Fedmich’s Life

WordPress 2.8.6 is available!

2.8.6 fixes two security problems that can be exploited by registered, logged in users who have posting privileges. If you have untrusted authors on your blog, upgrading to 2.8.6 is recommended.
The first problem is an XSS vulnerability in Press This discovered by Benjamin Flesch. The second problem, discovered by Dawid Golunski, is an issue with sanitizing uploaded file names that can be exploited in certain Apache configurations. Thanks to Benjamin and Dawid for finding and reporting these.

Download

Received another testimonial on GetAFreelancer, http://fedmich.com/works/#2
this one came from josefrei, Unterhaching, Germany

Details of the Recommendation/Feedback:

Fedmich is great. He provides excellenct service, delivers quickly and reliably, and in addition is always doing more than required. When he updated my WordPress blogs he also installed important plugins and checked all settings. He is a pleasure to work with and I recommend him highly to everybody.

Service Category: Wordpress upgrades, automatic, essential plugins, wordpress themes, security check, spam protection, spamfree, akismet
Rating: 10 of 10

Aww, we need to upgrade again I guess… annoying indeed

from wordpress admin:

Yesterday a vulnerability was discovered: a specially crafted URL could be requested that would allow an attacker to bypass a security check to verify a user requested a password reset. As a result, the first account without a key in the database (usually the admin account) would have its password reset and a new password would be emailed to the account owner. This doesn’t allow remote access, but it is very annoying.

We fixed this problem last night and have been testing the fixes and looking for other problems since then. Version 2.8.4 which fixes all known problems is now available for download and is highly recommended for all users of WordPress.

WordPress 2.8.3 Security Release

from the website it says,

Unfortunately, I missed some places when fixing the privilege escalation issues for 2.8.1. Luckily, the entire WordPress community has our backs. Several folks in the community dug deeper and discovered areas that were overlooked. With their help, the remaining issues are fixed in 2.8.3. Since this is a security release, upgrading is highly recommended. Download 2.8.3, or upgrade automatically from your admin.

use linkbucks to your comment author link on your wordpress blogs

if(function_exists(‘add_filter’)){<br /> function get_comment_author_link_linkbucks() {<br /> $lb_id = ‘2abd85da’; //change this to a new full script id<br /> $url = get_comment_author_url();<br /> $author = get_comment_author();<br /> if (empty( $url ) || ‘http://’ == $url){<br /> $ret = $author;<br /> } else{<br /> $ret =”<a rel="nofollow" href='http://$lb_id.linkbucks.com/url/$url' rel='external nofollow' class='url' target='_blank'>$author</a>“;<br /> }<br /> return $ret;<br /> }</p> <p> add_filter(‘get_comment_author_link’, ‘get_comment_author_link_linkbucks’);<br /> }