All-in-One Video Gallery - Version 2.5.0

Version Description

Security Fix: Addresses a validation error in the plugin dashboard that leads to a Local File Inclusion issue. Thanks to "Mr.Erwan LR" from wpscan.com for bringing this issue to us.

Download this release

Release Info

Developer plugins360
Plugin Icon 128x128 All-in-One Video Gallery
Version 2.5.0
Comparing to
See all releases

Code changes from version 2.4.9 to 2.5.0

Files changed (6) hide show
  1. README.txt +7 -3
  2. admin/admin.php +6 -34
  3. admin/assets/js/admin.js +0 -11
  4. all-in-one-video-gallery.php +2 -2
  5. includes/functions.php +6 -1
  6. includes/init.php +2 -4
README.txt CHANGED
@@ -6,7 +6,7 @@ Tags: video player, video gallery, youtube gallery, vimeo gallery, livestream
6
  Requires at least: 4.7.0
7
  Tested up to: 5.8
8
  Requires PHP: 5.6.20
9
- Stable tag: 2.4.9
10
  License: GPLv2 or later
11
  License URI: http://www.gnu.org/licenses/gpl-2.0.html
12
 
@@ -134,6 +134,10 @@ Yes, it is. However, do not "network-activate" the plugin. Activate it only on t
134
 
135
  == Changelog ==
136
 
 
 
 
 
137
  = 2.4.9 =
138
 
139
  Tweak: Fallback to the JetPack HLS URLs.
@@ -234,6 +238,6 @@ For the changelog of earlier versions, please refer to the [changelog on plugins
234
 
235
  == Upgrade Notice ==
236
 
237
- = 2.4.9 =
238
 
239
- Updates to the latest Vimeo Image URLs, fallback to the JetPack HLS URLs. [See changelog](https://wordpress.org/plugins/all-in-one-video-gallery/#developers)
6
  Requires at least: 4.7.0
7
  Tested up to: 5.8
8
  Requires PHP: 5.6.20
9
+ Stable tag: 2.5.0
10
  License: GPLv2 or later
11
  License URI: http://www.gnu.org/licenses/gpl-2.0.html
12
 
134
 
135
  == Changelog ==
136
 
137
+ = 2.5.0 =
138
+
139
+ Security Fix: Addresses a validation error in the plugin dashboard that leads to a Local File Inclusion issue. Thanks to "Mr.Erwan LR" from wpscan.com for bringing this issue to us.
140
+
141
  = 2.4.9 =
142
 
143
  Tweak: Fallback to the JetPack HLS URLs.
238
 
239
  == Upgrade Notice ==
240
 
241
+ = 2.5.0 =
242
 
243
+ Addresses a validation error in the plugin dashboard that leads to a Local File Inclusion issue. [See changelog](https://wordpress.org/plugins/all-in-one-video-gallery/#developers)
admin/admin.php CHANGED
@@ -240,10 +240,15 @@ class AIOVG_Admin {
240
  // Issues
241
  $issues = $this->check_issues();
242
 
243
- if ( count( $issues['found'] ) || 'issues' == $active_tab ) {
244
  $tabs['issues'] = __( 'Issues Found', 'all-in-one-video-gallery' );
245
  }
246
 
 
 
 
 
 
247
  require_once AIOVG_PLUGIN_DIR . 'admin/partials/dashboard.php';
248
  }
249
 
@@ -574,37 +579,4 @@ class AIOVG_Admin {
574
  return $types;
575
  }
576
 
577
- /**
578
- * Display admin notices.
579
- *
580
- * @since 2.4.9
581
- */
582
- public function admin_notices() {
583
- if ( false === ( $value = get_transient( 'aiovg_show_vimeo_update_notice' ) ) ) {
584
- return false;
585
- }
586
-
587
- ?>
588
- <div id="aiovg-vimeo-update-notice" class="notice notice-error is-dismissible">
589
- <p>
590
- <?php
591
- printf(
592
- __('<strong>All-in-One Video Gallery:</strong> Having issues with the Vimeo thumbnail images? Unfortunately, Vimeo had changed its thumbnail image URLs. But, no worries. This version automatically updates to their latest image URLs. You simply need to <a href="%s">configure</a> an "Access Token" to get this work.', 'all-in-one-video-gallery' ),
593
- admin_url( 'admin.php?page=aiovg_settings&tab=advanced&section=aiovg_general_settings' )
594
- );
595
- ?>
596
- </div>
597
- <?php
598
- }
599
-
600
- /**
601
- * Dismiss admin notice.
602
- *
603
- * @since 2.4.9
604
- */
605
- public function ajax_callback_dismiss_admin_notice() {
606
- delete_transient( 'aiovg_show_vimeo_update_notice' );
607
- wp_die();
608
- }
609
-
610
  }
240
  // Issues
241
  $issues = $this->check_issues();
242
 
243
+ if ( count( $issues['found'] ) || 'issues' == $active_tab ) {
244
  $tabs['issues'] = __( 'Issues Found', 'all-in-one-video-gallery' );
245
  }
246
 
247
+ // Validate active tab
248
+ if ( ! in_array( $active_tab, array_keys( $tabs ) ) ) {
249
+ $active_tab = 'shortcode-builder';
250
+ }
251
+
252
  require_once AIOVG_PLUGIN_DIR . 'admin/partials/dashboard.php';
253
  }
254
 
579
  return $types;
580
  }
581
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
582
  }
admin/assets/js/admin.js CHANGED
@@ -99,17 +99,6 @@
99
  * @since 1.0.0
100
  */
101
  $(function() {
102
-
103
- // Common: Dismiss admin notice
104
- $( '#aiovg-vimeo-update-notice' ).on( 'click', '.notice-dismiss', function( e ) {
105
- e.preventDefault();
106
-
107
- var data = {
108
- 'action': 'aiovg_dismiss_admin_notice'
109
- }
110
-
111
- $.post( ajaxurl, data );
112
- });
113
 
114
  // Common: Upload Files
115
  $( document ).on( 'click', '.aiovg-upload-media', function( e ) {
99
  * @since 1.0.0
100
  */
101
  $(function() {
 
 
 
 
 
 
 
 
 
 
 
102
 
103
  // Common: Upload Files
104
  $( document ).on( 'click', '.aiovg-upload-media', function( e ) {
all-in-one-video-gallery.php CHANGED
@@ -11,7 +11,7 @@
11
  * Plugin Name: All-in-One Video Gallery
12
  * Plugin URI: https://plugins360.com/all-in-one-video-gallery/
13
  * Description: No coding required. A Responsive & Lightweight video gallery plugin. HTML5 Player, Categories, Visual Builder (Gutenberg), Search Form, Comments, Social Sharing and everything you will need to build a YouTube/Vimeo like video sharing website.
14
- * Version: 2.4.9
15
  * Author: Team Plugins360
16
  * Author URI: https://plugins360.com
17
  * License: GPL-2.0+
@@ -76,7 +76,7 @@ if ( !function_exists( 'aiovg_fs' ) ) {
76
 
77
  // The current version of the plugin
78
  if ( !defined( 'AIOVG_PLUGIN_VERSION' ) ) {
79
- define( 'AIOVG_PLUGIN_VERSION', '2.4.9' );
80
  }
81
  // The unique identifier of the plugin
82
  if ( !defined( 'AIOVG_PLUGIN_SLUG' ) ) {
11
  * Plugin Name: All-in-One Video Gallery
12
  * Plugin URI: https://plugins360.com/all-in-one-video-gallery/
13
  * Description: No coding required. A Responsive & Lightweight video gallery plugin. HTML5 Player, Categories, Visual Builder (Gutenberg), Search Form, Comments, Social Sharing and everything you will need to build a YouTube/Vimeo like video sharing website.
14
+ * Version: 2.5.0
15
  * Author: Team Plugins360
16
  * Author URI: https://plugins360.com
17
  * License: GPL-2.0+
76
 
77
  // The current version of the plugin
78
  if ( !defined( 'AIOVG_PLUGIN_VERSION' ) ) {
79
+ define( 'AIOVG_PLUGIN_VERSION', '2.5.0' );
80
  }
81
  // The unique identifier of the plugin
82
  if ( !defined( 'AIOVG_PLUGIN_SLUG' ) ) {
includes/functions.php CHANGED
@@ -1942,7 +1942,12 @@ function the_aiovg_pagination( $numpages = '', $pagerange = '', $paged = '' ) {
1942
  }
1943
 
1944
  // Construct the pagination arguments to enter into our paginate_links function
1945
- $arr_params = array( 'vi', 'ca', 'lang', 'pending', 'updated' );
 
 
 
 
 
1946
 
1947
  $base = aiovg_remove_query_arg( $arr_params, get_pagenum_link( 1 ) );
1948
 
1942
  }
1943
 
1944
  // Construct the pagination arguments to enter into our paginate_links function
1945
+ $arr_params = array();
1946
+
1947
+ parse_str( $_SERVER['QUERY_STRING'], $queries );
1948
+ if ( ! empty( $queries ) ) {
1949
+ $arr_params = array_keys( $queries );
1950
+ }
1951
 
1952
  $base = aiovg_remove_query_arg( $arr_params, get_pagenum_link( 1 ) );
1953
 
includes/init.php CHANGED
@@ -150,9 +150,7 @@ class AIOVG_Init {
150
  $this->loader->add_action( 'admin_init', $admin, 'handle_form_actions' );
151
  $this->loader->add_action( 'admin_menu', $admin, 'admin_menu' );
152
  $this->loader->add_action( 'admin_enqueue_scripts', $admin, 'enqueue_styles' );
153
- $this->loader->add_action( 'admin_enqueue_scripts', $admin, 'enqueue_scripts' );
154
- $this->loader->add_action( 'admin_notices', $admin, 'admin_notices' );
155
- $this->loader->add_action( 'wp_ajax_aiovg_dismiss_admin_notice', $admin, 'ajax_callback_dismiss_admin_notice' );
156
 
157
  $this->loader->add_filter( 'plugin_action_links_' . AIOVG_PLUGIN_FILE_NAME, $admin, 'plugin_action_links' );
158
  $this->loader->add_filter( 'wp_check_filetype_and_ext', $admin, 'add_filetype_and_ext', 10, 4 );
@@ -226,7 +224,7 @@ class AIOVG_Init {
226
 
227
  $this->loader->add_action( 'template_redirect', $public, 'template_redirect', 0 );
228
  $this->loader->add_action( 'init', $public, 'init' );
229
- $this->loader->add_action( 'wp_loaded', $public, 'maybe_flush_rules' );
230
  $this->loader->add_action( 'wp_enqueue_scripts', $public, 'enqueue_styles' );
231
  $this->loader->add_action( 'wp_enqueue_scripts', $public, 'enqueue_scripts' );
232
  $this->loader->add_action( 'wp_head', $public, 'og_metatags' );
150
  $this->loader->add_action( 'admin_init', $admin, 'handle_form_actions' );
151
  $this->loader->add_action( 'admin_menu', $admin, 'admin_menu' );
152
  $this->loader->add_action( 'admin_enqueue_scripts', $admin, 'enqueue_styles' );
153
+ $this->loader->add_action( 'admin_enqueue_scripts', $admin, 'enqueue_scripts' );
 
 
154
 
155
  $this->loader->add_filter( 'plugin_action_links_' . AIOVG_PLUGIN_FILE_NAME, $admin, 'plugin_action_links' );
156
  $this->loader->add_filter( 'wp_check_filetype_and_ext', $admin, 'add_filetype_and_ext', 10, 4 );
224
 
225
  $this->loader->add_action( 'template_redirect', $public, 'template_redirect', 0 );
226
  $this->loader->add_action( 'init', $public, 'init' );
227
+ $this->loader->add_action( 'wp_loaded', $public, 'maybe_flush_rules', 11 );
228
  $this->loader->add_action( 'wp_enqueue_scripts', $public, 'enqueue_styles' );
229
  $this->loader->add_action( 'wp_enqueue_scripts', $public, 'enqueue_scripts' );
230
  $this->loader->add_action( 'wp_head', $public, 'og_metatags' );