Gallery Bank: WordPress Photo Gallery Plugin - Version 3.0.90

Version Description

  • Major security bug fixed regarding image uploader.
Download this release

Release Info

Developer Gallery-Bank
Plugin Icon 128x128 Gallery Bank: WordPress Photo Gallery Plugin
Version 3.0.90
Comparing to
See all releases

Code changes from version 3.0.89 to 3.0.90

gallery-bank.php CHANGED
@@ -4,7 +4,7 @@
4
  Plugin URI: http://tech-banker.com
5
  Description: Gallery Bank is an easy to use Responsive WordPress Gallery Plugin for photos, videos, galleries and albums.
6
  Author: Tech Banker
7
- Version: 3.0.89
8
  Author URI: http://tech-banker.com
9
  */
10
  ////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
4
  Plugin URI: http://tech-banker.com
5
  Description: Gallery Bank is an easy to use Responsive WordPress Gallery Plugin for photos, videos, galleries and albums.
6
  Author: Tech Banker
7
+ Version: 3.0.90
8
  Author URI: http://tech-banker.com
9
  */
10
  ////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
lib/gallery-bank-class.php CHANGED
@@ -386,29 +386,7 @@ if (isset($_REQUEST["action"])) {
386
  $current_user->role = array_keys($current_user->$gb_role);
387
  $gb_role = $current_user->role[0];
388
  }
389
- $filetype = $_REQUEST["file_type"];
390
- if($filetype == "image/jpeg" || $filetype == "image/jpg" || $filetype == "image/png" || $filetype == "image/gif" )
391
- {
392
- $file_name = $_REQUEST["file_name"];
393
- $extension = explode(".", $file_name);
394
- if(count($extension) == 2)
395
- {
396
- if($extension[1] == "jpg" || $extension[1] == "jpeg" || $extension[1] == "gif" || $extension[1] == "png" || $extension[1] == "JPG" || $extension[1] == "JPEG" || $extension[1] == "GIF" || $extension[1] == "PNG")
397
- {
398
- include_once GALLERY_BK_PLUGIN_DIR . "/lib/upload.php";
399
- }
400
- }
401
- else
402
- {
403
- die();
404
- }
405
-
406
- }
407
- else
408
- {
409
- die();
410
- }
411
-
412
  }
413
  break;
414
  }
386
  $current_user->role = array_keys($current_user->$gb_role);
387
  $gb_role = $current_user->role[0];
388
  }
389
+ include_once GALLERY_BK_PLUGIN_DIR . "/lib/upload.php";
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
390
  }
391
  break;
392
  }
lib/upload.php CHANGED
@@ -20,7 +20,7 @@ if (!current_user_can($user_role_permission))
20
  }
21
  else
22
  {
23
- if ($_REQUEST["param"] == "upload_pic")
24
  {
25
  /**
26
  * upload.php
20
  }
21
  else
22
  {
23
+ if ((wp_verify_nonce($_REQUEST["_nonce"], "manage_uploading")) && ($_REQUEST["param"] == "upload_pic"))
24
  {
25
  /**
26
  * upload.php
readme.txt CHANGED
@@ -3,7 +3,7 @@ Contributors: Gallery-Bank,contact-banker
3
  Tags: add album, add gallery, add picture, add pictures, admin, AJAX, album, best gallery, best gallery plugin, best image slider, best portfolio, bilder, comments, easy media gallery, fancy gallery, filterable gallery, filterable portfolio, foto, fotoalbum, galary, galerie, galerij, galery, gallary, Galleria, gallerie, gallery, gallery decription, gallery image, gallery lightbox, Gallery Plugin, gelary, gellary, gellery, google, grid gallery, html5 player, html5 video, html5-audio, image, image album, image gallery, image gallery plugin, image lightbox, image rotate, image slider, image slideshow, images, jquery, jquery gallery, jquery slider, jquery slideshow, lightbox, links, media gallery, multiple pictures, nextgen gallery, page, pagination gallery, pagination portfolio, photo, photo album, photo albums, photo gallery, Photo Slider, photoalbum, photogallery, photos, photoset, picture, pictures, plugin, plugin for gallery, plugin gallery, portfolio, portfolio gallery, portfolio plugin, Post, posts, responsive gallery, responsive image gallery, responsive slider, responsive slideshow, seo, seo image, shortcode, sidebar, slide show, slideshow, thumbnail, twitter, upload images, upload photos, view images, view pictures, website gallery, widget, wordpress gallery plugin, wordpress portfolio plugin, wordpress seo, wp gallery, wp gallery plugin, wp slider
4
  Requires at least: 3.3
5
  Tested up to: 4.1
6
- Stable tag: 3.0.89
7
  License: GPLv3 or later
8
  License URI: http://www.gnu.org/licenses/gpl-3.0.html
9
 
@@ -487,6 +487,10 @@ is False in shortcode.
487
 
488
  == Changelog ==
489
 
 
 
 
 
490
  = 3.0.89 =
491
 
492
  * Pretty Photo lightbox license updated.
3
  Tags: add album, add gallery, add picture, add pictures, admin, AJAX, album, best gallery, best gallery plugin, best image slider, best portfolio, bilder, comments, easy media gallery, fancy gallery, filterable gallery, filterable portfolio, foto, fotoalbum, galary, galerie, galerij, galery, gallary, Galleria, gallerie, gallery, gallery decription, gallery image, gallery lightbox, Gallery Plugin, gelary, gellary, gellery, google, grid gallery, html5 player, html5 video, html5-audio, image, image album, image gallery, image gallery plugin, image lightbox, image rotate, image slider, image slideshow, images, jquery, jquery gallery, jquery slider, jquery slideshow, lightbox, links, media gallery, multiple pictures, nextgen gallery, page, pagination gallery, pagination portfolio, photo, photo album, photo albums, photo gallery, Photo Slider, photoalbum, photogallery, photos, photoset, picture, pictures, plugin, plugin for gallery, plugin gallery, portfolio, portfolio gallery, portfolio plugin, Post, posts, responsive gallery, responsive image gallery, responsive slider, responsive slideshow, seo, seo image, shortcode, sidebar, slide show, slideshow, thumbnail, twitter, upload images, upload photos, view images, view pictures, website gallery, widget, wordpress gallery plugin, wordpress portfolio plugin, wordpress seo, wp gallery, wp gallery plugin, wp slider
4
  Requires at least: 3.3
5
  Tested up to: 4.1
6
+ Stable tag: 3.0.90
7
  License: GPLv3 or later
8
  License URI: http://www.gnu.org/licenses/gpl-3.0.html
9
 
487
 
488
  == Changelog ==
489
 
490
+ = 3.0.90 =
491
+
492
+ * Major security bug fixed regarding image uploader.
493
+
494
  = 3.0.89 =
495
 
496
  * Pretty Photo lightbox license updated.
views/edit-album.php CHANGED
@@ -18,6 +18,7 @@
18
  }
19
  else
20
  {
 
21
  $album_id = intval($_REQUEST["album_id"]);
22
  $last_albums_id = $wpdb->get_var
23
  (
@@ -526,7 +527,7 @@
526
  jQuery("#edit_image_uploader").pluploadQueue
527
  ({
528
  runtimes: "html5,flash,silverlight,html4",
529
- url: ajaxurl + "?param=upload_pic&action=upload_library",
530
  chunk_size: "1mb",
531
  filters: {
532
  max_file_size: "100mb",
@@ -546,11 +547,6 @@
546
  },
547
  flash_swf_url: url + "Moxie.swf",
548
  silverlight_xap_url: url + "Moxie.xap",
549
- preinit : {
550
- UploadFile: function(up, file) {
551
- up.setOption('url', ajaxurl + "?file_type="+file.type+"&file_name="+file.name+"&param=upload_pic&action=upload_library");
552
- }
553
- },
554
  init: {
555
  FileUploaded: function (up, file) {
556
 
18
  }
19
  else
20
  {
21
+ $upload_photos = wp_create_nonce("manage_uploading");
22
  $album_id = intval($_REQUEST["album_id"]);
23
  $last_albums_id = $wpdb->get_var
24
  (
527
  jQuery("#edit_image_uploader").pluploadQueue
528
  ({
529
  runtimes: "html5,flash,silverlight,html4",
530
+ url: ajaxurl + "?param=upload_pic&action=upload_library&_nonce=<?php echo $upload_photos;?>",
531
  chunk_size: "1mb",
532
  filters: {
533
  max_file_size: "100mb",
547
  },
548
  flash_swf_url: url + "Moxie.swf",
549
  silverlight_xap_url: url + "Moxie.xap",
 
 
 
 
 
550
  init: {
551
  FileUploaded: function (up, file) {
552