WordPress weekly recap #44: WordPress 4.8.3 and more

This week, WordPress 4.8.3 was released. The new version fixes a security issue, so updating is strongly encouraged.

Core

WordPress 4.8.3

The core team released WordPress 4.8.3 on October 31. This is a security release which fixes an issue »where $wpdb->prepare() can create unexpected and unsafe queries leading to potential SQL injection (SQLi)« as Gary Pendergast writes in the announcement post »WordPress 4.8.3 Security Release«.

If you disabled auto updates and did not update your site manually yet, you should do it.

Customize JS API improvements in 4.9

WordPress 4.9 comes with a lot of improvements in the Customize JS API which are described in detail by Weston Ruter in his post »Improvements to the Customize JS API in 4.9«. With that, for example, it is no longer necessary to repeat the ID when adding a new construct. A code example from the dev note:

/* Before WordPress 4.9 */
wp.customize.control.add(
	'foo',
	new wp.customize.Control( 'foo', { /* … */ } )
);

/* Since WordPress 4.9 */
wp.customize.control.add(
	new wp.customize.Control( 'foo', { /* … */ } )
);
Code language: JavaScript (javascript)

Besides that, since 4.9 the JS API makes use of default values for parameters as the PHP API does – again, a code example from Weston’s post:

/* Before WordPress 4.9 – no default values, needs all to be set by the dev */
var control = new wp.customize.ColorControl( 'favorite_color', {
	params: {
		type: 'color',
		content: '<li class="customize-control customize-control-color"></li>',
		priority: 10,
		active: true,
		section: 'colors',
		label: 'Favorite Color',
		settings: { 'default': 'favorite_color' },
	}
} );
wp.customize.control.add( 'favorite_color', control );

/* Since WordPress 4.9 – defalut values like in the PHP API */
var control = new wp.customize.ColorControl( 'favorite_color', {
	section: 'colors',
	label: 'Favorite Color',
	settings: { 'default': 'favorite_color' },
} );
wp.customize.control.add( control );
Code language: JavaScript (javascript)

There are a lot more changes, so if you are interested in the JS API for the customizer, read Weston’s post.

Customizer Changesets in 4.9

Another customizer-related dev note by Weston is »New Features and Enhancements with Customizer Changesets in 4.9«. Among other enhancements, 4.9 brings the ability to draft and schedule changesets in the customizer and lets unauthorized users preview customizer changes before they go live.

A lot more information about these and the other changeset improvements can be found in Weston’s post.

Misc

• »PHP Meeting Recap – October 23rd«. The team continued to discuss the »Before Upgrading PHP« section.
• »MediaElement upgrades in WordPress 4.9«.
• »Changed behaviour of esc_sql() in WordPress 4.8.3«.
• »What’s new in Gutenberg? (31st October)«. Among other things, the block toolbar was moved to the editor’s top header.
• »WordPress 4.9 Release Candidate«.
• »PHP Meeting Recap – October 30th«. Among other things, there was an update given regarding the PHP compatibility checker plugin by WP Engine.
• »Dev Chat Summary: November 1st (4.9 week 14)«.
• »Press This in 4.9«. 4.9 will remove Press This from core – there is a plugin to restore its functionality, but old bookmarklets will not function with that.