Gallery – Flagallery Photo Portfolio

Version Description

Release Info

Developer	pasyuk
Plugin	Gallery – Flagallery Photo Portfolio
Version	3.01
Comparing to
See all releases

Code changes from version 2.78 to 3.01

Files changed (42) hide show

admin/addgallery.php +4 -4
admin/ajax.php +1 -1
admin/banner-box.php +32 -29
admin/banner-sort.php +8 -13
admin/banner.functions.php +6 -4
admin/css/flagadmin.css +3 -1
admin/css/tabs.css +1 -1
admin/facebook-tool.php +4 -4
admin/flv_preview.php +2 -1
admin/functions.php +3 -3
admin/images/appstore_button.png +0 -0
admin/jgallery.php +7 -6
admin/manage-banner.php +15 -15
admin/manage-galleries.php +9 -8
admin/manage-images.php +15 -13
admin/manage-playlist.php +16 -16
admin/manage-sort.php +1 -1
admin/manage-video.php +16 -16
admin/manage.php +3 -3
admin/media-upload.php +5 -5
admin/music-box.php +32 -29
admin/playlist-sort.php +8 -13
admin/playlist.functions.php +4 -2
admin/settings.php +80 -32
admin/skin_options.php +2 -2
admin/skins.php +4 -4
admin/tinymce/window.php +2 -2
admin/tuning.php +2 -1
admin/video-box.php +34 -33
admin/video-sort.php +9 -9
admin/video.functions.php +6 -4
admin/wpmu.php +2 -5
changelog.txt +9 -0
facebook.php +9 -6
flag.php +4 -2
lib/app.php +41 -9
lib/class.swfobject.php +1 -1
lib/flv.php +3 -2
lib/gallery.php +5 -4
readme.txt +14 -2
widgets/widgets.php +5 -5
xml/media-rss.php +1 -1

admin/addgallery.php CHANGED Viewed

	@@ -9,7 +9,7 @@ if(preg_match('#' . basename(__FILE__) . '#', $_SERVER['PHP_SELF'])) { die('You
9	global $wpdb, $flagdb, $flag;
10
11	// same as $_SERVER['REQUEST_URI'], but should work under IIS 6.0
12	- $filepath = admin_url() . 'admin.php?page=' . $_GET['page'];
13
14	// check for the max image size
15	$maxsize = flagGallery::check_memory_limit();
	@@ -24,7 +24,7 @@ if(preg_match('#' . basename(__FILE__) . '#', $_SERVER['PHP_SELF'])) { die('You
24
25	if ($_POST['addgallery']){
26	check_admin_referer('flag_addgallery');
27	- $newgallery = ~~esc_attr(~~ $_POST['galleryname']);
28	if ( !empty($newgallery) )
29	flagAdmin::create_gallery($newgallery, $defaultpath);
30	}
	@@ -39,7 +39,7 @@ if(preg_match('#' . basename(__FILE__) . '#', $_SERVER['PHP_SELF'])) { die('You
39	if ($_POST['importfolder']){
40	check_admin_referer('flag_addgallery');
41	$galleryfolder = $_POST['galleryfolder'];
42	- if ( ( !empty($galleryfolder) ) AND ($defaultpath != $galleryfolder) )
43	flagAdmin::import_gallery($galleryfolder);
44	}
45
	@@ -246,7 +246,7 @@ if($flag->options['swfUpload']) { ?>
246	foreach($gallerylist as $gallery) {
247	if ( !flagAdmin::can_manage_this_gallery($gallery->author) )
248	continue;
249	- $name = ( empty($gallery->title) ) ? $gallery->name : $gallery->title;
250	$sel = ($ingallery == $gallery->gid) ? 'selected="selected" ' : '';
251	echo '<option ' . $sel . 'value="' . $gallery->gid . '" >' . $gallery->gid . ' - ' . $name . '</option>' . "\n";
252	} ?>


9	global $wpdb, $flagdb, $flag;
10
11	// same as $_SERVER['REQUEST_URI'], but should work under IIS 6.0
12	+ $filepath = admin_url() . 'admin.php?page=' . urlencode($_GET['page']);
13
14	// check for the max image size
15	$maxsize = flagGallery::check_memory_limit();

24
25	if ($_POST['addgallery']){
26	check_admin_referer('flag_addgallery');
27	+ $newgallery = $_POST['galleryname'];
28	if ( !empty($newgallery) )
29	flagAdmin::create_gallery($newgallery, $defaultpath);
30	}

39	if ($_POST['importfolder']){
40	check_admin_referer('flag_addgallery');
41	$galleryfolder = $_POST['galleryfolder'];
42	+ if ( ( !empty($galleryfolder) ) AND ($defaultpath != $galleryfolder) AND false === strpos($galleryfolder, '..') )
43	flagAdmin::import_gallery($galleryfolder);
44	}
45

246	foreach($gallerylist as $gallery) {
247	if ( !flagAdmin::can_manage_this_gallery($gallery->author) )
248	continue;
249	+ $name = ( empty($gallery->title) ) ? $gallery->name : esc_html(stripslashes($gallery->title));
250	$sel = ($ingallery == $gallery->gid) ? 'selected="selected" ' : '';
251	echo '<option ' . $sel . 'value="' . $gallery->gid . '" >' . $gallery->gid . ' - ' . $name . '</option>' . "\n";
252	} ?>

admin/ajax.php CHANGED Viewed

	@@ -38,7 +38,7 @@ function flag_ajax_operation() {
38	$result = flagAdmin::get_image_ids( $id );
39	break;
40	default :
41	- do_action( 'flag_ajax_' . $_POST['operation'] );
42	die('-1');
43	break;
44	}


38	$result = flagAdmin::get_image_ids( $id );
39	break;
40	default :
41	+ do_action( 'flag_ajax_' . sanitize_key($_POST['operation']) );
42	die('-1');
43	break;
44	}

admin/banner-box.php CHANGED Viewed

	@@ -19,7 +19,7 @@ function flag_banner_controler() {
19	if (isset($_POST['importfolder']) && $_POST['importfolder']){
20	check_admin_referer('flag_addbanner');
21	$bannerfolder = $_POST['bannerfolder'];
22	- if ( !empty($bannerfolder) ) {
23	$crunch_list = flagAdmin::import_banner($bannerfolder);
24	$mode = 'import';
25	}
	@@ -31,13 +31,13 @@ function flag_banner_controler() {
31	switch($mode) {
32	case 'sort':
33	include_once (dirname (__FILE__) . '/banner-sort.php');
34	- flag_b_playlist_order(~~$_GET['playlist']~~);
35	break;
36	case 'edit':

37	if(isset($_POST['updatePlaylist'])) {
38	- $title = $_POST['playlist_title'];
39	- $descr = $_POST['playlist_descr'];
40	- $file = $_GET['playlist'];
41	$data = array();
42	foreach($_POST['item_a'] as $item_id => $item) {
43	if($action=='delete_items' && in_array($item_id, $_POST['doaction']))
	@@ -48,22 +48,23 @@ function flag_banner_controler() {
48	flagSave_bPlaylist($title,$descr,$data,$file);
49	}
50	if(isset($_POST['updatePlaylistSkin'])) {
51	- $file = $_GET['playlist'];
52	flagSave_bPlaylistSkin($file);
53	}
54	include_once (dirname (__FILE__) . '/manage-banner.php');
55	- flag_b_playlist_edit($~~_GET['playlist']~~);
56	break;
57	case 'save':
58	- $~~title = $~~_POST['~~playlist_title~~'];
59	- $~~descr~~ = $_POST['~~playlist_descr~~'];
60	- $~~data~~ = $_POST['~~items_array~~'];
61	- $~~file~~ = ~~isset(~~$~~_REQUEST~~['~~playlist~~']~~)? $_REQUEST['playlist'] : false~~;
62	- ~~flagGallery::flagSaveWpMedia~~();
63	- ~~flagSave_bPlaylist~~(~~$title,$descr,$data, $file~~);


64	if(isset($_GET['playlist'])) {
65	include_once (dirname (__FILE__) . '/manage-banner.php');
66	- flag_b_playlist_edit(~~$_GET['playlist']~~);
67	} else {
68	flag_created_b_playlists();
69	flag_banner_wp_media_lib();
	@@ -73,14 +74,14 @@ function flag_banner_controler() {
73	if(isset($_POST['items']) && isset($_GET['playlist'])){
74	$added = $_POST['items'];
75	} elseif(isset($_GET['playlist'])) {
76	- $added = $_COOKIE['bannerboxplaylist_'.$_GET['playlist']];
77	} else {
78	$added = false;
79	}
80	flag_banner_wp_media_lib($added);
81	break;
82	case 'delete':
83	- flag_b_playlist_delete($_GET['playlist']);
84	case 'import':
85	flag_crunch($crunch_list);
86	case 'main':
	@@ -143,7 +144,7 @@ jQuery(document).ready(function(){
143
144	function flag_created_b_playlists() {
145
146	- $filepath = admin_url() . 'admin.php?page=' . $_GET['page'];
147
148	$all_playlists = get_b_playlists();
149	$total_all_playlists = count($all_playlists);
	@@ -176,10 +177,10 @@ if($all_playlists) {
176	<tr id="<?php echo $playlist_name; ?>" <?php echo $class; ?> >
177	<td>
178	<a href="<?php echo $filepath.'&playlist='.$playlist_name.'&mode=edit'; ?>" class='edit' title="<?php _e('Edit'); ?>" >
179	- <?php echo stripslashes($playlist_data['title']); ?>
180	</a>
181	</td>
182	- <td><?php echo stripslashes($playlist_data['description']); echo ' ('.__("player", "flag").': <strong>'.$playlist_data['skin'].'</strong>)' ?></td>
183	<td><?php echo count($query_m); ?></td>
184	<td style="white-space: nowrap;"><input type="text" class="shortcode1" style="width: 200px; font-size: 9px;" readonly="readonly" onfocus="this.select()" value="[grandbanner xml=<?php echo $playlist_name; ?>]" /></td>
185	<td>
	@@ -202,12 +203,12 @@ if($all_playlists) {
202	function flag_banner_wp_media_lib($added=false) {
203	global $wpdb;
204	// same as $_SERVER['REQUEST_URI'], but should work under IIS 6.0
205	- $filepath = admin_url() . 'admin.php?page=' . $_GET['page'];
206	$exclude = array();
207	if($added!==false) {
208	- $filepath .= '&~~amp;~~playlist='.$_GET['playlist'].'&~~amp;~~mode=save';
209	$flag_options = get_option('flag_options');
210	- $playlistPath = $flag_options['galleryPath'].'playlists/banner/'.$_GET['playlist'].'.xml';
211	$playlist = get_b_playlist_data(ABSPATH.$playlistPath);
212	$exclude = explode(',', $added);
213	} else {
	@@ -215,10 +216,11 @@ function flag_banner_wp_media_lib($added=false) {
215	$exclude = explode(',', $items_array_default);
216	}
217	if(isset($_GET['playlist'])){
218	- $playlist_cookie = $_GET['playlist'];
219	} else {
220	$playlist_cookie = 'default';
221	}

222	?>
223	<script type="text/javascript">
224	<!--
	@@ -357,6 +359,7 @@ function showDialog( windowId, height ) {
357	if ( ! isset( $_GET['paged'] ) \|\| $_GET['paged'] < 1 )
358	$_GET['paged'] = 1;
359

360	$objects_per_page = 25;
361	$start = ( $_GET['paged'] - 1 ) * $objects_per_page;
362	$img_total_count = $wpdb->get_var("SELECT COUNT(ID) FROM $wpdb->posts WHERE `post_mime_type` LIKE 'image/%' AND `post_type` = 'attachment' AND `post_status` = 'inherit'");
	@@ -376,7 +379,7 @@ $page_links = paginate_links( array(
376	'prev_text' => __('«'),
377	'next_text' => __('»'),
378	'total' => ceil( $img_total_count / $objects_per_page),
379	- 'current' => $_GET['paged']
380	));
381	?>
382	<div class="tablenav" style="overflow: hidden; height: auto;">
	@@ -411,10 +414,10 @@ $page_links = paginate_links( array(
411	<?php } else { ?>
412	<input type="hidden" name="mode" value="save" />
413	<input style="width: 80%;" type="text" id="items_array" name="items_array" readonly="readonly" value="<?php echo $added; ?>" />
414	- <input type="hidden" name="playlist_title" value="<?php echo $playlist['title']; ?>" />
415	<input type="hidden" name="skinname" value="<?php echo $playlist['skin']; ?>" />
416	<input type="hidden" name="skinaction" value="<?php echo $playlist['skin']; ?>" />
417	- <textarea style="display: none;" name="playlist_descr" cols="40" rows="1"><?php echo $playlist['description']; ?></textarea>
418	<input name="addToPlaylist" class="button-secondary" type="submit" value="<?php _e('Update Playlist','flag'); ?>" />
419	<?php } ?>
420	</div>
	@@ -473,11 +476,11 @@ if($bannerlist) {
473	</td>
474	<td class="title_filename">
475	<strong><a href="<?php echo $url; ?>"><?php echo basename($url); ?></a></strong><br />
476	- <textarea title="Title" name="item_a[<?php echo $ban->ID; ?>][post_title]" cols="20" rows="1" style="width:95%; height: 25px; overflow:hidden;"><?php echo $ban->post_title; ?></textarea><br />
477	- <?php _e('URL', 'flag'); ?>: <input id="banlink-<?php echo $ban->ID; ?>" name="item_a[<?php echo $ban->ID; ?>][link]" style="width:50%;" type="text" value="<?php echo $link; ?>" /><br />
478	</td>
479	<td class="description">
480	- <textarea name="item_a[<?php echo $ban->ID; ?>][post_content]" style="width:95%; height: 96px; margin-top: 2px; font-size:12px; line-height:115%;" rows="1" ><?php echo $ban->post_content; ?></textarea>
481	</td>
482	</tr>
483	<?php


19	if (isset($_POST['importfolder']) && $_POST['importfolder']){
20	check_admin_referer('flag_addbanner');
21	$bannerfolder = $_POST['bannerfolder'];
22	+ if ( !empty($bannerfolder) AND false === strpos($bannerfolder, '..') ) {
23	$crunch_list = flagAdmin::import_banner($bannerfolder);
24	$mode = 'import';
25	}

31	switch($mode) {
32	case 'sort':
33	include_once (dirname (__FILE__) . '/banner-sort.php');
34	+ flag_b_playlist_order();
35	break;
36	case 'edit':
37	+ $file = urlencode($_GET['playlist']);
38	if(isset($_POST['updatePlaylist'])) {
39	+ $title = esc_html($_POST['playlist_title']);
40	+ $descr = esc_html($_POST['playlist_descr']);

41	$data = array();
42	foreach($_POST['item_a'] as $item_id => $item) {
43	if($action=='delete_items' && in_array($item_id, $_POST['doaction']))

48	flagSave_bPlaylist($title,$descr,$data,$file);
49	}
50	if(isset($_POST['updatePlaylistSkin'])) {

51	flagSave_bPlaylistSkin($file);
52	}
53	include_once (dirname (__FILE__) . '/manage-banner.php');
54	+ flag_b_playlist_edit($file);
55	break;
56	case 'save':
57	+ if(isset($_POST['items_array'])) {
58	+ $title = esc_html($_POST['playlist_title']);
59	+ $descr = esc_html($_POST['playlist_descr']);
60	+ $data = $_POST['items_array'];
61	+ $file = isset($_REQUEST['playlist'])? urlencode($_REQUEST['playlist']) : false;
62	+ flagGallery::flagSaveWpMedia();
63	+ flagSave_bPlaylist($title,$descr,$data, $file);
64	+ }
65	if(isset($_GET['playlist'])) {
66	include_once (dirname (__FILE__) . '/manage-banner.php');
67	+ flag_b_playlist_edit();
68	} else {
69	flag_created_b_playlists();
70	flag_banner_wp_media_lib();

74	if(isset($_POST['items']) && isset($_GET['playlist'])){
75	$added = $_POST['items'];
76	} elseif(isset($_GET['playlist'])) {
77	+ $added = $_COOKIE['bannerboxplaylist_'.urlencode($_GET['playlist'])];
78	} else {
79	$added = false;
80	}
81	flag_banner_wp_media_lib($added);
82	break;
83	case 'delete':
84	+ flag_b_playlist_delete(urlencode($_GET['playlist']));
85	case 'import':
86	flag_crunch($crunch_list);
87	case 'main':

144
145	function flag_created_b_playlists() {
146
147	+ $filepath = admin_url() . 'admin.php?page=' . urlencode($_GET['page']);
148
149	$all_playlists = get_b_playlists();
150	$total_all_playlists = count($all_playlists);

177	<tr id="<?php echo $playlist_name; ?>" <?php echo $class; ?> >
178	<td>
179	<a href="<?php echo $filepath.'&playlist='.$playlist_name.'&mode=edit'; ?>" class='edit' title="<?php _e('Edit'); ?>" >
180	+ <?php echo esc_html(stripslashes($playlist_data['title'])); ?>
181	</a>
182	</td>
183	+ <td><?php echo esc_html(stripslashes($playlist_data['description'])); echo ' ('.__("player", "flag").': <strong>'.$playlist_data['skin'].'</strong>)' ?></td>
184	<td><?php echo count($query_m); ?></td>
185	<td style="white-space: nowrap;"><input type="text" class="shortcode1" style="width: 200px; font-size: 9px;" readonly="readonly" onfocus="this.select()" value="[grandbanner xml=<?php echo $playlist_name; ?>]" /></td>
186	<td>

203	function flag_banner_wp_media_lib($added=false) {
204	global $wpdb;
205	// same as $_SERVER['REQUEST_URI'], but should work under IIS 6.0
206	+ $filepath = admin_url() . 'admin.php?page=' . urlencode($_GET['page']);
207	$exclude = array();
208	if($added!==false) {
209	+ $filepath .= '&playlist='.urlencode($_GET['playlist']).'&mode=save';
210	$flag_options = get_option('flag_options');
211	+ $playlistPath = $flag_options['galleryPath'].'playlists/banner/'.urlencode($_GET['playlist']).'.xml';
212	$playlist = get_b_playlist_data(ABSPATH.$playlistPath);
213	$exclude = explode(',', $added);
214	} else {

216	$exclude = explode(',', $items_array_default);
217	}
218	if(isset($_GET['playlist'])){
219	+ $playlist_cookie = urlencode($_GET['playlist']);
220	} else {
221	$playlist_cookie = 'default';
222	}
223	+ $filepath = esc_url($filepath);
224	?>
225	<script type="text/javascript">
226	<!--

359	if ( ! isset( $_GET['paged'] ) \|\| $_GET['paged'] < 1 )
360	$_GET['paged'] = 1;
361
362	+ $_GET['paged'] = intval($_GET['paged']);
363	$objects_per_page = 25;
364	$start = ( $_GET['paged'] - 1 ) * $objects_per_page;
365	$img_total_count = $wpdb->get_var("SELECT COUNT(ID) FROM $wpdb->posts WHERE `post_mime_type` LIKE 'image/%' AND `post_type` = 'attachment' AND `post_status` = 'inherit'");

379	'prev_text' => __('«'),
380	'next_text' => __('»'),
381	'total' => ceil( $img_total_count / $objects_per_page),
382	+ 'current' => intval($_GET['paged'])
383	));
384	?>
385	<div class="tablenav" style="overflow: hidden; height: auto;">

414	<?php } else { ?>
415	<input type="hidden" name="mode" value="save" />
416	<input style="width: 80%;" type="text" id="items_array" name="items_array" readonly="readonly" value="<?php echo $added; ?>" />
417	+ <input type="hidden" name="playlist_title" value="<?php echo esc_html(stripslashes($playlist['title'])); ?>" />
418	<input type="hidden" name="skinname" value="<?php echo $playlist['skin']; ?>" />
419	<input type="hidden" name="skinaction" value="<?php echo $playlist['skin']; ?>" />
420	+ <textarea style="display: none;" name="playlist_descr" cols="40" rows="1"><?php echo esc_html(stripslashes($playlist['description'])); ?></textarea>
421	<input name="addToPlaylist" class="button-secondary" type="submit" value="<?php _e('Update Playlist','flag'); ?>" />
422	<?php } ?>
423	</div>

476	</td>
477	<td class="title_filename">
478	<strong><a href="<?php echo $url; ?>"><?php echo basename($url); ?></a></strong><br />
479	+ <textarea title="Title" name="item_a[<?php echo $ban->ID; ?>][post_title]" cols="20" rows="1" style="width:95%; height: 25px; overflow:hidden;"><?php echo esc_html(stripslashes($ban->post_title)); ?></textarea><br />
480	+ <?php _e('URL', 'flag'); ?>: <input id="banlink-<?php echo $ban->ID; ?>" name="item_a[<?php echo $ban->ID; ?>][link]" style="width:50%;" type="text" value="<?php echo esc_url($link); ?>" /><br />
481	</td>
482	<td class="description">
483	+ <textarea name="item_a[<?php echo $ban->ID; ?>][post_content]" style="width:95%; height: 96px; margin-top: 2px; font-size:12px; line-height:115%;" rows="1" ><?php echo esc_html(stripslashes($ban->post_content)); ?></textarea>
484	</td>
485	</tr>
486	<?php

admin/banner-sort.php CHANGED Viewed

	@@ -1,17 +1,12 @@
1	<?php
2
3	- /**
4	- * @author Sergey Pasyuk
5	- * @copyright 2011
6	- */
7	-
8	- function flag_b_playlist_order($playlist){
9	global $wpdb;
10
11	//this is the url without any presort variable
12	- $base_url = admin_url() . 'admin.php?page=' . $_GET['page'];
13	$flag_options = get_option('flag_options');
14	- $playlistPath = $flag_options['galleryPath'].'playlists/banner/'.$_GET['playlist'].'.xml';
15	$playlist = get_b_playlist_data(ABSPATH.$playlistPath);
16	$items_a = $playlist['items'];
17	$items = implode(',',$playlist['items']);
	@@ -22,18 +17,18 @@ function flag_b_playlist_order($playlist){
22	<h2><?php _e('Sort Gallery', 'flag'); ?></h2>
23
24	<div class="alignright tablenav" style="margin-bottom: -36px;">
25	- <a href="<?php echo $base_url.'&~~amp;~~playlist='.$_GET['playlist'].'&~~amp;~~mode=edit'; ?>" class="button-secondary action"><?php _e('Back to playlist', 'flag'); ?></a>
26	</div>
27	- <form id="sortPlaylist" method="POST" action="<?php echo $base_url.'&~~amp;~~playlist='.$_GET['playlist'].'&~~amp;~~mode=edit'; ?>" accept-charset="utf-8">
28	<div class="alignleft tablenav">
29	<?php wp_nonce_field('flag_updatesortorder'); ?>
30	<input class="button-primary action" type="submit" name="updatePlaylist" value="<?php _e('Update Sort Order', 'flag'); ?>" />
31	</div>
32	<br clear="all" />
33	- <input type="hidden" name="playlist_title" value="<?php echo $playlist['title']; ?>" />
34	<input type="hidden" name="skinname" value="<?php echo $playlist['skin']; ?>" />
35	<input type="hidden" name="skinaction" value="<?php echo $playlist['skin']; ?>" />
36	- <textarea style="display: none;" name="playlist_descr" cols="40" rows="1"><?php echo $playlist['description']; ?></textarea>
37	<script type="text/javascript">
38	/<![CDATA[/
39	jQuery(document).ready(function($) {
	@@ -100,7 +95,7 @@ if(count($items_a)) {
100	<td scope="row"><input type="hidden" name="item_a[<?php echo $ban->ID; ?>][ID]" value="<?php echo $ban->ID; ?>" /><strong><?php echo $ban->ID; ?></strong></td>
101	<td width="50"><a class="thickbox" title="<?php echo basename($url); ?>" href="<?php echo $url; ?>"><img id="thumb-<?php echo $ban->ID; ?>" src="<?php echo $thumb; ?>" width="40" height="40" alt="" /></a></td>
102	<td><?php echo basename($url); ?></td>
103	- <td><?php echo $ban->post_title; ?></td>
104	</tr>
105	<?php
106	}


1	<?php
2
3	+ function flag_b_playlist_order($playlist = 'deprecated'){





4	global $wpdb;
5
6	//this is the url without any presort variable
7	+ $base_url = admin_url() . 'admin.php?page=' . urlencode($_GET['page']);
8	$flag_options = get_option('flag_options');
9	+ $playlistPath = $flag_options['galleryPath'].'playlists/banner/'.urlencode($_GET['playlist']).'.xml';
10	$playlist = get_b_playlist_data(ABSPATH.$playlistPath);
11	$items_a = $playlist['items'];
12	$items = implode(',',$playlist['items']);

17	<h2><?php _e('Sort Gallery', 'flag'); ?></h2>
18
19	<div class="alignright tablenav" style="margin-bottom: -36px;">
20	+ <a href="<?php echo esc_url($base_url.'&playlist='.urlencode($_GET['playlist']).'&mode=edit'); ?>" class="button-secondary action"><?php _e('Back to playlist', 'flag'); ?></a>
21	</div>
22	+ <form id="sortPlaylist" method="POST" action="<?php echo esc_url($base_url.'&playlist='.urlencode($_GET['playlist']).'&mode=edit'); ?>" accept-charset="utf-8">
23	<div class="alignleft tablenav">
24	<?php wp_nonce_field('flag_updatesortorder'); ?>
25	<input class="button-primary action" type="submit" name="updatePlaylist" value="<?php _e('Update Sort Order', 'flag'); ?>" />
26	</div>
27	<br clear="all" />
28	+ <input type="hidden" name="playlist_title" value="<?php echo esc_html(stripslashes($playlist['title'])); ?>" />
29	<input type="hidden" name="skinname" value="<?php echo $playlist['skin']; ?>" />
30	<input type="hidden" name="skinaction" value="<?php echo $playlist['skin']; ?>" />
31	+ <textarea style="display: none;" name="playlist_descr" cols="40" rows="1"><?php echo esc_html(stripslashes($playlist['description'])); ?></textarea>
32	<script type="text/javascript">
33	/<![CDATA[/
34	jQuery(document).ready(function($) {

95	<td scope="row"><input type="hidden" name="item_a[<?php echo $ban->ID; ?>][ID]" value="<?php echo $ban->ID; ?>" /><strong><?php echo $ban->ID; ?></strong></td>
96	<td width="50"><a class="thickbox" title="<?php echo basename($url); ?>" href="<?php echo $url; ?>"><img id="thumb-<?php echo $ban->ID; ?>" src="<?php echo $thumb; ?>" width="40" height="40" alt="" /></a></td>
97	<td><?php echo basename($url); ?></td>
98	+ <td><?php echo esc_html(stripslashes($ban->post_title)); ?></td>
99	</tr>
100	<?php
101	}

admin/banner.functions.php CHANGED Viewed

	@@ -65,6 +65,8 @@ function flagSave_bPlaylist($title,$descr,$data,$file='',$skinaction='') {
65	if(!trim($title)) {
66	$title = 'default';
67	}


68	if (!$file) {
69	$file = sanitize_title($title);
70	}
	@@ -72,9 +74,9 @@ function flagSave_bPlaylist($title,$descr,$data,$file='',$skinaction='') {
72	$data = explode(',', $data);
73
74	$flag_options = get_option('flag_options');
75	- $skin = isset($_POST['skinname'])? $_POST['skinname'] : 'banner_default';
76	if(!$skinaction) {
77	- $skinaction = isset($_POST['skinaction'])? $_POST['skinaction'] : 'update';
78	}
79	$skinpath = trailingslashit( $flag_options['skinsDirABS'] ).$skin;
80	$playlistPath = ABSPATH.$flag_options['galleryPath'].'playlists/banner/'.$file.'.xml';
	@@ -159,8 +161,8 @@ function flagSave_bPlaylistSkin($file) {
159	$flag_options = get_option('flag_options');
160	$playlistPath = ABSPATH.$flag_options['galleryPath'].'playlists/banner/'.$file.'.xml';
161	// Save options
162	- $title = $_POST['playlist_title'];
163	- $descr = $_POST['playlist_descr'];
164	$items = get_b_playlist_data($playlistPath);
165	$data = $items['items'];
166	flagSave_bPlaylist($title,$descr,$data,$file,$skinaction='update');


65	if(!trim($title)) {
66	$title = 'default';
67	}
68	+ $title = htmlspecialchars_decode(stripslashes($title), ENT_QUOTES);
69	+ $descr = htmlspecialchars_decode(stripslashes($descr), ENT_QUOTES);
70	if (!$file) {
71	$file = sanitize_title($title);
72	}

74	$data = explode(',', $data);
75
76	$flag_options = get_option('flag_options');
77	+ $skin = isset($_POST['skinname'])? sanitize_key($_POST['skinname']) : 'banner_default';
78	if(!$skinaction) {
79	+ $skinaction = isset($_POST['skinaction'])? sanitize_key($_POST['skinaction']) : 'update';
80	}
81	$skinpath = trailingslashit( $flag_options['skinsDirABS'] ).$skin;
82	$playlistPath = ABSPATH.$flag_options['galleryPath'].'playlists/banner/'.$file.'.xml';

161	$flag_options = get_option('flag_options');
162	$playlistPath = ABSPATH.$flag_options['galleryPath'].'playlists/banner/'.$file.'.xml';
163	// Save options
164	+ $title = esc_html($_POST['playlist_title']);
165	+ $descr = esc_html($_POST['playlist_descr']);
166	$items = get_b_playlist_data($playlistPath);
167	$data = $items['items'];
168	flagSave_bPlaylist($title,$descr,$data,$file,$skinaction='update');

admin/css/flagadmin.css CHANGED Viewed

	@@ -72,7 +72,7 @@
72
73	/* SETTINGS FOR THE OPTIONS TABLE */
74	.flag-options th {
75	- width:22%;
76	}
77
78	/* SETTINGS FOR MANAGE TABLE */
	@@ -144,6 +144,8 @@ p#flag-inlinebutton {
144	.flagform .widefat thead th.cb { width: 54px; text-align: center; }
145	.flagform .widefat tfoot th.cb { text-align: center; }
146


147	.albums_table { width: 600px; position: relative; background: #ffffff; border: 1px solid #cccccc; border-radius: 4px; margin: 7px 0; padding: 1px 3px; float: left; max-height: 550px; overflow: auto; }
148	.albums_table .album { position: relative; background: #f8f8f8; border: 1px solid #cccccc; border-radius: 4px; margin:2px 0; padding: 3px 3px 3px 36px; }
149	.albums_table .album form { margin: 0; padding: 0; display: inline; }


72
73	/* SETTINGS FOR THE OPTIONS TABLE */
74	.flag-options th {
75	+ width:30%;
76	}
77
78	/* SETTINGS FOR MANAGE TABLE */

144	.flagform .widefat thead th.cb { width: 54px; text-align: center; }
145	.flagform .widefat tfoot th.cb { text-align: center; }
146
147	+ #flag-listmusic tbody td { height: 50px; }
148	+
149	.albums_table { width: 600px; position: relative; background: #ffffff; border: 1px solid #cccccc; border-radius: 4px; margin: 7px 0; padding: 1px 3px; float: left; max-height: 550px; overflow: auto; }
150	.albums_table .album { position: relative; background: #f8f8f8; border: 1px solid #cccccc; border-radius: 4px; margin:2px 0; padding: 3px 3px 3px 36px; }
151	.albums_table .album form { margin: 0; padding: 0; display: inline; }

admin/css/tabs.css CHANGED Viewed

	@@ -49,7 +49,7 @@
49	.tabs li {
50	float: left;
51	padding: 6px 5px;
52	- min-width: ~~84px~~; /* be nice to Opera */
53	margin: 2px 2px 0px 1px !important;
54	text-decoration: none;
55	list-style: none;


49	.tabs li {
50	float: left;
51	padding: 6px 5px;
52	+ min-width: 50px; /* be nice to Opera */
53	margin: 2px 2px 0px 1px !important;
54	text-decoration: none;
55	list-style: none;

admin/facebook-tool.php CHANGED Viewed

	@@ -165,7 +165,7 @@ function fb_url(galleries,skin,h,l) {
165	$gallerylist = $flagdb->find_all_galleries('gid', 'ASC');
166	if(is_array($gallerylist)) {
167	foreach($gallerylist as $gallery) {
168	- $name = ( empty($gallery->title) ) ? $gallery->name : $gallery->title;
169	echo '<div class="row"><input type="checkbox" value="' . $gallery->gid . '" /> <span>' . $gallery->gid . ' - ' . $name . '</span></div>' . "\n";
170	}
171	}
	@@ -211,7 +211,7 @@ function fb_url(galleries,skin,h,l) {
211	foreach((array)$all_m_playlists as $playlist_file => $playlist_data) {
212	$playlist_name = basename($playlist_file, '.xml');
213	?>
214	- <option value="<?php echo $playlist_name; ?>"><?php echo $playlist_data['title']; ?></option>
215	<?php
216	}
217	?>
	@@ -233,7 +233,7 @@ function fb_url(galleries,skin,h,l) {
233	foreach((array)$all_v_playlists as $playlist_file => $playlist_data) {
234	$playlist_name = basename($playlist_file, '.xml');
235	?>
236	- <option value="<?php echo $playlist_name; ?>"><?php echo $playlist_data['title']; ?></option>
237	<?php
238	}
239	?>
	@@ -255,7 +255,7 @@ function fb_url(galleries,skin,h,l) {
255	foreach((array)$all_b_playlists as $playlist_file => $playlist_data) {
256	$playlist_name = basename($playlist_file, '.xml');
257	?>
258	- <option value="<?php echo $playlist_name; ?>"><?php echo $playlist_data['title']; ?></option>
259	<?php
260	}
261	?>


165	$gallerylist = $flagdb->find_all_galleries('gid', 'ASC');
166	if(is_array($gallerylist)) {
167	foreach($gallerylist as $gallery) {
168	+ $name = ( empty($gallery->title) ) ? $gallery->name : esc_html(stripslashes($gallery->title));
169	echo '<div class="row"><input type="checkbox" value="' . $gallery->gid . '" /> <span>' . $gallery->gid . ' - ' . $name . '</span></div>' . "\n";
170	}
171	}

211	foreach((array)$all_m_playlists as $playlist_file => $playlist_data) {
212	$playlist_name = basename($playlist_file, '.xml');
213	?>
214	+ <option value="<?php echo $playlist_name; ?>"><?php echo esc_html(stripslashes($playlist_data['title'])); ?></option>
215	<?php
216	}
217	?>

233	foreach((array)$all_v_playlists as $playlist_file => $playlist_data) {
234	$playlist_name = basename($playlist_file, '.xml');
235	?>
236	+ <option value="<?php echo $playlist_name; ?>"><?php echo esc_html(stripslashes($playlist_data['title'])); ?></option>
237	<?php
238	}
239	?>

255	foreach((array)$all_b_playlists as $playlist_file => $playlist_data) {
256	$playlist_name = basename($playlist_file, '.xml');
257	?>
258	+ <option value="<?php echo $playlist_name; ?>"><?php echo esc_html(stripslashes($playlist_data['title'])); ?></option>
259	<?php
260	}
261	?>

admin/flv_preview.php CHANGED Viewed

	@@ -15,6 +15,7 @@ if ( !current_user_can('FlAG Manage video') )
15	<script type="text/javascript" src="<?php echo plugins_url('/'.FLAGFOLDER.'/'); ?>admin/js/swfobject.js"></script>
16	</head>
17	<body style="margin: 0; padding: 0; background: #555555; overflow: hidden;">
18	- <?php ~~echo~~ ~~flagShowVmPlayer~~($_GET['vid']~~, $w='520', $h='304', $autoplay=true~~); ?>

19	</body>
20	</html>


15	<script type="text/javascript" src="<?php echo plugins_url('/'.FLAGFOLDER.'/'); ?>admin/js/swfobject.js"></script>
16	</head>
17	<body style="margin: 0; padding: 0; background: #555555; overflow: hidden;">
18	+ <?php $vidID = intval($_GET['vid']);
19	+ echo flagShowVmPlayer($vidID, $w='520', $h='304', $autoplay=true); ?>
20	</body>
21	</html>

admin/functions.php CHANGED Viewed

	@@ -178,7 +178,7 @@ class flagAdmin{
178	flagGallery::show_error(__('Database error. Could not add gallery!','flag'));
179	return;
180	}
181	- $created_msg = ~~__ngettext~~( 'Gallery', 'Galleries', 1, 'flag' ) . ' <strong>' . $galleryname . '</strong> ' . __('successfully created!','flag') . '<br />';
182	$gallery_id = $wpdb->insert_id; // get index_id
183	}
184
	@@ -652,7 +652,7 @@ class flagAdmin{
652	// get the file date/time from exif
653	$timestamp = $meta['timestamp'];
654	// update database
655	- $result = $wpdb->query( $wpdb->prepare("UPDATE $wpdb->flagpictures SET alttext = %s, description = %s, imagedate = %s WHERE pid = %d", ~~esc_attr(~~$alttext), ~~esc_attr(~~$description), $timestamp, $image->pid) );
656	if ($result === false)
657	return ' <strong>' . $image->filename . ' ' . __('(Error : Couldn\'t not update data base)', 'flag') . '</strong>';
658
	@@ -705,7 +705,7 @@ class flagAdmin{
705	// get the file date/time from exif
706	$makedescription = $alttext.$description.$makedescription;
707	// update database
708	- $result = $wpdb->query( $wpdb->prepare("UPDATE $wpdb->flagpictures SET alttext = %s, description = %s, imagedate = %s WHERE pid = %d", '', ~~esc_attr(~~$makedescription), $timestamp, $image->pid) );
709	if ($result === false)
710	return ' <strong>' . $image->filename . ' ' . __('(Error : Couldn\'t not update data base)', 'flag') . '</strong>';
711


178	flagGallery::show_error(__('Database error. Could not add gallery!','flag'));
179	return;
180	}
181	+ $created_msg = _n( 'Gallery', 'Galleries', 1, 'flag' ) . ' <strong>' . $galleryname . '</strong> ' . __('successfully created!','flag') . '<br />';
182	$gallery_id = $wpdb->insert_id; // get index_id
183	}
184

652	// get the file date/time from exif
653	$timestamp = $meta['timestamp'];
654	// update database
655	+ $result = $wpdb->query( $wpdb->prepare("UPDATE $wpdb->flagpictures SET alttext = %s, description = %s, imagedate = %s WHERE pid = %d", $alttext, $description, $timestamp, $image->pid) );
656	if ($result === false)
657	return ' <strong>' . $image->filename . ' ' . __('(Error : Couldn\'t not update data base)', 'flag') . '</strong>';
658

705	// get the file date/time from exif
706	$makedescription = $alttext.$description.$makedescription;
707	// update database
708	+ $result = $wpdb->query( $wpdb->prepare("UPDATE $wpdb->flagpictures SET alttext = %s, description = %s, imagedate = %s WHERE pid = %d", '', $makedescription, $timestamp, $image->pid) );
709	if ($result === false)
710	return ' <strong>' . $image->filename . ' ' . __('(Error : Couldn\'t not update data base)', 'flag') . '</strong>';
711

admin/images/appstore_button.png ADDED Viewed

Binary file

admin/jgallery.php CHANGED Viewed

	@@ -85,14 +85,15 @@ foreach ( $gID as $galID ) {
85
86	if (is_array ($thepictures) && count($thegalleries) && count($thepictures)){
87	$thegalleries = array_map('stripslashes', $thegalleries);
88	- $~~thegalleries['~~galdesc'] = ~~htmlspecialchars_decode(~~$thegalleries['galdesc']);

89	$a = $thegalleries;
90
91	$xml['alt'] .= '<div class="flagCatMeta">';
92	- $xml['alt'] .= '<h4>'.$thegalleries['title'].'</h4>';
93	- $xml['alt'] .= '<p>'~~.$thegalleries[~~'galdesc'].'</p>';
94	$xml['alt'] .= '</div>';
95	- $xml['alt'] .= '<div class="flagcategory" id="gid_'.$galID.'_'.$skinID.'">';
96	$n = count($thepictures);
97	$var = floor($n/5);
98	if($var==0 \|\| $var > 4) $var=4;
	@@ -106,7 +107,7 @@ foreach ( $gID as $galID ) {
106	$pid = intval($picture['pid']);
107
108	if ($isCrawler){
109	- $xml['alt'] .= '<a style="display:block; overflow: hidden; height: 100px; width: 115px; margin-bottom: 10px; background-color: #eeeeee; background-position: 22px 44px; text-align: left;" class="i'. $j++ .' flag_pic_alt" href="'.$siteurl.'/'.$thegalleries['path'].'/'.$picture['filename'].'" id="flag_pic_'.$pid.'" rel="gid_'.$galID.'_'.$skinID.'"><img style="float:left; margin-right: 10px; width: auto; height: auto; min-height:100px; min-width:115px;" title="'.strip_tags($picture['alttext']).'" alt="'.strip_tags($picture['alttext']).'" src="'.$siteurl.'/'.$thegalleries['path'].'/thumbs/thumbs_'.$picture['filename'].'" /><span style="display: block; overflow: hidden; text-decoration: none; color: #000; font-weight: normal;" class="flag_pic_desc" id="flag_desc_'.$pid.'"><strong>'.~~strip_tags~~($picture['alttext']).'</strong><br />'.~~strip_tags~~($picture['description'],'<b><u><i><span>').'</span></a>';
110	} else {
111	if(!$disableViews){
112	$views = (intval($picture['hitcounter']) < 10000) ? $picture['hitcounter'] : round($picture['hitcounter']/1000, 1).'k';
	@@ -115,7 +116,7 @@ foreach ( $gID as $galID ) {
115	} else {
116	$views_panel = '';
117	}
118	- $xml['alt'] .= '<a class="i'. $j++ .' flag_pic_alt" href="'.$siteurl.'/'.$thegalleries['path'].'/'.$picture['filename'].'" id="flag_pic_'.$pid.'" rel="gid_'.$galID.'_'.$skinID.'" title="'.strip_tags($picture['alttext']).'">[img src='.$siteurl.'/'.$thegalleries['path'].'/thumbs/thumbs_'.$picture['filename'].']'.$views_panel.'<span class="flag_pic_desc" id="flag_desc_'.$pid.'"><strong>'.~~htmlspecialchars~~($picture['alttext']).'</strong><br /><span>'.~~htmlspecialchars~~($picture['description']).'</span></span></a>';
119	}
120	}
121	$xml['alt'] .= '</div>';


85
86	if (is_array ($thepictures) && count($thegalleries) && count($thepictures)){
87	$thegalleries = array_map('stripslashes', $thegalleries);
88	+ $galdesc = $thegalleries['galdesc'];
89	+ $thegalleries['galdesc'] = htmlspecialchars_decode($galdesc);
90	$a = $thegalleries;
91
92	$xml['alt'] .= '<div class="flagCatMeta">';
93	+ $xml['alt'] .= '<h4>'.htmlspecialchars_decode($thegalleries['title'], ENT_QUOTES).'</h4>';
94	+ $xml['alt'] .= '<p>'.str_replace('"','', strip_tags(htmlspecialchars_decode($galdesc, ENT_QUOTES))).'</p>';
95	$xml['alt'] .= '</div>';
96	+ $xml['alt'] .= '<div class="flagcategory" id="gid_'.$galID.'_'.$skinID.'">."\n"';
97	$n = count($thepictures);
98	$var = floor($n/5);
99	if($var==0 \|\| $var > 4) $var=4;

107	$pid = intval($picture['pid']);
108
109	if ($isCrawler){
110	+ $xml['alt'] .= '<a style="display:block; overflow: hidden; height: 100px; width: 115px; margin-bottom: 10px; background-color: #eeeeee; background-position: 22px 44px; text-align: left;" class="i'. $j++ .' flag_pic_alt" href="'.$siteurl.'/'.$thegalleries['path'].'/'.$picture['filename'].'" id="flag_pic_'.$pid.'" rel="gid_'.$galID.'_'.$skinID.'"><img style="float:left; margin-right: 10px; width: auto; height: auto; min-height:100px; min-width:115px;" title="'.esc_attr(strip_tags($picture['alttext'])).'" alt="'.esc_attr(strip_tags($picture['alttext'])).'" src="'.$siteurl.'/'.$thegalleries['path'].'/thumbs/thumbs_'.$picture['filename'].'" /><span style="display: block; overflow: hidden; text-decoration: none; color: #000; font-weight: normal;" class="flag_pic_desc" id="flag_desc_'.$pid.'"><strong>'.htmlspecialchars_decode($picture['alttext']).'</strong><br />'.htmlspecialchars_decode($picture['description'],'<b><u><i><span>').'</span></a>';
111	} else {
112	if(!$disableViews){
113	$views = (intval($picture['hitcounter']) < 10000) ? $picture['hitcounter'] : round($picture['hitcounter']/1000, 1).'k';

116	} else {
117	$views_panel = '';
118	}
119	+ $xml['alt'] .= '<a class="i'. $j++ .' flag_pic_alt" href="'.$siteurl.'/'.$thegalleries['path'].'/'.$picture['filename'].'" id="flag_pic_'.$pid.'" rel="gid_'.$galID.'_'.$skinID.'" title="'.esc_attr(strip_tags($picture['alttext'])).'">[img src='.$siteurl.'/'.$thegalleries['path'].'/thumbs/thumbs_'.$picture['filename'].']'.$views_panel.'<span class="flag_pic_desc" id="flag_desc_'.$pid.'"><strong>'.htmlspecialchars_decode($picture['alttext']).'</strong><br /><span>'.htmlspecialchars_decode($picture['description']).'</span></span></a>';
120	}
121	}
122	$xml['alt'] .= '</div>';

admin/manage-banner.php CHANGED Viewed

	@@ -4,10 +4,10 @@ if(preg_match('#' . basename(__FILE__) . '#', $_SERVER['PHP_SELF'])) { die('You
4
5	function flag_b_playlist_edit() {
6
7	- $filepath = admin_url() . 'admin.php?page=' . $_GET['page'];
8	$all_playlists = get_b_playlists();
9	$flag_options = get_option('flag_options');
10	- $playlistPath = $flag_options['galleryPath'].'playlists/banner/'.$_GET['playlist'].'.xml';
11	$playlist = get_b_playlist_data(ABSPATH.$playlistPath);
12	$items_a = $playlist['items'];
13	$items = implode(',',$playlist['items']);
	@@ -97,7 +97,7 @@ jQuery(document).ready(function(){
97	</script>
98
99	<div class="wrap">
100	- <h2><?php _e( 'Playlist', 'flag' ); ?>: <?php echo $playlist['title']; ?></h2>
101	<div style="float: right; margin: -20px 3px 0 0;">
102	<span><a href="<?php echo $filepath; ?>"><?php _e('Back to Banner Box', 'flag'); ?></a>     </span>
103	<select name="select_playlist" onchange="window.location.href=this.options[this.selectedIndex].value">
	@@ -105,15 +105,15 @@ jQuery(document).ready(function(){
105	<?php
106	foreach((array)$all_playlists as $playlist_file => $playlist_data) {
107	$playlist_name = basename($playlist_file, '.xml');
108	- if ($~~playlist_file~~ == $_GET['playlist']) continue;
109	?>
110	- <option value="<?php echo $filepath."&~~amp;~~playlist=".$playlist_name."&~~amp;~~mode=edit"; ?>"><?php echo $playlist_data['title']; ?></option>
111	<?php
112	}
113	?>
114	</select>
115	</div>
116	- <form id="updatePlaylist" class="flagform" method="POST" action="<?php echo $filepath."&~~amp;~~playlist=".$_GET['playlist']."&~~amp;~~mode=edit"; ?>" accept-charset="utf-8">
117	<?php wp_nonce_field('flag_updateplaylist'); ?>
118	<input type="hidden" name="page" value="manage-playlist" />
119
	@@ -125,7 +125,7 @@ jQuery(document).ready(function(){
125	<table cellspacing="8" cellpadding="0" border="0">
126	<tr>
127	<th align="left" valign="middle" scope="row"><?php _e('Shortcode', 'flag'); ?>:</th>
128	- <td align="left" valign="middle"><input type="text" readonly="readonly" size="50" onfocus="this.select()" value="[grandbanner xml=<?php echo $_GET['playlist']; ?>]" /></td>
129	<td rowspan="3" align="left" valign="top"><div style="font-size:11px;"><strong style="display: inline-block; width: 100px;"><?php _e("Playlist Skin", 'flag'); ?>:</strong>
130	<input id="skinaction" type="hidden" name="skinaction" value="<?php echo $playlist['skin']; ?>" />
131	<select id="skinname" name="skinname" style="width: 200px; height: 24px; font-size: 11px;">
	@@ -147,11 +147,11 @@ jQuery(document).ready(function(){
147	</tr>
148	<tr>
149	<th align="left" valign="middle" scope="row"><?php _e('Title', 'flag'); ?>:</th>
150	- <td align="left" valign="middle"><input type="text" size="50" name="playlist_title" value="<?php echo stripslashes($playlist['title']); ?>" /></td>
151	</tr>
152	<tr>
153	<th align="left" valign="top" scope="row"><?php _e('Description', 'flag'); ?>:</th>
154	- <td align="left" valign="top"><textarea name="playlist_descr" cols="60" rows="2" style="width: 95%" ><?php echo stripslashes($playlist['description']); ?></textarea></td>
155	</tr>
156	<!--<tr>
157	<th align="left" valign="top" scope="row"><?php _e('Path', 'flag'); ?>:</th>
	@@ -169,8 +169,8 @@ jQuery(document).ready(function(){
169	<option value="delete_items" ><?php _e("Delete items",'flag')?></option>
170	</select>
171	<input class="button-secondary alignleft" style="margin-right:10px;" type="submit" name="updatePlaylist" value="<?php _e("OK",'flag')?>" onclick="if ( !checkSelected() ) return false;" />
172	- <a href="<?php echo $filepath."&~~amp;~~playlist=".$_GET['playlist']."&~~amp;~~mode=sort"; ?>" class="button-secondary alignleft" style="margin:1px 10px 0 0;"><?php _e("Sort Playlist",'flag')?></a>
173	- <a href="<?php echo $filepath."&~~amp;~~playlist=".$_GET['playlist']."&~~amp;~~mode=add"; ?>" onClick="jQuery('#form_listitems').submit();return false;" class="button-secondary alignleft" style="margin:1px 10px 0 0;"><?php _e("Add/Remove Items from Playlist",'flag')?></a>
174	<input type="submit" name="updatePlaylist" class="button-primary action alignright" value="<?php _e("Update Playlist",'flag')?>" />
175	</div>
176
	@@ -222,11 +222,11 @@ if(count($items_a)) {
222	</td>
223	<td class="title_filename">
224	<strong><a href="<?php echo $url; ?>"><?php echo basename($url); ?></a></strong><br />
225	- <textarea title="Title" name="item_a[<?php echo $ban->ID; ?>][post_title]" cols="20" rows="1" style="width:95%; height: 25px; overflow:hidden;"><?php echo $ban->post_title; ?></textarea><br />
226	- <?php _e('URL', 'flag'); ?>: <input id="banlink-<?php echo $ban->ID; ?>" name="item_a[<?php echo $ban->ID; ?>][link]" style="width:50%;" type="text" value="<?php echo $link; ?>" /><br />
227	</td>
228	<td class="description">
229	- <textarea name="item_a[<?php echo $ban->ID; ?>][post_content]" style="width:95%; height: 96px; margin-top: 2px; font-size:12px; line-height:115%;" rows="1" ><?php echo $ban->post_content; ?></textarea>
230	</td>
231	</tr>
232	<?php
	@@ -243,7 +243,7 @@ if ( $counter==0 )
243	</table>
244	<p class="submit" style="text-align: right;"><input type="submit" class="button-primary action" name="updatePlaylist" value="<?php _e("Update Playlist",'flag')?>" /></p>
245	</form>
246	- <form id="form_listitems" name="form_listitems" method="POST" action="<?php echo $filepath."&~~amp;~~playlist=".$_GET['playlist']."&~~amp;~~mode=add"; ?>">
247	<input type="hidden" name="items" value="<?php echo $items; ?>" />
248	</form>
249	<br class="clear"/>


4
5	function flag_b_playlist_edit() {
6
7	+ $filepath = admin_url() . 'admin.php?page=' . urlencode($_GET['page']);
8	$all_playlists = get_b_playlists();
9	$flag_options = get_option('flag_options');
10	+ $playlistPath = $flag_options['galleryPath'].'playlists/banner/'.urlencode($_GET['playlist']).'.xml';
11	$playlist = get_b_playlist_data(ABSPATH.$playlistPath);
12	$items_a = $playlist['items'];
13	$items = implode(',',$playlist['items']);

97	</script>
98
99	<div class="wrap">
100	+ <h2><?php _e( 'Playlist', 'flag' ); ?>: <?php echo esc_html(stripslashes($playlist['title'])); ?></h2>
101	<div style="float: right; margin: -20px 3px 0 0;">
102	<span><a href="<?php echo $filepath; ?>"><?php _e('Back to Banner Box', 'flag'); ?></a>     </span>
103	<select name="select_playlist" onchange="window.location.href=this.options[this.selectedIndex].value">

105	<?php
106	foreach((array)$all_playlists as $playlist_file => $playlist_data) {
107	$playlist_name = basename($playlist_file, '.xml');
108	+ if ($playlist_name == urlencode($_GET['playlist'])) continue;
109	?>
110	+ <option value="<?php echo esc_url($filepath."&playlist=".$playlist_name."&mode=edit"); ?>"><?php echo esc_html(stripslashes($playlist_data['title'])); ?></option>
111	<?php
112	}
113	?>
114	</select>
115	</div>
116	+ <form id="updatePlaylist" class="flagform" method="POST" action="<?php echo esc_url($filepath."&playlist=".urlencode($_GET['playlist'])."&mode=edit"); ?>" accept-charset="utf-8">
117	<?php wp_nonce_field('flag_updateplaylist'); ?>
118	<input type="hidden" name="page" value="manage-playlist" />
119

125	<table cellspacing="8" cellpadding="0" border="0">
126	<tr>
127	<th align="left" valign="middle" scope="row"><?php _e('Shortcode', 'flag'); ?>:</th>
128	+ <td align="left" valign="middle"><input type="text" readonly="readonly" size="50" onfocus="this.select()" value="[grandbanner xml=<?php echo urlencode($_GET['playlist']); ?>]" /></td>
129	<td rowspan="3" align="left" valign="top"><div style="font-size:11px;"><strong style="display: inline-block; width: 100px;"><?php _e("Playlist Skin", 'flag'); ?>:</strong>
130	<input id="skinaction" type="hidden" name="skinaction" value="<?php echo $playlist['skin']; ?>" />
131	<select id="skinname" name="skinname" style="width: 200px; height: 24px; font-size: 11px;">

147	</tr>
148	<tr>
149	<th align="left" valign="middle" scope="row"><?php _e('Title', 'flag'); ?>:</th>
150	+ <td align="left" valign="middle"><input type="text" size="50" name="playlist_title" value="<?php echo esc_html(stripslashes($playlist['title'])); ?>" /></td>
151	</tr>
152	<tr>
153	<th align="left" valign="top" scope="row"><?php _e('Description', 'flag'); ?>:</th>
154	+ <td align="left" valign="top"><textarea name="playlist_descr" cols="60" rows="2" style="width: 95%" ><?php echo esc_html(stripslashes($playlist['description'])); ?></textarea></td>
155	</tr>
156	<!--<tr>
157	<th align="left" valign="top" scope="row"><?php _e('Path', 'flag'); ?>:</th>

169	<option value="delete_items" ><?php _e("Delete items",'flag')?></option>
170	</select>
171	<input class="button-secondary alignleft" style="margin-right:10px;" type="submit" name="updatePlaylist" value="<?php _e("OK",'flag')?>" onclick="if ( !checkSelected() ) return false;" />
172	+ <a href="<?php echo esc_url($filepath."&playlist=".urlencode($_GET['playlist'])."&mode=sort"); ?>" class="button-secondary alignleft" style="margin:1px 10px 0 0;"><?php _e("Sort Playlist",'flag')?></a>
173	+ <a href="<?php echo esc_url($filepath."&playlist=".urlencode($_GET['playlist'])."&mode=add"); ?>" onClick="jQuery('#form_listitems').submit();return false;" class="button-secondary alignleft" style="margin:1px 10px 0 0;"><?php _e("Add/Remove Items from Playlist",'flag')?></a>
174	<input type="submit" name="updatePlaylist" class="button-primary action alignright" value="<?php _e("Update Playlist",'flag')?>" />
175	</div>
176

222	</td>
223	<td class="title_filename">
224	<strong><a href="<?php echo $url; ?>"><?php echo basename($url); ?></a></strong><br />
225	+ <textarea title="Title" name="item_a[<?php echo $ban->ID; ?>][post_title]" cols="20" rows="1" style="width:95%; height: 25px; overflow:hidden;"><?php echo esc_html(stripslashes($ban->post_title)); ?></textarea><br />
226	+ <?php _e('URL', 'flag'); ?>: <input id="banlink-<?php echo $ban->ID; ?>" name="item_a[<?php echo $ban->ID; ?>][link]" style="width:50%;" type="text" value="<?php echo esc_url($link); ?>" /><br />
227	</td>
228	<td class="description">
229	+ <textarea name="item_a[<?php echo $ban->ID; ?>][post_content]" style="width:95%; height: 96px; margin-top: 2px; font-size:12px; line-height:115%;" rows="1" ><?php echo esc_html(stripslashes($ban->post_content)); ?></textarea>
230	</td>
231	</tr>
232	<?php

243	</table>
244	<p class="submit" style="text-align: right;"><input type="submit" class="button-primary action" name="updatePlaylist" value="<?php _e("Update Playlist",'flag')?>" /></p>
245	</form>
246	+ <form id="form_listitems" name="form_listitems" method="POST" action="<?php echo esc_url($filepath."&playlist=".urlencode($_GET['playlist'])."&mode=add"); ?>">
247	<input type="hidden" name="items" value="<?php echo $items; ?>" />
248	</form>
249	<br class="clear"/>

admin/manage-galleries.php CHANGED Viewed

	@@ -11,6 +11,7 @@ function flag_manage_gallery_main() {
11	if ( ! isset( $_GET['paged'] ) \|\| $_GET['paged'] < 1 )
12	$_GET['paged'] = 1;
13

14	$perpage = 50;
15	$start = ( $_GET['paged'] - 1 ) * $perpage;
16	$gallerylist = $flagdb->find_all_galleries('gid', 'asc', $counter = true, $perpage, $start, $exclude = false, $draft = true);
	@@ -111,7 +112,7 @@ function flag_manage_gallery_main() {
111	<input type="submit" value="<?php _e( 'Search Images', 'flag' ); ?>" class="button" />
112	</p>
113	</form>
114	- <form id="editgalleries" class="flagform" method="POST" action="<?php echo $flag->manage_page->base_page . '&paged=' . $_GET['paged']; ?>" accept-charset="utf-8">
115	<?php wp_nonce_field('flag_bulkgallery'); ?>
116	<input type="hidden" name="page" value="manage-galleries" />
117
	@@ -162,7 +163,7 @@ if($gallerylist) {
162	foreach($gallerylist as $gallery) {
163	$class = ( !isset($class) \|\| $class == 'alt ' ) ? '' : 'alt ';
164	$gid = $gallery->gid;
165	- $name = (empty($gallery->title) ) ? $gallery->name : $gallery->title;
166	$author_user = get_userdata( (int) $gallery->author );
167	?>
168	<tr id="gallery-<?php echo $gid; ?>" class="<?php echo $class; echo ( $gallery->status ) ? 'flag_draft' : 'flag_public'; ?>" >
	@@ -175,14 +176,14 @@ if($gallerylist) {
175	<td>
176	<?php if (flagAdmin::can_manage_this_gallery($gallery->author)) { ?>
177	<a href="<?php echo wp_nonce_url( $flag->manage_page->base_page . "&mode=edit&gid=" . $gid, 'flag_editgallery')?>" class='edit' title="<?php _e('Edit'); ?>" >
178	- <?php echo flagGallery::i18n($name); ?>
179	</a>
180	<?php } else { ?>
181	- <?php echo flagGallery::i18n($gallery->title); ?>
182	<?php }
183	if($gallery->status){ echo ' <b>- '.__('Draft', 'flag').'</b>'; }?>
184	</td>
185	- <td><?php echo flagGallery::i18n($gallery->galdesc); ?> </td>
186	<td><?php echo $author_user->display_name; ?></td>
187	<td><?php echo $gallery->counter; ?></td>
188	<td>
	@@ -257,7 +258,7 @@ jQuery(document).ready(function(){
257	</script>
258	<div class="wrap">
259	<h2><?php _e('Albums', 'flag'); ?></h2>
260	- <form method="post" style="width: 658px; float: left;"><?php wp_nonce_field('flag_album'); ?>
261	<p><input type="text" id="album_name" name="album_name" value="" />   <input type="submit" value="<?php _e('Create New Album','flag'); ?>" class="button-primary" /></p></form>
262	<h2><?php _e('Categories', 'flag'); ?></h2>
263	<div class="clear"></div>
	@@ -277,7 +278,7 @@ if($albumlist) {
277	$acat = $flagdb->find_gallery($galid);
278	?>
279
280	- <div class="acat" id="g_<?php echo $acat->gid; ?>"><?php echo $acat->title; ?><span class="drop">x</span></div>
281	<?php }
282	} else {
283	echo '<p style="text-align:center; padding: 7px 0; margin: 0;">'.__('Drag&Drop Categories Here','flag').'</p>';
	@@ -296,7 +297,7 @@ if($albumlist) {
296	if($gallerylist) {
297	foreach($gallerylist as $gallery) {
298	$gid = $gallery->gid;
299	- $name = (empty($gallery->title) ) ? $gallery->name : $gallery->title;
300	$author_user = get_userdata( (int) $gallery->author );
301	if (flagAdmin::can_manage_this_gallery($gallery->author)) {
302	?>


11	if ( ! isset( $_GET['paged'] ) \|\| $_GET['paged'] < 1 )
12	$_GET['paged'] = 1;
13
14	+ $_GET['paged'] = intval($_GET['paged']);
15	$perpage = 50;
16	$start = ( $_GET['paged'] - 1 ) * $perpage;
17	$gallerylist = $flagdb->find_all_galleries('gid', 'asc', $counter = true, $perpage, $start, $exclude = false, $draft = true);

112	<input type="submit" value="<?php _e( 'Search Images', 'flag' ); ?>" class="button" />
113	</p>
114	</form>
115	+ <form id="editgalleries" class="flagform" method="POST" action="<?php echo $flag->manage_page->base_page . '&paged=' . intval($_GET['paged']); ?>" accept-charset="utf-8">
116	<?php wp_nonce_field('flag_bulkgallery'); ?>
117	<input type="hidden" name="page" value="manage-galleries" />
118

163	foreach($gallerylist as $gallery) {
164	$class = ( !isset($class) \|\| $class == 'alt ' ) ? '' : 'alt ';
165	$gid = $gallery->gid;
166	+ $name = (empty($gallery->title) ) ? $gallery->name : stripslashes($gallery->title);
167	$author_user = get_userdata( (int) $gallery->author );
168	?>
169	<tr id="gallery-<?php echo $gid; ?>" class="<?php echo $class; echo ( $gallery->status ) ? 'flag_draft' : 'flag_public'; ?>" >

176	<td>
177	<?php if (flagAdmin::can_manage_this_gallery($gallery->author)) { ?>
178	<a href="<?php echo wp_nonce_url( $flag->manage_page->base_page . "&mode=edit&gid=" . $gid, 'flag_editgallery')?>" class='edit' title="<?php _e('Edit'); ?>" >
179	+ <?php echo esc_html(flagGallery::i18n($name)); ?>
180	</a>
181	<?php } else { ?>
182	+ <?php echo esc_html(flagGallery::i18n(stripslashes($gallery->title))); ?>
183	<?php }
184	if($gallery->status){ echo ' <b>- '.__('Draft', 'flag').'</b>'; }?>
185	</td>
186	+ <td><?php echo esc_html(flagGallery::i18n(stripslashes($gallery->galdesc))); ?> </td>
187	<td><?php echo $author_user->display_name; ?></td>
188	<td><?php echo $gallery->counter; ?></td>
189	<td>

258	</script>
259	<div class="wrap">
260	<h2><?php _e('Albums', 'flag'); ?></h2>
261	+ <form method="post" style="width: 658px; float: left;" action="<?php echo admin_url('admin.php?page=flag-manage-gallery'); ?>"><?php wp_nonce_field('flag_album'); ?>
262	<p><input type="text" id="album_name" name="album_name" value="" />   <input type="submit" value="<?php _e('Create New Album','flag'); ?>" class="button-primary" /></p></form>
263	<h2><?php _e('Categories', 'flag'); ?></h2>
264	<div class="clear"></div>

278	$acat = $flagdb->find_gallery($galid);
279	?>
280
281	+ <div class="acat" id="g_<?php echo $acat->gid; ?>"><?php echo esc_html(stripslashes($acat->title)); ?><span class="drop">x</span></div>
282	<?php }
283	} else {
284	echo '<p style="text-align:center; padding: 7px 0; margin: 0;">'.__('Drag&Drop Categories Here','flag').'</p>';

297	if($gallerylist) {
298	foreach($gallerylist as $gallery) {
299	$gid = $gallery->gid;
300	+ $name = (empty($gallery->title) ) ? $gallery->name : esc_html(stripslashes($gallery->title));
301	$author_user = get_userdata( (int) $gallery->author );
302	if (flagAdmin::can_manage_this_gallery($gallery->author)) {
303	?>

admin/manage-images.php CHANGED Viewed

	@@ -41,7 +41,8 @@ function flag_picturelist() {
41	// look for pagination
42	if ( ! isset( $_GET['paged'] ) \|\| intval($_GET['paged']) < 1 )
43	$_GET['paged'] = 1;
44	-

45	$start = ( $_GET['paged'] - 1 ) * 50;
46
47	// get picture values
	@@ -68,6 +69,7 @@ function flag_picturelist() {
68	//get the columns
69	$gallery_columns = flag_manage_gallery_columns();
70	$hidden_columns = get_hidden_columns('flag-manage-images');

71	if($picturelist){
72	$a_hits = array();
73	foreach($picturelist as $p){
	@@ -182,7 +184,7 @@ jQuery(document).ready( function() {
182	<div class="wrap">
183
184	<?php if ($is_search) :?>
185	- <h2><?php printf( __('Search results for “%s”', 'flag'), esc_html( get_search_query() ) ); ?></h2>
186	<form class="search-form" action="" method="get">
187	<p class="search-box">
188	<label class="hidden" for="media-search-input"><?php _e( 'Search Images', 'flag' ); ?>:</label>
	@@ -194,27 +196,27 @@ jQuery(document).ready( function() {
194
195	<br style="clear: both;" />
196
197	- <form id="updategallery" class="flagform" method="POST" action="<?php echo $flag->manage_page->base_page . '&~~amp;~~mode=edit&~~amp;~~s=' . get_search_query(); ?>" accept-charset="utf-8">
198	<?php wp_nonce_field('flag_updategallery'); ?>
199	<input type="hidden" name="page" value="manage-images" />
200
201	<?php else :?>
202
203	- <h2><?php echo _n( 'Gallery', 'Galleries', 1, 'flag' ); ?> : <?php echo $gallery->title; ?></h2>
204	<select name="select_gid" style="width:180px; float: right; margin: -20px 3px 0 0;" onchange="window.location.href=this.options[this.selectedIndex].value">
205	<option selected="selected"><?php _e('Choose another gallery', 'flag'); ?></option>
206	<?php
207	foreach ($gallerylist as $gal) {
208	if ($gal->gid != $act_gid) {
209	?>
210	- <option value="<?php echo wp_nonce_url( $flag->manage_page->base_page . "&mode=edit&gid=" . $gal->gid, 'flag_editgallery')?>" ><?php echo $gal->gid; ?> - <?php echo ~~esc_attr~~(stripslashes($gal->title)); ?></option>
211	<?php
212	}
213	}
214	?>
215	</select>
216
217	- <form id="updategallery" class="flagform" method="POST" action="<?php echo $flag->manage_page->base_page . '&mode=edit&gid=' . $act_gid . '&paged=' . $_GET['paged']; ?>" accept-charset="utf-8">
218	<?php wp_nonce_field('flag_updategallery'); ?>
219	<input type="hidden" name="page" value="manage-images" />
220
	@@ -228,15 +230,15 @@ jQuery(document).ready( function() {
228	<table class="form-table" >
229	<tr>
230	<th align="left" scope="row"><?php _e('Title', 'flag'); ?>:</th>
231	- <td align="left"><input type="text" size="50" name="title" value="<?php echo stripslashes($gallery->title); ?>" /></td>
232	</tr>
233	<tr>
234	<th align="left" scope="row"><?php _e('Description', 'flag'); ?>:</th>
235	- <td align="left"><textarea name="gallerydesc" cols="30" rows="3" style="width: 95%" ><?php echo stripslashes($gallery->galdesc); ?></textarea></td>
236	</tr>
237	<tr>
238	<th align="left" scope="row"><?php _e('Path', 'flag'); ?>:</th>
239	- <td align="left"><input <?php if (IS_WPMU) echo 'readonly = "readonly"'; ?> type="text" size="50" name="path" value="<?php echo $gallery->path; ?>" /></td>
240	</tr>
241	<tr>
242	<th align="right" scope="row"><?php _e('Author', 'flag'); ?>:</th>
	@@ -437,9 +439,9 @@ if($picturelist) {
437	case 'alt_title_desc' :
438	?>
439	<td <?php echo $attributes; ?>>
440	- <input name="alttext[<?php echo $pid; ?>]" type="text" style="width:95%; margin-bottom: 2px;" value="<?php echo stripslashes($picture->alttext); ?>" /><br/>
441	- <textarea name="description[<?php echo $pid; ?>]" style="width:95%; margin-top: 2px;" rows="2" ><?php echo stripslashes($picture->description); ?></textarea>
442	- <input name="link[<?php echo $pid; ?>]" type="text" style="width:95%; margin-bottom: 2px;" value="<?php echo stripslashes($picture->link); ?>" placeholder="(optional for skin) URL for linked button" /><br/>
443	</td>
444	<?php
445	break;
	@@ -497,7 +499,7 @@ if ( $counter==0 )
497	foreach ($gallerylist as $gallery) {
498	if ($gallery->gid != $act_gid) {
499	?>
500	- <option value="<?php echo $gallery->gid; ?>" ><?php echo $gallery->gid; ?> - <?php echo stripslashes($gallery->title); ?></option>
501	<?php
502	}
503	}


41	// look for pagination
42	if ( ! isset( $_GET['paged'] ) \|\| intval($_GET['paged']) < 1 )
43	$_GET['paged'] = 1;
44	+
45	+ $_GET['paged'] = intval($_GET['paged']);
46	$start = ( $_GET['paged'] - 1 ) * 50;
47
48	// get picture values

69	//get the columns
70	$gallery_columns = flag_manage_gallery_columns();
71	$hidden_columns = get_hidden_columns('flag-manage-images');
72	+ $hidden_columns = array_filter($hidden_columns);
73	if($picturelist){
74	$a_hits = array();
75	foreach($picturelist as $p){

184	<div class="wrap">
185
186	<?php if ($is_search) :?>
187	+ <h2><?php printf( __('Search results for “%s”', 'flag'), esc_html( stripslashes(get_search_query()) ) ); ?></h2>
188	<form class="search-form" action="" method="get">
189	<p class="search-box">
190	<label class="hidden" for="media-search-input"><?php _e( 'Search Images', 'flag' ); ?>:</label>

196
197	<br style="clear: both;" />
198
199	+ <form id="updategallery" class="flagform" method="POST" action="<?php echo esc_url($flag->manage_page->base_page . '&mode=edit&s=' . urlencode(get_search_query())); ?>" accept-charset="utf-8">
200	<?php wp_nonce_field('flag_updategallery'); ?>
201	<input type="hidden" name="page" value="manage-images" />
202
203	<?php else :?>
204
205	+ <h2><?php echo _n( 'Gallery', 'Galleries', 1, 'flag' ); ?> : <?php echo esc_html(stripslashes($gallery->title)); ?></h2>
206	<select name="select_gid" style="width:180px; float: right; margin: -20px 3px 0 0;" onchange="window.location.href=this.options[this.selectedIndex].value">
207	<option selected="selected"><?php _e('Choose another gallery', 'flag'); ?></option>
208	<?php
209	foreach ($gallerylist as $gal) {
210	if ($gal->gid != $act_gid) {
211	?>
212	+ <option value="<?php echo wp_nonce_url( $flag->manage_page->base_page . "&mode=edit&gid=" . $gal->gid, 'flag_editgallery')?>" ><?php echo $gal->gid; ?> - <?php echo esc_html(stripslashes($gal->title)); ?></option>
213	<?php
214	}
215	}
216	?>
217	</select>
218
219	+ <form id="updategallery" class="flagform" method="POST" action="<?php echo $flag->manage_page->base_page . '&mode=edit&gid=' . $act_gid . '&paged=' . intval($_GET['paged']); ?>" accept-charset="utf-8">
220	<?php wp_nonce_field('flag_updategallery'); ?>
221	<input type="hidden" name="page" value="manage-images" />
222

230	<table class="form-table" >
231	<tr>
232	<th align="left" scope="row"><?php _e('Title', 'flag'); ?>:</th>
233	+ <td align="left"><input type="text" size="50" name="title" value="<?php echo esc_html(stripslashes($gallery->title)); ?>" /></td>
234	</tr>
235	<tr>
236	<th align="left" scope="row"><?php _e('Description', 'flag'); ?>:</th>
237	+ <td align="left"><textarea name="gallerydesc" cols="30" rows="3" style="width: 95%" ><?php echo esc_html(stripslashes($gallery->galdesc)); ?></textarea></td>
238	</tr>
239	<tr>
240	<th align="left" scope="row"><?php _e('Path', 'flag'); ?>:</th>
241	+ <td align="left"><input <?php if (IS_WPMU) echo 'readonly = "readonly"'; ?> type="text" size="50" name="path" value="<?php echo esc_attr($gallery->path); ?>" /></td>
242	</tr>
243	<tr>
244	<th align="right" scope="row"><?php _e('Author', 'flag'); ?>:</th>

439	case 'alt_title_desc' :
440	?>
441	<td <?php echo $attributes; ?>>
442	+ <input name="alttext[<?php echo $pid; ?>]" type="text" style="width:95%; margin-bottom: 2px;" value="<?php echo esc_html(stripslashes($picture->alttext)); ?>" /><br/>
443	+ <textarea name="description[<?php echo $pid; ?>]" style="width:95%; margin-top: 2px;" rows="2" ><?php echo esc_html(stripslashes($picture->description)); ?></textarea>
444	+ <input name="link[<?php echo $pid; ?>]" type="text" style="width:95%; margin-bottom: 2px;" value="<?php echo esc_attr(stripslashes($picture->link)); ?>" placeholder="(optional for skin) URL for linked button" /><br/>
445	</td>
446	<?php
447	break;

499	foreach ($gallerylist as $gallery) {
500	if ($gallery->gid != $act_gid) {
501	?>
502	+ <option value="<?php echo $gallery->gid; ?>" ><?php echo $gallery->gid; ?> - <?php echo esc_html(stripslashes($gallery->title)); ?></option>
503	<?php
504	}
505	}

admin/manage-playlist.php CHANGED Viewed

	@@ -4,10 +4,10 @@ if(preg_match('#' . basename(__FILE__) . '#', $_SERVER['PHP_SELF'])) { die('You
4
5	function flag_playlist_edit() {
6	global $wpdb;
7	- $filepath = admin_url() . 'admin.php?page=' . $_GET['page'];
8	$all_playlists = get_playlists();
9	$flag_options = get_option('flag_options');
10	- $playlistPath = $flag_options['galleryPath'].'playlists/'.$_GET['playlist'].'.xml';
11	$playlist = get_playlist_data(ABSPATH.$playlistPath);
12	$items_a = $playlist['items'];
13	$items = implode(',',$playlist['items']);
	@@ -98,7 +98,7 @@ jQuery(document).ready(function(){
98	</script>
99
100	<div class="wrap">
101	- <h2><?php _e( 'Playlist', 'flag' ); ?>: <?php echo $playlist['title']; ?></h2>
102	<div style="float: right; margin: -20px 3px 0 0;">
103	<span><a href="<?php echo $filepath; ?>"><?php _e('Back to Music Box', 'flag'); ?></a>     </span>
104	<select name="select_playlist" onchange="window.location.href=this.options[this.selectedIndex].value">
	@@ -106,15 +106,15 @@ jQuery(document).ready(function(){
106	<?php
107	foreach((array)$all_playlists as $playlist_file => $playlist_data) {
108	$playlist_name = basename($playlist_file, '.xml');
109	- if ($playlist_file == $_GET['playlist']) continue;
110	?>
111	- <option value="<?php echo $filepath."&~~amp;~~playlist=".$playlist_name."&~~amp;~~mode=edit"; ?>"><?php echo $playlist_data['title']; ?></option>
112	<?php
113	}
114	?>
115	</select>
116	</div>
117	- <form id="updatePlaylist" class="flagform" method="POST" action="<?php echo $filepath."&~~amp;~~playlist=".$_GET['playlist']."&~~amp;~~mode=edit"; ?>" accept-charset="utf-8">
118	<?php wp_nonce_field('flag_updateplaylist'); ?>
119	<input type="hidden" name="page" value="manage-playlist" />
120
	@@ -126,7 +126,7 @@ jQuery(document).ready(function(){
126	<table cellspacing="8" cellpadding="0" border="0">
127	<tr>
128	<th align="left" valign="middle" scope="row"><?php _e('Shortcode', 'flag'); ?>:</th>
129	- <td align="left" valign="middle"><input type="text" readonly="readonly" size="50" onfocus="this.select()" value="[grandmusic playlist=<?php echo $_GET['playlist']; ?>]" /></td>
130	<td rowspan="3" align="left" valign="top"><div style="font-size:11px;"><strong style="display: inline-block; width: 100px;"><?php _e("Playlist Skin", 'flag'); ?>:</strong>
131	<input id="skinaction" type="hidden" name="skinaction" value="<?php echo $playlist['skin']; ?>" />
132	<select id="skinname" name="skinname" style="width: 200px; height: 24px; font-size: 11px;">
	@@ -148,11 +148,11 @@ jQuery(document).ready(function(){
148	</tr>
149	<tr>
150	<th align="left" valign="middle" scope="row"><?php _e('Title', 'flag'); ?>:</th>
151	- <td align="left" valign="middle"><input type="text" size="50" name="playlist_title" value="<?php echo stripslashes($playlist['title']); ?>" /></td>
152	</tr>
153	<tr>
154	<th align="left" valign="top" scope="row"><?php _e('Description', 'flag'); ?>:</th>
155	- <td align="left" valign="top"><textarea name="playlist_descr" cols="60" rows="2" style="width: 95%" ><?php echo stripslashes($playlist['description']); ?></textarea></td>
156	</tr>
157	<!--<tr>
158	<th align="left" valign="top" scope="row"><?php _e('Path', 'flag'); ?>:</th>
	@@ -170,8 +170,8 @@ jQuery(document).ready(function(){
170	<option value="delete_items" ><?php _e("Delete items",'flag')?></option>
171	</select>
172	<input class="button-secondary alignleft" style="margin-right:10px;" type="submit" name="updatePlaylist" value="<?php _e("OK",'flag')?>" onclick="if ( !checkSelected() ) return false;" />
173	- <a href="<?php echo $filepath."&~~amp;~~playlist=".$_GET['playlist']."&~~amp;~~mode=sort"; ?>" class="button-secondary alignleft" style="margin:1px 10px 0 0;"><?php _e("Sort Playlist",'flag')?></a>
174	- <a href="<?php echo $filepath."&~~amp;~~playlist=".$_GET['playlist']."&~~amp;~~mode=add"; ?>" onClick="jQuery('#form_listitems').submit();return false;" class="button-secondary alignleft" style="margin:1px 10px 0 0;"><?php _e("Add/Remove Items from Playlist",'flag')?></a>
175	<input type="submit" name="updatePlaylist" class="button-primary action alignright" value="<?php _e("Update Playlist",'flag')?>" />
176	</div>
177
	@@ -225,15 +225,15 @@ if(count($items_a)) {
225	echo round($size/1024/1024,2).' Mb';
226	?></td>
227	<td class="thumb" rowspan="2">
228	- <img id="thumb-<?php echo $mp3->ID; ?>" src="<?php echo $thumb; ?>" width="100" height="100" alt="" />
229	</td>
230	<td class="title_filename" rowspan="2">
231	<strong><a href="<?php echo $url; ?>"><?php echo basename($url); ?></a></strong><br />
232	- <textarea title="Title" name="item_a[<?php echo $mp3->ID; ?>][post_title]" cols="20" rows="1" style="width:95%; height: 25px; overflow:hidden;"><?php echo $mp3->post_title; ?></textarea><br />
233	- <p><?php _e('Thumb URL:', 'flag'); ?> <input id="mp3thumb-<?php echo $mp3->ID; ?>" name="item_a[<?php echo $mp3->ID; ?>][post_thumb]" type="text" value="<?php echo $mp3thumb; ?>" /> <a class="thickbox" onclick="actInp=<?php echo $mp3->ID; ?>" href="media-upload.php?type=image&TB_iframe=1&width=640&height=400" title="<?php _e('Add an Image','flag'); ?>"><?php _e('assist', 'flag'); ?></a></p>
234	</td>
235	<td class="description" rowspan="2">
236	- <textarea name="item_a[<?php echo $mp3->ID; ?>][post_content]" style="width:95%; height: 96px; margin-top: 2px; font-size:12px; line-height:115%;" rows="1" ><?php echo $mp3->post_content; ?></textarea>
237	</td>
238	</tr>
239	<tr class="mp3-<?php echo $mp3->ID.$alt2; ?>">
	@@ -254,7 +254,7 @@ if ( $counter==0 )
254	</table>
255	<p class="submit" style="text-align: right;"><input type="submit" class="button-primary action" name="updatePlaylist" value="<?php _e("Update Playlist",'flag')?>" /></p>
256	</form>
257	- <form id="form_listitems" name="form_listitems" method="POST" action="<?php echo $filepath."&~~amp;~~playlist=".$_GET['playlist']."&~~amp;~~mode=add"; ?>">
258	<input type="hidden" name="items" value="<?php echo $items; ?>" />
259	</form>
260	<br class="clear"/>


4
5	function flag_playlist_edit() {
6	global $wpdb;
7	+ $filepath = admin_url() . 'admin.php?page=' . urlencode($_GET['page']);
8	$all_playlists = get_playlists();
9	$flag_options = get_option('flag_options');
10	+ $playlistPath = $flag_options['galleryPath'].'playlists/'.urlencode($_GET['playlist']).'.xml';
11	$playlist = get_playlist_data(ABSPATH.$playlistPath);
12	$items_a = $playlist['items'];
13	$items = implode(',',$playlist['items']);

98	</script>
99
100	<div class="wrap">
101	+ <h2><?php _e( 'Playlist', 'flag' ); ?>: <?php echo esc_html(stripslashes($playlist['title'])); ?></h2>
102	<div style="float: right; margin: -20px 3px 0 0;">
103	<span><a href="<?php echo $filepath; ?>"><?php _e('Back to Music Box', 'flag'); ?></a>     </span>
104	<select name="select_playlist" onchange="window.location.href=this.options[this.selectedIndex].value">

106	<?php
107	foreach((array)$all_playlists as $playlist_file => $playlist_data) {
108	$playlist_name = basename($playlist_file, '.xml');
109	+ if ($playlist_file == urlencode($_GET['playlist'])) continue;
110	?>
111	+ <option value="<?php echo esc_url($filepath."&playlist=".$playlist_name."&mode=edit"); ?>"><?php echo esc_html(stripslashes($playlist_data['title'])); ?></option>
112	<?php
113	}
114	?>
115	</select>
116	</div>
117	+ <form id="updatePlaylist" class="flagform" method="POST" action="<?php echo esc_url($filepath."&playlist=".urlencode($_GET['playlist'])."&mode=edit"); ?>" accept-charset="utf-8">
118	<?php wp_nonce_field('flag_updateplaylist'); ?>
119	<input type="hidden" name="page" value="manage-playlist" />
120

126	<table cellspacing="8" cellpadding="0" border="0">
127	<tr>
128	<th align="left" valign="middle" scope="row"><?php _e('Shortcode', 'flag'); ?>:</th>
129	+ <td align="left" valign="middle"><input type="text" readonly="readonly" size="50" onfocus="this.select()" value="[grandmusic playlist=<?php echo urlencode($_GET['playlist']); ?>]" /></td>
130	<td rowspan="3" align="left" valign="top"><div style="font-size:11px;"><strong style="display: inline-block; width: 100px;"><?php _e("Playlist Skin", 'flag'); ?>:</strong>
131	<input id="skinaction" type="hidden" name="skinaction" value="<?php echo $playlist['skin']; ?>" />
132	<select id="skinname" name="skinname" style="width: 200px; height: 24px; font-size: 11px;">

148	</tr>
149	<tr>
150	<th align="left" valign="middle" scope="row"><?php _e('Title', 'flag'); ?>:</th>
151	+ <td align="left" valign="middle"><input type="text" size="50" name="playlist_title" value="<?php echo esc_html(stripslashes($playlist['title'])); ?>" /></td>
152	</tr>
153	<tr>
154	<th align="left" valign="top" scope="row"><?php _e('Description', 'flag'); ?>:</th>
155	+ <td align="left" valign="top"><textarea name="playlist_descr" cols="60" rows="2" style="width: 95%" ><?php echo esc_html(stripslashes($playlist['description'])); ?></textarea></td>
156	</tr>
157	<!--<tr>
158	<th align="left" valign="top" scope="row"><?php _e('Path', 'flag'); ?>:</th>

170	<option value="delete_items" ><?php _e("Delete items",'flag')?></option>
171	</select>
172	<input class="button-secondary alignleft" style="margin-right:10px;" type="submit" name="updatePlaylist" value="<?php _e("OK",'flag')?>" onclick="if ( !checkSelected() ) return false;" />
173	+ <a href="<?php echo esc_url($filepath."&playlist=".urlencode($_GET['playlist'])."&mode=sort"); ?>" class="button-secondary alignleft" style="margin:1px 10px 0 0;"><?php _e("Sort Playlist",'flag')?></a>
174	+ <a href="<?php echo esc_url($filepath."&playlist=".urlencode($_GET['playlist'])."&mode=add"); ?>" onClick="jQuery('#form_listitems').submit();return false;" class="button-secondary alignleft" style="margin:1px 10px 0 0;"><?php _e("Add/Remove Items from Playlist",'flag')?></a>
175	<input type="submit" name="updatePlaylist" class="button-primary action alignright" value="<?php _e("Update Playlist",'flag')?>" />
176	</div>
177

225	echo round($size/1024/1024,2).' Mb';
226	?></td>
227	<td class="thumb" rowspan="2">
228	+ <div style="width: 100px; height: 100px;"><img id="thumb-<?php echo $mp3->ID; ?>" src="<?php echo esc_url($thumb); ?>" width="100" height="100" alt="" /></div>
229	</td>
230	<td class="title_filename" rowspan="2">
231	<strong><a href="<?php echo $url; ?>"><?php echo basename($url); ?></a></strong><br />
232	+ <textarea title="Title" name="item_a[<?php echo $mp3->ID; ?>][post_title]" cols="20" rows="1" style="width:95%; height: 25px; overflow:hidden;"><?php echo esc_html(stripslashes($mp3->post_title)); ?></textarea><br />
233	+ <p><?php _e('Thumb URL:', 'flag'); ?> <input id="mp3thumb-<?php echo $mp3->ID; ?>" name="item_a[<?php echo $mp3->ID; ?>][post_thumb]" type="text" value="<?php echo esc_url($mp3thumb); ?>" /> <a class="thickbox" onclick="actInp=<?php echo $mp3->ID; ?>" href="media-upload.php?type=image&TB_iframe=1&width=640&height=400" title="<?php _e('Add an Image','flag'); ?>"><?php _e('assist', 'flag'); ?></a></p>
234	</td>
235	<td class="description" rowspan="2">
236	+ <textarea name="item_a[<?php echo $mp3->ID; ?>][post_content]" style="width:95%; height: 96px; margin-top: 2px; font-size:12px; line-height:115%;" rows="1" ><?php echo esc_html(stripslashes($mp3->post_content)); ?></textarea>
237	</td>
238	</tr>
239	<tr class="mp3-<?php echo $mp3->ID.$alt2; ?>">

254	</table>
255	<p class="submit" style="text-align: right;"><input type="submit" class="button-primary action" name="updatePlaylist" value="<?php _e("Update Playlist",'flag')?>" /></p>
256	</form>
257	+ <form id="form_listitems" name="form_listitems" method="POST" action="<?php echo esc_url($filepath."&playlist=".urlencode($_GET['playlist'])."&mode=add"); ?>">
258	<input type="hidden" name="items" value="<?php echo $items; ?>" />
259	</form>
260	<br class="clear"/>

admin/manage-sort.php CHANGED Viewed

	@@ -132,7 +132,7 @@ if($picturelist) {
132	</a></td>
133	<td><?php echo $picture->filename; ?></td>
134	<td><?php echo $date; ?></td>
135	- <td><?php echo stripslashes($picture->alttext); ?></td>
136	</tr>
137	<?php
138	}


132	</a></td>
133	<td><?php echo $picture->filename; ?></td>
134	<td><?php echo $date; ?></td>
135	+ <td><?php echo esc_html(stripslashes($picture->alttext)); ?></td>
136	</tr>
137	<?php
138	}

admin/manage-video.php CHANGED Viewed

	@@ -4,10 +4,10 @@ if(preg_match('#' . basename(__FILE__) . '#', $_SERVER['PHP_SELF'])) { die('You
4
5	function flag_v_playlist_edit() {
6	global $wpdb;
7	- $filepath = admin_url() . 'admin.php?page=' . $_GET['page'];
8	$all_playlists = get_v_playlists();
9	$flag_options = get_option('flag_options');
10	- $playlistPath = $flag_options['galleryPath'].'playlists/video/'.$_GET['playlist'].'.xml';
11	$playlist = get_v_playlist_data(ABSPATH.$playlistPath);
12	$items_a = $playlist['items'];
13	$items = implode(',',$playlist['items']);
	@@ -98,7 +98,7 @@ jQuery(document).ready(function(){
98	</script>
99
100	<div class="wrap">
101	- <h2><?php _e( 'Playlist', 'flag' ); ?>: <?php echo $playlist['title']; ?></h2>
102	<div style="float: right; margin: -20px 3px 0 0;">
103	<span><a href="<?php echo $filepath; ?>"><?php _e('Back to Video Box', 'flag'); ?></a>     </span>
104	<select name="select_playlist" onchange="window.location.href=this.options[this.selectedIndex].value">
	@@ -106,15 +106,15 @@ jQuery(document).ready(function(){
106	<?php
107	foreach((array)$all_playlists as $playlist_file => $playlist_data) {
108	$playlist_name = basename($playlist_file, '.xml');
109	- if ($playlist_file == $_GET['playlist']) continue;
110	?>
111	- <option value="<?php echo $filepath."&~~amp;~~playlist=".$playlist_name."&~~amp;~~mode=edit"; ?>"><?php echo $playlist_data['title']; ?></option>
112	<?php
113	}
114	?>
115	</select>
116	</div>
117	- <form id="updatePlaylist" class="flagform" method="POST" action="<?php echo $filepath."&~~amp;~~playlist=".$_GET['playlist']."&~~amp;~~mode=edit"; ?>" accept-charset="utf-8">
118	<?php wp_nonce_field('flag_updateplaylist'); ?>
119	<input type="hidden" name="page" value="manage-playlist" />
120
	@@ -126,7 +126,7 @@ jQuery(document).ready(function(){
126	<table cellspacing="8" cellpadding="0" border="0">
127	<tr>
128	<th align="left" valign="middle" scope="row"><?php _e('Shortcode', 'flag'); ?>:</th>
129	- <td align="left" valign="middle"><input type="text" readonly="readonly" size="50" onfocus="this.select()" value="[grandvideo playlist=<?php echo $_GET['playlist']; ?>]" /></td>
130	<td rowspan="3" align="left" valign="top"><div style="font-size:11px;"><strong style="display: inline-block; width: 100px;"><?php _e("Playlist Skin", 'flag'); ?>:</strong>
131	<input id="skinaction" type="hidden" name="skinaction" value="<?php echo $playlist['skin']; ?>" />
132	<select id="skinname" name="skinname" style="width: 200px; height: 24px; font-size: 11px;">
	@@ -148,11 +148,11 @@ jQuery(document).ready(function(){
148	</tr>
149	<tr>
150	<th align="left" valign="middle" scope="row"><?php _e('Title', 'flag'); ?>:</th>
151	- <td align="left" valign="middle"><input type="text" size="50" name="playlist_title" value="<?php echo stripslashes($playlist['title']); ?>" /></td>
152	</tr>
153	<tr>
154	<th align="left" valign="top" scope="row"><?php _e('Description', 'flag'); ?>:</th>
155	- <td align="left" valign="top"><textarea name="playlist_descr" cols="60" rows="2" style="width: 95%" ><?php echo stripslashes($playlist['description']); ?></textarea></td>
156	</tr>
157	<!--<tr>
158	<th align="left" valign="top" scope="row"><?php _e('Path', 'flag'); ?>:</th>
	@@ -170,8 +170,8 @@ jQuery(document).ready(function(){
170	<option value="delete_items" ><?php _e("Delete items",'flag')?></option>
171	</select>
172	<input class="button-secondary alignleft" style="margin-right:10px;" type="submit" name="updatePlaylist" value="<?php _e("OK",'flag')?>" onclick="if ( !checkSelected() ) return false;" />
173	- <a href="<?php echo $filepath."&~~amp;~~playlist=".$_GET['playlist']."&~~amp;~~mode=sort"; ?>" class="button-secondary alignleft" style="margin:1px 10px 0 0;"><?php _e("Sort Playlist",'flag')?></a>
174	- <a href="<?php echo $filepath."&~~amp;~~playlist=".$_GET['playlist']."&~~amp;~~mode=add"; ?>" onClick="jQuery('#form_listitems').submit();return false;" class="button-secondary alignleft" style="margin:1px 10px 0 0;"><?php _e("Add/Remove Items from Playlist",'flag')?></a>
175	<input type="submit" name="updatePlaylist" class="button-primary action alignright" value="<?php _e("Update Playlist",'flag')?>" />
176	</div>
177
	@@ -224,15 +224,15 @@ if(count($items_a)) {
224	echo round($size/1024/1024,2).' Mb';
225	?></td>
226	<td class="thumb">
227	- <a class="thickbox" title="<?php echo basename($url); ?>" href="<?php echo FLAG_URLPATH; ?>admin/flv_preview.php?vid=<?php echo $flv->ID; ?>&TB_iframe=1&width=490&height=293"><img id="thumb-<?php echo $flv->ID; ?>" src="<?php echo $thumb; ?>" width="100" height="100" alt="" /></a>
228	</td>
229	<td class="title_filename">
230	<strong><a href="<?php echo $url; ?>"><?php echo basename($url); ?></a></strong><br />
231	- <textarea title="Title" name="item_a[<?php echo $flv->ID; ?>][post_title]" cols="20" rows="1" style="width:95%; height: 25px; overflow:hidden;"><?php echo $flv->post_title; ?></textarea><br />
232	- <p><?php _e('Thumb URL:', 'flag'); ?> <input id="flvthumb-<?php echo $flv->ID; ?>" name="item_a[<?php echo $flv->ID; ?>][post_thumb]" type="text" value="<?php echo $flvthumb; ?>" /> <a class="thickbox" onclick="actInp=<?php echo $flv->ID; ?>" href="media-upload.php?type=image&TB_iframe=1&width=640&height=400" title="<?php _e('Add an Image','flag'); ?>"><?php _e('assist', 'flag'); ?></a></p>
233	</td>
234	<td class="description">
235	- <textarea name="item_a[<?php echo $flv->ID; ?>][post_content]" style="width:95%; height: 96px; margin-top: 2px; font-size:12px; line-height:115%;" rows="1" ><?php echo $flv->post_content; ?></textarea>
236	</td>
237	</tr>
238	<?php
	@@ -249,7 +249,7 @@ if ( $counter==0 )
249	</table>
250	<p class="submit" style="text-align: right;"><input type="submit" class="button-primary action" name="updatePlaylist" value="<?php _e("Update Playlist",'flag')?>" /></p>
251	</form>
252	- <form id="form_listitems" name="form_listitems" method="POST" action="<?php echo $filepath."&~~amp;~~playlist=".$_GET['playlist']."&~~amp;~~mode=add"; ?>">
253	<input type="hidden" name="items" value="<?php echo $items; ?>" />
254	</form>
255	<br class="clear"/>


4
5	function flag_v_playlist_edit() {
6	global $wpdb;
7	+ $filepath = admin_url() . 'admin.php?page=' . urlencode($_GET['page']);
8	$all_playlists = get_v_playlists();
9	$flag_options = get_option('flag_options');
10	+ $playlistPath = $flag_options['galleryPath'].'playlists/video/'.urlencode($_GET['playlist']).'.xml';
11	$playlist = get_v_playlist_data(ABSPATH.$playlistPath);
12	$items_a = $playlist['items'];
13	$items = implode(',',$playlist['items']);

98	</script>
99
100	<div class="wrap">
101	+ <h2><?php _e( 'Playlist', 'flag' ); ?>: <?php echo esc_html(stripslashes($playlist['title'])); ?></h2>
102	<div style="float: right; margin: -20px 3px 0 0;">
103	<span><a href="<?php echo $filepath; ?>"><?php _e('Back to Video Box', 'flag'); ?></a>     </span>
104	<select name="select_playlist" onchange="window.location.href=this.options[this.selectedIndex].value">

106	<?php
107	foreach((array)$all_playlists as $playlist_file => $playlist_data) {
108	$playlist_name = basename($playlist_file, '.xml');
109	+ if ($playlist_file == urlencode($_GET['playlist'])) continue;
110	?>
111	+ <option value="<?php echo esc_url($filepath."&playlist=".$playlist_name."&mode=edit"); ?>"><?php echo esc_html(stripslashes($playlist_data['title'])); ?></option>
112	<?php
113	}
114	?>
115	</select>
116	</div>
117	+ <form id="updatePlaylist" class="flagform" method="POST" action="<?php echo esc_url($filepath."&playlist=".urlencode($_GET['playlist'])."&mode=edit"); ?>" accept-charset="utf-8">
118	<?php wp_nonce_field('flag_updateplaylist'); ?>
119	<input type="hidden" name="page" value="manage-playlist" />
120

126	<table cellspacing="8" cellpadding="0" border="0">
127	<tr>
128	<th align="left" valign="middle" scope="row"><?php _e('Shortcode', 'flag'); ?>:</th>
129	+ <td align="left" valign="middle"><input type="text" readonly="readonly" size="50" onfocus="this.select()" value="[grandvideo playlist=<?php echo urlencode($_GET['playlist']); ?>]" /></td>
130	<td rowspan="3" align="left" valign="top"><div style="font-size:11px;"><strong style="display: inline-block; width: 100px;"><?php _e("Playlist Skin", 'flag'); ?>:</strong>
131	<input id="skinaction" type="hidden" name="skinaction" value="<?php echo $playlist['skin']; ?>" />
132	<select id="skinname" name="skinname" style="width: 200px; height: 24px; font-size: 11px;">

148	</tr>
149	<tr>
150	<th align="left" valign="middle" scope="row"><?php _e('Title', 'flag'); ?>:</th>
151	+ <td align="left" valign="middle"><input type="text" size="50" name="playlist_title" value="<?php echo esc_html(stripslashes($playlist['title'])); ?>" /></td>
152	</tr>
153	<tr>
154	<th align="left" valign="top" scope="row"><?php _e('Description', 'flag'); ?>:</th>
155	+ <td align="left" valign="top"><textarea name="playlist_descr" cols="60" rows="2" style="width: 95%" ><?php echo esc_html(stripslashes($playlist['description'])); ?></textarea></td>
156	</tr>
157	<!--<tr>
158	<th align="left" valign="top" scope="row"><?php _e('Path', 'flag'); ?>:</th>

170	<option value="delete_items" ><?php _e("Delete items",'flag')?></option>
171	</select>
172	<input class="button-secondary alignleft" style="margin-right:10px;" type="submit" name="updatePlaylist" value="<?php _e("OK",'flag')?>" onclick="if ( !checkSelected() ) return false;" />
173	+ <a href="<?php echo esc_url($filepath."&playlist=".urlencode($_GET['playlist'])."&mode=sort"); ?>" class="button-secondary alignleft" style="margin:1px 10px 0 0;"><?php _e("Sort Playlist",'flag')?></a>
174	+ <a href="<?php echo esc_url($filepath."&playlist=".urlencode($_GET['playlist'])."&mode=add"); ?>" onClick="jQuery('#form_listitems').submit();return false;" class="button-secondary alignleft" style="margin:1px 10px 0 0;"><?php _e("Add/Remove Items from Playlist",'flag')?></a>
175	<input type="submit" name="updatePlaylist" class="button-primary action alignright" value="<?php _e("Update Playlist",'flag')?>" />
176	</div>
177

224	echo round($size/1024/1024,2).' Mb';
225	?></td>
226	<td class="thumb">
227	+ <a class="thickbox" title="<?php echo basename($url); ?>" href="<?php echo FLAG_URLPATH; ?>admin/flv_preview.php?vid=<?php echo $flv->ID; ?>&TB_iframe=1&width=490&height=293"><img id="thumb-<?php echo $flv->ID; ?>" src="<?php echo esc_url($thumb); ?>" width="100" height="100" alt="" /></a>
228	</td>
229	<td class="title_filename">
230	<strong><a href="<?php echo $url; ?>"><?php echo basename($url); ?></a></strong><br />
231	+ <textarea title="Title" name="item_a[<?php echo $flv->ID; ?>][post_title]" cols="20" rows="1" style="width:95%; height: 25px; overflow:hidden;"><?php echo esc_html(stripslashes($flv->post_title)); ?></textarea><br />
232	+ <p><?php _e('Thumb URL:', 'flag'); ?> <input id="flvthumb-<?php echo $flv->ID; ?>" name="item_a[<?php echo $flv->ID; ?>][post_thumb]" type="text" value="<?php echo esc_url($flvthumb); ?>" /> <a class="thickbox" onclick="actInp=<?php echo $flv->ID; ?>" href="media-upload.php?type=image&TB_iframe=1&width=640&height=400" title="<?php _e('Add an Image','flag'); ?>"><?php _e('assist', 'flag'); ?></a></p>
233	</td>
234	<td class="description">
235	+ <textarea name="item_a[<?php echo $flv->ID; ?>][post_content]" style="width:95%; height: 96px; margin-top: 2px; font-size:12px; line-height:115%;" rows="1" ><?php echo esc_html(stripslashes($flv->post_content)); ?></textarea>
236	</td>
237	</tr>
238	<?php

249	</table>
250	<p class="submit" style="text-align: right;"><input type="submit" class="button-primary action" name="updatePlaylist" value="<?php _e("Update Playlist",'flag')?>" /></p>
251	</form>
252	+ <form id="form_listitems" name="form_listitems" method="POST" action="<?php echo esc_url($filepath."&playlist=".urlencode($_GET['playlist'])."&mode=add"); ?>">
253	<input type="hidden" name="items" value="<?php echo $items; ?>" />
254	</form>
255	<br class="clear"/>

admin/manage.php CHANGED Viewed

	@@ -325,9 +325,9 @@ class flagManageGallery {
325
326	check_admin_referer('flag_updategallery');
327
328	- $gallery_title = ~~esc_attr~~($_POST['title']);
329	- $gallery_path = esc_attr($_POST['path']);
330	- $gallery_desc = ~~esc_attr~~($_POST['gallerydesc']);
331	$gallery_preview = (int) $_POST['previewpic'];
332
333	$wpdb->query("UPDATE $wpdb->flaggallery SET title= '$gallery_title', path= '$gallery_path', galdesc = '$gallery_desc', previewpic = '$gallery_preview' WHERE gid = '$this->gid'");


325
326	check_admin_referer('flag_updategallery');
327
328	+ $gallery_title = esc_html($_POST['title']);
329	+ $gallery_path = esc_attr(str_replace('..','',$_POST['path']));
330	+ $gallery_desc = esc_html($_POST['gallerydesc']);
331	$gallery_preview = (int) $_POST['previewpic'];
332
333	$wpdb->query("UPDATE $wpdb->flaggallery SET title= '$gallery_title', path= '$gallery_path', galdesc = '$gallery_desc', previewpic = '$gallery_preview' WHERE gid = '$this->gid'");

admin/media-upload.php CHANGED Viewed

	@@ -61,8 +61,8 @@ function media_upload_flag_save_image() {
61	if ( !empty($_POST['image']) ) foreach ( $_POST['image'] as $image_id => $image ) {
62
63	// Function save desription
64	- $alttext = ~~esc_attr~~($image['alttext']);
65	- $description = ~~esc_attr~~($image['description']);
66
67	$wpdb->query("UPDATE $wpdb->flagpictures SET alttext= '$alttext', description = '$description' WHERE pid = '$image_id'");
68
	@@ -174,15 +174,15 @@ function media_upload_flag_form($errors) {
174	<td><?php _e('Image ID:', "flag"); ?><?php echo $picid; ?></td>
175	</tr>
176	<tr><td><?php echo esc_attr( $picture->filename ); ?></td></tr>
177	- <tr><td><?php echo ~~esc_attr~~( stripslashes($picture->alttext) ); ?></td></tr>
178	<tr><td> </td></tr>
179	<tr>
180	<td class="label"><label for="image[<?php echo $picid; ?>][alttext]"><?php _e('Alt/Title text', "flag"); ?></label></td>
181	- <td class="field"><input id="image[<?php echo $picid; ?>][alttext]" name="image[<?php echo $picid; ?>][alttext]" value="<?php echo ~~esc_attr~~( stripslashes($picture->alttext) ); ?>" type="text"/></td>
182	</tr>
183	<tr>
184	<td class="label"><label for="image[<?php echo $picid; ?>][description]"><?php _e("Description","flag"); ?></label></td>
185	- <td class="field"><textarea name="image[<?php echo $picid; ?>][description]" id="image[<?php echo $picid; ?>][description]"><?php echo ~~esc_attr~~( stripslashes($picture->description) ); ?></textarea></td>
186	</tr>
187	<tr class="align">
188	<td class="label"><label for="image[<?php echo $picid; ?>][align]"><?php _e("Alignment"); ?></label></td>


61	if ( !empty($_POST['image']) ) foreach ( $_POST['image'] as $image_id => $image ) {
62
63	// Function save desription
64	+ $alttext = esc_html($image['alttext']);
65	+ $description = esc_html($image['description']);
66
67	$wpdb->query("UPDATE $wpdb->flagpictures SET alttext= '$alttext', description = '$description' WHERE pid = '$image_id'");
68

174	<td><?php _e('Image ID:', "flag"); ?><?php echo $picid; ?></td>
175	</tr>
176	<tr><td><?php echo esc_attr( $picture->filename ); ?></td></tr>
177	+ <tr><td><?php echo esc_html( stripslashes($picture->alttext) ); ?></td></tr>
178	<tr><td> </td></tr>
179	<tr>
180	<td class="label"><label for="image[<?php echo $picid; ?>][alttext]"><?php _e('Alt/Title text', "flag"); ?></label></td>
181	+ <td class="field"><input id="image[<?php echo $picid; ?>][alttext]" name="image[<?php echo $picid; ?>][alttext]" value="<?php echo esc_html( stripslashes($picture->alttext) ); ?>" type="text"/></td>
182	</tr>
183	<tr>
184	<td class="label"><label for="image[<?php echo $picid; ?>][description]"><?php _e("Description","flag"); ?></label></td>
185	+ <td class="field"><textarea name="image[<?php echo $picid; ?>][description]" id="image[<?php echo $picid; ?>][description]"><?php echo esc_html( stripslashes($picture->description) ); ?></textarea></td>
186	</tr>
187	<tr class="align">
188	<td class="label"><label for="image[<?php echo $picid; ?>][align]"><?php _e("Alignment"); ?></label></td>

admin/music-box.php CHANGED Viewed

	@@ -29,13 +29,13 @@ function flag_music_controler() {
29	switch($mode) {
30	case 'sort':
31	include_once (dirname (__FILE__) . '/playlist-sort.php');
32	- flag_playlist_order(~~$_GET['playlist']~~);
33	break;
34	case 'edit':

35	if(isset($_POST['updatePlaylist'])) {
36	- $title = $_POST['playlist_title'];
37	- $descr = $_POST['playlist_descr'];
38	- $file = $_GET['playlist'];
39	$data = array();
40	foreach($_POST['item_a'] as $item_id => $item) {
41	if($action=='delete_items' && in_array($item_id, $_POST['doaction']))
	@@ -46,22 +46,23 @@ function flag_music_controler() {
46	flagSavePlaylist($title,$descr,$data,$file);
47	}
48	if(isset($_POST['updatePlaylistSkin'])) {
49	- $file = $_GET['playlist'];
50	flagSavePlaylistSkin($file);
51	}
52	include_once (dirname (__FILE__) . '/manage-playlist.php');
53	- flag_playlist_edit(~~$_GET['playlist']~~);
54	break;
55	case 'save':
56	- $~~title = $~~_POST['~~playlist_title~~'];
57	- $~~descr~~ = $_POST['~~playlist_descr~~'];
58	- $~~data~~ = $_POST['~~items_array~~'];
59	- $~~file~~ = ~~isset(~~$~~_REQUEST~~['~~playlist~~']~~)? $_REQUEST['playlist'] : false~~;
60	- ~~flagGallery::flagSaveWpMedia~~();
61	- ~~flagSavePlaylist~~(~~$title,$descr,$data, $file~~);


62	if(isset($_GET['playlist'])) {
63	include_once (dirname (__FILE__) . '/manage-playlist.php');
64	- flag_playlist_edit(~~$_GET['playlist']~~);
65	} else {
66	flag_created_playlists();
67	flag_music_wp_media_lib();
	@@ -71,14 +72,14 @@ function flag_music_controler() {
71	if(isset($_POST['items']) && isset($_GET['playlist'])){
72	$added = $_POST['items'];
73	} elseif(isset($_GET['playlist'])) {
74	- $added = $_COOKIE['musicboxplaylist_'.$_GET['playlist']];
75	} else {
76	$added = false;
77	}
78	flag_music_wp_media_lib($added);
79	break;
80	case 'delete':
81	- flag_playlist_delete($_GET['playlist']);
82	case 'main':
83	if(isset($_POST['updateMedia'])) {
84	flagGallery::flagSaveWpMedia();
	@@ -95,7 +96,7 @@ function flag_music_controler() {
95	function flag_created_playlists() {
96
97	// same as $_SERVER['REQUEST_URI'], but should work under IIS 6.0
98	- $filepath = admin_url() . 'admin.php?page=' . $_GET['page'];
99
100	$all_playlists = get_playlists();
101	$total_all_playlists = count($all_playlists);
	@@ -128,10 +129,10 @@ if($all_playlists) {
128	<tr id="<?php echo $playlist_name; ?>" <?php echo $class; ?> >
129	<td>
130	<a href="<?php echo $filepath.'&playlist='.$playlist_name.'&mode=edit'; ?>" class='edit' title="<?php _e('Edit'); ?>" >
131	- <?php echo stripslashes($playlist_data['title']); ?>
132	</a>
133	</td>
134	- <td><?php echo stripslashes($playlist_data['description']); echo ' ('.__("player", "flag").': <strong>'.$playlist_data['skin'].'</strong>)' ?></td>
135	<td><?php echo count($query_m); ?></td>
136	<td style="white-space: nowrap;"><input type="text" class="shortcode1" style="width: 200px; font-size: 9px;" readonly="readonly" onfocus="this.select()" value="[grandmusic playlist=<?php echo $playlist_name; ?>]" /></td>
137	<td>
	@@ -155,11 +156,11 @@ if($all_playlists) {
155	function flag_music_wp_media_lib($added=false) {
156	global $wpdb;
157	// same as $_SERVER['REQUEST_URI'], but should work under IIS 6.0
158	- $filepath = admin_url() . 'admin.php?page=' . $_GET['page'];
159	if($added!==false) {
160	- $filepath .= '&~~amp;~~playlist='.$_GET['playlist'].'&~~amp;~~mode=save';
161	$flag_options = get_option('flag_options');
162	- $playlistPath = $flag_options['galleryPath'].'playlists/'.$_GET['playlist'].'.xml';
163	$playlist = get_playlist_data(ABSPATH.$playlistPath);
164	$exclude = explode(',', $added);
165	} else {
	@@ -167,10 +168,11 @@ function flag_music_wp_media_lib($added=false) {
167	$exclude = explode(',', $items_array_default);
168	}
169	if(isset($_GET['playlist'])){
170	- $playlist_cookie = $_GET['playlist'];
171	} else {
172	$playlist_cookie = 'default';
173	}

174	?>
175	<script type="text/javascript">
176	<!--
	@@ -325,7 +327,8 @@ function send_to_editor(html) {
325	if ( ! isset( $_GET['paged'] ) \|\| $_GET['paged'] < 1 )
326	$_GET['paged'] = 1;
327
328	- $~~objects_per_page~~ = 5;

329	$start = ( $_GET['paged'] - 1 ) * $objects_per_page;
330	$img_total_count = $wpdb->get_var("SELECT COUNT(ID) FROM $wpdb->posts WHERE `post_mime_type` = 'audio/mpeg' AND `post_type` = 'attachment' AND `post_status` = 'inherit'");
331	$musiclist = get_posts( $args = array(
	@@ -379,10 +382,10 @@ $page_links = paginate_links( array(
379	<?php } else { ?>
380	<input type="hidden" name="mode" value="save" />
381	<input style="width: 80%;" type="text" id="items_array" name="items_array" readonly="readonly" value="<?php echo $added; ?>" />
382	- <input type="hidden" name="playlist_title" value="<?php echo $playlist['title']; ?>" />
383	<input type="hidden" name="skinname" value="<?php echo $playlist['skin']; ?>" />
384	<input type="hidden" name="skinaction" value="<?php echo $playlist['skin']; ?>" />
385	- <textarea style="display: none;" name="playlist_descr" cols="40" rows="1"><?php echo $playlist['description']; ?></textarea>
386	<input name="addToPlaylist" class="button-secondary" type="submit" value="<?php _e('Update Playlist','flag'); ?>" />
387	<?php } ?>
388	</div>
	@@ -443,15 +446,15 @@ if($musiclist) {
443	echo round($size/1024/1024,2).' Mb';
444	?></td>
445	<td class="thumb" rowspan="2">
446	- <img id="thumb-<?php echo $mp3->ID; ?>" src="<?php echo $thumb; ?>" width="100" height="100" alt="" />
447	</td>
448	<td class="title_filename" rowspan="2">
449	<strong><a href="<?php echo $url; ?>"><?php echo basename($url); ?></a></strong><br />
450	- <textarea title="Title" name="item_a[<?php echo $mp3->ID; ?>][post_title]" cols="20" rows="1" style="width:95%; height: 25px; overflow:hidden;"><?php echo $mp3->post_title; ?></textarea><br />
451	- <p><?php _e('Thumb URL:', 'flag'); ?> <input id="mp3thumb-<?php echo $mp3->ID; ?>" name="item_a[<?php echo $mp3->ID; ?>][post_thumb]" type="text" value="<?php echo $mp3thumb; ?>" /> <a class="thickbox" onclick="actInp=<?php echo $mp3->ID; ?>" href="media-upload.php?type=image&TB_iframe=1&width=640&height=400" title="<?php _e('Add an Image','flag'); ?>"><?php _e('assist', 'flag'); ?></a></p>
452	</td>
453	<td class="description" rowspan="2">
454	- <textarea name="item_a[<?php echo $mp3->ID; ?>][post_content]" style="width:95%; height: 96px; margin-top: 2px; font-size:12px; line-height:115%;" rows="1" ><?php echo $mp3->post_content; ?></textarea>
455	</td>
456	</tr>
457	<tr class="mp3-<?php echo $mp3->ID.$class2; ?>"<?php echo $ex; ?>>


29	switch($mode) {
30	case 'sort':
31	include_once (dirname (__FILE__) . '/playlist-sort.php');
32	+ flag_playlist_order();
33	break;
34	case 'edit':
35	+ $file = urlencode($_GET['playlist']);
36	if(isset($_POST['updatePlaylist'])) {
37	+ $title = esc_html($_POST['playlist_title']);
38	+ $descr = esc_html($_POST['playlist_descr']);

39	$data = array();
40	foreach($_POST['item_a'] as $item_id => $item) {
41	if($action=='delete_items' && in_array($item_id, $_POST['doaction']))

46	flagSavePlaylist($title,$descr,$data,$file);
47	}
48	if(isset($_POST['updatePlaylistSkin'])) {

49	flagSavePlaylistSkin($file);
50	}
51	include_once (dirname (__FILE__) . '/manage-playlist.php');
52	+ flag_playlist_edit();
53	break;
54	case 'save':
55	+ if(isset($_POST['items_array'])){
56	+ $title = esc_html($_POST['playlist_title']);
57	+ $descr = esc_html($_POST['playlist_descr']);
58	+ $data = $_POST['items_array'];
59	+ $file = isset($_REQUEST['playlist'])? urlencode($_REQUEST['playlist']) : false;
60	+ flagGallery::flagSaveWpMedia();
61	+ flagSavePlaylist($title,$descr,$data, $file);
62	+ }
63	if(isset($_GET['playlist'])) {
64	include_once (dirname (__FILE__) . '/manage-playlist.php');
65	+ flag_playlist_edit();
66	} else {
67	flag_created_playlists();
68	flag_music_wp_media_lib();

72	if(isset($_POST['items']) && isset($_GET['playlist'])){
73	$added = $_POST['items'];
74	} elseif(isset($_GET['playlist'])) {
75	+ $added = $_COOKIE['musicboxplaylist_'.urlencode($_GET['playlist'])];
76	} else {
77	$added = false;
78	}
79	flag_music_wp_media_lib($added);
80	break;
81	case 'delete':
82	+ flag_playlist_delete(urlencode($_GET['playlist']));
83	case 'main':
84	if(isset($_POST['updateMedia'])) {
85	flagGallery::flagSaveWpMedia();

96	function flag_created_playlists() {
97
98	// same as $_SERVER['REQUEST_URI'], but should work under IIS 6.0
99	+ $filepath = admin_url() . 'admin.php?page=' . urlencode($_GET['page']);
100
101	$all_playlists = get_playlists();
102	$total_all_playlists = count($all_playlists);

129	<tr id="<?php echo $playlist_name; ?>" <?php echo $class; ?> >
130	<td>
131	<a href="<?php echo $filepath.'&playlist='.$playlist_name.'&mode=edit'; ?>" class='edit' title="<?php _e('Edit'); ?>" >
132	+ <?php echo esc_html(stripslashes($playlist_data['title'])); ?>
133	</a>
134	</td>
135	+ <td><?php echo esc_html(stripslashes($playlist_data['description'])); echo ' ('.__("player", "flag").': <strong>'.$playlist_data['skin'].'</strong>)' ?></td>
136	<td><?php echo count($query_m); ?></td>
137	<td style="white-space: nowrap;"><input type="text" class="shortcode1" style="width: 200px; font-size: 9px;" readonly="readonly" onfocus="this.select()" value="[grandmusic playlist=<?php echo $playlist_name; ?>]" /></td>
138	<td>

156	function flag_music_wp_media_lib($added=false) {
157	global $wpdb;
158	// same as $_SERVER['REQUEST_URI'], but should work under IIS 6.0
159	+ $filepath = admin_url() . 'admin.php?page=' . urlencode($_GET['page']);
160	if($added!==false) {
161	+ $filepath .= '&playlist='.urlencode($_GET['playlist']).'&mode=save';
162	$flag_options = get_option('flag_options');
163	+ $playlistPath = $flag_options['galleryPath'].'playlists/'.urlencode($_GET['playlist']).'.xml';
164	$playlist = get_playlist_data(ABSPATH.$playlistPath);
165	$exclude = explode(',', $added);
166	} else {

168	$exclude = explode(',', $items_array_default);
169	}
170	if(isset($_GET['playlist'])){
171	+ $playlist_cookie = urlencode($_GET['playlist']);
172	} else {
173	$playlist_cookie = 'default';
174	}
175	+ $filepath = esc_url($filepath);
176	?>
177	<script type="text/javascript">
178	<!--

327	if ( ! isset( $_GET['paged'] ) \|\| $_GET['paged'] < 1 )
328	$_GET['paged'] = 1;
329
330	+ $_GET['paged'] = intval($_GET['paged']);
331	+ $objects_per_page = 25;
332	$start = ( $_GET['paged'] - 1 ) * $objects_per_page;
333	$img_total_count = $wpdb->get_var("SELECT COUNT(ID) FROM $wpdb->posts WHERE `post_mime_type` = 'audio/mpeg' AND `post_type` = 'attachment' AND `post_status` = 'inherit'");
334	$musiclist = get_posts( $args = array(

382	<?php } else { ?>
383	<input type="hidden" name="mode" value="save" />
384	<input style="width: 80%;" type="text" id="items_array" name="items_array" readonly="readonly" value="<?php echo $added; ?>" />
385	+ <input type="hidden" name="playlist_title" value="<?php echo esc_html(stripslashes($playlist['title'])); ?>" />
386	<input type="hidden" name="skinname" value="<?php echo $playlist['skin']; ?>" />
387	<input type="hidden" name="skinaction" value="<?php echo $playlist['skin']; ?>" />
388	+ <textarea style="display: none;" name="playlist_descr" cols="40" rows="1"><?php echo esc_html(stripslashes($playlist['description'])); ?></textarea>
389	<input name="addToPlaylist" class="button-secondary" type="submit" value="<?php _e('Update Playlist','flag'); ?>" />
390	<?php } ?>
391	</div>

446	echo round($size/1024/1024,2).' Mb';
447	?></td>
448	<td class="thumb" rowspan="2">
449	+ <img id="thumb-<?php echo $mp3->ID; ?>" src="<?php echo esc_url($thumb); ?>" width="100" height="100" alt="" />
450	</td>
451	<td class="title_filename" rowspan="2">
452	<strong><a href="<?php echo $url; ?>"><?php echo basename($url); ?></a></strong><br />
453	+ <textarea title="Title" name="item_a[<?php echo $mp3->ID; ?>][post_title]" cols="20" rows="1" style="width:95%; height: 25px; overflow:hidden;"><?php echo esc_html(stripslashes($mp3->post_title)); ?></textarea><br />
454	+ <p><?php _e('Thumb URL:', 'flag'); ?> <input id="mp3thumb-<?php echo $mp3->ID; ?>" name="item_a[<?php echo $mp3->ID; ?>][post_thumb]" type="text" value="<?php echo esc_url($mp3thumb); ?>" /> <a class="thickbox" onclick="actInp=<?php echo $mp3->ID; ?>" href="media-upload.php?type=image&TB_iframe=1&width=640&height=400" title="<?php _e('Add an Image','flag'); ?>"><?php _e('assist', 'flag'); ?></a></p>
455	</td>
456	<td class="description" rowspan="2">
457	+ <textarea name="item_a[<?php echo $mp3->ID; ?>][post_content]" style="width:95%; height: 96px; margin-top: 2px; font-size:12px; line-height:115%;" rows="1" ><?php echo esc_html(stripslashes($mp3->post_content)); ?></textarea>
458	</td>
459	</tr>
460	<tr class="mp3-<?php echo $mp3->ID.$class2; ?>"<?php echo $ex; ?>>

admin/playlist-sort.php CHANGED Viewed

	@@ -1,17 +1,12 @@
1	<?php
2
3	- /**
4	- * @author Sergey Pasyuk
5	- * @copyright 2009
6	- */
7	-
8	- function flag_playlist_order($playlist){
9	global $wpdb;
10
11	//this is the url without any presort variable
12	- $base_url = admin_url() . 'admin.php?page=' . $_GET['page'];
13	$flag_options = get_option('flag_options');
14	- $playlistPath = $flag_options['galleryPath'].'playlists/'.$_GET['playlist'].'.xml';
15	$playlist = get_playlist_data(ABSPATH.$playlistPath);
16	$items_a = $playlist['items'];
17	$items = implode(',',$playlist['items']);
	@@ -22,18 +17,18 @@ function flag_playlist_order($playlist){
22	<h2><?php _e('Sort Gallery', 'flag'); ?></h2>
23
24	<div class="alignright tablenav" style="margin-bottom: -36px;">
25	- <a href="<?php echo $base_url.'&~~amp;~~playlist=~~'.$~~_GET['playlist'].'&~~amp;~~mode=edit'; ?>" class="button-secondary action"><?php _e('Back to playlist', 'flag'); ?></a>
26	</div>
27	- <form id="sortPlaylist" method="POST" action="<?php echo $base_url.'&~~amp;~~playlist=~~'.$~~_GET['playlist'].'&~~amp;~~mode=edit'; ?>" accept-charset="utf-8">
28	<div class="alignleft tablenav">
29	<?php wp_nonce_field('flag_updatesortorder'); ?>
30	<input class="button-primary action" type="submit" name="updatePlaylist" value="<?php _e('Update Sort Order', 'flag'); ?>" />
31	</div>
32	<br clear="all" />
33	- <input type="hidden" name="playlist_title" value="<?php echo $playlist['title']; ?>" />
34	<input type="hidden" name="skinname" value="<?php echo $playlist['skin']; ?>" />
35	<input type="hidden" name="skinaction" value="<?php echo $playlist['skin']; ?>" />
36	- <textarea style="display: none;" name="playlist_descr" cols="40" rows="1"><?php echo $playlist['description']; ?></textarea>
37	<script type="text/javascript">
38	/<![CDATA[/
39	jQuery(document).ready(function($) {
	@@ -98,7 +93,7 @@ if(count($items_a)) {
98	<td><script type="text/javascript">swfobject.embedSWF("<?php echo FLAG_URLPATH; ?>lib/mini.swf", "c-<?php echo $mp3->ID; ?>", "250", "20", "10.1.52", "expressInstall.swf", {path:"<?php echo str_replace(array('.mp3'), array(''), $url); ?>",bgcolor:"<?php echo $flag_options['mpBG'] ?>",color1:"<?php echo $flag_options['mpColor1'] ?>",color2:"<?php echo $flag_options['mpColor2'] ?>"}, {wmode:"transparent"}, {id:"f-<?php echo $mp3->ID; ?>",name:"f-<?php echo $mp3->ID; ?>"});</script>
99	<div class="play"><span id="c-<?php echo $mp3->ID; ?>"></span></div></td>
100	<td><?php echo basename($url); ?></td>
101	- <td><?php echo $mp3->post_title; ?></td>
102	</tr>
103	<?php
104	}


1	<?php
2
3	+ function flag_playlist_order($playlist = 'deprecated'){





4	global $wpdb;
5
6	//this is the url without any presort variable
7	+ $base_url = admin_url() . 'admin.php?page=' . urlencode($_GET['page']);
8	$flag_options = get_option('flag_options');
9	+ $playlistPath = $flag_options['galleryPath'].'playlists/'.urlencode($_GET['playlist']).'.xml';
10	$playlist = get_playlist_data(ABSPATH.$playlistPath);
11	$items_a = $playlist['items'];
12	$items = implode(',',$playlist['items']);

17	<h2><?php _e('Sort Gallery', 'flag'); ?></h2>
18
19	<div class="alignright tablenav" style="margin-bottom: -36px;">
20	+ <a href="<?php echo esc_url($base_url."&playlist=".urlencode($_GET['playlist']).'&mode=edit'); ?>" class="button-secondary action"><?php _e('Back to playlist', 'flag'); ?></a>
21	</div>
22	+ <form id="sortPlaylist" method="POST" action="<?php echo esc_url($base_url."&playlist=".urlencode($_GET['playlist']).'&mode=edit'); ?>" accept-charset="utf-8">
23	<div class="alignleft tablenav">
24	<?php wp_nonce_field('flag_updatesortorder'); ?>
25	<input class="button-primary action" type="submit" name="updatePlaylist" value="<?php _e('Update Sort Order', 'flag'); ?>" />
26	</div>
27	<br clear="all" />
28	+ <input type="hidden" name="playlist_title" value="<?php echo esc_html(stripslashes($playlist['title'])); ?>" />
29	<input type="hidden" name="skinname" value="<?php echo $playlist['skin']; ?>" />
30	<input type="hidden" name="skinaction" value="<?php echo $playlist['skin']; ?>" />
31	+ <textarea style="display: none;" name="playlist_descr" cols="40" rows="1"><?php echo esc_html(stripslashes($playlist['description'])); ?></textarea>
32	<script type="text/javascript">
33	/<![CDATA[/
34	jQuery(document).ready(function($) {

93	<td><script type="text/javascript">swfobject.embedSWF("<?php echo FLAG_URLPATH; ?>lib/mini.swf", "c-<?php echo $mp3->ID; ?>", "250", "20", "10.1.52", "expressInstall.swf", {path:"<?php echo str_replace(array('.mp3'), array(''), $url); ?>",bgcolor:"<?php echo $flag_options['mpBG'] ?>",color1:"<?php echo $flag_options['mpColor1'] ?>",color2:"<?php echo $flag_options['mpColor2'] ?>"}, {wmode:"transparent"}, {id:"f-<?php echo $mp3->ID; ?>",name:"f-<?php echo $mp3->ID; ?>"});</script>
94	<div class="play"><span id="c-<?php echo $mp3->ID; ?>"></span></div></td>
95	<td><?php echo basename($url); ?></td>
96	+ <td><?php echo esc_html(stripslashes($mp3->post_title)); ?></td>
97	</tr>
98	<?php
99	}

admin/playlist.functions.php CHANGED Viewed

	@@ -64,6 +64,8 @@ function flagSavePlaylist($title,$descr,$data,$file='',$skinaction='') {
64	if(!trim($title)) {
65	$title = 'default';
66	}


67	if (!$file) {
68	$file = sanitize_title($title);
69	}
	@@ -129,8 +131,8 @@ function flagSavePlaylistSkin($file) {
129	$flag_options = get_option('flag_options');
130	$playlistPath = ABSPATH.$flag_options['galleryPath'].'playlists/'.$file.'.xml';
131	// Save options
132	- $title = $_POST['playlist_title'];
133	- $descr = $_POST['playlist_descr'];
134	$items = get_playlist_data($playlistPath);
135	$data = $items['items'];
136	flagSavePlaylist($title,$descr,$data,$file,$skinaction='update');


64	if(!trim($title)) {
65	$title = 'default';
66	}
67	+ $title = htmlspecialchars_decode(stripslashes($title), ENT_QUOTES);
68	+ $descr = htmlspecialchars_decode(stripslashes($descr), ENT_QUOTES);
69	if (!$file) {
70	$file = sanitize_title($title);
71	}

131	$flag_options = get_option('flag_options');
132	$playlistPath = ABSPATH.$flag_options['galleryPath'].'playlists/'.$file.'.xml';
133	// Save options
134	+ $title = esc_html($_POST['playlist_title']);
135	+ $descr = esc_html($_POST['playlist_descr']);
136	$items = get_playlist_data($playlistPath);
137	$data = $items['items'];
138	flagSavePlaylist($title,$descr,$data,$file,$skinaction='update');

admin/settings.php CHANGED Viewed

@@ -6,7 +6,7 @@ function flag_admin_options()  {
             	global $flag;
             	// same as $_SERVER['REQUEST_URI'], but should work under IIS 6.0
-            -
            	$filepath    = admin_url() . 'admin.php?page='.$_GET['page'];
             	if ( isset($_POST['updateoption']) ) {
             		check_admin_referer('flag_settings');
@@ -32,43 +32,72 @@ function flag_admin_options()  {
             		flagGallery::show_message(__('Update Successfully','flag'));
+            	}
             	if( isset($_POST['membership']) ){
-            -
            		if(!empty($_POST['license_key'])){
             			if(function_exists('curl_init')){
             				check_admin_referer('flag_settings');
             				$ch = curl_init('http://mypgc.co/app/account_st.php');
-            -
            				curl_setopt ($ch, CURLOPT_REFERER, home_url());
             				curl_setopt ($ch, CURLOPT_POST, 1);
             				curl_setopt ($ch, CURLOPT_RETURNTRANSFER, 1);
-            -
            				curl_setopt ($ch, CURLOPT_POSTFIELDS, array('access_key'=>$_POST['access_key'], 'access_url'=>$_POST['access_url'], 'license_key'=>$_POST['license_key']));
-            -
            				$access_key_return = curl_exec ($ch);
             				curl_close ($ch);
             			} else {
-            -
            				$access_key_return = __('cURL library is not installed on your server.','flag');
-            -
            			}
-            -
            			if(strpos($access_key_return, 'Error') !== FALSE){
-            -
            				$_POST['license_key'] = '';
-            -
            			}
-            -
            			$options = explode(',', stripslashes($_POST['page_options']));
-            -
            			foreach ($options as $option) {
-            -
            					$option = trim($option);
-            -
            					$value = trim($_POST[$option]);
-            -
            					$flag->options[$option] = $value;
+            			}
-            -
            			// Save options
-            -
            			update_option('flag_options', $flag->options);
-            -
            			if(strpos($access_key_return, 'Error') === FALSE){
-            -
            				flagGallery::show_message($access_key_return);
             			} else {
-            -
            				flagGallery::show_error($access_key_return);
+            			}
-            -
            		} else {
-            -
            			$access_key_return = __('Enter License Key. License Key is required','flag');
-            -
            			flagGallery::show_error($access_key_return);
+            		}
+            	}
-            -
             	if ( isset($_POST['update_cap']) ) {
@@ -102,7 +131,7 @@ function flag_admin_options()  {
             <div id="slider" class="wrap">
             	<ul id="tabs" class="tabs">
-            -
            		<li class="selected"><a href="#" rel="imageoptions"><?php _e('Image Gallery Options', 'flag'); ?></a></li>
             		<?php if(current_user_can('administrator')){ ?>
             		<li><a href="#" rel="rControl"><?php _e('License Key & Remote Control', 'flag'); ?></a></li>
             		<?php } ?>
@@ -261,28 +290,47 @@ jQuery(document).ready(function() {
             <?php if(current_user_can('administrator')){ ?>
             	<div id="rControl" class="cptab">
-            -
            		<form name="rControl"  method="post">
             			<?php wp_nonce_field('flag_settings'); ?>
             			<input type="hidden" name="page_options" value="access_key,license_key" />
             			<h2><?php _e('License Key & Remote Control','flag'); ?></h2>
             			<input type="hidden" name="access_url" value="<?php echo plugins_url() . '/' . FLAGFOLDER . '/lib/app.php'; ?>" />
-            -
            			<table class="form-table flag-options">
             				<tr>
-            -
            					<th valign="top" width="200"><?php _e('License Key','flag'); ?>:</th>
-            -
            					<td valign="top"><input type="text" size="54" id="license_key" name="license_key" value="<?php echo $flag_options['license_key']?>" /></td>
             				</tr>
             				<tr>
-            -
            					<td colspan="2"><br><i><?php _e('If you want to upload photos to FlAGallery right from your iPhone download application (comming soon) and enter access key below. License Key is required.', 'flag'); ?></i></td>
             				</tr>
             				<tr>
             					<th valign="top" width="200"><?php _e('Remote App Access Key','flag'); ?>:</th>
-            -
            					<td valign="top"><input type="text" size="54" id="access_key" name="access_key" value="<?php echo $flag_options['access_key']?>" /><br>
             						<small><?php _e('Leave blank to disable access from application', 'flag'); ?></small></td>
             				</tr>
             			</table>
-            -
            			<h3>iOS application coming soon...</h3>
             			<div class="submit"><input class="button-primary" type="submit" name="membership" value="<?php _e('Update Settings for Remote Access', 'flag'); ?>"/></div>
             		</form>
             	</div>
             <?php } ?>


6	global $flag;
7
8	// same as $_SERVER['REQUEST_URI'], but should work under IIS 6.0
9	+ $filepath = admin_url() . 'admin.php?page='.urlencode($_GET['page']);
10
11	if ( isset($_POST['updateoption']) ) {
12	check_admin_referer('flag_settings');

32
33	flagGallery::show_message(__('Update Successfully','flag'));
34	}
35	+ $regform = 0;
36	if( isset($_POST['membership']) ){
37	+ if(function_exists('curl_init')){
38	+ check_admin_referer('flag_settings');
39	+ $ch = curl_init('http://mypgc.co/app/account_st.php');
40	+ curl_setopt ($ch, CURLOPT_REFERER, site_url());
41	+ curl_setopt ($ch, CURLOPT_POST, 1);
42	+ curl_setopt ($ch, CURLOPT_RETURNTRANSFER, 1);
43	+ curl_setopt ($ch, CURLOPT_POSTFIELDS, array('access_key'=>$_POST['access_key'], 'access_url'=>$_POST['access_url'], 'license_key'=>$_POST['license_key']));
44	+ $access_key_return = curl_exec ($ch);
45	+ curl_close ($ch);
46	+ } else {
47	+ $access_key_return = __('cURL library is not installed on your server.','flag');
48	+ }
49	+ if(strpos($access_key_return, 'Error') !== FALSE){
50	+ $_POST['license_key'] = '';
51	+ }
52	+ $options = explode(',', stripslashes($_POST['page_options']));
53	+ foreach ($options as $option) {
54	+ $option = trim($option);
55	+ $value = trim($_POST[$option]);
56	+ $flag->options[$option] = $value;
57	+ }
58	+
59	+ if(strpos($access_key_return, 'Error') === FALSE \|\| strpos($access_key_return, 'not a member') !== FALSE){
60	+ flagGallery::show_message($access_key_return);
61	+ if(strpos($access_key_return, 'not a member') !== FALSE){
62	+ $regform = 1;
63	+ //$flag->options['access_key'] = '';
64	+ }
65	+ } else {
66	+ flagGallery::show_error($access_key_return);
67	+ //$flag->options['access_key'] = '';
68	+ }
69	+
70	+ // Save options
71	+ update_option('flag_options', $flag->options);
72	+ }
73	+
74	+ if( isset($_POST['register_subscriber']) ){
75	+ if(empty($_POST['customer_first_name']) \|\| empty($_POST['customer_last_name']) \|\| empty($_POST['customer_email'])){
76	+ $regform = 1;
77	+ flagGallery::show_error(__('Error: All fields required.'));
78	+ } else {
79	if(function_exists('curl_init')){
80	check_admin_referer('flag_settings');
81	$ch = curl_init('http://mypgc.co/app/account_st.php');
82	+ curl_setopt ($ch, CURLOPT_REFERER, site_url());
83	curl_setopt ($ch, CURLOPT_POST, 1);
84	curl_setopt ($ch, CURLOPT_RETURNTRANSFER, 1);
85	+ curl_setopt ($ch, CURLOPT_POSTFIELDS, array('access_key'=>$_POST['access_key'], 'access_url'=>$_POST['access_url'], 'customer_first_name'=>$_POST['customer_first_name'], 'customer_last_name'=>$_POST['customer_last_name'], 'customer_email'=>$_POST['customer_email']));
86	+ $reg_return = curl_exec ($ch);
87	curl_close ($ch);
88	} else {
89	+ $reg_return = __('cURL library is not installed on your server.','flag');









90	}


91
92	+ if(strpos($reg_return, 'Error') === FALSE){
93	+ flagGallery::show_message($reg_return);
94	} else {
95	+ flagGallery::show_error($reg_return);
96	+ $regform = 1;
97	}



98	}
99	}
100	+
101
102	if ( isset($_POST['update_cap']) ) {
103

131	<div id="slider" class="wrap">
132
133	<ul id="tabs" class="tabs">
134	+ <li class="selected"><a href="#" rel="imageoptions"><?php _e('Gallery Options', 'flag'); ?></a></li>
135	<?php if(current_user_can('administrator')){ ?>
136	<li><a href="#" rel="rControl"><?php _e('License Key & Remote Control', 'flag'); ?></a></li>
137	<?php } ?>

290
291	<?php if(current_user_can('administrator')){ ?>
292	<div id="rControl" class="cptab">
293	+ <form name="rControl" method="post" style="float: left;width: 50%;">
294	<?php wp_nonce_field('flag_settings'); ?>
295	<input type="hidden" name="page_options" value="access_key,license_key" />
296	<h2><?php _e('License Key & Remote Control','flag'); ?></h2>
297	<input type="hidden" name="access_url" value="<?php echo plugins_url() . '/' . FLAGFOLDER . '/lib/app.php'; ?>" />
298	+ <table class="form-table flag-options" style="">
299	<tr>
300	+ <th valign="top" width="200"><a href="http://mypgc.co/membership/" target="_blank"><?php _e('License Key', 'flag') ?></a>:</th>
301	+ <td valign="top"><input type="text" size="40" id="license_key" name="license_key" value="<?php echo $flag_options['license_key']?>" /></td>
302	</tr>
303	<tr>
304	+ <td colspan="2"><br><?php _e('If you want to upload photos to FlAGallery right from your iPhone <a href="https://itunes.apple.com/us/app/mypgc/id663405181?ls=1&mt=8">download application</a> and enter access key below. You can enter your own access key. You can change these at any point in time and this will force all users to have to log in again in application.', 'flag'); ?> </td>
305	</tr>
306	<tr>
307	<th valign="top" width="200"><?php _e('Remote App Access Key','flag'); ?>:</th>
308	+ <td valign="top"><input type="text" size="40" id="access_key" name="access_key" value="<?php echo $flag_options['access_key']?>" /><br>
309	<small><?php _e('Leave blank to disable access from application', 'flag'); ?></small></td>
310	</tr>
311	</table>
312	+ <p><a href="https://itunes.apple.com/us/app/mypgc/id663405181?ls=1&mt=8"><img src="<?php echo plugins_url() . '/' . FLAGFOLDER; ?>/admin/images/appstore_button.png" alt="Download from AppStore" /></a></p>
313	<div class="submit"><input class="button-primary" type="submit" name="membership" value="<?php _e('Update Settings for Remote Access', 'flag'); ?>"/></div>
314	</form>
315	+ <?php if($regform){ ?>
316	+ <form name="reg_on_mypgc" method="post" style="float: left; border: 1px solid #666666; background-color: #ffffee; margin-top: 95px; width: 49%;">
317	+ <?php wp_nonce_field('flag_settings'); ?>
318	+ <h3 style="padding-left: 10px;"><?php _e('Register with form below or <a href="http://mypgc.co/membership/" target="_blank">purchase license key</a>','flag'); ?></h3>
319	+ <input type="hidden" name="access_key" value="<?php echo $flag_options['access_key']?>" />
320	+ <input type="hidden" name="access_url" value="<?php echo plugins_url() . '/' . FLAGFOLDER . '/lib/app.php'; ?>" />
321	+ <table class="form-table" style="100%;">
322	+ <tr>
323	+ <td valign="top" style="width: 50%;"><?php _e('First Name', 'flag') ?>:<br><input type="text" id="customer_first_name" name="customer_first_name" value="" style="width: 95%;" /></td>
324	+ <td valign="top"><?php _e('Last Name', 'flag') ?>:<br><input type="text" id="customer_last_name" name="customer_last_name" value="" style="width: 95%;" /></td>
325	+ </tr>
326	+ <tr>
327	+ <td valign="top"><?php _e('Email', 'flag') ?>:<br><input type="text" size="54" id="customer_email" name="customer_email" value="" style="width: 95%;" /></td>
328	+ <td valign="top"><div class="submit"><input class="button-primary" type="submit" name="register_subscriber" value="<?php _e('Register', 'flag'); ?>"/></div></td>
329	+ </tr>
330	+ </table>
331	+ </form>
332	+ <?php } ?>
333	+ <div style="clear: both;"> </div>
334	</div>
335	<?php } ?>
336

admin/skin_options.php CHANGED Viewed

	@@ -10,7 +10,7 @@ if ( !current_user_can('FlAG Change skin') )
10	die('-1');
11
12	$flag_options = get_option('flag_options');
13	- $act_skin = isset($_GET['skin'])? $_GET['skin'] : $flag_options['flashSkin'];
14	$settings = $flag_options['skinsDirABS'].$act_skin.'/settings';
15	$settingsXML = $settings.'/settings.xml';
16
	@@ -47,7 +47,7 @@ if(isset($_GET['show_options'])) {
47
48	function flag_skin_options() {
49	$flag_options = get_option('flag_options');
50	- $act_skin = isset($_GET['skin'])? $_GET['skin'] : $flag_options['flashSkin'];
51	$settings = $flag_options['skinsDirURL'].$act_skin.'/settings';
52	$settingsXML = $flag_options['skinsDirABS'].$act_skin.'/settings/settings.xml';
53	$fp = fopen($settingsXML, "r");


10	die('-1');
11
12	$flag_options = get_option('flag_options');
13	+ $act_skin = isset($_GET['skin'])? urlencode($_GET['skin']) : $flag_options['flashSkin'];
14	$settings = $flag_options['skinsDirABS'].$act_skin.'/settings';
15	$settingsXML = $settings.'/settings.xml';
16

47
48	function flag_skin_options() {
49	$flag_options = get_option('flag_options');
50	+ $act_skin = isset($_GET['skin'])? urlencode($_GET['skin']) : $flag_options['flashSkin'];
51	$settings = $flag_options['skinsDirURL'].$act_skin.'/settings';
52	$settingsXML = $flag_options['skinsDirABS'].$act_skin.'/settings/settings.xml';
53	$fp = fopen($settingsXML, "r");

admin/skins.php CHANGED Viewed

	@@ -78,7 +78,7 @@ function upload_skin() {
78	if ( !empty($_FILES) ) {
79	$filename = $_FILES['skinzip']['name'];
80	} else if ( isset($_GET['package']) ) {
81	- $filename = $_GET['package'];
82	}
83	if ( !$filename ) {
84	echo "<p>".__('No skin Specified', 'flag')."</p>\n";
	@@ -206,7 +206,7 @@ if ( isset($_POST['updateoption']) ) {
206
207
208	if ( isset($_GET['delete']) ) {
209	- $delskin = $_GET['delete'];
210	if ( current_user_can('FlAG Delete skins') && false === strpos($delskin, '..') ) {
211	if ( $flag_options['flashSkin'] != $delskin ) {
212	$skins_dir = trailingslashit( $flag_options['skinsDirABS'] );
	@@ -231,7 +231,7 @@ if ( isset($_GET['delete']) ) {
231	}
232
233	if( isset($_GET['skin']) ) {
234	- $set_skin = $_GET['skin'];
235	if($flag_options['flashSkin'] != $set_skin) {
236	$aValid = array('-', '_');
237	if(!ctype_alnum(str_replace($aValid, '', $set_skin))){
	@@ -247,7 +247,7 @@ if( isset($_GET['skin']) ) {
247	flagGallery::show_message( __('Skin','flag').' \''.$set_skin.'\' '.__('activated successfully. Optionally it can be overwritten with shortcode parameter.','flag') );
248	}
249	}
250	- $type = isset($_GET['type'])? $_GET['type'] : '';
251	switch($type){
252	case '':
253	$stype = 'gallery';


78	if ( !empty($_FILES) ) {
79	$filename = $_FILES['skinzip']['name'];
80	} else if ( isset($_GET['package']) ) {
81	+ $filename = urlencode($_GET['package']);
82	}
83	if ( !$filename ) {
84	echo "<p>".__('No skin Specified', 'flag')."</p>\n";

206
207
208	if ( isset($_GET['delete']) ) {
209	+ $delskin = urlencode($_GET['delete']);
210	if ( current_user_can('FlAG Delete skins') && false === strpos($delskin, '..') ) {
211	if ( $flag_options['flashSkin'] != $delskin ) {
212	$skins_dir = trailingslashit( $flag_options['skinsDirABS'] );

231	}
232
233	if( isset($_GET['skin']) ) {
234	+ $set_skin = urlencode($_GET['skin']);
235	if($flag_options['flashSkin'] != $set_skin) {
236	$aValid = array('-', '_');
237	if(!ctype_alnum(str_replace($aValid, '', $set_skin))){

247	flagGallery::show_message( __('Skin','flag').' \''.$set_skin.'\' '.__('activated successfully. Optionally it can be overwritten with shortcode parameter.','flag') );
248	}
249	}
250	+ $type = isset($_GET['type'])? urlencode($_GET['type']) : '';
251	switch($type){
252	case '':
253	$stype = 'gallery';

admin/tinymce/window.php CHANGED Viewed

	@@ -80,7 +80,7 @@ if($_REQUEST['riched'] == "false") {
80	$gallerylist = $flagdb->find_all_galleries('gid', 'ASC');
81	if(is_array($gallerylist)) {
82	foreach($gallerylist as $gallery) {
83	- $name = ( empty($gallery->title) ) ? $gallery->name : $gallery->title;
84	echo '<option value="' . $gallery->gid . '" >' . $gallery->gid . ' - ' . $name . '</option>' . "\n";
85	}
86	}
	@@ -178,7 +178,7 @@ if($_REQUEST['riched'] == "false") {
178	foreach((array)$all_playlists as $playlist_file => $playlist_data) {
179	$playlist_name = basename($playlist_file, '.xml');
180	?>
181	- <option value="<?php echo $playlist_name; ?>"><?php echo $playlist_data['title']; ?></option>
182	<?php
183	}
184	?>


80	$gallerylist = $flagdb->find_all_galleries('gid', 'ASC');
81	if(is_array($gallerylist)) {
82	foreach($gallerylist as $gallery) {
83	+ $name = ( empty($gallery->title) ) ? $gallery->name : esc_html(stripslashes($gallery->title));
84	echo '<option value="' . $gallery->gid . '" >' . $gallery->gid . ' - ' . $name . '</option>' . "\n";
85	}
86	}

178	foreach((array)$all_playlists as $playlist_file => $playlist_data) {
179	$playlist_name = basename($playlist_file, '.xml');
180	?>
181	+ <option value="<?php echo $playlist_name; ?>"><?php echo esc_html(stripslashes($playlist_data['title'])); ?></option>
182	<?php
183	}
184	?>

admin/tuning.php CHANGED Viewed

	@@ -32,7 +32,8 @@ function flag_tune($show_error=true) {
32	continue;
33	if ( is_dir( $old_skins_dir.$file ) ) {
34	if( is_dir( $skins_dir.$file ) ) {
35	- flagGallery::flagFolderDelete( $skins_dir.$file );

36	}
37	if ( !@rename($old_skins_dir.$file, $skins_dir.$file) ) {
38	$errors .= sprintf(__('Failed to move files from %1$s to %2$s','flag'),


32	continue;
33	if ( is_dir( $old_skins_dir.$file ) ) {
34	if( is_dir( $skins_dir.$file ) ) {
35	+ //flagGallery::flagFolderDelete( $skins_dir.$file );
36	+ continue;
37	}
38	if ( !@rename($old_skins_dir.$file, $skins_dir.$file) ) {
39	$errors .= sprintf(__('Failed to move files from %1$s to %2$s','flag'),

admin/video-box.php CHANGED Viewed

	@@ -18,7 +18,7 @@ function flag_video_controler() {
18	if (isset($_POST['importfolder']) && $_POST['importfolder']){
19	check_admin_referer('flag_addvideo');
20	$videofolder = $_POST['videofolder'];
21	- if ( !empty($videofolder) )
22	flagAdmin::import_video($videofolder);
23	}
24	$mode = isset($_REQUEST['mode'])? $_REQUEST['mode'] : 'main';
	@@ -29,13 +29,13 @@ function flag_video_controler() {
29	switch($mode) {
30	case 'sort':
31	include_once (dirname (__FILE__) . '/video-sort.php');
32	- flag_v_playlist_order(~~$_GET['playlist']~~);
33	break;
34	case 'edit':

35	if(isset($_POST['updatePlaylist'])) {
36	- $title = $_POST['playlist_title'];
37	- $descr = $_POST['playlist_descr'];
38	- $file = $_GET['playlist'];
39	$data = array();
40	foreach($_POST['item_a'] as $item_id => $item) {
41	if($action=='delete_items' && in_array($item_id, $_POST['doaction']))
	@@ -46,22 +46,23 @@ function flag_video_controler() {
46	flagSave_vPlaylist($title,$descr,$data,$file);
47	}
48	if(isset($_POST['updatePlaylistSkin'])) {
49	- $file = $_GET['playlist'];
50	flagSave_vPlaylistSkin($file);
51	}
52	include_once (dirname (__FILE__) . '/manage-video.php');
53	- flag_v_playlist_edit(~~$_GET['playlist']~~);
54	break;
55	case 'save':
56	- $~~title = $~~_POST['~~playlist_title~~'];
57	- $~~descr~~ = $_POST['~~playlist_descr~~'];
58	- $~~data~~ = $_POST['~~items_array~~'];
59	- $~~file~~ = ~~isset(~~$~~_REQUEST~~['~~playlist~~']~~)? $_REQUEST['playlist'] : false~~;
60	- ~~flagGallery::flagSaveWpMedia~~();
61	- ~~flagSave_vPlaylist~~(~~$title,$descr,$data, $file~~);


62	if(isset($_GET['playlist'])) {
63	include_once (dirname (__FILE__) . '/manage-video.php');
64	- flag_v_playlist_edit(~~$_GET['playlist']~~);
65	} else {
66	flag_created_v_playlists();
67	flag_video_wp_media_lib();
	@@ -72,7 +73,7 @@ function flag_video_controler() {
72	flag_video_wp_media_lib($added);
73	break;
74	case 'delete':
75	- flag_v_playlist_delete($_GET['playlist']);
76	case 'main':
77	if(isset($_POST['updateMedia'])) {
78	flagGallery::flagSaveWpMedia();
	@@ -89,7 +90,7 @@ function flag_video_controler() {
89	function flag_created_v_playlists() {
90
91	// same as $_SERVER['REQUEST_URI'], but should work under IIS 6.0
92	- $filepath = admin_url() . 'admin.php?page=' . $_GET['page'];
93
94	$all_playlists = get_v_playlists();
95	$total_all_playlists = count($all_playlists);
	@@ -122,10 +123,10 @@ if($all_playlists) {
122	<tr id="<?php echo $playlist_name; ?>" <?php echo $class; ?> >
123	<td>
124	<a href="<?php echo $filepath.'&playlist='.$playlist_name.'&mode=edit'; ?>" class='edit' title="<?php _e('Edit'); ?>" >
125	- <?php echo stripslashes($playlist_data['title']); ?>
126	</a>
127	</td>
128	- <td><?php echo stripslashes($playlist_data['description']); echo ' ('.__("player", "flag").': <strong>'.$playlist_data['skin'].'</strong>)' ?></td>
129	<td><?php echo count($query_m); ?></td>
130	<td style="white-space: nowrap;"><input type="text" class="shortcode1" style="width: 200px; font-size: 9px;" readonly="readonly" onfocus="this.select()" value="[grandvideo playlist=<?php echo $playlist_name; ?>]" /></td>
131	<td>
	@@ -148,14 +149,15 @@ if($all_playlists) {
148	function flag_video_wp_media_lib($added=false) {
149	global $wpdb;
150	// same as $_SERVER['REQUEST_URI'], but should work under IIS 6.0
151	- $filepath = admin_url() . 'admin.php?page=' . $_GET['page'];
152	if($added!==false) {
153	- $filepath .= '&~~amp;~~playlist='.$_GET['playlist'].'&~~amp;~~mode=save';
154	$flag_options = get_option('flag_options');
155	- $playlistPath = $flag_options['galleryPath'].'playlists/video/'.$_GET['playlist'].'.xml';
156	$playlist = get_v_playlist_data(ABSPATH.$playlistPath);
157	$exclude = explode(',', $added);
158	}

159	?>
160	<script type="text/javascript">
161	<!--
	@@ -167,11 +169,13 @@ jQuery(document).ready(function(){
167	arr = jQuery('#items_array').val();
168	if(arr) { del = ','; } else { del = ''; }
169	jQuery('#items_array').val(arr+del+cur);

170	} else {
171	cur = jQuery(this).val();
172	arr = jQuery('#items_array').val().split(',');
173	arr = jQuery.grep(arr, function(a){ return a != cur; }).join(',');
174	jQuery('#items_array').val(arr);

175	}
176	});
177	jQuery('.del_thumb').click(function(){
	@@ -207,11 +211,7 @@ function checkSelected() {
207	showDialog('new_playlist', 160);
208	return false;
209	break;
210	- case "add_to_playlist":
211	- return confirm('<?php echo sprintf(esc_js(__("You are about to add %s items to playlist \n \n 'Cancel' to stop, 'OK' to proceed.",'flag')), "' + numchecked + '") ; ?>');
212	- break;
213	}
214	- return confirm('<?php echo sprintf(esc_js(__("You are about to start the bulk edit for %s items \n \n 'Cancel' to stop, 'OK' to proceed.",'flag')), "' + numchecked + '") ; ?>');
215	}
216
217	function showDialog( windowId, height ) {
	@@ -230,8 +230,8 @@ function send_to_editor(html) {
230	//-->
231	</script>
232	<div class="wrap">
233	-
234	- <?php if( current_user_can('FlAG Import folder') ) {
235	$defaultpath = 'wp-content/';
236	?>
237	<link rel="stylesheet" type="text/css" href="<?php echo FLAG_URLPATH; ?>admin/js/jqueryFileTree/jqueryFileTree.css" />
	@@ -272,6 +272,7 @@ function send_to_editor(html) {
272	<div class="submit"><input class="button-primary" type="submit" name="importfolder" value="<?php _e('Import folder', 'flag'); ?>"/></div>
273	</form>
274	</div>

275	<?php } ?>
276
277	<h2><?php _e('WordPress Video Library', 'flag'); ?></h2>
	@@ -296,10 +297,10 @@ function send_to_editor(html) {
296	<?php } else { ?>
297	<input type="hidden" name="mode" value="save" />
298	<input style="width: 80%;" type="text" id="items_array" name="items_array" value="<?php echo $added; ?>" />
299	- <input type="hidden" name="playlist_title" value="<?php echo $playlist['title']; ?>" />
300	<input type="hidden" name="skinname" value="<?php echo $playlist['skin']; ?>" />
301	<input type="hidden" name="skinaction" value="<?php echo $playlist['skin']; ?>" />
302	- <textarea style="display: none;" name="playlist_descr" cols="40" rows="1"><?php echo $playlist['description']; ?></textarea>
303	<input name="addToPlaylist" class="button-secondary" type="submit" value="<?php _e('Update Playlist','flag'); ?>" onclick="if ( !checkSelected() ) return false;" />
304	<?php } ?>
305	</div>
	@@ -371,15 +372,15 @@ if($videolist) {
371	}
372	?></td>
373	<td class="thumb" rowspan="2">
374	- <a class="thickbox" title="<?php echo basename($url); ?>" href="<?php echo FLAG_URLPATH; ?>admin/flv_preview.php?vid=<?php echo $flv->ID; ?>&TB_iframe=1&width=490&height=293"><img id="thumb-<?php echo $flv->ID; ?>" src="<?php echo $thumb; ?>" width="100" height="100" alt="" /></a>
375	</td>
376	<td class="title_filename" rowspan="2">
377	<strong><a href="<?php echo $url; ?>"><?php echo basename($url); ?></a></strong><br />
378	- <textarea title="Title" name="item_a[<?php echo $flv->ID; ?>][post_title]" cols="20" rows="1" style="width:95%; height: 25px; overflow:hidden;"><?php echo $flv->post_title; ?></textarea><br />
379	- <p><?php _e('Thumb URL:', 'flag'); ?> <input id="flvthumb-<?php echo $flv->ID; ?>" name="item_a[<?php echo $flv->ID; ?>][post_thumb]" type="text" value="<?php echo $flvthumb; ?>" /> <a class="thickbox" onclick="actInp=<?php echo $flv->ID; ?>" href="media-upload.php?type=image&TB_iframe=1&width=640&height=400" title="<?php _e('Add an Image','flag'); ?>"><?php _e('assist', 'flag'); ?></a></p>
380	</td>
381	<td class="description" rowspan="2">
382	- <textarea name="item_a[<?php echo $flv->ID; ?>][post_content]" style="width:95%; height: 96px; margin-top: 2px; font-size:12px; line-height:115%;" rows="1" ><?php echo $flv->post_content; ?></textarea>
383	</td>
384	</tr>
385	<tr class="flv-<?php echo $flv->ID.$class2; ?>"<?php echo $ex; ?>>


18	if (isset($_POST['importfolder']) && $_POST['importfolder']){
19	check_admin_referer('flag_addvideo');
20	$videofolder = $_POST['videofolder'];
21	+ if ( !empty($videofolder) && false === strpos($videofolder, '..') )
22	flagAdmin::import_video($videofolder);
23	}
24	$mode = isset($_REQUEST['mode'])? $_REQUEST['mode'] : 'main';

29	switch($mode) {
30	case 'sort':
31	include_once (dirname (__FILE__) . '/video-sort.php');
32	+ flag_v_playlist_order();
33	break;
34	case 'edit':
35	+ $file = urlencode($_GET['playlist']);
36	if(isset($_POST['updatePlaylist'])) {
37	+ $title = esc_html($_POST['playlist_title']);
38	+ $descr = esc_html($_POST['playlist_descr']);

39	$data = array();
40	foreach($_POST['item_a'] as $item_id => $item) {
41	if($action=='delete_items' && in_array($item_id, $_POST['doaction']))

46	flagSave_vPlaylist($title,$descr,$data,$file);
47	}
48	if(isset($_POST['updatePlaylistSkin'])) {

49	flagSave_vPlaylistSkin($file);
50	}
51	include_once (dirname (__FILE__) . '/manage-video.php');
52	+ flag_v_playlist_edit();
53	break;
54	case 'save':
55	+ if(isset($_POST['items_array'])){
56	+ $title = esc_html($_POST['playlist_title']);
57	+ $descr = esc_html($_POST['playlist_descr']);
58	+ $data = $_POST['items_array'];
59	+ $file = isset($_REQUEST['playlist'])? urlencode($_REQUEST['playlist']) : false;
60	+ flagGallery::flagSaveWpMedia();
61	+ flagSave_vPlaylist($title,$descr,$data, $file);
62	+ }
63	if(isset($_GET['playlist'])) {
64	include_once (dirname (__FILE__) . '/manage-video.php');
65	+ flag_v_playlist_edit();
66	} else {
67	flag_created_v_playlists();
68	flag_video_wp_media_lib();

73	flag_video_wp_media_lib($added);
74	break;
75	case 'delete':
76	+ flag_v_playlist_delete(urlencode($_GET['playlist']));
77	case 'main':
78	if(isset($_POST['updateMedia'])) {
79	flagGallery::flagSaveWpMedia();

90	function flag_created_v_playlists() {
91
92	// same as $_SERVER['REQUEST_URI'], but should work under IIS 6.0
93	+ $filepath = admin_url() . 'admin.php?page=' . urlencode($_GET['page']);
94
95	$all_playlists = get_v_playlists();
96	$total_all_playlists = count($all_playlists);

123	<tr id="<?php echo $playlist_name; ?>" <?php echo $class; ?> >
124	<td>
125	<a href="<?php echo $filepath.'&playlist='.$playlist_name.'&mode=edit'; ?>" class='edit' title="<?php _e('Edit'); ?>" >
126	+ <?php echo esc_html(stripslashes($playlist_data['title'])); ?>
127	</a>
128	</td>
129	+ <td><?php echo esc_html(stripslashes($playlist_data['description'])); echo ' ('.__("player", "flag").': <strong>'.$playlist_data['skin'].'</strong>)' ?></td>
130	<td><?php echo count($query_m); ?></td>
131	<td style="white-space: nowrap;"><input type="text" class="shortcode1" style="width: 200px; font-size: 9px;" readonly="readonly" onfocus="this.select()" value="[grandvideo playlist=<?php echo $playlist_name; ?>]" /></td>
132	<td>

149	function flag_video_wp_media_lib($added=false) {
150	global $wpdb;
151	// same as $_SERVER['REQUEST_URI'], but should work under IIS 6.0
152	+ $filepath = admin_url() . 'admin.php?page=' . urlencode($_GET['page']);
153	if($added!==false) {
154	+ $filepath .= '&playlist='.urlencode($_GET['playlist']).'&mode=save';
155	$flag_options = get_option('flag_options');
156	+ $playlistPath = $flag_options['galleryPath'].'playlists/video/'.urlencode($_GET['playlist']).'.xml';
157	$playlist = get_v_playlist_data(ABSPATH.$playlistPath);
158	$exclude = explode(',', $added);
159	}
160	+ $filepath = esc_url($filepath);
161	?>
162	<script type="text/javascript">
163	<!--

169	arr = jQuery('#items_array').val();
170	if(arr) { del = ','; } else { del = ''; }
171	jQuery('#items_array').val(arr+del+cur);
172	+ jQuery(this).closest('tr').css('background-color','#DDFFBB').next().css('background-color','#DDFFBB');
173	} else {
174	cur = jQuery(this).val();
175	arr = jQuery('#items_array').val().split(',');
176	arr = jQuery.grep(arr, function(a){ return a != cur; }).join(',');
177	jQuery('#items_array').val(arr);
178	+ jQuery(this).closest('tr').removeAttr('style').next().removeAttr('style');
179	}
180	});
181	jQuery('.del_thumb').click(function(){

211	showDialog('new_playlist', 160);
212	return false;
213	break;



214	}

215	}
216
217	function showDialog( windowId, height ) {

230	//-->
231	</script>
232	<div class="wrap">
233	+ <?php if($added===false) { ?>
234	+ <?php if( current_user_can('FlAG Import folder') ) {
235	$defaultpath = 'wp-content/';
236	?>
237	<link rel="stylesheet" type="text/css" href="<?php echo FLAG_URLPATH; ?>admin/js/jqueryFileTree/jqueryFileTree.css" />

272	<div class="submit"><input class="button-primary" type="submit" name="importfolder" value="<?php _e('Import folder', 'flag'); ?>"/></div>
273	</form>
274	</div>
275	+ <?php } ?>
276	<?php } ?>
277
278	<h2><?php _e('WordPress Video Library', 'flag'); ?></h2>

297	<?php } else { ?>
298	<input type="hidden" name="mode" value="save" />
299	<input style="width: 80%;" type="text" id="items_array" name="items_array" value="<?php echo $added; ?>" />
300	+ <input type="hidden" name="playlist_title" value="<?php echo esc_html(stripslashes($playlist['title'])); ?>" />
301	<input type="hidden" name="skinname" value="<?php echo $playlist['skin']; ?>" />
302	<input type="hidden" name="skinaction" value="<?php echo $playlist['skin']; ?>" />
303	+ <textarea style="display: none;" name="playlist_descr" cols="40" rows="1"><?php echo esc_html(stripslashes($playlist['description'])); ?></textarea>
304	<input name="addToPlaylist" class="button-secondary" type="submit" value="<?php _e('Update Playlist','flag'); ?>" onclick="if ( !checkSelected() ) return false;" />
305	<?php } ?>
306	</div>

372	}
373	?></td>
374	<td class="thumb" rowspan="2">
375	+ <a class="thickbox" title="<?php echo basename($url); ?>" href="<?php echo FLAG_URLPATH; ?>admin/flv_preview.php?vid=<?php echo $flv->ID; ?>&TB_iframe=1&width=490&height=293"><img id="thumb-<?php echo $flv->ID; ?>" src="<?php echo esc_url($thumb); ?>" width="100" height="100" alt="" /></a>
376	</td>
377	<td class="title_filename" rowspan="2">
378	<strong><a href="<?php echo $url; ?>"><?php echo basename($url); ?></a></strong><br />
379	+ <textarea title="Title" name="item_a[<?php echo $flv->ID; ?>][post_title]" cols="20" rows="1" style="width:95%; height: 25px; overflow:hidden;"><?php echo esc_html(stripslashes($flv->post_title)); ?></textarea><br />
380	+ <p><?php _e('Thumb URL:', 'flag'); ?> <input id="flvthumb-<?php echo $flv->ID; ?>" name="item_a[<?php echo $flv->ID; ?>][post_thumb]" type="text" value="<?php echo esc_url($flvthumb); ?>" /> <a class="thickbox" onclick="actInp=<?php echo $flv->ID; ?>" href="media-upload.php?type=image&TB_iframe=1&width=640&height=400" title="<?php _e('Add an Image','flag'); ?>"><?php _e('assist', 'flag'); ?></a></p>
381	</td>
382	<td class="description" rowspan="2">
383	+ <textarea name="item_a[<?php echo $flv->ID; ?>][post_content]" style="width:95%; height: 96px; margin-top: 2px; font-size:12px; line-height:115%;" rows="1" ><?php echo esc_html(stripslashes($flv->post_content)); ?></textarea>
384	</td>
385	</tr>
386	<tr class="flv-<?php echo $flv->ID.$class2; ?>"<?php echo $ex; ?>>

admin/video-sort.php CHANGED Viewed

	@@ -5,13 +5,13 @@
5	* @copyright 2009
6	*/
7
8	- function flag_v_playlist_order($playlist){
9	global $wpdb;
10
11	//this is the url without any presort variable
12	- $base_url = admin_url() . 'admin.php?page=' . $_GET['page'];
13	$flag_options = get_option('flag_options');
14	- $playlistPath = $flag_options['galleryPath'].'playlists/video/'.$_GET['playlist'].'.xml';
15	$playlist = get_v_playlist_data(ABSPATH.$playlistPath);
16	$items_a = $playlist['items'];
17	$items = implode(',',$playlist['items']);
	@@ -22,18 +22,18 @@ function flag_v_playlist_order($playlist){
22	<h2><?php _e('Sort Gallery', 'flag'); ?></h2>
23
24	<div class="alignright tablenav" style="margin-bottom: -36px;">
25	- <a href="<?php echo $base_url.'&~~amp;~~playlist=~~'.$~~_GET['playlist'].'&~~amp;~~mode=edit'; ?>" class="button-secondary action"><?php _e('Back to playlist', 'flag'); ?></a>
26	</div>
27	- <form id="sortPlaylist" method="POST" action="<?php echo $base_url.'&~~amp;~~playlist=~~'.$~~_GET['playlist'].'&~~amp;~~mode=edit'; ?>" accept-charset="utf-8">
28	<div class="alignleft tablenav">
29	<?php wp_nonce_field('flag_updatesortorder'); ?>
30	<input class="button-primary action" type="submit" name="updatePlaylist" value="<?php _e('Update Sort Order', 'flag'); ?>" />
31	</div>
32	<br clear="all" />
33	- <input type="hidden" name="playlist_title" value="<?php echo $playlist['title']; ?>" />
34	<input type="hidden" name="skinname" value="<?php echo $playlist['skin']; ?>" />
35	<input type="hidden" name="skinaction" value="<?php echo $playlist['skin']; ?>" />
36	- <textarea style="display: none;" name="playlist_descr" cols="40" rows="1"><?php echo $playlist['description']; ?></textarea>
37	<script type="text/javascript">
38	/<![CDATA[/
39	jQuery(document).ready(function($) {
	@@ -98,9 +98,9 @@ if(count($items_a)) {
98	?>
99	<tr id="$flv-<?php echo $flv->ID; ?>" class="<?php echo $alternate; ?> iedit" valign="top">
100	<td scope="row"><input type="hidden" name="item_a[<?php echo $flv->ID; ?>][ID]" value="<?php echo $flv->ID; ?>" /><strong><?php echo $flv->ID; ?></strong></td>
101	- <td width="50"><a class="thickbox" title="<?php echo basename($url); ?>" href="<?php echo FLAG_URLPATH; ?>admin/flv_preview.php?vid=<?php echo $flv->ID; ?>&TB_iframe=1&width=490&height=293"><img id="thumb-<?php echo $flv->ID; ?>" src="<?php echo $thumb; ?>" width="20" height="20" alt="" /></a></td>
102	<td><?php echo basename($url); ?></td>
103	- <td><?php echo $flv->post_title; ?></td>
104	</tr>
105	<?php
106	}


5	* @copyright 2009
6	*/
7
8	+ function flag_v_playlist_order($playlist = 'deprecated'){
9	global $wpdb;
10
11	//this is the url without any presort variable
12	+ $base_url = admin_url() . 'admin.php?page=' . urlencode($_GET['page']);
13	$flag_options = get_option('flag_options');
14	+ $playlistPath = $flag_options['galleryPath'].'playlists/video/'.urlencode($_GET['playlist']).'.xml';
15	$playlist = get_v_playlist_data(ABSPATH.$playlistPath);
16	$items_a = $playlist['items'];
17	$items = implode(',',$playlist['items']);

22	<h2><?php _e('Sort Gallery', 'flag'); ?></h2>
23
24	<div class="alignright tablenav" style="margin-bottom: -36px;">
25	+ <a href="<?php echo esc_url($base_url."&playlist=".urlencode($_GET['playlist']).'&mode=edit'); ?>" class="button-secondary action"><?php _e('Back to playlist', 'flag'); ?></a>
26	</div>
27	+ <form id="sortPlaylist" method="POST" action="<?php echo esc_url($base_url."&playlist=".urlencode($_GET['playlist']).'&mode=edit'); ?>" accept-charset="utf-8">
28	<div class="alignleft tablenav">
29	<?php wp_nonce_field('flag_updatesortorder'); ?>
30	<input class="button-primary action" type="submit" name="updatePlaylist" value="<?php _e('Update Sort Order', 'flag'); ?>" />
31	</div>
32	<br clear="all" />
33	+ <input type="hidden" name="playlist_title" value="<?php echo esc_html(stripslashes($playlist['title'])); ?>" />
34	<input type="hidden" name="skinname" value="<?php echo $playlist['skin']; ?>" />
35	<input type="hidden" name="skinaction" value="<?php echo $playlist['skin']; ?>" />
36	+ <textarea style="display: none;" name="playlist_descr" cols="40" rows="1"><?php echo esc_html(stripslashes($playlist['description'])); ?></textarea>
37	<script type="text/javascript">
38	/<![CDATA[/
39	jQuery(document).ready(function($) {

98	?>
99	<tr id="$flv-<?php echo $flv->ID; ?>" class="<?php echo $alternate; ?> iedit" valign="top">
100	<td scope="row"><input type="hidden" name="item_a[<?php echo $flv->ID; ?>][ID]" value="<?php echo $flv->ID; ?>" /><strong><?php echo $flv->ID; ?></strong></td>
101	+ <td width="50"><a class="thickbox" title="<?php echo basename($url); ?>" href="<?php echo FLAG_URLPATH; ?>admin/flv_preview.php?vid=<?php echo $flv->ID; ?>&TB_iframe=1&width=490&height=293"><img id="thumb-<?php echo $flv->ID; ?>" src="<?php echo esc_url($thumb); ?>" width="20" height="20" alt="" /></a></td>
102	<td><?php echo basename($url); ?></td>
103	+ <td><?php echo esc_html(stripslashes($flv->post_title)); ?></td>
104	</tr>
105	<?php
106	}

admin/video.functions.php CHANGED Viewed

	@@ -64,6 +64,8 @@ function flagSave_vPlaylist($title,$descr,$data,$file='',$skinaction='') {
64	if(!trim($title)) {
65	$title = 'default';
66	}


67	if (!$file) {
68	$file = sanitize_title($title);
69	}
	@@ -72,9 +74,9 @@ function flagSave_vPlaylist($title,$descr,$data,$file='',$skinaction='') {
72	$data = explode(',', $data);
73
74	$flag_options = get_option('flag_options');
75	- $skin = isset($_POST['skinname'])? $_POST['skinname'] : 'video_default';
76	if(empty($skinaction))
77	- $skinaction = isset($_POST['skinaction'])? $_POST['skinaction'] : 'update';
78	$skinpath = trailingslashit( $flag_options['skinsDirABS'] ).$skin;
79	$playlistPath = ABSPATH.$flag_options['galleryPath'].'playlists/video/'.$file.'.xml';
80	if( file_exists($playlistPath) && ($skin == $skinaction) ) {
	@@ -129,8 +131,8 @@ function flagSave_vPlaylistSkin($file) {
129	$flag_options = get_option('flag_options');
130	$playlistPath = ABSPATH.$flag_options['galleryPath'].'playlists/video/'.$file.'.xml';
131	// Save options
132	- $title = $_POST['playlist_title'];
133	- $descr = $_POST['playlist_descr'];
134	$items = get_v_playlist_data($playlistPath);
135	$data = $items['items'];
136	flagSave_vPlaylist($title,$descr,$data,$file,$skinaction='update');


64	if(!trim($title)) {
65	$title = 'default';
66	}
67	+ $title = htmlspecialchars_decode(stripslashes($title), ENT_QUOTES);
68	+ $descr = htmlspecialchars_decode(stripslashes($descr), ENT_QUOTES);
69	if (!$file) {
70	$file = sanitize_title($title);
71	}

74	$data = explode(',', $data);
75
76	$flag_options = get_option('flag_options');
77	+ $skin = isset($_POST['skinname'])? sanitize_key($_POST['skinname']) : 'video_default';
78	if(empty($skinaction))
79	+ $skinaction = isset($_POST['skinaction'])? sanitize_key($_POST['skinaction']) : 'update';
80	$skinpath = trailingslashit( $flag_options['skinsDirABS'] ).$skin;
81	$playlistPath = ABSPATH.$flag_options['galleryPath'].'playlists/video/'.$file.'.xml';
82	if( file_exists($playlistPath) && ($skin == $skinaction) ) {

131	$flag_options = get_option('flag_options');
132	$playlistPath = ABSPATH.$flag_options['galleryPath'].'playlists/video/'.$file.'.xml';
133	// Save options
134	+ $title = esc_html($_POST['playlist_title']);
135	+ $descr = esc_html($_POST['playlist_descr']);
136	$items = get_v_playlist_data($playlistPath);
137	$data = $items['items'];
138	flagSave_vPlaylist($title,$descr,$data,$file,$skinaction='update');

admin/wpmu.php CHANGED Viewed

	@@ -5,16 +5,13 @@ if(preg_match('#' . basename(__FILE__) . '#', $_SERVER['PHP_SELF'])) { die('You
5	global $wpdb;
6
7	//to be sure
8	- if (!~~is_site_admin~~())
9	die('You are not allowed to call this page.');
10
11	// get the options
12	$flag_options = get_site_option('flag_options');
13
14	- // ~~same~~ as $~~_SERVER~~['~~REQUEST_URI~~'], ~~but~~ ~~should work under IIS 6.0~~
15	- $filepath = site_url( 'wp-admin/wpmu-admin.php?page=' . $_GET['page'], 'admin' );
16	-
17	- if ( isset($_POST['updateoption']) ) {
18	check_admin_referer('flag_wpmu_settings');
19	// get the hidden option fields, taken from WP core
20	if ( $_POST['page_options'] )


5	global $wpdb;
6
7	//to be sure
8	+ if (!is_multisite())
9	die('You are not allowed to call this page.');
10
11	// get the options
12	$flag_options = get_site_option('flag_options');
13
14	+ if ( isset($_POST['updateoption']) ) {



15	check_admin_referer('flag_wpmu_settings');
16	// get the hidden option fields, taken from WP core
17	if ( $_POST['page_options'] )

changelog.txt CHANGED Viewed

	@@ -1,6 +1,15 @@
1	GRAND FlAGallery
2	by CodEasily.com
3









4	= v2.78 - 26.06.2013 =
5	* Fix: bundled free skins not copied to flagallery-skins directory
6


1	GRAND FlAGallery
2	by CodEasily.com
3
4	+ = v3.01 - 09.07.2013 =
5	+ * New: iOS application 'MyPGC' for Flagallery plugin now available on the App Store for everyone
6	+
7	+ = v3.00 - 03.07.2013 =
8	+ * Fix: Free skins settings reset to default after plugin update
9	+ * Fix: XSS bugs reported by Ken S for the White Fir Design Bug Bounty
10	+ * Fix: small bugfixes
11	+ * New: iOS application 'MyPGC' for Flagallery plugin now available on the App Store
12	+
13	= v2.78 - 26.06.2013 =
14	* Fix: bundled free skins not copied to flagallery-skins directory
15

facebook.php CHANGED Viewed

	@@ -60,9 +60,10 @@ if(isset($_GET['i'])) {
60
61	<?php
62	if(isset($_GET['m'])) {
63	- $~~playlistpath~~ = $~~flag_options['galleryPath'].'playlists/'.$~~_GET['m']~~.'.xml'~~;

64	if(file_exists($playlistpath))
65	- echo flagShowMPlayer($~~playlist=$_GET['m']~~, $width='', $height='', $wmode='opaque');
66	else
67	_e("Can't find playlist");
68	}
	@@ -71,9 +72,10 @@ if(isset($_GET['m'])) {
71	if(isset($_GET['v'])) {
72	$height = isset($_GET['h'])? intval($_GET['h']) : '';
73	$width = isset($_GET['w'])? '100%' : '';
74	- $~~playlistpath~~ = $~~flag_options['galleryPath'].'playlists/video/'.$~~_GET['v']~~.'.xml'~~;

75	if(file_exists($playlistpath))
76	- echo flagShowVPlayer($~~playlist=$_GET['v']~~, $width, $height, $wmode='opaque');
77	else
78	_e("Can't find playlist");
79	}
	@@ -88,9 +90,10 @@ if(isset($_GET['mv'])) {
88	?>
89	<?php
90	if(isset($_GET['b'])) {
91	- $~~playlistpath~~ = $~~flag_options['galleryPath'].'playlists/banner/'.$~~_GET['b']~~.'.xml'~~;

92	if(file_exists($playlistpath))
93	- echo flagShowBanner($~~playlist=$_GET['b']~~, $width='', $height='', $wmode='opaque');
94	else
95	_e("Can't find playlist");
96	}


60
61	<?php
62	if(isset($_GET['m'])) {
63	+ $file = sanitize_title($_GET['m']);
64	+ $playlistpath = $flag_options['galleryPath'].'playlists/'.$file.'.xml';
65	if(file_exists($playlistpath))
66	+ echo flagShowMPlayer($file, $width='', $height='', $wmode='opaque');
67	else
68	_e("Can't find playlist");
69	}

72	if(isset($_GET['v'])) {
73	$height = isset($_GET['h'])? intval($_GET['h']) : '';
74	$width = isset($_GET['w'])? '100%' : '';
75	+ $file = sanitize_title($_GET['v']);
76	+ $playlistpath = $flag_options['galleryPath'].'playlists/video/'.$file.'.xml';
77	if(file_exists($playlistpath))
78	+ echo flagShowVPlayer($file, $width, $height, $wmode='opaque');
79	else
80	_e("Can't find playlist");
81	}

90	?>
91	<?php
92	if(isset($_GET['b'])) {
93	+ $file = sanitize_title($_GET['b']);
94	+ $playlistpath = $flag_options['galleryPath'].'playlists/banner/'.$file.'.xml';
95	if(file_exists($playlistpath))
96	+ echo flagShowBanner($file, $width='', $height='', $wmode='opaque');
97	else
98	_e("Can't find playlist");
99	}

flag.php CHANGED Viewed

	@@ -3,7 +3,7 @@
3	Plugin Name: GRAND Flash Album Gallery
4	Plugin URI: http://codeasily.com/wordpress-plugins/flash-album-gallery/flag/
5	Description: The GRAND FlAGallery plugin - provides a comprehensive interface for managing photos and images through a set of admin pages, and it displays photos in a way that makes your web site look very professional.
6	- Version: 2.78
7	Author: Rattus
8	Author URI: http://codeasily.com/
9
	@@ -23,7 +23,7 @@ if(preg_match('#' . basename(__FILE__) . '#', $_SERVER['PHP_SELF'])) { die('You
23	if (!class_exists('flagLoad')) {
24	class flagLoad {
25
26	- var $version = '2.78';
27	var $dbversion = '2.75';
28	var $minium_WP = '3.0';
29	var $minium_WPMU = '3.0';
	@@ -424,6 +424,7 @@ class flagLoad {
424	return;
425	}
426	// OK, we're authenticated: we need to find and save the data

427	$items_array = $_POST["mb_items_array"];
428	$skinname = $_POST["mb_skinname"];
429	$playlist = $_POST["mb_playlist"];
	@@ -433,6 +434,7 @@ class flagLoad {
433	$bg_link = $_POST["mb_bg_link"];
434	$bg_pos = $_POST["mb_bg_pos"];
435	$bg_repeat = $_POST["mb_bg_repeat"];

436	update_post_meta($post_id, "mb_items_array", $_POST["mb_items_array"]);
437	update_post_meta($post_id, "mb_skinname", $_POST["mb_skinname"]);
438	update_post_meta($post_id, "mb_playlist", $_POST["mb_playlist"]);


3	Plugin Name: GRAND Flash Album Gallery
4	Plugin URI: http://codeasily.com/wordpress-plugins/flash-album-gallery/flag/
5	Description: The GRAND FlAGallery plugin - provides a comprehensive interface for managing photos and images through a set of admin pages, and it displays photos in a way that makes your web site look very professional.
6	+ Version: 3.01
7	Author: Rattus
8	Author URI: http://codeasily.com/
9

23	if (!class_exists('flagLoad')) {
24	class flagLoad {
25
26	+ var $version = '3.01';
27	var $dbversion = '2.75';
28	var $minium_WP = '3.0';
29	var $minium_WPMU = '3.0';

424	return;
425	}
426	// OK, we're authenticated: we need to find and save the data
427	+ /*
428	$items_array = $_POST["mb_items_array"];
429	$skinname = $_POST["mb_skinname"];
430	$playlist = $_POST["mb_playlist"];

434	$bg_link = $_POST["mb_bg_link"];
435	$bg_pos = $_POST["mb_bg_pos"];
436	$bg_repeat = $_POST["mb_bg_repeat"];
437	+ */
438	update_post_meta($post_id, "mb_items_array", $_POST["mb_items_array"]);
439	update_post_meta($post_id, "mb_skinname", $_POST["mb_skinname"]);
440	update_post_meta($post_id, "mb_playlist", $_POST["mb_playlist"]);

lib/app.php CHANGED Viewed

	@@ -2,13 +2,22 @@
2	// include the flag function
3	@ require_once (dirname(dirname(__FILE__)). '/flag-config.php');
4
5	- ~~//$account_data=~~'~~{"status":"KO"}~~';
6	-
7	if(isset($_REQUEST['account'])){
8	global $wpdb, $flagdb;
9	$account = json_decode(stripslashes($_REQUEST['account']));
10	$flag_options = get_option ('flag_options');
11	if($account->access_key != $flag_options['access_key']){ die('{"status":"key_error"}'); }










12	if(isset($account->gid)){
13	$gid = $wpdb->get_var($wpdb->prepare("SELECT gid FROM $wpdb->flaggallery WHERE gid = %d", $account->gid));
14	if(!$gid){ die('{"status":"gallery_error"}'); }
	@@ -67,6 +76,8 @@ if(isset($_REQUEST['account'])){
67	}
68	}
69	$r['data'] = $wpdb->get_results("SELECT pid, galleryid, filename, description, alttext, link, UNIX_TIMESTAMP(imagedate) AS imagedate, UNIX_TIMESTAMP(modified) AS modified, sortorder, exclude, location, hitcounter, total_value, total_votes FROM $wpdb->flagpictures WHERE galleryid = '{$gid}' ORDER BY pid DESC");


70	echo json_encode($r);
71	die();
72	} elseif(isset($account->updated_item)){
	@@ -77,38 +88,59 @@ if(isset($_REQUEST['account'])){
77	$flagdb->update_picture($args);
78	$gid = intval($args['galleryid']);
79	$r['data'] = $wpdb->get_results("SELECT pid, galleryid, filename, description, alttext, link, UNIX_TIMESTAMP(imagedate) AS imagedate, UNIX_TIMESTAMP(modified) AS modified, sortorder, exclude, location, hitcounter, total_value, total_votes FROM $wpdb->flagpictures WHERE galleryid = '{$gid}' ORDER BY pid DESC");


80	echo json_encode($r);
81	die();
82	}
83	die('{"status":"item_error"}');
84	} elseif(isset($account->add_category)){
85	$args = get_object_vars($account->add_category);
86	- $args['title'] = ~~esc_attr~~( trim($args['title']) );
87	if ( empty($args['title']) ) {
88	$args['title'] = str_replace(' ', '_', current_time('mysql'));
89	}
90	@ require_once (dirname(dirname(__FILE__)). '/admin/functions.php');
91	- $defaultpath = $~~flag->options~~['galleryPath'];
92	- ~~if(!flagAdmin::create_gallery($args, $defaultpath, $output = false)) {~~
93	- ~~die~~('~~{"status":"gallery_error"}~~');















94	}
95	}
96
97	- //$account_data='{"status":"OK"}';
98	$gallerylist = $wpdb->get_results( "SELECT * FROM $wpdb->flaggallery ORDER BY gid DESC", ARRAY_A );
99	- $r['data'] = array();
100	if(count($gallerylist)){
101	foreach($gallerylist as $gallery){
102	$gid = (int) $gallery['gid'];


103	$thepictures = $wpdb->get_var("SELECT filename FROM $wpdb->flagpictures WHERE galleryid = '{$gid}' ORDER BY pid DESC");
104	$r['data'][] = $gallery + array( 'thumbnail' => $thepictures );
105	}
106	}


107	echo json_encode($r);
108	die();
109	}
110
111	function flagallery_utf8_urldecode($str) {
112	$str = preg_replace("/%u([0-9a-f]{3,4})/i","&#x\\1;",urldecode($str));
113	- ~~return~~ ~~html_entity_decode~~($str~~,null,'UTF-8'~~);


114	}


2	// include the flag function
3	@ require_once (dirname(dirname(__FILE__)). '/flag-config.php');
4
5	+ $r['data'] = array();

6	if(isset($_REQUEST['account'])){
7	global $wpdb, $flagdb;
8	$account = json_decode(stripslashes($_REQUEST['account']));
9	$flag_options = get_option ('flag_options');
10	if($account->access_key != $flag_options['access_key']){ die('{"status":"key_error"}'); }
11	+
12	+ $current_plugins = get_option('active_plugins', array());
13	+ if (!in_array('flash-album-gallery/flag.php', (array) $current_plugins)) {
14	+ if(isset($account->add_category)) {
15	+ die('{"status":"gallery_error"}');
16	+ }
17	+ echo json_encode($r);
18	+ die();
19	+ }
20	+
21	if(isset($account->gid)){
22	$gid = $wpdb->get_var($wpdb->prepare("SELECT gid FROM $wpdb->flaggallery WHERE gid = %d", $account->gid));
23	if(!$gid){ die('{"status":"gallery_error"}'); }

76	}
77	}
78	$r['data'] = $wpdb->get_results("SELECT pid, galleryid, filename, description, alttext, link, UNIX_TIMESTAMP(imagedate) AS imagedate, UNIX_TIMESTAMP(modified) AS modified, sortorder, exclude, location, hitcounter, total_value, total_votes FROM $wpdb->flagpictures WHERE galleryid = '{$gid}' ORDER BY pid DESC");
79	+ $r['data'] = stripslashes_deep($r['data']);
80	+
81	echo json_encode($r);
82	die();
83	} elseif(isset($account->updated_item)){

88	$flagdb->update_picture($args);
89	$gid = intval($args['galleryid']);
90	$r['data'] = $wpdb->get_results("SELECT pid, galleryid, filename, description, alttext, link, UNIX_TIMESTAMP(imagedate) AS imagedate, UNIX_TIMESTAMP(modified) AS modified, sortorder, exclude, location, hitcounter, total_value, total_votes FROM $wpdb->flagpictures WHERE galleryid = '{$gid}' ORDER BY pid DESC");
91	+ $r['data'] = stripslashes_deep($r['data']);
92	+
93	echo json_encode($r);
94	die();
95	}
96	die('{"status":"item_error"}');
97	} elseif(isset($account->add_category)){
98	$args = get_object_vars($account->add_category);
99	+ $args['title'] = esc_html( trim($args['title']) );
100	if ( empty($args['title']) ) {
101	$args['title'] = str_replace(' ', '_', current_time('mysql'));
102	}
103	@ require_once (dirname(dirname(__FILE__)). '/admin/functions.php');
104	+ $defaultpath = $flag_options['galleryPath'];
105	+
106	+ if(isset($args['id'])){
107	+ $gid = $wpdb->get_var($wpdb->prepare("SELECT gid FROM $wpdb->flaggallery WHERE gid = %d", $args['id']));
108	+ if($gid){
109	+ $gallerytitle = $args['title'];
110	+ $description = $args['description'];
111	+ $status = intval($args['status']);
112	+ $wpdb->query( $wpdb->prepare("UPDATE $wpdb->flaggallery SET title = %s, galdesc = %s, status = %d WHERE gid = %d", $gallerytitle, $description, $status, $gid) );
113	+ } else {
114	+ if(!flagAdmin::create_gallery($args, $defaultpath, $output = false)) {
115	+ die('{"status":"gallery_error"}');
116	+ }
117	+ }
118	+ } else {
119	+ if(!flagAdmin::create_gallery($args, $defaultpath, $output = false)) {
120	+ die('{"status":"gallery_error"}');
121	+ }
122	}
123	}
124

125	$gallerylist = $wpdb->get_results( "SELECT * FROM $wpdb->flaggallery ORDER BY gid DESC", ARRAY_A );

126	if(count($gallerylist)){
127	foreach($gallerylist as $gallery){
128	$gid = (int) $gallery['gid'];
129	+ $gallery['title'] = htmlspecialchars_decode($gallery['title'], ENT_QUOTES);
130	+ $gallery['galdesc'] = htmlspecialchars_decode($gallery['galdesc'], ENT_QUOTES);
131	$thepictures = $wpdb->get_var("SELECT filename FROM $wpdb->flagpictures WHERE galleryid = '{$gid}' ORDER BY pid DESC");
132	$r['data'][] = $gallery + array( 'thumbnail' => $thepictures );
133	}
134	}
135	+ $r['data'] = stripslashes_deep($r['data']);
136	+
137	echo json_encode($r);
138	die();
139	}
140
141	function flagallery_utf8_urldecode($str) {
142	$str = preg_replace("/%u([0-9a-f]{3,4})/i","&#x\\1;",urldecode($str));
143	+ $str = stripslashes($str);
144	+ $str = html_entity_decode($str,null,'UTF-8');
145	+ return wp_specialchars_decode($str, ENT_QUOTES);
146	}

lib/class.swfobject.php CHANGED Viewed

	@@ -76,7 +76,7 @@ class flag_swfobject {
76	$this->js .= $this->add_js_parameters('attr', $this->attributes) . ",";
77	$this->js .= "start : function() {";
78	$this->js .= $this->embedSWF;
79	- $this->js .= "}};";
80	$this->js .= $this->id . '.start();';
81
82	return $this->js;


76	$this->js .= $this->add_js_parameters('attr', $this->attributes) . ",";
77	$this->js .= "start : function() {";
78	$this->js .= $this->embedSWF;
79	+ $this->js .= "} };";
80	$this->js .= $this->id . '.start();';
81
82	return $this->js;

lib/flv.php CHANGED Viewed

	@@ -4,9 +4,10 @@ require_once( $_m[1] . 'wp-load.php');
4	$flag_options = get_option ('flag_options');
5	if(isset($_GET['vID'])) {
6	header("content-type:text/xml;charset=utf-8");
7	- $~~vid~~ = ~~get_post~~($_GET['vID']);

8	if(in_array($vid->post_mime_type, array('video/x-flv'))) {
9	- $thumb = get_post_meta($~~_GET['vID']~~, 'thumbnail', true);
10	$content = '<item id="'.$vid->ID.'">
11	<properties>
12	<property0>0x'.$flag_options["vmColor1"].'</property0>


4	$flag_options = get_option ('flag_options');
5	if(isset($_GET['vID'])) {
6	header("content-type:text/xml;charset=utf-8");
7	+ $id = intval($_GET['vID']);
8	+ $vid = get_post($id);
9	if(in_array($vid->post_mime_type, array('video/x-flv'))) {
10	+ $thumb = get_post_meta($id, 'thumbnail', true);
11	$content = '<item id="'.$vid->ID.'">
12	<properties>
13	<property0>0x'.$flag_options["vmColor1"].'</property0>

lib/gallery.php CHANGED Viewed

	@@ -10,7 +10,8 @@ global $wpdb;
10	$siteurl = get_option ('siteurl');
11	// get the gallery id
12	$gID = explode( '_', $_GET['gid'] );
13	- $~~skin~~ = $~~_GET[~~'~~skinName~~'];

14	$flag_options = get_option ('flag_options');
15
16	$file = str_replace("\\","/", dirname(dirname(dirname(__FILE__))).'/flagallery-skins/'.$skin.'/settings/settings.xml');
	@@ -62,7 +63,7 @@ foreach ( $gID as $galleryID ) {
62	if (is_array ($thepictures) && count($thepictures)){
63	echo " <category id='".$galleryID."'>\n";
64	echo " <properties>\n";
65	- echo " <title>".~~esc_attr~~(flagGallery::i18n(stripslashes($thepictures[0]->title)))."</title>\n";
66	echo " </properties>\n";
67	echo " <items>\n";
68
	@@ -70,8 +71,8 @@ foreach ( $gID as $galleryID ) {
70	foreach ($thepictures as $picture) {
71	echo " <item id='".$picture->pid."'>\n";
72	echo " <thumbnail>".$siteurl."/".$picture->path."/thumbs/thumbs_".$picture->filename."</thumbnail>\n";
73	- echo " <title><![CDATA[".~~esc_attr~~(flagGallery::i18n(stripslashes($picture->alttext)))."]]></title>\n";
74	- echo " <description><![CDATA[".html_entity_decode(~~esc_attr~~(flagGallery::i18n(stripslashes($picture->description))))."]]></description>\n";
75	//echo " <link>".$picture->link."</link>\n";
76	echo " <photo>".$siteurl."/".$picture->path."/".$picture->filename."</photo>\n";
77	echo " <date>".$picture->imagedate."</date>\n";


10	$siteurl = get_option ('siteurl');
11	// get the gallery id
12	$gID = explode( '_', $_GET['gid'] );
13	+ $gID = array_filter($gID, 'intval');
14	+ $skin = urlencode($_GET['skinName']);
15	$flag_options = get_option ('flag_options');
16
17	$file = str_replace("\\","/", dirname(dirname(dirname(__FILE__))).'/flagallery-skins/'.$skin.'/settings/settings.xml');

63	if (is_array ($thepictures) && count($thepictures)){
64	echo " <category id='".$galleryID."'>\n";
65	echo " <properties>\n";
66	+ echo " <title>".esc_html(flagGallery::i18n(stripslashes($thepictures[0]->title)))."</title>\n";
67	echo " </properties>\n";
68	echo " <items>\n";
69

71	foreach ($thepictures as $picture) {
72	echo " <item id='".$picture->pid."'>\n";
73	echo " <thumbnail>".$siteurl."/".$picture->path."/thumbs/thumbs_".$picture->filename."</thumbnail>\n";
74	+ echo " <title><![CDATA[".esc_html(flagGallery::i18n(stripslashes($picture->alttext)))."]]></title>\n";
75	+ echo " <description><![CDATA[".html_entity_decode(esc_html(flagGallery::i18n(stripslashes($picture->description))))."]]></description>\n";
76	//echo " <link>".$picture->link."</link>\n";
77	echo " <photo>".$siteurl."/".$picture->path."/".$picture->filename."</photo>\n";
78	echo " <date>".$picture->imagedate."</date>\n";

readme.txt CHANGED Viewed

	@@ -3,7 +3,7 @@ Contributors: Rattus
3	Donate link: http://photogallerycreator.com/grand-flagallery/
4	Tags: admin, flash, fullscreen gallery, gallery, image, images, image gallery, mp3, music, page, photo, slider, plugin, Post, posts, slideshow, video, widget, iOS gallery, iphone gallery, best gallery
5	Requires at least: 3.0
6	- Tested up to: 3.5.1
7	Stable tag: trunk
8
9	GRAND Flagallery is a Photo Gallery, Video Gallery, Music Album & Banner Rotator plugin with powerfull admin to manage your media content
	@@ -12,6 +12,9 @@ GRAND Flagallery is a Photo Gallery, Video Gallery, Music Album & Banner Rotator
12
13	GRAND Flagallery - powerfull media content plugin. It provides a comprehensive interface for handling image galleries, audio and video.
14



15	Edit your media content the way you want: upload images, import music and video, create photo gallery, music playlists, group pictures in slideshow and add descriptions for each image, mp3 or video - GRAND FlAGallery is the smart choice when showing the best of your product or describing in brief any event. GRAND FlAGallery can easily beautify your site with image gallery, mp3 player, video player, banner rotator, nivo slider or nice widgets. SEO optimized, compatibility with Google Reader, FeedBerner, etc.
16
17	* iPhone, iPad, Android, Blackberry and Desktop friendly photo gallery, SEO optimized.
	@@ -50,11 +53,20 @@ New plugin:
50
51	== Changelog ==
52









53	= v2.78 - 26.06.2013 =
54	* Fix: bundled free skins not copied to flagallery-skins directory
55
56	= v2.77 - 25.06.2013 =
57	- * Fix: vulnerability with albums
58	* Fix: PHP Notices
59	* Fix: Compatibility with some modern themes
60	* Update: New version of swfupload


3	Donate link: http://photogallerycreator.com/grand-flagallery/
4	Tags: admin, flash, fullscreen gallery, gallery, image, images, image gallery, mp3, music, page, photo, slider, plugin, Post, posts, slideshow, video, widget, iOS gallery, iphone gallery, best gallery
5	Requires at least: 3.0
6	+ Tested up to: 3.5.2
7	Stable tag: trunk
8
9	GRAND Flagallery is a Photo Gallery, Video Gallery, Music Album & Banner Rotator plugin with powerfull admin to manage your media content

12
13	GRAND Flagallery - powerfull media content plugin. It provides a comprehensive interface for handling image galleries, audio and video.
14
15	+ > Now You can upload and manage your photos, anywhere.
16	+ > Download new [application for iPhone](http://mypgc.co/ios-app/)
17	+
18	Edit your media content the way you want: upload images, import music and video, create photo gallery, music playlists, group pictures in slideshow and add descriptions for each image, mp3 or video - GRAND FlAGallery is the smart choice when showing the best of your product or describing in brief any event. GRAND FlAGallery can easily beautify your site with image gallery, mp3 player, video player, banner rotator, nivo slider or nice widgets. SEO optimized, compatibility with Google Reader, FeedBerner, etc.
19
20	* iPhone, iPad, Android, Blackberry and Desktop friendly photo gallery, SEO optimized.

53
54	== Changelog ==
55
56	+ = v3.01 - 09.07.2013 =
57	+ * New: iOS application 'MyPGC' for Flagallery plugin now available on the App Store for everyone
58	+
59	+ = v3.00 - 03.07.2013 =
60	+ * Fix: Free skins settings reset to default after plugin update
61	+ * Fix: XSS bugs reported by Ken S for the White Fir Design Bug Bounty
62	+ * Fix: small bugfixes
63	+ * New: iOS application 'MyPGC' for Flagallery plugin now available on the App Store
64	+
65	= v2.78 - 26.06.2013 =
66	* Fix: bundled free skins not copied to flagallery-skins directory
67
68	= v2.77 - 25.06.2013 =
69	+ * Fix: XSS vulnerability with albums (thanks to Ken S - for the White Fir Design Bug Bounty)
70	* Fix: PHP Notices
71	* Fix: Compatibility with some modern themes
72	* Update: New version of swfupload

widgets/widgets.php CHANGED Viewed

	@@ -96,7 +96,7 @@ class flagSlideshowWidget extends WP_Widget {
96	'width' => '75',
97	'height'=> '65',
98	'pages' => '') );
99	- $title = ~~esc_attr~~( $instance['title'] );
100	$width = esc_attr( $instance['width'] );
101	$height = esc_attr( $instance['height'] );
102	$pages = esc_attr( $instance['pages'] );
	@@ -195,7 +195,7 @@ class flagBannerWidget extends WP_Widget {
195
196	//Defaults
197	$instance = wp_parse_args( (array) $instance, array( 'title' => 'Banner', 'xml' => '', 'width' => '100%', 'height' => '200', 'skin' => 'banner_widget_default') );
198	- $title = ~~esc_attr~~( $instance['title'] );
199	$width = esc_attr( $instance['width'] );
200	$height = esc_attr( $instance['height'] );
201	$skin = esc_attr( $instance['skin'] );
	@@ -293,7 +293,7 @@ class flagWidget extends WP_Widget {
293	'fheight'=> '480',
294	'album' => '',
295	'skin' => '' ) );
296	- $title = ~~esc_attr~~( $instance['title'] );
297	$width = esc_attr( $instance['width'] );
298	$height = esc_attr( $instance['height'] );
299	$fwidth = esc_attr( $instance['fwidth'] );
	@@ -467,7 +467,7 @@ class flagVideoWidget extends WP_Widget {
467	'fwidth' => '640',
468	'fheight'=> '480',
469	'vxml' => '' ) );
470	- $title = ~~esc_attr~~( $instance['title'] );
471	$width = esc_attr( $instance['width'] );
472	$height = esc_attr( $instance['height'] );
473	$fwidth = esc_attr( $instance['fwidth'] );
	@@ -636,7 +636,7 @@ class flagMusicWidget extends WP_Widget {
636
637	//Defaults
638	$instance = wp_parse_args( (array) $instance, array( 'title' => 'Music', 'xml' => '', 'width' => '100%', 'height' => '200', 'skin' => 'music_default') );
639	- $title = ~~esc_attr~~( $instance['title'] );
640	$width = esc_attr( $instance['width'] );
641	$height = esc_attr( $instance['height'] );
642	$skin = esc_attr( $instance['skin'] );


96	'width' => '75',
97	'height'=> '65',
98	'pages' => '') );
99	+ $title = esc_html( $instance['title'] );
100	$width = esc_attr( $instance['width'] );
101	$height = esc_attr( $instance['height'] );
102	$pages = esc_attr( $instance['pages'] );

195
196	//Defaults
197	$instance = wp_parse_args( (array) $instance, array( 'title' => 'Banner', 'xml' => '', 'width' => '100%', 'height' => '200', 'skin' => 'banner_widget_default') );
198	+ $title = esc_html( $instance['title'] );
199	$width = esc_attr( $instance['width'] );
200	$height = esc_attr( $instance['height'] );
201	$skin = esc_attr( $instance['skin'] );

293	'fheight'=> '480',
294	'album' => '',
295	'skin' => '' ) );
296	+ $title = esc_html( $instance['title'] );
297	$width = esc_attr( $instance['width'] );
298	$height = esc_attr( $instance['height'] );
299	$fwidth = esc_attr( $instance['fwidth'] );

467	'fwidth' => '640',
468	'fheight'=> '480',
469	'vxml' => '' ) );
470	+ $title = esc_html( $instance['title'] );
471	$width = esc_attr( $instance['width'] );
472	$height = esc_attr( $instance['height'] );
473	$fwidth = esc_attr( $instance['fwidth'] );

636
637	//Defaults
638	$instance = wp_parse_args( (array) $instance, array( 'title' => 'Music', 'xml' => '', 'width' => '100%', 'height' => '200', 'skin' => 'music_default') );
639	+ $title = esc_html( $instance['title'] );
640	$width = esc_attr( $instance['width'] );
641	$height = esc_attr( $instance['height'] );
642	$skin = esc_attr( $instance['skin'] );

xml/media-rss.php CHANGED Viewed

	@@ -9,7 +9,7 @@ require_once(dirname(__FILE__) . "/../flag-config.php");
9	require_once(dirname(__FILE__) . "/../lib/media-rss.php");
10
11	// Check we have the required GET parameters
12	- $mode = $_GET["mode"];
13	if (!isset($mode) \|\| $mode == '')
14	$mode = 'last_pictures';
15


9	require_once(dirname(__FILE__) . "/../lib/media-rss.php");
10
11	// Check we have the required GET parameters
12	+ $mode = urlencode($_GET["mode"]);
13	if (!isset($mode) \|\| $mode == '')
14	$mode = 'last_pictures';
15

Gallery – Flagallery Photo Portfolio - Version 3.01

Version Description

Release Info

Code changes from version 2.78 to 3.01