Introducing ClassicPress 1.3.0

ClassicPress Release Banner V1.3.0

We’re happy to announce the release of ClassicPress version 1.3.0, available now.

Version 1.3.0 focuses on improving accessibility in ClassicPress. Accessibility is a key focus for ClassicPress and we will continue to make improvements. A lot of users are switching to ClassicPress because the original editor is more accessible than the new block editor (Gutenberg).

“I found that the block editor really doesn’t work for me for publishing my content in an efficient and fully accessible manner. I was looking around at different content management systems, and a friend then recommended I look at ClassicPress,” Marco Zehe (@MarcoZ) wrote in an interview with Lireo Designs.

In addition to accessibility improvements, ClassicPress is proud to present a brand new filter pre_wp_mail(). The new filter allows plugins to access the $atts array that contains the to, subject, message, headers, and attachments that were to be processed. If any non-null value is returned to this filter further processing is abandoned.

Now, developers can suppress emails entirely with a single line of code::
add_filter( 'pre_wp_mail', '__return_false' );

Now, let’s take a closer look at all the goodness ClassicPress got since version 1.2.0:

New features

  • Add a new filter to allow wp_mail() to be bypassed which adds a new filter pre_wp_mail() which allows plugins to access the $atts array that contains the to, subject, message, headers, and attachments that were to be processed. Thanks to @MattyRob for helping to backport these changes (#645).
  • Add support for the wp_body_open() hook (#647, thanks @1stepforward and WP contributors)

Accessibility improvements

  • Make the Widgets screen “Enable accessibility mode” link more discoverable (#700, thanks @MarcoZ and WP contributors)
  • Networks and Sites: mark the New Site required form fields as required (#701, thanks @MarcoZ and WP contributors)
  • Insert Link modal: Improve keyboard interaction (#688, thanks @MarcoZ and WP contributors)
  • Themes: use aria-current for the Walker_Page current link (#694, thanks @MarcoZ and WP contributors)
  • Semantic elements for non-link links: class-wp-posts-list-table.php (#697, thanks @MarcoZ and WP contributors)
  • Update default fallback color for SVG icons (#691, thanks @MarcoZ and WP contributors)
  • Fix a regression in the old media modal pagination links (#689, thanks @MarcoZ and WP contributors)
  • Change the media upload “Dismiss error” link to a button (#698, thanks @MarcoZ and WP contributors)
  • use aria-current for the paginated post links output by wp_link_pages() (#696, thanks @MarcoZ and WP contributors)
  • Improve the usage of a few label elements in the media templates (#685, thanks @MarcoZ and WP contributors)
  • Improve the “URL” and “Alt text” fields in the media modals (#562, thanks @omukiguy and WP contributors)
  • Improve display and accessibility of metadata in detail view (#693, thanks @MarcoZ and WP contributors)

Minor changes and fixes

  • Add new ClassicPress tagline (#654, thanks @omukiguy)
  • Check that $wpdb->last_result is countable (#649, thanks @MattyRob and WP contributors)
  • Remove polyfills for PHP < 5.6 (#622, thanks @MattyRob and WP contributors)
  • Ensure user data is fully deleted on Multisite installs (#593, thanks @MattyRob and WP contributors)
  • Pause any playing media when closing the media modal (#657, thanks @MattyRob and WP contributors)
  • Update the Root Certificate bundle (#639, thanks @MattyRob and WP contributors)

Development improvements and fixes

Security fixes

  • Props to Alex Concha of the WordPress Security Team for their work in hardening deserialization requests.
  • Props to David Binovec on a fix to disable spam embeds from disabled sites on a multisite network.
  • Thanks to Marc Montas from Sucuri for reporting an issue that could lead to XSS from global variables.
  • Thanks to Justin Tran who reported an issue surrounding privilege escalation in XML-RPC. He also found and disclosed an issue around privilege escalation around post commenting via XML-RPC.
  • Props to Omar Ganiev who reported a method where a DoS attack could lead to RCE.
  • Thanks to Karim El Ouerghemmi from RIPS who disclosed a method to store XSS in post slugs.
  • Thanks to Slavco for reporting, and confirmation from Karim El Ouerghemmi, a method to bypass protected meta that could lead to arbitrary file deletion.
  • And a special thanks to zieladam who was integral in many of the releases and patches during this release.
  • Thank you SonarSource for reporting an XXE vulnerability within the media library affecting PHP 8
  • Thanks to Mikael Korpela for reporting a data exposure vulnerability within the latest posts block and REST API
  • Object injection in PHPMailer, CVE-2020-36326, and CVE-2018-19296.

For more information about the security changes in this release, see the WordPress release notes posts for 4.9.164.9.17, and 4.9.18.

Thank you

Big thanks to @wadestriebel for leading 1.3.0 development and the release.

Huge, huge thanks to all the core contributors (in no particular order):

We also want to thank WordPress contributors for their hard work and dedication without whom many of the features in ClassicPress would not have been possible.

Lastly, let’s not forget our amazing testers and the community members at large that helped push 1.3.0 across the finish line. Thank you!

Take the new version 1.3.0 for a spin. If you run into any issues or have questions, join our support forum. The ClassicPress community is here to help you.

What’s next?

The 1.3.0 version is done, but work continues. We are hard at work on some amazing new features and upgrades that are coming in the future versions. This includes:

  • Upgrade TinyMCE to version 5
  • Upgrade jQuery to version 3
  • Core plugins that will move certain features out of the core and into plugins
  • Plugin/theme directory continues to improve and grow
  • And many small improvements, fixes, and backports from WordPress

Our amazing plugin developers have released many new plugins. There are over 80 plugins in the ClassicPress directory. Check them out!

Support ClassicPress

ClassicPress is a volunteer effort, so we welcome all the help we can get. It doesn’t matter what your skills are, it doesn’t matter if you’re not a PHP programmer, there’s work to be done for everyone.

Here are a few ways you can help support ClassicPress:

  • Make a donation to help us pay infrastructure costs. They are tax-deductible in the US.
  • If you’re a PHP programmer, please consider contributing to core development. The more core contributors we have, the faster we can reach our roadmap goals.
  • If you have WordPress plugins, make them compatible with ClassicPress and mention ClassicPress in your readme.txt file. We have some popular plugins officially supporting ClassicPress, such as Beaver Builder, Shield Security, AdRotate, and others. You should also submit your plugin to our Directory to reach ClassicPress users.
  • If you can translate English text to your native language, help us with translations.
  • If you can write, you can help us with blog posts for our ClassicPress blog and/or write documentation guides to help others learn ClassicPress.
  • Help promote ClassicPress by writing a blog post on your own blog, or mentioning ClassicPress in your podcast or YouTube channel, or sharing a blog post from our blog to your social media channels.

If you’re unsure how you can help, join our forum or Slack channel. Share your skills and experience, and we’ll be happy to help you find a place in the ClassicPress community.

Thank you for your support.

Avatar for Viktor Nagornyy
About Viktor Nagornyy

Director at ClassicPress Initiative. Marketing consultant. ClassicPress and WordPress expert. Navy vet.