WordPress Patch Update From 1.5.1.2 to 1.5.1.3 Now Available
WordPress developers have posted yet another “security” update. Again, as always, you have to delete everything (except wp-content/ and config.php) and re-install from scratch. If you are, like me, tired of these frequent updates (after having finally updated to 1.5.1.2) then this patch is for you. With this little patch (24K zipped) (assuming you are already on 1.5.1.2) you will be updating just the 5 affected files.
This time too they are mysteriously silent about the security defect as before. I am tired of re-installing from scratch for every mysterious security defects.
It appears that they are still working on fixing remnants of the old issue where parameters to query string (like ?p= ) were not checked. Well, now you know it!
I suggest that WP developers should do a full code review to find any other bugs associated with non-checking of query strings and issue a single update, if necessary, instead of all these incremental updates.
I have taken the 5 files which were actually updated for WordPress 1.5.1.3 and created a zip file from it. I verified using CSDiff that they are actually the files which were changed. Also they changed readme.html (change: “1.5″ changed to “1.5.1″) which I haven’t included for brevity.
Use this only if you have already updated your WordPress blog to 1.5.1.2. You have been warned!
Usage
Download it and unzip to your WordPress root folder (where config.jsp resides). It will overwrite 5 files. If you are on Linux use unzip, on windows use WinZip etc.
My Linux session went like this:
unzip wp-content/upload/WP1.5.1.3PatchFrom1.5.1.2.zip Archive: wp-content/upload/WP1.5.1.3PatchFrom1.5.1.2.zip replace xmlrpc.php? [y]es, [n]o, [A]ll, [N]one, [r]ename: y inflating: xmlrpc.php replace wp-includes/version.php? [y]es, [n]o, [A]ll, [N]one, [r]ename: y inflating: wp-includes/version.php replace wp-includes/functions-post.php? [y]es, [n]o, [A]ll, [N]one, [r]ename: y inflating: wp-includes/functions-post.php replace wp-admin/post.php? [y]es, [n]o, [A]ll, [N]one, [r]ename: y inflating: wp-admin/post.php replace wp-login.php? [y]es, [n]o, [A]ll, [N]one, [r]ename: y inflating: wp-login.php
Note: I could have used the -o flag to overwrite the files silently without prompting. I decided not to as it gives you a visual confirmation that the proper files at proper locations are being overwritten.
I have tested it successfully on two blogs including this one.
Obligatory Warning: Please make backup of WordPress directory and everything else under Sun, if you so desire.
Obligatory Disclaimer: Use at your own risk. No warranty expressed or implied is provided.
Update: Includes Ryan Duff’s latest patch to fix xmlrpc issues.
Update: If you are looking to upgrade from 1.5.1 to 1.5.1.3 then use Shaky’s patch.
Filed under CMS Software, Computer Security, Headline News, How To, Pro Blogging, Web, WordPress | 
| 
RSS 2.0 |
Trackback this Article
| 
Email this Article
You may also like to read |
Add to Technorati Favorites
June 30th, 2005 at 9:07 am
[...] WordPress ayer presentó su versión 1.5.1.3, que corrige un agujero de seguridad. Aquà podréis encontrar el comunicado y supongo que los pasos para actualizar de manera oficial a la nueva versión. Si usas WordPress 1.5.1.2 te interesará saber que ha salido un patch para actualizar SÓLO SI TIENES WP1.5.1.2 que se trata en bajar el paquete, descomprimirlo y reescribir los ficheros con tu http://FTP. Como siempre se recomienda hacer una copia de seguridad de los archivos de tu blog y un backup de tu base de datos. Yo ya he actualizado de este modo dos blogs. [...]
June 30th, 2005 at 1:33 pm
[...] There appears to be some disquiet in the WordPress community following the latest security update, the fourth in just a few short weeks. As a newcomer to WordPress of just a couple of months, I am saddened to see harsh criticism coming from unexpected quarters. Both MacManX and Angsuman - two regular support hero’s - being openly critical of the platform and the updates. And, as happened with previous patches, a lot of the userbase having problems with the upgrade. [...]
June 30th, 2005 at 5:05 pm
[...] Vía Planeta WordPress me entero de un parche para pasar a WordPress 1.5.1.3 sin tener que subir todos los ficheros y que teneis más información en esta web. [...]
June 30th, 2005 at 7:04 pm
This is great! Will you be planning to release similar update packages in the future?
P.S. You may want to edit the title of this post. Just read it once, you’ll see what I mean. ^_-
June 30th, 2005 at 8:18 pm
@MacManX
Thanks for the catch.
I will try to make such releases in future too.
I just hope they get the cue and include this as part of release management.
July 2nd, 2005 at 4:23 am
[...] Édité à 12h20 — Après avoir posé la question sur le forum WordPress, j’ai obtenu l’adresse d’un script automatisant le passage de WordPress 1.5.1.2 à 1.5.1.3. Dommage que la WordPress team ne fournisse pas elle-même ce genre de script, car j’imagine que pour les gens ayant peu de connaissance en informatique la mise à jour de WP est un vrai casse-tête ! [...]
July 2nd, 2005 at 2:34 pm
Thank you for doing this. I had already made the change when I found your site, but I will certainly keep you bookmarked for the future! Luckily, since I’m still learning how to work with WordPress, I have not yet begun to investigate the world of plugins, so I had nothing to break and therefore, the upgrade went quickly and flawlessly.
It is most kind of you to make the effort and share it with the rest of us.
July 4th, 2005 at 1:58 am
[...] Owen offers some advice on keeping WordPress v1.5.x up to date via SVN. Michael Heilemann prefers to store his ideas via an archaic analog system. Khaled releases Rin v1.1. Michael Hampton foresees the end of free speech. Jon switches to WordPress. Orson discusses the importance of understanding animals. Angsuman releases an automated WordPress v1.5.1.2 to v1.5.1.3 patch upgrade. Mark debunks yet another asinine statement about the U.S. military. Tom reports that business blogging “more than pays for itself.” And, Podz receives a confusing response from Google. [...]
July 5th, 2005 at 3:41 am
Brilliant! Worked like a charm. Thanks
July 6th, 2005 at 1:32 am
Great work, thanks. Make the upgrade much easier! I didn’t really relish the idea of doing a complete upgrade, backing everything up etc. This way, only the relevant files needed to be thought about.
Let’s hope the WP crew realise the logic of it all; if not, keep it up!
July 6th, 2005 at 7:57 am
WordPress Patch Update From 1.5.1.2 to 1.5.1.3
For those that are tired of the “official” method of upgrading (backup, remove, re-install), Angsuman has posted a zip of only the files changed in the 1.5.1.2 -> 1.5.1.3 security release. I’m using it here and so far nothing has im…
February 24th, 2006 at 9:08 am
Thank God theres still such a nice projects as yours.
February 27th, 2006 at 6:11 pm
I’ve been searching for such resource for a long time. It’s great.
March 9th, 2006 at 10:30 am
Great project. I found it very useful.
March 11th, 2006 at 8:31 am
You’ve got very useful site. It really helped me. Thanks.
March 12th, 2006 at 7:56 pm
Not often you can find such a nice site!
March 16th, 2006 at 4:29 pm
Great site guys. Great design.
March 17th, 2006 at 4:40 am
“I have done that,” says my memory. “I cannot have done that,” says my pride, and remains inexorable. Eventually-memory yields.
April 7th, 2006 at 9:15 am
Your sites design is really tremendous. Nice work.
June 11th, 2006 at 4:47 pm
Youve got very useful site. It really helped me. Thanks.