AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |
Back to Blog
MarsEdit 5 instal the new for ios1/20/2024 If nothing else, the ‘feature’ that allows attackers to try hundreds of username / password combinations in a xml-rpc single call has to go. ~ posted by Daniele sounds like a good approach. Maybe we can migrate all the xml-rpc as external plugin, so for who need compatibility can have it but for the majority of users is removed from the core. Is there any reason why those mobile apps can’t use an API instead? Maybe deprecating this will light that fire. Think this one carefully.ĭon’t know if this has been mentioned or not but XML-RPC is required to use the mobile apps for WordPress. Yes its problematic, and can cause security issues (big time) - but its also a core function of how WordPress works and integrates with other plugins. James, agreed, but the 2 things I mentioned work with it turned off otherwise. It needs to go!īlogAid: I think Jetpack is still using XML-RPC behind the scenes here. I hard code XML-RPC off, as it is still the hacker’s fave way to brute force the login page. What little my client’s use of Jetpack (stats and VaultPress) doesn’t require XML-RPC. ~ posted by James Nylen: About plugin dependencies, see also Issues This means we need to solve plugin dependencies before we can really start removing stuff, and calculate our own dependencies for at least the most popular plugins. Still using Jetpack as an example: if someone requests to install Jetpack, we should prevent this unless the XML-RPC plugin is also installed (or auto-install it too). However, we’d still want to handle other plugins that depend on those features. I like the idea of moving less-used features out to plugins too. I like the idea of its being a core plugin. This improves the security profile of CP without breaking backwards-compatibility. XML-RPC should be moved to a core plugin if people need it they can enable it, if they don’t they can delete it. And of course I do realise that there are a bunch of people in love with that things, so that is why I said topic for a different discussion What I mean about Jetpack, the mere fact that you need a account for it to work and it is constantly talking to, means that I would be inclined to vote the whole thing as restricted, meaning: has no business on ClassicPress. Yes, I agree about investigating which plugins it would break. Before we can make any decision to remove or disable a feature, we need to know roughly which plugins it will break, and decide whether we are OK with that. Jetpack is a topic for a different discussion I think Let’s investigate which plugins this would break, especially widely used plugins. As this one already has votes, I don’t want to edit it anymore (if even possible), maybe open a new one that gives that option? I would prefer simply to have a simple on-off switch for XML-RPC, and for the default setting to be off. I actually use XML-RPC on my localhost test sites (though never on a live site). I think having a wide range of means of accessing CP will always be a good thing. Support new Micro.blog distinction between created and modified dates on postsįix a bug that could cause additional image markup to be entered when adding a photo to a Tumblr postĬompatibility: macOS 10.I am not particularly keen on this one, unless there is a simple way to convert use of the XML-RPC spec to using the REST API. Revised Preferences layout to unify General and Editing into single “General” tabįix a crash that could occur when undoing after “Restore Default” in the Quick Posts template editorįix the size of preview window content to match what is seen in web browsersįix a missing image MarsEdit Help in Text Filters documentation Improve status messages when refreshing blog Refine Dark Mode support in the Media Managerįix a bug that prevented a visual divider line from appearing in Media ManagerĬhange the “New Category” placeholder text to a subtler style Support resizing animated GIFs while preserving animationįix a bug that caused some GIF images to be uploaded as empty filesįix a bug where GIF images uploaded to Tumblr blogs were converted to PNG format Improvements to handling of uploaded GIF images Improvements to MarsEdit’s media handling and general usability: It works with with most blog services including WordPress, Blogger, Drupal, Movable Type, TypePad, and many others. MarsEdit is a blog editor for OS X that makes editing your blog like writing email, with spell-checking, drafts, multiple windows, and even AppleScript support.
0 Comments
Read More
Leave a Reply. |