’s not in your themes folder instead since it can easily get misplaced and each theme should have it’s own version (so you can style it accordingly). Quick Online Tips and 5ThirtyOne both provide simple db-error.php templates you can use for your blog. Like both posts mention, I’d also make sure to include your blog’s css so it’s branded and more professional-looking.

Here is a list of most of the changes in detail:

  • Performance improvements for post sanitization when raw content is required
  • Changes to is_admin() to ensure that it is only true for admin pages thereby protecting against exposing draft posts
  • Suppression of database errors unless WP_DEBUG is true
  • Check for valid database connection information during install and display and error if the install fails due to database rights
  • Support for a custom database down page to be displayed on database connection errors
  • Changes to make sure we are more selective in what we make clickable, this introduces different rules for different uri types
  • Changes to wp-mail.php to escape the error messages when displaying them to avoid a possible XSS attack
  • Changes to ensure that the post password is only exposed by the xmlrpc method metaWeblog.getRecentPosts to users with rights to edit a post
  • Changes to the information exposed the wp.getAuthors xmlrpc method to reduce the information exposed and add a capabilites check
  • Addition of extra capabilites checks to xmlrpc methods
  • Addition of extra capabilites checks to APP server
  • Changes to validate_file() to improve its traversal attempt detection when running on windows

So if you haven’t already, it’s a good idea to upgrade to this latest version of WordPress 2.32. Make sure to backup your database, wp-config.php and theme files before you do just to be safe. It’s also smart to make sure all your plugins are going to be compatible with this newer WordPress version. Since it’s only a small upgrade it most likely won’t be a problem. I wish WordPress would tell you which files actually need to be updated instead of expecting you to download and overwrite all files. They should do this for at least the small upgrades like this. Not only is it a waste of download and upload bandwidth, but it takes time and potentially brings your blog down during the maintenance.

Upgrade to WordPress 2.3.2 now

Ready to super charge your blog? Check out our partners professional premium WordPress themes!

If you like this post then please consider subscribing to our eBlog Templates RSS feed. You can also subscribe by email and have new templates and articles sent directly to your inbox.


7 Responses to “WordPress 2.32 Released – Update Your Blog Now”

Chuck on Jan 26, 2008, 12:02 pm  

db-themes.php should definitely be the themes directory… strange. thanks for the info.

David Cowgill on Jan 26, 2008, 10:28 pm  

Yeah, really. They should at least put a default db-error.php page in there.

It’s not very clear that you need to create your own page. At least they added the feature though! 🙂

Andy T on Mar 29, 2008, 10:45 pm  

Word Press 2.5 is available now! Anyone has some on hand experience? Any bugs? I know this is a major upgrade version. Will my old themes work fine with new WordPress 2.5?

David on Mar 30, 2008, 8:39 am  

Andy, from what I’ve read there have been zero theme incompatibilities thus far which is great news. Most of the changes are to the features and platform so no database or function changes (which sometimes break themes). I’ve downloaded 2.5 but have yet to install it. I’ll give it a go on at least one of my blogs but will probably wait for 2.51 to come out before upgrading my major sites.

It looks really cool though and I’m excited to start using it!

Andy T on Apr 2, 2008, 8:47 pm  

I may take your idea to upload WP 2.5 to a free server to test it out before I put it on life.

David on Apr 3, 2008, 7:34 am  

Andy, I would highly recommend that. I installed WordPress 2.5 on my localhost and actually don’t like it. It has some cool features but I’m not happy with the new layout. For example, the post layout screen is fixed width and everything is left aligned. It will take some time before I officially make the change across my blog network. You might have a different opinion after you install it so I’d be interested to hear what you think.

Andy T on Apr 4, 2008, 6:43 am  

I may wait and see a while before I try it. I don’t want to fight with my WP 2.5 [we used to fight with out window 3.1, 95, 2000]. Just like window vista, I still using window XP due to some of the commercial application I use, which not yet support window vista.