Victor Font Consulting Group, LLC

IT Consulting | WordPress/Genesis/Formidable Pro | Publishing

Header Right

You are here: Home / Computers and Internet / Security / Have Shortcodes? Hold off WordPress 4.2.3

Have Shortcodes? Hold off WordPress 4.2.3

By
Leave a Comment

BrokenWordPress automatic updates may be a convenient feature for some, but the recent 4.2.3 security release is being reported as having broken thousands of production sites. The sites that have been reported as broken all have one thing in common, they are using plugins or themes that create and use shortcodes in a non-standard way. One that has been getting mentioned regularly is Toolset Types and Views. One commenter on a WP Tavern article reports that he uses this plugin on 100 sites and all of them broke with the 4.2.3 WordPress release.

The Issue

WordPress 4.2.3 includes a relatively large security fix that affects the Shortcode API. WordPress core contributor Robert Chapin said in this blog post:

Due to the nature of the fix – as is often the case with security fixes – we were unable to alert plugin authors ahead of time, however we did make efforts to scan the plugin directory for plugins that may have been affected.

As unfortunate as it is that plugin developers weren't notified in advance, this is a security fix and as such, it shouldn't be on the WordPress team to fix the problems that are being reported. Specifically, it appears that the plugins being affected use shortcodes to provide inline styles. The WordPress shortcode API rules should have been followed by the plugin authors. Of course if you decide to create your own programming rules, things are going to break when core functionality you depend upon is updated. So what can you do for the short term?

The Solution

Roll back to 4.2.2 and turn off auto-updates for now to fix the issue on the short term. Wait until your plugin's author issues a fix and then update WordPress manually to 4.2.3 or a later version. WordPress 4.3 is scheduled for release in August. Afterward, you can turn auto updates back on, if you choose to use the feature.

To completely disable all types of automatic updates, core or otherwise, add the following to your wp-config.php file:

Download WordPress 4.2.2 from here: https://wordpress.org/download/release-archive/

Reader Interactions

VictorFont.com runs on the Genesis Framework

Genesis FrameworkThe Genesis Framework empowers you to quickly and easily build incredible websites with WordPress. Genesis provides the secure and search-engine-optimized foundation that takes WordPress to places you never thought it could go.

Check out the incredible features and the selection of designs. It's that simple—start using Genesis now!

Click here to download The Genesis Guide for Absolute Beginners (PDF - 1.4 MB)

Leave a Reply

Your email address will not be published. Required fields are marked *

Send this to a friend