Archives

Month: September 2017

Global WordPress Translation Day 3

On September 30 2017, the WordPress Polyglots Team – whose mission is to translate WordPress into as many languages as possible – will hold its third Global WordPress Translation Day, a 24-hour, round-the-clock, digital and physical global marathon dedicated to the localisation and internationalisation of the WordPress platform and ecosystem, a structure that powers, today, over 28% of all existing websites.

The localisation process allows for WordPress and for all WordPress-related products (themes and plugins) to be available in local languages, so to improve their accessibility and usage and to allow as many people as possible to take advantage of the free platform and services available.

In a (not completely) serendipitous coincidence, September 30 has also been declared by the United Nations “International Translation Day”, to pay homage to the great services of translators everywhere, one that allows communication and exchange.

The event will feature a series of multi-language live speeches (training sessions, tutorials, case histories, etc.) that will be screen-casted in streaming, starting from Australia and the Far East and ending in the Western parts of the United States.

In that same 24-hour time frame, Polyglots worldwide will gather physically in local events, for dedicated training and translations sprints (and for some fun and socializing as well), while those unable to physically join their teams will do so remotely.

A big, fun, useful and enlightening party and a lovely mix of growing, giving, learning and teaching, to empower, and cultivate, and shine.

Here are some stats about the first two events:

Global WordPress Translation Day 1

  •   448 translators worldwide
  •   50 local events worldwide
  •   54 locales involved
  •   40350 strings translated, in
  •   597 projects

Global WordPress Translation Day 2

  •   780 translators worldwide
  •   67 local events worldwide
  •   133 locales involved
  •   60426 strings translated, in
  •   590 projects

We would like your help in spreading this news and in reaching out to all four corners of the world to make the third #WPTranslationDay a truly amazing one and to help celebrate the unique and fundamental role that translators have in the Community but also in all aspects of life.

A full press release is available, along with more information and visual assets at wptranslationday.org/press.

For any additional information please don’t hesitate to contact the event team on press@wptranslationday.org.

WordPress 4.8.2 Security and Maintenance Release

WordPress 4.8.2 is now available. This is a security release for all previous versions and we strongly encourage you to update your sites immediately.

WordPress versions 4.8.1 and earlier are affected by these security issues:

  1. $wpdb->prepare() can create unexpected and unsafe queries leading to potential SQL injection (SQLi). WordPress core is not directly vulnerable to this issue, but we’ve added hardening to prevent plugins and themes from accidentally causing a vulnerability. Reported by Slavco
  2. A cross-site scripting (XSS) vulnerability was discovered in the oEmbed discovery. Reported by xknown of the WordPress Security Team.
  3. A cross-site scripting (XSS) vulnerability was discovered in the visual editor. Reported by Rodolfo Assis (@brutelogic) of Sucuri Security.
  4. A path traversal vulnerability was discovered in the file unzipping code. Reported by Alex Chapman (noxrnet).
  5. A cross-site scripting (XSS) vulnerability was discovered in the plugin editor. Reported by 陈瑞琦 (Chen Ruiqi).
  6. An open redirect was discovered on the user and term edit screens. Reported by Yasin Soliman (ysx).
  7. A path traversal vulnerability was discovered in the customizer. Reported by Weston Ruter of the WordPress Security Team.
  8. A cross-site scripting (XSS) vulnerability was discovered in template names. Reported by Luka (sikic).
  9. A cross-site scripting (XSS) vulnerability was discovered in the link modal. Reported by Anas Roubi (qasuar).

Thank you to the reporters of these issues for practicing responsible disclosure.

In addition to the security issues above, WordPress 4.8.2 contains 6 maintenance fixes to the 4.8 release series. For more information, see the release notes or consult the list of changes.

Download WordPress 4.8.2 or venture over to Dashboard → Updates and simply click “Update Now.” Sites that support automatic background updates are already beginning to update to WordPress 4.8.2.

Thanks to everyone who contributed to 4.8.2.

The Month in WordPress: August 2017

While there haven’t been any major events or big new developments in the WordPress world this past month, a lot of work has gone into developing a sustainable future for the project. Read on to find out more about this and other interesting news from around the WordPress world in August.


The Global WordPress Translation Day Returns

On September 30, the WordPress Polyglots team will be holding the third Global WordPress Translation Day. This is a 24-hour global event dedicated to the translation of the WordPress ecosystem (core, themes, plugins), and is a mix of physical, in-person translation work with online streaming of talks from WordPress translators all over the world.

Meetup groups will be holding events where community members will come together to translate WordPress. To get involved in this worldwide event, join your local meetup group or, if one is not already taking place in your area, organize one for your community.

You can find out more information on the Translation Day blog and in the #polyglots-events channel in the Making WordPress Slack group.

WordPress Foundation to Run Open Source Training Worldwide

The WordPress Foundation is a non-profit organization that exists to provide educational events and resources for hackathons, support of the open web, and promotion of diversity in the global open source community.

In an effort to push these goals forward, the Foundation is going to be offering assistance to communities who would like to run local open source training workshops. A number of organizers have applied to be a part of this initiative, and the Foundation will be selecting two communities in the coming weeks.

Follow the WordPress Foundation blog for updates.

Next Steps in WordPress Core’s PHP Focus

After last month’s push to focus on WordPress core’s PHP development, a number of new initiatives have been proposed and implemented. The first of these initiatives is a page on WordPress.org that will educate users on the benefits of upgrading PHP. The page and its implementation are still in development, so you can follow and contribute on GitHub.

Along with this, plugin developers are now able to specify the minimum required PHP version for their plugins. This version will then be displayed on the Plugin Directory page, but it will not (yet) prevent users from installing it.

The next evolution of this is for the minimum PHP requirement to be enforced so that plugins will only work if that requirement is met. You can assist with this implementation by contributing your input or a patch on the open ticket.

As always, discussions around the implementation of PHP in WordPress core are done in the #core-php channel in the Making WordPress Slack group.

New Editor Development Continues

For a few months now, the core team has been steadily working on Gutenberg, the new editor for WordPress core. While Gutenberg is still in development and is some time away from being ready, a huge amount of progress has already been made. In fact, v1.0.0 of Gutenberg was released this week.

The new editor is available as a plugin for testing and the proposed roadmap is for it to be merged into core in early 2018. You can get involved in the development of Gutenberg by joining the #core-editor channel in the Making WordPress Slack group and following the WordPress Core development blog.


Further reading:

  • On the topic of Gutenberg, Matt Mullenweg wrote a post to address some of the concerns that the community has expressed about the new editor.
  • A new movement has started in the Indian WordPress community named JaiWP — the organizers are seeking to unite and motivate the country’s many local communities.
  • Merlin WP is a new plugin offering theme developers an easy way to onboard their users.
  • Ryan McCue posted an ambitious roadmap for the future of the WordPress REST API — many contributions from the community will be needed in order to reach these goals.
  • Want to know what you can expect in the next major release of WordPress? Here’s a look at what the core team is planning for v4.9.
  • To help combat the difficulties that Trac presents to WordPress Core contributors, Ryan McCue built an alternative platform dubbed Not Trac.
  • v1.3.0 of WP-CLI was released earlier in the month, adding a whole lot of great new features to the useful tool.

If you have a story we should consider including in the next “Month in WordPress” post, please submit it here.