Finally some more or less security related patches to WordPress 2.8.4 have been released yesterday resulting in version 2.8.5. Some of my code went in as well, so hopefully ranting did work out. I was not able to fully review the update but most eval and create_function “breakpoints” have been removed for now.
The release is entitled as beign a “hardening release” by the official Blog. What does that mean? Very simple, it’s hardening because WordPress is not aware of actual exploits to their codebase but they are clever enough that they can assume it actually should be exploitable. I would call it hardening if they pick up some weeks doing a full code review and refactoring. This would acutally make sense while switching to PHP 5 but this is currently not on the WordPress agenda. Next PHP Version for WordPress will be PHP 4.4.x. You may ask now, what is the opposite of hardening? So this is another step on the long way of WordPress to a more mature codebase. If code would be poetry, then WordPress code is the crap you would get next to a supermarket’s cashpoint.
