Published on Monday, 5th March 2007 .
I think I must be having a WordPress day…
Following on from the upgrade to 2.1.2 earlier this morning (and a successful technical interview for a BizTalk job in London!) I’ve also upgraded the my theme to better use the post column for images.
This new theme is based on ‘Origami’ developed by Leevi Graham and Tim Heuer with a few of the bells and whistles removed that I didn’t want.
There are a few teething troubles (like random links that don’t want to obey the styling – as you can see above), but I’m pleased about the overall result.
Published on Monday, 5th March 2007 .
As reported on Slashdot and on the WordPress.org blog, the 2.1.1 release of the WordPress blogging system was hacked sometime towards the end of February/beginning of March.
The hacker gained user-level access to one of the servers that powers wordpress.org, and modified two files to include code that would allow for remote PHP execution. Although details are sketchy, the WordPress blog details problems with the wp-includes folder, especially the theme.php and feed.php files and any query string with “ix=” or “iz=” in it.
WordPress recommend upgrading to 2.1.2 immediately. The latest .zip and tarballs can be found here.
This issue comes at the same time as the PHP Security blog attempts to raise awareness of general PHP vulnerabilities. Not a great time for the PHP folks.