Version Description
- Major Security Bug Fixed related to Upload.php file
Download this release
Release Info
| Developer | Gallery-Bank |
| Plugin |  Gallery Bank: WordPress Photo Gallery Plugin |
| Version | 3.0.61 |
| Comparing to | |
| See all releases | |
Code changes from version 3.0.60 to 3.0.61
- gallery-bank.php +1 -1
- lib/gallery-bank-class.php +12 -1
- lib/upload.php +3 -3
- readme.txt +6 -2
gallery-bank.php
CHANGED
|
@@ -4,7 +4,7 @@
|
|
| 4 |
Plugin URI: http://tech-banker.com
|
| 5 |
Description: Gallery Bank is an easy to use Responsive WordPress Gallery Plugin for photos, videos, galleries and albums.
|
| 6 |
Author: Tech Banker
|
| 7 |
-
Version: 3.0.
|
| 8 |
Author URI: http://tech-banker.com
|
| 9 |
*/
|
| 10 |
////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
|
| 4 |
Plugin URI: http://tech-banker.com
|
| 5 |
Description: Gallery Bank is an easy to use Responsive WordPress Gallery Plugin for photos, videos, galleries and albums.
|
| 6 |
Author: Tech Banker
|
| 7 |
+
Version: 3.0.61
|
| 8 |
Author URI: http://tech-banker.com
|
| 9 |
*/
|
| 10 |
////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
|
lib/gallery-bank-class.php
CHANGED
|
@@ -265,7 +265,18 @@ if (isset($_REQUEST["action"])) {
|
|
| 265 |
$role = $wpdb->prefix . "capabilities";
|
| 266 |
$current_user->role = array_keys($current_user->$role);
|
| 267 |
$role = $current_user->role[0];
|
| 268 |
-
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 269 |
}
|
| 270 |
break;
|
| 271 |
}
|
| 265 |
$role = $wpdb->prefix . "capabilities";
|
| 266 |
$current_user->role = array_keys($current_user->$role);
|
| 267 |
$role = $current_user->role[0];
|
| 268 |
+
|
| 269 |
+
$fileName = esc_attr($_REQUEST["name"]);
|
| 270 |
+
$extension = explode(".", $fileName);
|
| 271 |
+
if($extension[1] == "jpg" || $extension[1] == "jpeg" || $extension[1] == "gif" || $extension[1] == "png" || $extension[1] == "JPG" || $extension[1] == "JPEG" || $extension[1] == "GIF" || $extension[1] == "PNG")
|
| 272 |
+
{
|
| 273 |
+
include_once GALLERY_BK_PLUGIN_DIR . "/lib/upload.php";
|
| 274 |
+
}
|
| 275 |
+
else
|
| 276 |
+
{
|
| 277 |
+
die();
|
| 278 |
+
}
|
| 279 |
+
|
| 280 |
}
|
| 281 |
break;
|
| 282 |
}
|
lib/upload.php
CHANGED
|
@@ -74,7 +74,7 @@ else
|
|
| 74 |
} else {
|
| 75 |
$fileName = uniqid("file_");
|
| 76 |
}
|
| 77 |
-
|
| 78 |
$filePath = $targetDir . DIRECTORY_SEPARATOR . $fileName;
|
| 79 |
|
| 80 |
// Chunking might be enabled
|
|
@@ -138,9 +138,9 @@ else
|
|
| 138 |
// Strip the temp .part suffix off
|
| 139 |
rename("{$filePath}.part", $filePath);
|
| 140 |
}
|
| 141 |
-
|
| 142 |
-
// Return Success JSON-RPC response
|
| 143 |
die('{"jsonrpc" : "2.0", "result" : null, "id" : "id"}');
|
|
|
|
|
|
|
| 144 |
}
|
| 145 |
}
|
| 146 |
?>
|
| 74 |
} else {
|
| 75 |
$fileName = uniqid("file_");
|
| 76 |
}
|
| 77 |
+
|
| 78 |
$filePath = $targetDir . DIRECTORY_SEPARATOR . $fileName;
|
| 79 |
|
| 80 |
// Chunking might be enabled
|
| 138 |
// Strip the temp .part suffix off
|
| 139 |
rename("{$filePath}.part", $filePath);
|
| 140 |
}
|
|
|
|
|
|
|
| 141 |
die('{"jsonrpc" : "2.0", "result" : null, "id" : "id"}');
|
| 142 |
+
// Return Success JSON-RPC response
|
| 143 |
+
|
| 144 |
}
|
| 145 |
}
|
| 146 |
?>
|
readme.txt
CHANGED
|
@@ -4,7 +4,7 @@ Donate link : http://tech-banker.com/gallery-bank/
|
|
| 4 |
Tags: admin, AJAX, album, albums, best gallery, best gallery plugin, best portfolio plugin, comments, easy media gallery, fancy gallery, filterable gallery, filterable portfolio, flash, foto, fotoalbum, gallery, gallery album, gallery bank, gallery image, Gallery Plugin, gallery wordpress plugin, google, grid gallery, html5 player, html5 video, html5-audio, image, image album, image slider, images, lightbox, links, media, modal, multiple pictures, nextgen, page, pagination gallery, pagination portfolio, photo, photo album, photo albums, photo gallery, Photo Slider, photoalbum, photogallery, photos, picture, pictures, plugin, plugin for gallery, plugin gallery, portfolio, portfolio gallery, portfolio wordpress plugin, Post, posts, responsive gallery, seo image, shortcode, sidebar, slideshow, thumbnail, thumbnails, twitter, videos, website gallery, widget, wordpress gallery plugin, wordpress portfolio plugin, wp gallery, wp gallery plugin
|
| 5 |
Requires at least: 3.3
|
| 6 |
Tested up to: 3.9.2
|
| 7 |
-
Stable tag: 3.0.
|
| 8 |
License: GPLv3 or later
|
| 9 |
License URI: http://www.gnu.org/licenses/gpl-3.0.html
|
| 10 |
|
|
@@ -52,7 +52,7 @@ It provides a powerful engine for uploading and managing galleries of images & v
|
|
| 52 |
|
| 53 |
Gallery Bank is designed to adapt each portfolio to any situation and can be easily used on mobiles as it is a Responsive Plugin.
|
| 54 |
|
| 55 |
-
***August 28, 2014: We're happy to announce that Gallery Bank reached 179,
|
| 56 |
|
| 57 |
<a href="http://tech-banker.com/forum/gallery-bank-support/" target="_blank">Support Desk - feel free to ask your Queries</a>
|
| 58 |
|
|
@@ -500,6 +500,10 @@ is False in shortcode.
|
|
| 500 |
|
| 501 |
== Changelog ==
|
| 502 |
|
|
|
|
|
|
|
|
|
|
|
|
|
| 503 |
= 3.0.60 =
|
| 504 |
|
| 505 |
* Few Bugs Fixed
|
| 4 |
Tags: admin, AJAX, album, albums, best gallery, best gallery plugin, best portfolio plugin, comments, easy media gallery, fancy gallery, filterable gallery, filterable portfolio, flash, foto, fotoalbum, gallery, gallery album, gallery bank, gallery image, Gallery Plugin, gallery wordpress plugin, google, grid gallery, html5 player, html5 video, html5-audio, image, image album, image slider, images, lightbox, links, media, modal, multiple pictures, nextgen, page, pagination gallery, pagination portfolio, photo, photo album, photo albums, photo gallery, Photo Slider, photoalbum, photogallery, photos, picture, pictures, plugin, plugin for gallery, plugin gallery, portfolio, portfolio gallery, portfolio wordpress plugin, Post, posts, responsive gallery, seo image, shortcode, sidebar, slideshow, thumbnail, thumbnails, twitter, videos, website gallery, widget, wordpress gallery plugin, wordpress portfolio plugin, wp gallery, wp gallery plugin
|
| 5 |
Requires at least: 3.3
|
| 6 |
Tested up to: 3.9.2
|
| 7 |
+
Stable tag: 3.0.61
|
| 8 |
License: GPLv3 or later
|
| 9 |
License URI: http://www.gnu.org/licenses/gpl-3.0.html
|
| 10 |
|
| 52 |
|
| 53 |
Gallery Bank is designed to adapt each portfolio to any situation and can be easily used on mobiles as it is a Responsive Plugin.
|
| 54 |
|
| 55 |
+
***August 28, 2014: We're happy to announce that Gallery Bank reached 179,400+ plugin downloads in only 1 year. We frequently receive positive feedback from people using our Gallery Bank Plugin for WordPress. Thanks so much for your support!***
|
| 56 |
|
| 57 |
<a href="http://tech-banker.com/forum/gallery-bank-support/" target="_blank">Support Desk - feel free to ask your Queries</a>
|
| 58 |
|
| 500 |
|
| 501 |
== Changelog ==
|
| 502 |
|
| 503 |
+
= 3.0.61 =
|
| 504 |
+
|
| 505 |
+
* Major Security Bug Fixed related to Upload.php file
|
| 506 |
+
|
| 507 |
= 3.0.60 =
|
| 508 |
|
| 509 |
* Few Bugs Fixed
|
