Gallery – Flagallery Photo Portfolio

Version Description

After plugin update go to Skins page and update skins with 'Update skins' button.
If you use Facebook template and copied it in the root directory, then after each plugin update click 'Copy facebook.php file to root directory'.
If GRAND FlAGallery displays an error message after upgrade, go to FlAGallery Overview page and press 'Reset settings'.
Have some troubles with plugin? Try first reseting settings, deactivate and reactivate plugin.

Developer	pasyuk
Plugin	Gallery – Flagallery Photo Portfolio
Version	2.53
Comparing to
See all releases

	@@ -1,5 +1,4 @@
1	<?php
2	-
3	add_action('wp_ajax_flag_ajax_operation', 'flag_ajax_operation' );
4
5	function flag_ajax_operation() {
	@@ -126,6 +125,7 @@ function flag_save_album() {
126	if(isset($_POST['form']))
127	parse_str($_POST['form']);
128	$result = false;

129	if($album_name && $album_id) {
130	if(count($g))
131	$galstring = implode(',', $g);
	@@ -240,7 +240,7 @@ function flag_ajax_file_browser() {
240	// get the current directory
241	$dir = trailingslashit ( urldecode($_POST['dir']) );
242
243	- if( file_exists($root . $dir) ) {
244	$files = scandir($root . $dir);
245	natcasesort($files);
246


1	<?php

2	add_action('wp_ajax_flag_ajax_operation', 'flag_ajax_operation' );
3
4	function flag_ajax_operation() {

125	if(isset($_POST['form']))
126	parse_str($_POST['form']);
127	$result = false;
128	+ $album_id = intval($album_id);
129	if($album_name && $album_id) {
130	if(count($g))
131	$galstring = implode(',', $g);

240	// get the current directory
241	$dir = trailingslashit ( urldecode($_POST['dir']) );
242
243	+ if( file_exists($root . $dir) && false === strpos($dir, '..') ) {
244	$files = scandir($root . $dir);
245	natcasesort($files);
246


1	<?php
2	+ if(preg_match('#' . basename(__FILE__) . '#', $_SERVER['PHP_SELF'])) { die('You are not allowed to call this page directly.'); }
3	+
4	$meta = new flagMeta($image->pid);
5	$dbdata = $meta->get_saved_meta();
6	$exifdata = $meta->get_EXIF();

	@@ -1,4 +1,7 @@
1	- <?php ~~global $wpdb, $post;~~



2	$flag_options = get_option ('flag_options');
3	$siteurl = site_url();
4	$c = array();


1	+ <?php
2	+ if(preg_match('#' . basename(__FILE__) . '#', $_SERVER['PHP_SELF'])) { die('You are not allowed to call this page directly.'); }
3	+
4	+ global $wpdb, $post;
5	$flag_options = get_option ('flag_options');
6	$siteurl = site_url();
7	$c = array();

	@@ -353,30 +353,34 @@ class flagManageGallery {
353	if ( is_array($description) ) {
354	foreach( $description as $key => $value ) {
355	$desc = $wpdb->escape($value);

356	$wpdb->query( "UPDATE $wpdb->flagpictures SET description = '$desc' WHERE pid = $key");
357	}
358	}
359	if ( is_array($alttext) ){
360	foreach( $alttext as $key => $value ) {
361	$alttext = $wpdb->escape($value);

362	$wpdb->query( "UPDATE $wpdb->flagpictures SET alttext = '$alttext' WHERE pid = $key");
363	}
364	}
365	if ( is_array($hitcounter) ){
366	foreach( $hitcounter as $key => $value ) {
367	$hitcounter = abs( intval($value) );

368	$wpdb->query( "UPDATE $wpdb->flagpictures SET hitcounter = '$hitcounter' WHERE pid = $key");
369	}
370	}
371	if ( is_array($total_votes) ){
372	foreach( $total_votes as $key => $value ) {
373	$total_votes = abs( intval($value) );

374	$wpdb->query( "UPDATE $wpdb->flagpictures SET total_votes = IF(hitcounter > $total_votes, $total_votes, hitcounter) WHERE pid = $key");
375	}
376	}
377	if ( is_array($pictures) ){
378	foreach( $pictures as $pid ){
379	- $pid = (~~int)~~ $pid;
380	if (is_array($exclude)){
381	if ( array_key_exists($pid, $exclude) )
382	$wpdb->query("UPDATE $wpdb->flagpictures SET exclude = 1 WHERE pid = '$pid'");

	@@ -1,5 +1,4 @@
1	<?php
2	-
3	/**
4	* @title Add action/filter for the upload tab
5	*/

@@ -1,13 +0,0 @@
-            -
            <?php
-            -
            // include the flag function
-            -
            @ require_once (dirname(dirname(__FILE__)). '/flag-config.php');
-            -
            if ( current_user_can('manage_options') ) {
-            -
              extract($_POST);
-            -
              $str = file_get_contents($want2Read);
-            -
              echo $str;
-            -
            } else { ?>
-            -
            <div id="skins">
-            -
                <p><?php _e('Failed to load content.') ?><br /><br /><a href="http://photogallerycreator.com/grand-flagallery/">http://photogallerycreator.com/grand-flagallery/</a></p>
-            -
            </div>
-            -
            <?php }
-            -
            ?>

	@@ -206,7 +206,7 @@ if ( isset($_POST['updateoption']) ) {
206
207	if ( isset($_GET['delete']) ) {
208	$delskin = $_GET['delete'];
209	- if ( current_user_can('FlAG Delete skins') ) {
210	if ( $flag_options['flashSkin'] != $delskin ) {
211	$skins_dir = trailingslashit( $flag_options['skinsDirABS'] );
212	$skin = $skins_dir.$delskin.'/';


206
207	if ( isset($_GET['delete']) ) {
208	$delskin = $_GET['delete'];
209	+ if ( current_user_can('FlAG Delete skins') && false === strpos($delskin, '..') ) {
210	if ( $flag_options['flashSkin'] != $delskin ) {
211	$skins_dir = trailingslashit( $flag_options['skinsDirABS'] );
212	$skin = $skins_dir.$delskin.'/';


1	<?php
2	+ if(preg_match('#' . basename(__FILE__) . '#', $_SERVER['PHP_SELF'])) { die('You are not allowed to call this page directly.'); }
3
4	/**
5	* add_flag_button

	@@ -1,7 +1,10 @@
1	GRAND FlAGallery
2	by Rattus & CodEasily DEV Team
3
4	- = v2.51 - 23.02.2013 =



5	* Fixed: Install skins on some servers failed
6
7	= v2.51 - 19.02.2013 =


1	GRAND FlAGallery
2	by Rattus & CodEasily DEV Team
3
4	+ = v2.53 - 27.02.2013 =
5	+ * Fixed: Multiple Vulnerabilities
6	+
7	+ = v2.52 - 23.02.2013 =
8	* Fixed: Install skins on some servers failed
9
10	= v2.51 - 19.02.2013 =

	@@ -20,7 +20,7 @@ if(isset($_GET['l'])) {
20	}
21	if(isset($_GET['i'])) {
22	$skin = '';
23	- if(isset($_GET['f'])){
24	$skinpath = trailingslashit( $flag_options['skinsDirABS'] ).$_GET['f'];
25	$skin = esc_js($_GET['f']);
26	}


20	}
21	if(isset($_GET['i'])) {
22	$skin = '';
23	+ if(isset($_GET['f']) && false === strpos($_GET['f'], '..') ){
24	$skinpath = trailingslashit( $flag_options['skinsDirABS'] ).$_GET['f'];
25	$skin = esc_js($_GET['f']);
26	}

	@@ -3,7 +3,7 @@
3	Plugin Name: GRAND Flash Album Gallery
4	Plugin URI: http://codeasily.com/wordpress-plugins/flash-album-gallery/flag/
5	Description: The GRAND FlAGallery plugin - provides a comprehensive interface for managing photos and images through a set of admin pages, and it displays photos in a way that makes your web site look very professional.
6	- Version: 2.52
7	Author: Rattus
8	Author URI: http://codeasily.com/
9
	@@ -23,7 +23,7 @@ if(preg_match('#' . basename(__FILE__) . '#', $_SERVER['PHP_SELF'])) { die('You
23	if (!class_exists('flagLoad')) {
24	class flagLoad {
25
26	- var $version = '2.52';
27	var $dbversion = '1.24';
28	var $minium_WP = '3.0';
29	var $minium_WPMU = '3.0';


3	Plugin Name: GRAND Flash Album Gallery
4	Plugin URI: http://codeasily.com/wordpress-plugins/flash-album-gallery/flag/
5	Description: The GRAND FlAGallery plugin - provides a comprehensive interface for managing photos and images through a set of admin pages, and it displays photos in a way that makes your web site look very professional.
6	+ Version: 2.53
7	Author: Rattus
8	Author URI: http://codeasily.com/
9

23	if (!class_exists('flagLoad')) {
24	class flagLoad {
25
26	+ var $version = '2.53';
27	var $dbversion = '1.24';
28	var $minium_WP = '3.0';
29	var $minium_WPMU = '3.0';

	@@ -4,6 +4,8 @@
4	* @Docs http://codex.wordpress.org/Shortcode_API
5	*/
6


7	class FlAG_shortcodes {
8	var $flag_shortcode;
9	var $flag_add_script;

	@@ -41,7 +41,10 @@ Now you can see "Views" of each photo in the gallery and visitors can "Like" ima
41
42	== Changelog ==
43
44	- = v2.51 - 23.02.2013 =



45	* Fixed: Install skins on some servers failed
46
47	= v2.51 - 19.02.2013 =