Gallery Bank: WordPress Photo Gallery Plugin - Version 3.0.35

Version Description

  • Major Security Bug Fixed related to Upload.php file
Download this release

Release Info

Developer Gallery-Bank
Plugin Icon 128x128 Gallery Bank: WordPress Photo Gallery Plugin
Version 3.0.35
Comparing to
See all releases

Code changes from version 3.0.34 to 3.0.35

Files changed (6) hide show
  1. gallery-bank.php +1 -1
  2. lib/gallery-bank-class.php +7 -0
  3. lib/upload.php +156 -0
  4. readme.txt +7 -3
  5. upload.php +0 -125
  6. views/edit-album.php +1 -1
gallery-bank.php CHANGED
@@ -4,7 +4,7 @@
4
  Plugin URI: http://tech-banker.com
5
  Description: Gallery Bank is an easy to use Responsive WordPress Gallery Plugin for photos, videos, galleries and albums.
6
  Author: Tech Banker
7
- Version: 3.0.34
8
  Author URI: http://tech-banker.com
9
  */
10
  ////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
4
  Plugin URI: http://tech-banker.com
5
  Description: Gallery Bank is an easy to use Responsive WordPress Gallery Plugin for photos, videos, galleries and albums.
6
  Author: Tech Banker
7
+ Version: 3.0.35
8
  Author URI: http://tech-banker.com
9
  */
10
  ////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
lib/gallery-bank-class.php CHANGED
@@ -184,6 +184,13 @@ if (isset($_REQUEST["action"])) {
184
  include_once GALLERY_BK_PLUGIN_DIR . "/lib/front-view-all-albums-class.php";
185
  }
186
  break;
 
 
 
 
 
 
 
187
  }
188
  }
189
  /*****************************************************************************************************************/
184
  include_once GALLERY_BK_PLUGIN_DIR . "/lib/front-view-all-albums-class.php";
185
  }
186
  break;
187
+ case "upload_library":
188
+ add_action("admin_init", "upload_library");
189
+ function upload_library()
190
+ {
191
+ include_once GALLERY_BK_PLUGIN_DIR . "/lib/upload.php";
192
+ }
193
+ break;
194
  }
195
  }
196
  /*****************************************************************************************************************/
lib/upload.php ADDED
@@ -0,0 +1,156 @@
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
1
+ <?php
2
+ global $wpdb,$current_user,$user_role_permission;
3
+ $dynamicArray = array();
4
+ $dynamicId = mt_rand(10, 10000);
5
+ $role = $wpdb->prefix . "capabilities";
6
+ $current_user->role = array_keys($current_user->$role);
7
+ $role = $current_user->role[0];
8
+ switch($role)
9
+ {
10
+ case "administrator":
11
+ $user_role_permission = "manage_options";
12
+ break;
13
+ case "editor":
14
+ $user_role_permission = "publish_pages";
15
+ break;
16
+ case "author":
17
+ $user_role_permission = "publish_posts";
18
+ break;
19
+ case "contributor":
20
+ $user_role_permission = "edit_posts";
21
+ break;
22
+ case "subscriber":
23
+ $user_role_permission = "read";
24
+ break;
25
+ }
26
+
27
+ if (!current_user_can($user_role_permission))
28
+ {
29
+ return;
30
+ }
31
+ else
32
+ {
33
+ if ($_REQUEST["param"] == "upload_pic")
34
+ {
35
+ /**
36
+ * upload.php
37
+ *
38
+ * Copyright 2013, Moxiecode Systems AB
39
+ * Released under GPL License.
40
+ *
41
+ * License: http://www.plupload.com/license
42
+ * Contributing: http://www.plupload.com/contributing
43
+ */
44
+
45
+
46
+ // Make sure file is not cached (as it happens for example on iOS devices)
47
+ header("Expires: Mon, 26 Jul 1997 05:00:00 GMT");
48
+ header("Last-Modified: " . gmdate("D, d M Y H:i:s") . " GMT");
49
+ header("Cache-Control: no-store, no-cache, must-revalidate");
50
+ header("Cache-Control: post-check=0, pre-check=0", false);
51
+ header("Pragma: no-cache");
52
+
53
+ /*
54
+ // Support CORS
55
+ header("Access-Control-Allow-Origin: *");
56
+ // other CORS headers if any...
57
+ if ($_SERVER['REQUEST_METHOD'] == 'OPTIONS') {
58
+ exit; // finish preflight CORS requests here
59
+ }
60
+ */
61
+
62
+ // 5 minutes execution time
63
+ @set_time_limit(5 * 60);
64
+
65
+ // Uncomment this one to fake upload time
66
+ // usleep(5000);
67
+
68
+ // Settings
69
+ $targetDir = GALLERY_MAIN_UPLOAD_DIR;
70
+ $cleanupTargetDir = true; // Remove old files
71
+ $maxFileAge = 5 * 3600; // Temp file age in seconds
72
+
73
+
74
+ // Create target dir
75
+ if (!file_exists($targetDir)) {
76
+ @mkdir($targetDir);
77
+ }
78
+
79
+ // Get a file name
80
+ if (isset($_REQUEST["name"])) {
81
+ $fileName = $_REQUEST["name"];
82
+ } elseif (!empty($_FILES)) {
83
+ $fileName = $_FILES["file"]["name"];
84
+ } else {
85
+ $fileName = uniqid("file_");
86
+ }
87
+
88
+ $filePath = $targetDir . DIRECTORY_SEPARATOR . $fileName;
89
+
90
+ // Chunking might be enabled
91
+ $chunk = isset($_REQUEST["chunk"]) ? intval($_REQUEST["chunk"]) : 0;
92
+ $chunks = isset($_REQUEST["chunks"]) ? intval($_REQUEST["chunks"]) : 0;
93
+
94
+
95
+ // Remove old temp files
96
+ if ($cleanupTargetDir) {
97
+ if (!is_dir($targetDir) || !$dir = opendir($targetDir)) {
98
+ die('{"jsonrpc" : "2.0", "error" : {"code": 100, "message": "Failed to open temp directory."}, "id" : "id"}');
99
+ }
100
+
101
+ while (($file = readdir($dir)) !== false) {
102
+
103
+ $tmpfilePath = $targetDir . DIRECTORY_SEPARATOR . $file;
104
+
105
+ // If temp file is current file proceed to the next
106
+ if ($tmpfilePath == "{$filePath}.part") {
107
+
108
+ continue;
109
+ }
110
+
111
+ // Remove temp file if it is older than the max age and is not the current file
112
+ if (preg_match('/\.part$/', $file) && (filemtime($tmpfilePath) < time() - $maxFileAge)) {
113
+ @unlink($tmpfilePath);
114
+ }
115
+ }
116
+ closedir($dir);
117
+ }
118
+
119
+
120
+ // Open temp file
121
+ if (!$out = @fopen("{$filePath}.part", $chunks ? "ab" : "wb")) {
122
+ die('{"jsonrpc" : "2.0", "error" : {"code": 102, "message": "Failed to open output stream."}, "id" : "id"}');
123
+ }
124
+ if (!empty($_FILES)) {
125
+ if ($_FILES["file"]["error"] || !is_uploaded_file($_FILES["file"]["tmp_name"])) {
126
+ die('{"jsonrpc" : "2.0", "error" : {"code": 103, "message": "Failed to move uploaded file."}, "id" : "id"}');
127
+ }
128
+
129
+ // Read binary input stream and append it to temp file
130
+ if (!$in = @fopen($_FILES["file"]["tmp_name"], "rb")) {
131
+ die('{"jsonrpc" : "2.0", "error" : {"code": 101, "message": "Failed to open input stream."}, "id" : "id"}');
132
+ }
133
+ } else {
134
+ if (!$in = @fopen("php://input", "rb")) {
135
+ die('{"jsonrpc" : "2.0", "error" : {"code": 101, "message": "Failed to open input stream."}, "id" : "id"}');
136
+ }
137
+ }
138
+
139
+ while ($buff = fread($in, 4096)) {
140
+ fwrite($out, $buff);
141
+ }
142
+
143
+ @fclose($out);
144
+ @fclose($in);
145
+
146
+ // Check if file has been uploaded
147
+ if (!$chunks || $chunk == $chunks - 1) {
148
+ // Strip the temp .part suffix off
149
+ rename("{$filePath}.part", $filePath);
150
+ }
151
+
152
+ // Return Success JSON-RPC response
153
+ die('{"jsonrpc" : "2.0", "result" : null, "id" : "id"}');
154
+ }
155
+ }
156
+ ?>
readme.txt CHANGED
@@ -1,9 +1,9 @@
1
  === Gallery Bank ===
2
- Contributors: Gallery-Bank,contact-banker
3
  Tags: admin, AJAX, album, albums, best gallery plugin, best portfolio plugin, comments, easy media gallery, filterable gallery, filterable portfolio, flash, foto, fotoalbum, gallery, gallery album, gallery bank, gallery image, gallery wordpress plugin, grid gallery, image, image album, image slider, images, lightbox, links, media, modal, multiple pictures, nextgen, page, pagination gallery, pagination portfolio, photo, photo album, photo albums, photo gallery, Photo Slider, photoalbum, photogallery, photos, picture, pictures, plugin, portfolio, portfolio gallery, portfolio wordpress plugin, Post, posts, responsive gallery, seo image, sidebar, slideshow, thumbnails, videos, website gallery, widget, wordpress gallery plugin, wordpress portfolio plugin, wp gallery, wp gallery plugin
4
  Requires at least: 3.3
5
  Tested up to: 3.9.1
6
- Stable tag: 3.0.34
7
  License: GPLv3 or later
8
  License URI: http://www.gnu.org/licenses/gpl-3.0.html
9
 
@@ -48,7 +48,7 @@ It provides a powerful engine for uploading and managing galleries of images & v
48
 
49
  Gallery Bank is designed to adapt each portfolio to any situation and can be easily used on mobiles as it is a Responsive Plugin.
50
 
51
- ***June 3, 2014: We're happy to announce that Gallery Bank reached 133,300+ plugin downloads in only 12 months. We frequently receive positive feedback from people using our Gallery Bank Plugin for WordPress. Thanks so much for your support!***
52
 
53
  <a href="http://tech-banker.com/forum/gallery-bank-support/" target="_blank">Support Desk - feel free to ask your Queries</a>
54
 
@@ -483,6 +483,10 @@ is False in shortcode.
483
 
484
  == Changelog ==
485
 
 
 
 
 
486
  = 3.0.34 =
487
 
488
  * Bugs Fixed Related to Set as Album
1
  === Gallery Bank ===
2
+ Contributors: contact-banker,Gallery-Bank
3
  Tags: admin, AJAX, album, albums, best gallery plugin, best portfolio plugin, comments, easy media gallery, filterable gallery, filterable portfolio, flash, foto, fotoalbum, gallery, gallery album, gallery bank, gallery image, gallery wordpress plugin, grid gallery, image, image album, image slider, images, lightbox, links, media, modal, multiple pictures, nextgen, page, pagination gallery, pagination portfolio, photo, photo album, photo albums, photo gallery, Photo Slider, photoalbum, photogallery, photos, picture, pictures, plugin, portfolio, portfolio gallery, portfolio wordpress plugin, Post, posts, responsive gallery, seo image, sidebar, slideshow, thumbnails, videos, website gallery, widget, wordpress gallery plugin, wordpress portfolio plugin, wp gallery, wp gallery plugin
4
  Requires at least: 3.3
5
  Tested up to: 3.9.1
6
+ Stable tag: 3.0.35
7
  License: GPLv3 or later
8
  License URI: http://www.gnu.org/licenses/gpl-3.0.html
9
 
48
 
49
  Gallery Bank is designed to adapt each portfolio to any situation and can be easily used on mobiles as it is a Responsive Plugin.
50
 
51
+ ***June 5, 2014: We're happy to announce that Gallery Bank reached 134,400+ plugin downloads in only 12 months. We frequently receive positive feedback from people using our Gallery Bank Plugin for WordPress. Thanks so much for your support!***
52
 
53
  <a href="http://tech-banker.com/forum/gallery-bank-support/" target="_blank">Support Desk - feel free to ask your Queries</a>
54
 
483
 
484
  == Changelog ==
485
 
486
+ = 3.0.35 =
487
+
488
+ * Major Security Bug Fixed related to Upload.php file
489
+
490
  = 3.0.34 =
491
 
492
  * Bugs Fixed Related to Set as Album
upload.php DELETED
@@ -1,125 +0,0 @@
1
- <?php
2
- /**
3
- * upload.php
4
- *
5
- * Copyright 2013, Moxiecode Systems AB
6
- * Released under GPL License.
7
- *
8
- * License: http://www.plupload.com/license
9
- * Contributing: http://www.plupload.com/contributing
10
- */
11
-
12
- #!! IMPORTANT:
13
- #!! this file is just an example, it doesn't incorporate any security checks and
14
- #!! is not recommended to be used in production environment as it is. Be sure to
15
- #!! revise it and customize to your needs.
16
-
17
-
18
- // Make sure file is not cached (as it happens for example on iOS devices)
19
- header("Expires: Mon, 26 Jul 1997 05:00:00 GMT");
20
- header("Last-Modified: " . gmdate("D, d M Y H:i:s") . " GMT");
21
- header("Cache-Control: no-store, no-cache, must-revalidate");
22
- header("Cache-Control: post-check=0, pre-check=0", false);
23
- header("Pragma: no-cache");
24
-
25
- /*
26
- // Support CORS
27
- header("Access-Control-Allow-Origin: *");
28
- // other CORS headers if any...
29
- if ($_SERVER['REQUEST_METHOD'] == 'OPTIONS') {
30
- exit; // finish preflight CORS requests here
31
- }
32
- */
33
-
34
- // 5 minutes execution time
35
- @set_time_limit(5 * 60);
36
-
37
- // Uncomment this one to fake upload time
38
- // usleep(5000);
39
-
40
- // Settings
41
- $targetDir = (dirname(dirname(dirname(__FILE__)))) . "/gallery-bank/gallery-uploads/";
42
- $cleanupTargetDir = true; // Remove old files
43
- $maxFileAge = 5 * 3600; // Temp file age in seconds
44
-
45
-
46
- // Create target dir
47
- if (!file_exists($targetDir)) {
48
- @mkdir($targetDir);
49
- }
50
-
51
- // Get a file name
52
- if (isset($_REQUEST["name"])) {
53
- $fileName = $_REQUEST["name"];
54
- } elseif (!empty($_FILES)) {
55
- $fileName = $_FILES["file"]["name"];
56
- } else {
57
- $fileName = uniqid("file_");
58
- }
59
-
60
- $filePath = $targetDir . DIRECTORY_SEPARATOR . $fileName;
61
-
62
- // Chunking might be enabled
63
- $chunk = isset($_REQUEST["chunk"]) ? intval($_REQUEST["chunk"]) : 0;
64
- $chunks = isset($_REQUEST["chunks"]) ? intval($_REQUEST["chunks"]) : 0;
65
-
66
-
67
- // Remove old temp files
68
- if ($cleanupTargetDir) {
69
- if (!is_dir($targetDir) || !$dir = opendir($targetDir)) {
70
- die('{"jsonrpc" : "2.0", "error" : {"code": 100, "message": "Failed to open temp directory."}, "id" : "id"}');
71
- }
72
-
73
- while (($file = readdir($dir)) !== false) {
74
-
75
- $tmpfilePath = $targetDir . DIRECTORY_SEPARATOR . $file;
76
-
77
- // If temp file is current file proceed to the next
78
- if ($tmpfilePath == "{$filePath}.part") {
79
-
80
- continue;
81
- }
82
-
83
- // Remove temp file if it is older than the max age and is not the current file
84
- if (preg_match('/\.part$/', $file) && (filemtime($tmpfilePath) < time() - $maxFileAge)) {
85
- @unlink($tmpfilePath);
86
- }
87
- }
88
- closedir($dir);
89
- }
90
-
91
-
92
- // Open temp file
93
- if (!$out = @fopen("{$filePath}.part", $chunks ? "ab" : "wb")) {
94
- die('{"jsonrpc" : "2.0", "error" : {"code": 102, "message": "Failed to open output stream."}, "id" : "id"}');
95
- }
96
- if (!empty($_FILES)) {
97
- if ($_FILES["file"]["error"] || !is_uploaded_file($_FILES["file"]["tmp_name"])) {
98
- die('{"jsonrpc" : "2.0", "error" : {"code": 103, "message": "Failed to move uploaded file."}, "id" : "id"}');
99
- }
100
-
101
- // Read binary input stream and append it to temp file
102
- if (!$in = @fopen($_FILES["file"]["tmp_name"], "rb")) {
103
- die('{"jsonrpc" : "2.0", "error" : {"code": 101, "message": "Failed to open input stream."}, "id" : "id"}');
104
- }
105
- } else {
106
- if (!$in = @fopen("php://input", "rb")) {
107
- die('{"jsonrpc" : "2.0", "error" : {"code": 101, "message": "Failed to open input stream."}, "id" : "id"}');
108
- }
109
- }
110
-
111
- while ($buff = fread($in, 4096)) {
112
- fwrite($out, $buff);
113
- }
114
-
115
- @fclose($out);
116
- @fclose($in);
117
-
118
- // Check if file has been uploaded
119
- if (!$chunks || $chunk == $chunks - 1) {
120
- // Strip the temp .part suffix off
121
- rename("{$filePath}.part", $filePath);
122
- }
123
-
124
- // Return Success JSON-RPC response
125
- die('{"jsonrpc" : "2.0", "result" : null, "id" : "id"}');
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
views/edit-album.php CHANGED
@@ -491,7 +491,7 @@ if (count($album_css) != 0)
491
  jQuery("#edit_image_uploader").pluploadQueue
492
  ({
493
  runtimes: "html5,flash,silverlight,html4",
494
- url: url + "/upload.php",
495
  chunk_size: "1mb",
496
  filters: {
497
  max_file_size: "100mb",
491
  jQuery("#edit_image_uploader").pluploadQueue
492
  ({
493
  runtimes: "html5,flash,silverlight,html4",
494
+ url: ajaxurl + "?param=upload_pic&action=upload_library",
495
  chunk_size: "1mb",
496
  filters: {
497
  max_file_size: "100mb",