Tag Archives: wordpress


今天WordPress更新到2.8.6,更新日志如下: Fixed an XSS vulnerability in Press This  (修正了press-this.php的XSS漏洞) Fixed issue with sanitizing uploaded file names that can be exploited in certain Apache configurations  (修正上传特殊文件名可能引起Apache溢出的漏洞) 改动的文件列表: wp-admin\press-this.php w… Read More »

wordpress 2.8.5发布

■Fix for trackback DOS ■Removal of permalink_structure eval ■Remove some create_function() calls ■Disallow unfiltered uploads by default, even for admins. Enable it again with define(‘ALLOW_UNFILTERED_UPLOADS’, true); in wp-config.php ■Add extra escapes here and there for some backside coverage ■Retire two old importer… Read More »

wordpress出现:require(wp-blog-header.php) [function.require]: failed to open stream……解决办法

今天升级2.8.4完了居然发现roov.org访问不了了,首页两行英文: Warning: require(wp-blog-header.php) [function.require]: failed to open stream: No such file or directory in e:\www\web\roov.org\wwwroot\index.php on line 17 Fatal error: require() [function.require]: Failed opening required ‘wp-blog-header.php’ (include_path=… Read More »

Wordpress 2.8.4 正式推送

今晚回来发现2.8.4开始通过后台推送了,到各个友链去看了看,基本上都是这条消息作为头条。 下面是官方的更新说明: Yesterday a vulnerability was discovered: a specially crafted URL could be requested that would allow an attacker to bypass a security check to verify a user requested a password reset. As a result, the first ac… Read More »