Today we’re releasing the first release candidate of GlotPress 2.0.

Since the first beta we have improved the handling of forms and action URLs to protect against several types of attacks including CSRF.

 
This software is still in development. Consider setting up a test site just to play with the new version.

The release candidate can be downloaded from the GitHub release page.

The list of changes in version 2.0:

Security

• Implement nonces for URLs and forms to help protect against several types of attacks including CSRF. (#355)

Breaking Changes

• Remove Translation Propagation from core. Now available as a plugin. (#337)
• Remove user and option handling in gp_update_meta()/gp_delete_meta(). (#300)
• Remove deprecated assets/img/glotpress-logo.png. (#327)
• Remove gp_sanitize_for_url() in favor of sanitize_title() for enhanced slug generation. (#330)
• Improve return values of gp_meta_update(). (#318).
• Remove CLI command GP_CLI_WPorg2Slug. (#347)

Features

• Make projects, translation sets, and glossaries deletable via UI. (#267)
• Update several locale definitions to use new Facebook and Google codes and correct country codes. (#246)
• Add Greenlandic, Spanish (Guatemala), and Tahitian locale definition. (#246)
• Add auto detection for format of uploaded import files. (#290)
• Add UI to manage GlotPress administrators. (#233)
• Add checkbox for case-sensitive translation searches. (#312)
• Add support for Java properties files. (#297)
• Add cancel link to import pages. (#268)
• Add warning and disable the plugin if permalinks are not set. (#218)
• Add warning and disable the plugin if unsupported version of PHP is detected. (#276)
• Add inline documentation for actions and filters. (#50)
• Add backend support to allow for integration with WordPress’ user profiles. (#196)
• Introduce a separate page for settings. (#325)
• Validate slugs for translation sets on saving. (#329)
• Standardize triggers in projects, translations and originals. (#294)
• Introduce GP_Thing::after_delete() method and new actions. (#294)
• Add .pot extension to GP_Format_PO. (#230)
• Various code cleanups to improve code quality. (#237)

Bugfixes

• Mark Sindhi locale definition as RTL. (#243)
• Replace current_user_can( 'manage_options' ) with GlotPress permissions. (#254)
• Make child projects accessible if permalink structure has a trailing slash. (#265)
• Use real URLs for back links instead of JavaScript’s history back() method. (#278)
• Replace deprecated/private [_]wp_specialchars() function with htmlspecialchars(). (#280)
• Merge similar translation strings and avoid using HTML tags in translation strings. (#295)
• Add missing gp_ prefix for for translation actions. (#232)
• Fix case where $original->validate() fails if singular is ‘0’. (#301)
• Fix auto generation of project slugs with special characters. (#328)
• Suspend cache invalidation during original imports. (#332)
• Prevent submitting translations with empty plurals. (#308)
• Update schema definitions to work with WordPress’ dbDelta() function. (#343)
• Fix redirect when a translation set update failed. (#349)
• Prevent a PHP fatal error when importing originals. (#302)
• Avoid a PHP warning when updating a glossary entry. (#366)
• Improve mb_* compat functions to support all parameters and utilize WordPress’ compat functions. (#364)

If you think you’ve found a bug, you can post to the issue tracker on GitHub.

The release of 2.0 is targeted for April 4, 2016.

Happy testing!

(In case you’re wondering: We’re using semantic versioning.)

#wordpress-plugin

#196, #218, #230, #232, #233, #237, #243, #246, #254, #265, #267, #268, #276, #278, #280, #290, #294, #295, #297, #300, #301, #302, #308, #312, #318, #325, #327, #328, #329, #330, #332, #337, #343, #347, #349, #355, #364, #366