NextCellent Gallery – NextGEN Legacy - Version 1.9.32.fix-2

Version Description

Download this release

Release Info

Developer WPReady
Plugin Icon NextCellent Gallery – NextGEN Legacy
Version 1.9.32.fix-2
Comparing to
See all releases

Code changes from version 1.9.32.fix to 1.9.32.fix-2

Files changed (15) hide show
  1. admin/ajax.php +6 -5
  2. admin/class-ngg-adder.php +5 -2
  3. admin/class-ngg-album-manager.php +4 -4
  4. admin/class-ngg-options.php +2 -2
  5. admin/class-ngg-roles.php +9 -9
  6. admin/class-ngg-style.php +6 -6
  7. admin/class-ngg-tag-manager.php +9 -9
  8. admin/manage/class-ngg-abstract-image-manager.php +6 -6
  9. admin/manage/class-ngg-manager.php +2 -2
  10. admin/media-upload.php +1 -1
  11. admin/wpmu.php +1 -1
  12. ngg-config.php +5 -2
  13. nggallery.php +2 -2
  14. nggshow.php +1 -0
  15. readme.txt +12 -13
admin/ajax.php CHANGED
@@ -33,7 +33,8 @@ function ngg_ajax_operation() {
33
  // let's get the image data
34
  $picture = nggdb::find_image( $id );
35
  // what do you want to do ?
36
- switch ( $_POST['operation'] ) {
 
37
  case 'create_thumbnail' :
38
  if ( isset( $_POST['width'] ) && isset( $_POST['height'] ) ) {
39
  if ( isset( $_POST['fix'] ) ) {
@@ -41,14 +42,14 @@ function ngg_ajax_operation() {
41
  } else {
42
  $fix = null;
43
  }
44
- $result = nggAdmin::create_thumbnail( $picture, (int) $_POST['width'], $_POST['height'], $fix );
45
  } else {
46
  $result = nggAdmin::create_thumbnail( $picture );
47
  }
48
  break;
49
  case 'resize_image' :
50
  if ( isset( $_POST['width'] ) && isset( $_POST['height'] ) ) {
51
- $result = nggAdmin::resize_image( $picture, (int) $_POST['width'], $_POST['height'] );
52
  } else {
53
  $result = nggAdmin::resize_image( $picture );
54
  }
@@ -74,7 +75,7 @@ function ngg_ajax_operation() {
74
  $result = nggAdmin::get_image_ids( $id );
75
  break;
76
  default :
77
- do_action( 'ngg_ajax_' . $_POST['operation'] );
78
  die( '-1' );
79
  break;
80
  }
@@ -390,7 +391,7 @@ function ngg_ajax_rebuild_unique_slugs() {
390
  if ( !current_user_can('NextGEN Change options') )
391
  die('No access');
392
 
393
- $action = $_POST['_action'];
394
  $offset = (int) $_POST['offset'];
395
 
396
  switch ($action) {
33
  // let's get the image data
34
  $picture = nggdb::find_image( $id );
35
  // what do you want to do ?
36
+ $operation = sanitize_title($_POST['operation']);
37
+ switch ( $operation ) {
38
  case 'create_thumbnail' :
39
  if ( isset( $_POST['width'] ) && isset( $_POST['height'] ) ) {
40
  if ( isset( $_POST['fix'] ) ) {
42
  } else {
43
  $fix = null;
44
  }
45
+ $result = nggAdmin::create_thumbnail( $picture, (int) $_POST['width'],(int) $_POST['height'], $fix );
46
  } else {
47
  $result = nggAdmin::create_thumbnail( $picture );
48
  }
49
  break;
50
  case 'resize_image' :
51
  if ( isset( $_POST['width'] ) && isset( $_POST['height'] ) ) {
52
+ $result = nggAdmin::resize_image( $picture, (int) $_POST['width'], (int) $_POST['height'] );
53
  } else {
54
  $result = nggAdmin::resize_image( $picture );
55
  }
75
  $result = nggAdmin::get_image_ids( $id );
76
  break;
77
  default :
78
+ do_action( 'ngg_ajax_' . sanitize_text_field($_POST['operation']) );
79
  die( '-1' );
80
  break;
81
  }
391
  if ( !current_user_can('NextGEN Change options') )
392
  die('No access');
393
 
394
+ $action = sanitize_text_field($_POST['_action']);
395
  $offset = (int) $_POST['offset'];
396
 
397
  switch ($action) {
admin/class-ngg-adder.php CHANGED
@@ -55,6 +55,7 @@ class NGG_Adder extends NGG_Post_Admin_Page {
55
  }
56
  }
57
 
 
58
  if ( isset( $_POST['importfolder'] ) ) {
59
  check_admin_referer( 'ngg_addgallery' );
60
 
@@ -67,6 +68,7 @@ class NGG_Adder extends NGG_Post_Admin_Page {
67
  nggAdmin::import_gallery( $galleryfolder );
68
  }
69
  }
 
70
 
71
  if ( isset( $_POST['uploadimage'] ) ) {
72
  check_admin_referer( 'ngg_addgallery' );
@@ -84,10 +86,10 @@ class NGG_Adder extends NGG_Post_Admin_Page {
84
  }
85
 
86
  if ( isset( $_POST['swf_callback'] ) ) {
87
- if ( $_POST['galleryselect'] == '0' ) {
88
  nggGallery::show_error( __( 'You didn\'t select a gallery!', 'nggallery' ) );
89
  } else {
90
- if ( $_POST['swf_callback'] == '-1' ) {
91
  nggGallery::show_error( __( 'Upload failed!', 'nggallery' ) );
92
  } else {
93
  $gallery = $nggdb->find_gallery( (int) $_POST['galleryselect'] );
@@ -361,6 +363,7 @@ class NGG_Adder extends NGG_Post_Admin_Page {
361
  * Create array for tabs and add a filter for other plugins to inject more tabs
362
  *
363
  * @return array $tabs
 
364
  */
365
  private function tabs_order($args) {
366
 
55
  }
56
  }
57
 
58
+ /* 20170702: Import folder suppressed due exploit. This needs to be redone.
59
  if ( isset( $_POST['importfolder'] ) ) {
60
  check_admin_referer( 'ngg_addgallery' );
61
 
68
  nggAdmin::import_gallery( $galleryfolder );
69
  }
70
  }
71
+ */
72
 
73
  if ( isset( $_POST['uploadimage'] ) ) {
74
  check_admin_referer( 'ngg_addgallery' );
86
  }
87
 
88
  if ( isset( $_POST['swf_callback'] ) ) {
89
+ if ( (int) $_POST['galleryselect'] == 0 ) {
90
  nggGallery::show_error( __( 'You didn\'t select a gallery!', 'nggallery' ) );
91
  } else {
92
+ if ( (int) $_POST['swf_callback'] == -1 ) {
93
  nggGallery::show_error( __( 'Upload failed!', 'nggallery' ) );
94
  } else {
95
  $gallery = $nggdb->find_gallery( (int) $_POST['galleryselect'] );
363
  * Create array for tabs and add a filter for other plugins to inject more tabs
364
  *
365
  * @return array $tabs
366
+ * 20170702: suppressed tab Import Folder in this version due vulnerability
367
  */
368
  private function tabs_order($args) {
369
 
admin/class-ngg-album-manager.php CHANGED
@@ -82,7 +82,7 @@ class NGG_Album_Manager implements NGG_Displayable {
82
  wp_die( __( 'Cheatin’ uh?' ) );
83
  }
84
 
85
- $result = nggdb::add_album( $_POST['newalbum'] );
86
  $this->currentID = ( $result ) ? $result : 0;
87
 
88
  //hook for other plugins
@@ -143,13 +143,13 @@ class NGG_Album_Manager implements NGG_Displayable {
143
  wp_die( __( 'Cheatin’ uh?' ) );
144
  }
145
 
146
- $name = $_POST['album_name'];
147
- $desc = $_POST['album_desc'];
148
  $prev = (int) $_POST['previewpic'];
149
  $link = (int) $_POST['pageid'];
150
 
151
  // slug must be unique, we use the title for that
152
- $slug = nggdb::get_unique_slug( sanitize_title( $name ), 'album', $this->currentID );
153
 
154
  $result = $wpdb->query( $wpdb->prepare( "UPDATE $wpdb->nggalbum SET slug= '%s', name= '%s', albumdesc= '%s', previewpic= %d, pageid= %d WHERE id = '%d'",
155
  $slug, $name, $desc, $prev, $link, $this->currentID ) );
82
  wp_die( __( 'Cheatin’ uh?' ) );
83
  }
84
 
85
+ $result = nggdb::add_album( sanitize_text_field($_POST['newalbum']) );
86
  $this->currentID = ( $result ) ? $result : 0;
87
 
88
  //hook for other plugins
143
  wp_die( __( 'Cheatin’ uh?' ) );
144
  }
145
 
146
+ $name = sanitize_title($_POST['album_name']);
147
+ $desc = sanitize_title($_POST['album_desc']);
148
  $prev = (int) $_POST['previewpic'];
149
  $link = (int) $_POST['pageid'];
150
 
151
  // slug must be unique, we use the title for that
152
+ $slug = nggdb::get_unique_slug( $name , 'album', $this->currentID );
153
 
154
  $result = $wpdb->query( $wpdb->prepare( "UPDATE $wpdb->nggalbum SET slug= '%s', name= '%s', albumdesc= '%s', previewpic= %d, pageid= %d WHERE id = '%d'",
155
  $slug, $name, $desc, $prev, $link, $this->currentID ) );
admin/class-ngg-options.php CHANGED
@@ -45,7 +45,7 @@ class NGG_Options extends NGG_Post_Admin_Page {
45
  check_admin_referer('ngg_settings');
46
  // get the hidden option fields, taken from WP core
47
  if ( $_POST['page_options'] ) {
48
- $options = explode( ',', stripslashes( $_POST['page_options'] ) );
49
  } else {
50
  $options = false;
51
  }
@@ -55,7 +55,7 @@ class NGG_Options extends NGG_Post_Admin_Page {
55
  $option = trim($option);
56
  $value = false;
57
  if ( isset( $_POST[ $option ] ) ) {
58
- $value = trim( $_POST[ $option ] );
59
  if ($value === "true") {
60
  $value = true;
61
  }
45
  check_admin_referer('ngg_settings');
46
  // get the hidden option fields, taken from WP core
47
  if ( $_POST['page_options'] ) {
48
+ $options = explode( ',', stripslashes( sanitize_title($_POST['page_options'] )) );
49
  } else {
50
  $options = false;
51
  }
55
  $option = trim($option);
56
  $value = false;
57
  if ( isset( $_POST[ $option ] ) ) {
58
+ $value = sanitize_title( $_POST[ $option ] );
59
  if ($value === "true") {
60
  $value = true;
61
  }
admin/class-ngg-roles.php CHANGED
@@ -69,15 +69,15 @@ class NGG_Roles extends NGG_Post_Admin_Page {
69
  check_admin_referer('ngg_addroles');
70
 
71
  // now set or remove the capability
72
- $this->ngg_set_capability($_POST['general'],"NextGEN Gallery overview");
73
- $this->ngg_set_capability($_POST['tinymce'],"NextGEN Use TinyMCE");
74
- $this->ngg_set_capability($_POST['add_gallery'],"NextGEN Upload images");
75
- $this->ngg_set_capability($_POST['manage_gallery'],"NextGEN Manage gallery");
76
- $this->ngg_set_capability($_POST['manage_others'],"NextGEN Manage others gallery");
77
- $this->ngg_set_capability($_POST['manage_tags'],"NextGEN Manage tags");
78
- $this->ngg_set_capability($_POST['edit_album'],"NextGEN Edit album");
79
- $this->ngg_set_capability($_POST['change_style'],"NextGEN Change style");
80
- $this->ngg_set_capability($_POST['change_options'],"NextGEN Change options");
81
 
82
  nggGallery::show_message(__('Updated capabilities',"nggallery"));
83
  }
69
  check_admin_referer('ngg_addroles');
70
 
71
  // now set or remove the capability
72
+ $this->ngg_set_capability(sanitize_title($_POST['general']),"NextGEN Gallery overview");
73
+ $this->ngg_set_capability(sanitize_title($_POST['tinymce']),"NextGEN Use TinyMCE");
74
+ $this->ngg_set_capability(sanitize_title($_POST['add_gallery']),"NextGEN Upload images");
75
+ $this->ngg_set_capability(sanitize_title($_POST['manage_gallery']),"NextGEN Manage gallery");
76
+ $this->ngg_set_capability(sanitize_title($_POST['manage_others']),"NextGEN Manage others gallery");
77
+ $this->ngg_set_capability(sanitize_title($_POST['manage_tags']),"NextGEN Manage tags");
78
+ $this->ngg_set_capability(sanitize_title($_POST['edit_album']),"NextGEN Edit album");
79
+ $this->ngg_set_capability(sanitize_title($_POST['change_style']),"NextGEN Change style");
80
+ $this->ngg_set_capability(sanitize_title($_POST['change_options']),"NextGEN Change options");
81
 
82
  nggGallery::show_message(__('Updated capabilities',"nggallery"));
83
  }
admin/class-ngg-style.php CHANGED
@@ -106,9 +106,9 @@ class NGG_Style extends NGG_Post_Admin_Page {
106
 
107
  if ( isset( $_POST['activate'] ) ) {
108
  check_admin_referer('ngg_style');
109
- $file = $_POST['css'];
110
- $activate = $_POST['activateCSS'];
111
-
112
  // save option now
113
  $ngg->options['activateCSS'] = $activate;
114
  $ngg->options['CSSfile'] = $file;
@@ -129,8 +129,8 @@ class NGG_Style extends NGG_Post_Admin_Page {
129
  {wp_die('<p>'.__('You do not have sufficient permissions to edit templates for this blog.').'</p>');}
130
 
131
  $newcontent = stripslashes($_POST['newcontent']);
132
- $old_path = $_POST['file'];
133
- $folder = $_POST['folder'];
134
 
135
  //if the file is in the css folder, copy it.
136
  if ($folder === 'css') {
@@ -168,7 +168,7 @@ class NGG_Style extends NGG_Post_Admin_Page {
168
  if ( !current_user_can('edit_themes') )
169
  {wp_die('<p>'.__('You do not have sufficient permissions to edit templates for this blog.').'</p>');}
170
 
171
- $old_path = $_POST['oldpath'];
172
  $new_path = NGG_CONTENT_DIR . "/ngg_styles/nggallery.css";
173
 
174
  //check for duplicate files
106
 
107
  if ( isset( $_POST['activate'] ) ) {
108
  check_admin_referer('ngg_style');
109
+ $file = sanitize_text_field($_POST['css']);
110
+ $activate = sanitize_text_field($_POST['activateCSS']);
111
+
112
  // save option now
113
  $ngg->options['activateCSS'] = $activate;
114
  $ngg->options['CSSfile'] = $file;
129
  {wp_die('<p>'.__('You do not have sufficient permissions to edit templates for this blog.').'</p>');}
130
 
131
  $newcontent = stripslashes($_POST['newcontent']);
132
+ $old_path = sanitize_title($_POST['file']);
133
+ $folder = sanitize_title($_POST['folder']);
134
 
135
  //if the file is in the css folder, copy it.
136
  if ($folder === 'css') {
168
  if ( !current_user_can('edit_themes') )
169
  {wp_die('<p>'.__('You do not have sufficient permissions to edit templates for this blog.').'</p>');}
170
 
171
+ $old_path = sanitize_text_field($_POST['oldpath']);
172
  $new_path = NGG_CONTENT_DIR . "/ngg_styles/nggallery.css";
173
 
174
  //check for duplicate files
admin/class-ngg-tag-manager.php CHANGED
@@ -14,19 +14,19 @@ class NGG_Tag_Manager implements NGG_Displayable {
14
  $action_status = array('message' => '', 'status' => 'ok');
15
 
16
  if ( isset($_POST['tag_action']) ) {
17
-
18
  check_admin_referer('nggallery_admin_tags');
19
 
20
- if ( $_POST['tag_action'] == 'renametag' ) {
21
- $oldtag = (isset($_POST['renametag_old'])) ? $_POST['renametag_old'] : '';
22
- $newtag = (isset($_POST['renametag_new'])) ? $_POST['renametag_new'] : '';
23
  $action_status = nggTags::rename_tags( $oldtag, $newtag );
24
- } elseif ( $_POST['tag_action'] == 'deletetag' ) {
25
- $todelete = (isset($_POST['deletetag_name'])) ? $_POST['deletetag_name'] : '';
26
  $action_status = nggTags::delete_tags( $todelete );
27
- } elseif ( $_POST['tag_action'] == 'editslug' ) {
28
- $matchtag = (isset($_POST['tagname_match'])) ? $_POST['tagname_match'] : '';
29
- $newslug = (isset($_POST['tagslug_new'])) ? $_POST['tagslug_new'] : '';
30
  $action_status = nggTags::edit_tag_slug( $matchtag, $newslug );
31
  }
32
  }
14
  $action_status = array('message' => '', 'status' => 'ok');
15
 
16
  if ( isset($_POST['tag_action']) ) {
17
+ $tag_action = sanitize_text_field($_POST['tag_action']);
18
  check_admin_referer('nggallery_admin_tags');
19
 
20
+ if ($tag_action == 'renametag' ) {
21
+ $oldtag = (isset($_POST['renametag_old'])) ? sanitize_text_field($_POST['renametag_old']) : '';
22
+ $newtag = (isset($_POST['renametag_new'])) ? sanitize_text_field(['renametag_new']) : '';
23
  $action_status = nggTags::rename_tags( $oldtag, $newtag );
24
+ } elseif ( $tag_action == 'deletetag' ) {
25
+ $todelete = (isset($_POST['deletetag_name'])) ? sanitize_text_field($_POST['deletetag_name']) : '';
26
  $action_status = nggTags::delete_tags( $todelete );
27
+ } elseif ( $tag_action == 'editslug' ) {
28
+ $matchtag = (isset($_POST['tagname_match'])) ? sanitize_text_field($_POST['tagname_match']) : '';
29
+ $newslug = (isset($_POST['tagslug_new'])) ? sanitize_text_field($_POST['tagslug_new']) : '';
30
  $action_status = nggTags::edit_tag_slug( $matchtag, $newslug );
31
  }
32
  }
admin/manage/class-ngg-abstract-image-manager.php CHANGED
@@ -102,12 +102,12 @@ abstract class NGG_Abstract_Image_Manager extends NGG_Manager {
102
 
103
  //TODO:Error message when update failed
104
 
105
- $description = isset ( $_POST['description'] ) ? $_POST['description'] : array();
106
- $alttext = isset ( $_POST['alttext'] ) ? $_POST['alttext'] : array();
107
- $exclude = isset ( $_POST['exclude'] ) ? $_POST['exclude'] : false;
108
- $taglist = isset ( $_POST['tags'] ) ? $_POST['tags'] : false;
109
- $pictures = isset ( $_POST['pid'] ) ? $_POST['pid'] : false;
110
- $date = isset ( $_POST['date'] ) ? $_POST['date'] : "NOW()"; //Not sure if NOW() will work or not but in theory it should
111
 
112
  if ( is_array( $pictures ) ) {
113
  foreach ( $pictures as $pid ) {
102
 
103
  //TODO:Error message when update failed
104
 
105
+ $description = isset ( $_POST['description'] ) ? sanitize_text_field( $_POST['description']) : array();
106
+ $alttext = isset ( $_POST['alttext'] ) ? sanitize_text_field($_POST['alttext']) : array();
107
+ $exclude = isset ( $_POST['exclude'] ) ? sanitize_text_field($_POST['exclude']) : false;
108
+ $taglist = isset ( $_POST['tags'] ) ? sanitize_text_field($_POST['tags']) : false;
109
+ $pictures = isset ( $_POST['pid'] ) ? sanitize_text_field($_POST['pid']) : false;
110
+ $date = isset ( $_POST['date'] ) ? sanitize_text_field($_POST['date']) : "NOW()"; //Not sure if NOW() will work or not but in theory it should
111
 
112
  if ( is_array( $pictures ) ) {
113
  foreach ( $pictures as $pid ) {
admin/manage/class-ngg-manager.php CHANGED
@@ -474,8 +474,8 @@ abstract class NGG_Manager implements NGG_Displayable {
474
  return;
475
  }
476
 
477
- $a1 = $_POST['action'];
478
- $a2 = $_POST['action2'];
479
 
480
  if ( $a1 === "delete_gallery" || $a2 === "delete_gallery" ) {
481
  // Delete gallery
474
  return;
475
  }
476
 
477
+ $a1 = sanitize_text_field($_POST['action']);
478
+ $a2 = sanitize_text_field($_POST['action2']);
479
 
480
  if ( $a1 === "delete_gallery" || $a2 === "delete_gallery" ) {
481
  // Delete gallery
admin/media-upload.php CHANGED
@@ -22,7 +22,7 @@ function media_upload_nextgen() {
22
 
23
  // Generate TinyMCE HTML output
24
  if ( isset($_POST['send']) ) {
25
- $keys = array_keys($_POST['send']);
26
  $send_id = (int) array_shift($keys);
27
  $image = $_POST['image'][$send_id];
28
  $alttext = stripslashes( htmlspecialchars ($image['alttext'], ENT_QUOTES));
22
 
23
  // Generate TinyMCE HTML output
24
  if ( isset($_POST['send']) ) {
25
+ $keys = array_keys(sanitize_title($_POST['send']));
26
  $send_id = (int) array_shift($keys);
27
  $image = $_POST['image'][$send_id];
28
  $alttext = stripslashes( htmlspecialchars ($image['alttext'], ENT_QUOTES));
admin/wpmu.php CHANGED
@@ -22,7 +22,7 @@ if(preg_match('#' . basename(__FILE__) . '#', $_SERVER['PHP_SELF'])) { die('You
22
  $option = trim( $option );
23
  $value = false;
24
  if ( isset( $_POST[ $option ] ) ) {
25
- $value = trim( $_POST[ $option ] );
26
  if ( $value === "true" ) {
27
  $value = true;
28
  }
22
  $option = trim( $option );
23
  $value = false;
24
  if ( isset( $_POST[ $option ] ) ) {
25
+ $value = sanitize_text_field(trim( $_POST[ $option ] ));
26
  if ( $value === "true" ) {
27
  $value = true;
28
  }
ngg-config.php CHANGED
@@ -11,13 +11,15 @@
11
 
12
  /** Define the server path to the file wp-config here, if you placed WP-CONTENT outside the classic file structure */
13
 
 
14
  $path = ''; // It should be end with a trailing slash
 
15
 
16
  /** That's all, stop editing from here **/
17
-
18
  if ( !defined('WP_LOAD_PATH') ) {
19
 
20
- /** classic root path if wp-content and plugins is below wp-config.php */
21
  $classic_root = dirname(dirname(dirname(dirname(__FILE__)))) . '/' ;
22
 
23
  if (file_exists( $classic_root . 'wp-load.php') )
@@ -31,3 +33,4 @@ if ( !defined('WP_LOAD_PATH') ) {
31
 
32
  // let's load WordPress
33
  require_once( WP_LOAD_PATH . 'wp-load.php');
 
11
 
12
  /** Define the server path to the file wp-config here, if you placed WP-CONTENT outside the classic file structure */
13
 
14
+ /*
15
  $path = ''; // It should be end with a trailing slash
16
+ */
17
 
18
  /** That's all, stop editing from here **/
19
+ /*
20
  if ( !defined('WP_LOAD_PATH') ) {
21
 
22
+ //classic root path if wp-content and plugins is below wp-config.php
23
  $classic_root = dirname(dirname(dirname(dirname(__FILE__)))) . '/' ;
24
 
25
  if (file_exists( $classic_root . 'wp-load.php') )
33
 
34
  // let's load WordPress
35
  require_once( WP_LOAD_PATH . 'wp-load.php');
36
+ */
nggallery.php CHANGED
@@ -5,7 +5,7 @@ Plugin URI: http://www.wpgetready.com/nextcellent-gallery
5
  Description: A Photo Gallery for WordPress providing NextGEN legacy compatibility from version 1.9.13
6
  Author: WPGReady, Niknetniko based on Alex Rabe & PhotoCrati work.
7
  Author URI: http://www.wpgetready.com
8
- Version: 1.9.31
9
 
10
  Copyright (c) 2007-2011 by Alex Rabe & NextGEN DEV-Team
11
  Copyright (c) 2012 Photocrati Media
@@ -53,7 +53,7 @@ if (!class_exists('nggLoader')) {
53
  */
54
  class nggLoader {
55
 
56
- var $version = '1.9.31';
57
  var $dbversion = '1.8.3';
58
  var $minimum_WP = '4.0';
59
  var $options = '';
5
  Description: A Photo Gallery for WordPress providing NextGEN legacy compatibility from version 1.9.13
6
  Author: WPGReady, Niknetniko based on Alex Rabe & PhotoCrati work.
7
  Author URI: http://www.wpgetready.com
8
+ Version: 1.9.32
9
 
10
  Copyright (c) 2007-2011 by Alex Rabe & NextGEN DEV-Team
11
  Copyright (c) 2012 Photocrati Media
53
  */
54
  class nggLoader {
55
 
56
+ var $version = '1.9.32';
57
  var $dbversion = '1.8.3';
58
  var $minimum_WP = '4.0';
59
  var $options = '';
nggshow.php CHANGED
@@ -1,5 +1,6 @@
1
  <?php
2
  // Load wp-config
 
3
  if ( !defined('ABSPATH') )
4
  require_once( dirname(__FILE__) . '/ngg-config.php');
5
 
1
  <?php
2
  // Load wp-config
3
+
4
  if ( !defined('ABSPATH') )
5
  require_once( dirname(__FILE__) . '/ngg-config.php');
6
 
readme.txt CHANGED
@@ -8,21 +8,13 @@ License: GPLv2
8
 
9
  == Description ==
10
 
11
- = 1.9.31 - 2016-02-09 = Fixes for 1.9.30
12
 
13
- What's in it for you?
14
 
15
- * Added more help documentation
16
- * Fix Add new page button
17
- * Style improvement
18
- * Enable different size thumbnails only if the option is set
19
- * Wrong url fixed
20
- * Updated cropper library to the latest version
21
- * Fixed few things now working with several PHP versions.
22
- * Few css fixes
23
- * Update setting(s) class(es)
24
- * Several fixes
25
- ** All credits for Niko Strijbol **
26
 
27
  VERY IMPORTANT: Read ON!
28
  -----------------------
@@ -332,6 +324,13 @@ Yes, since we use Javascript rather than flash, NextCellent Gallery is compatibl
332
 
333
  == Changelog ==
334
 
 
 
 
 
 
 
 
335
  = 1.9.31 - 2016-02-09 = FIX
336
 
337
  * Added more help documentation
8
 
9
  == Description ==
10
 
11
+ = 19.32 - 2017-07-12 = Fixes for 1.9.30
12
 
13
+ What's in it for you?
14
 
15
+ * Fixed few vulnerabilities that turned the plugin down on the repository
16
+ * Disabled temporarily upload zip files when creating galleries for vulnerability reasons
17
+ * Enforced parameter checking in many places.
 
 
 
 
 
 
 
 
18
 
19
  VERY IMPORTANT: Read ON!
20
  -----------------------
324
 
325
  == Changelog ==
326
 
327
+ = 19.32 - 2017-07-12 = Vulnerability FIX
328
+
329
+ * Fixed few vulnerabilities that turned the plugin down on the repository
330
+ * Disabled temporarily upload zip files when creating galleries for vulnerability reasons
331
+ * Enforced parameter checking in many places.
332
+
333
+
334
  = 1.9.31 - 2016-02-09 = FIX
335
 
336
  * Added more help documentation