WordPress.org

Codex

IRC Meetups/2006/July/July26RawLog

22:00 < rboren> <meetup>
22:00 < rboren> There's one thing on the agenda.
22:00 < rboren> Some security issues with plugins...
22:00 < rboren> That aren't checking caps.
22:01 < rboren> Which I'm looking at. Not much we can do in WP proper except make sure the default plugins are locked down tight.
22:01 < rboren> And remind people to check caps in their plugins.
22:01 < skeltoac> How are the docs on this?
22:02 < rboren> Haven't looked yet.
22:02 < rboren> Need to audit docs.
22:03 < rboren> WP does not check caps for plugins.  All it does is make sure the user is logged in when accessing plugins through the admin.
22:03 < rboren> We fixed some bugs like this for db backup in 2.0.3...
22:04 < rboren> So, we need to audit the default plugins, audit docs to make it clear that plugins need to check caps, and notify authors of compomised plugins.
22:05 ::: bazza [n=bazza@c-24-5-66-10.hsd1.ca.comcast.net] has joined #wordpress-meetup
22:05 < rboren> Anything else on that?
22:06 < rboren> Okay then. Let's talk 2.0.4.
22:06 < rboren> Getting thumbs up on testers list.
22:06 < rboren> We wittled down the bugs against the 2.0.4 milestone pretty well.
22:06 < rboren> I think we should release a beta soonish.
22:06 < rboren> Get one more round of testing.
22:06 < rboren> And get it out the door.
22:07 < skeltoac> Sounds good.
22:08 < rboren> Show and tell time?  Anyone got fun stuff in the works?
22:09 < skeltoac> Scott Wallick (plaintxt.org) and I have been working on a theme
22:09 < mdawaffe> workinng on a slim backpack style plugin for wp
22:09 < mdawaffe> only a local copy at the moment
22:09 < mdawaffe> skeltoac: yeah - that sounds hot
22:09 < skeltoac> thanks mdawaffe
22:10 < skeltoac> We're making it very strong in the markup department
22:10 < skeltoac> and including a skin chooser for picking stylesheets
22:11 < skeltoac> I'd love it if this became the new default theme. It has a Kubrick skin already.
22:11 < skeltoac> It comes with some base stylesheets for 1-col, 2-col and 3-col layouts
22:11 < skeltoac> all using the same markup
22:11 ::: You're now known as westi
22:11 < mdawaffe> skeltoac: do all your fancy classes have any appreciable overhead?
22:12 < mdawaffe> I imagine not
22:12 < skeltoac> mdawaffe: Not that I've seen. They do stuff like is_single
22:12 < skeltoac> mostly bool checks
22:12 < mdawaffe> sure
22:15 < skeltoac> We'll have something for public testing soon.
22:15 ::: gsnedders [n=gsnedder@host81-156-237-58.range81-156.btcentralplus.com] has quit []
22:18 < rboren> I've got nothing else.  Anyone?
22:18 < skeltoac> not so much
22:19 < rboren> Let's call it.
22:19 < rboren> </meetup>


Back to IRC Meetups