WordPress.org

Make WordPress Core

Changes between Version 1 and Version 2 of Ticket #15694, comment 38


Ignore:
Timestamp:
07/24/15 05:48:05 (2 years ago)
Author:
chriscct7
Comment:

Legend:

Unmodified
Added
Removed
Modified
  • Ticket #15694, comment 38

    v1 v2  
    1010The code committed in this ticket was reviewed by the security team for a very very long time. The policy of the security team is not to comment on security issues until after the team is convinced the majority of the sites that are affected have updated. So I won't discuss the reasoning for the update, other than to point out that as stated on the make.wordpress.org article, there was not an opportunity to alert the plugins authors ahead of time, or to have the code in trunk well ahead of time without putting the security of websites in danger. 
    1111 
    12 That being said this change only broke sites that utilize a handful of plugins that encouraged a use of shortcodes (within HTML attributes) for which the Shortcode API was never intended or designed to be used (see the other make.wordpress.org post for that). 
     12That being said this change only broke sites that utilize a handful of plugins that encouraged a use of shortcodes (within HTML attributes) for which the Shortcode API was never intended or designed to be used (see the other make.wordpress.org post for that). Well over 99.99% of plugins will be completely unaffected by these changes.  
    1313 
    1414> The idea of having these auto-updates when they began was not to make any significant changes that would break people’s sites without a dire need and plenty of notice about new guidelines.