This week, WordPress 4.8.3 was released. The new version fixes a security issue, so updating is strongly encouraged.<\/p>\n\n\n\n\n\n\n\n
The core team released WordPress 4.8.3 on October 31. This is a security release which fixes an issue \u00bbwhere If you disabled auto updates and did not update your site manually yet, you should do it.<\/p>\n\n\n\n WordPress 4.9 comes with a lot of improvements in the Customize JS API which are described in detail by Weston Ruter in his post \u00bbImprovements to the Customize JS API in 4.9<\/a>\u00ab. With that, for example, it is no longer necessary to repeat the ID when adding a new construct. A code example from the dev note:<\/p>\n\n\n Besides that, since 4.9 the JS API makes use of default values for parameters as the PHP API does \u2013 again, a code example from Weston\u2019s post:<\/p>\n\n\n There are a lot more changes, so if you are interested in the JS API for the customizer, read Weston\u2019s post.<\/p>\n\n\n\n Another customizer-related dev note by Weston is \u00bbNew Features and Enhancements with Customizer Changesets in 4.9<\/a>\u00ab. Among other enhancements, 4.9 brings the ability to draft and schedule changesets in the customizer and lets unauthorized users preview customizer changes before they go live.<\/p>\n\n\n\n A lot more information about these and the other changeset improvements can be found in Weston\u2019s post.<\/p>\n\n\n\n This week, WordPress 4.8.3 was released. The new version fixes a security issue, so updating is strongly encouraged.<\/p>\n","protected":false},"author":1,"featured_media":3219,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"wpf_show_in_dewp_planet_feed":false,"flobn_post_versions":"","webmentions_disabled_pings":false,"webmentions_disabled":false,"lazy_load_responsive_images_disabled":false,"footnotes":""},"categories":[37],"tags":[116],"class_list":["post-4290","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-wordpress","tag-wordpress-weekly-recap"],"wp-worthy-pixel":{"ignored":false,"public":"0a486615b0a344ad809c7dc2d2d479a3","server":"vg07.met.vgwort.de","url":"https:\/\/vg07.met.vgwort.de\/na\/0a486615b0a344ad809c7dc2d2d479a3"},"wp-worthy-type":"normal","_links":{"self":[{"href":"https:\/\/florianbrinkmann.com\/en\/wp-json\/wp\/v2\/posts\/4290","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/florianbrinkmann.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/florianbrinkmann.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/florianbrinkmann.com\/en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/florianbrinkmann.com\/en\/wp-json\/wp\/v2\/comments?post=4290"}],"version-history":[{"count":7,"href":"https:\/\/florianbrinkmann.com\/en\/wp-json\/wp\/v2\/posts\/4290\/revisions"}],"predecessor-version":[{"id":5835,"href":"https:\/\/florianbrinkmann.com\/en\/wp-json\/wp\/v2\/posts\/4290\/revisions\/5835"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/florianbrinkmann.com\/en\/wp-json\/wp\/v2\/media\/3219"}],"wp:attachment":[{"href":"https:\/\/florianbrinkmann.com\/en\/wp-json\/wp\/v2\/media?parent=4290"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/florianbrinkmann.com\/en\/wp-json\/wp\/v2\/categories?post=4290"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/florianbrinkmann.com\/en\/wp-json\/wp\/v2\/tags?post=4290"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}$wpdb->prepare()<\/code> can create unexpected and unsafe queries leading to potential SQL injection (SQLi)\u00ab as Gary Pendergast writes in the announcement post \u00bbWordPress 4.8.3 Security Release<\/a>\u00ab.<\/p>\n\n\n\nCustomize JS API improvements in 4.9<\/h3>\n\n\n\n
\/* Before WordPress 4.9 *\/<\/span>\nwp.customize.control.add(\n\t'foo'<\/span>,\n\tnew<\/span> wp.customize.Control( 'foo'<\/span>, { \/* \u2026 *\/<\/span> } )\n);\n\n\/* Since WordPress 4.9 *\/<\/span>\nwp.customize.control.add(\n\tnew<\/span> wp.customize.Control( 'foo'<\/span>, { \/* \u2026 *\/<\/span> } )\n);<\/code><\/span>Code language:<\/span> JavaScript<\/span> (<\/span>javascript<\/span>)<\/span><\/small><\/pre>\n\n\n\/* Before WordPress 4.9 \u2013 no default values, needs all to be set by the dev *\/<\/span>\nvar<\/span> control = new<\/span> wp.customize.ColorControl( 'favorite_color'<\/span>, {\n\tparams<\/span>: {\n\t\ttype<\/span>: 'color'<\/span>,\n\t\tcontent<\/span>: '<li class=\"customize-control customize-control-color\"><\/li>'<\/span>,\n\t\tpriority<\/span>: 10<\/span>,\n\t\tactive<\/span>: true<\/span>,\n\t\tsection<\/span>: 'colors'<\/span>,\n\t\tlabel<\/span>: 'Favorite Color'<\/span>,\n\t\tsettings<\/span>: { 'default'<\/span>: 'favorite_color'<\/span> },\n\t}\n} );\nwp.customize.control.add( 'favorite_color'<\/span>, control );\n\n\/* Since WordPress 4.9 \u2013 defalut values like in the PHP API *\/<\/span>\nvar<\/span> control = new<\/span> wp.customize.ColorControl( 'favorite_color'<\/span>, {\n\tsection<\/span>: 'colors'<\/span>,\n\tlabel<\/span>: 'Favorite Color'<\/span>,\n\tsettings<\/span>: { 'default'<\/span>: 'favorite_color'<\/span> },\n} );\nwp.customize.control.add( control );<\/code><\/span>Code language:<\/span> JavaScript<\/span> (<\/span>javascript<\/span>)<\/span><\/small><\/pre>\n\n\nCustomizer Changesets in 4.9<\/h3>\n\n\n\n
Misc<\/h3>\n\n\n\n
esc_sql()<\/code> in WordPress 4.8.3<\/a>\u00ab.<\/li>