Version Description
- 26.10.2011 =
- Bugfix : Fixed security vulnerability (TXH to Alain Schneider)
Download this release
Release Info
| Developer | alexrabe |
| Plugin |  NextGEN Gallery – WordPress Gallery Plugin |
| Version | 1.8.4 |
| Comparing to | |
| See all releases | |
Code changes from version 1.8.3 to 1.8.4
- admin/manage.php +2 -2
- admin/tags.php +19 -16
- changelog.txt +3 -0
- nggallery.php +2 -2
- readme.txt +3 -0
admin/manage.php
CHANGED
|
@@ -20,8 +20,8 @@ class nggManageGallery {
|
|
| 20 |
$this->pid = (int) $_GET['pid'];
|
| 21 |
if( isset($_GET['mode']) )
|
| 22 |
$this->mode = trim ($_GET['mode']);
|
| 23 |
-
// Check for pagination request, avoid post process of other submit button
|
| 24 |
-
if ( isset($_POST['post_paged']) ) {
|
| 25 |
if ( $_GET['paged'] != $_POST['post_paged'] ) {
|
| 26 |
$_GET['paged'] = $_POST['post_paged'];
|
| 27 |
return;
|
| 20 |
$this->pid = (int) $_GET['pid'];
|
| 21 |
if( isset($_GET['mode']) )
|
| 22 |
$this->mode = trim ($_GET['mode']);
|
| 23 |
+
// Check for pagination request, avoid post process of other submit button, exclude search results
|
| 24 |
+
if ( isset($_POST['post_paged']) && !isset($_GET['s'] ) ) {
|
| 25 |
if ( $_GET['paged'] != $_POST['post_paged'] ) {
|
| 26 |
$_GET['paged'] = $_POST['post_paged'];
|
| 27 |
return;
|
admin/tags.php
CHANGED
|
@@ -9,7 +9,9 @@ if(preg_match('#' . basename(__FILE__) . '#', $_SERVER['PHP_SELF'])) { die('You
|
|
| 9 |
$action_status = array('message' => '', 'status' => 'ok');
|
| 10 |
|
| 11 |
if ( isset($_POST['tag_action']) ) {
|
| 12 |
-
|
|
|
|
|
|
|
| 13 |
if ( $_POST['tag_action'] == 'renametag' ) {
|
| 14 |
$oldtag = (isset($_POST['renametag_old'])) ? $_POST['renametag_old'] : '';
|
| 15 |
$newtag = (isset($_POST['renametag_new'])) ? $_POST['renametag_new'] : '';
|
|
@@ -25,13 +27,14 @@ if ( isset($_POST['tag_action']) ) {
|
|
| 25 |
}
|
| 26 |
|
| 27 |
// Som useful variables
|
| 28 |
-
$admin_base_url = admin_url() . 'admin.php?page=';
|
| 29 |
$nb_tags = 50; // Number of tags to show on a single page
|
| 30 |
|
| 31 |
// Manage URL
|
| 32 |
-
|
| 33 |
-
$
|
| 34 |
-
$
|
|
|
|
| 35 |
|
| 36 |
// Tags Filters
|
| 37 |
$order_array = array(
|
|
@@ -62,14 +65,14 @@ if ( !empty($_GET['search']) ) {
|
|
| 62 |
|
| 63 |
// Offset
|
| 64 |
if ( !empty($_GET['offset']) ) {
|
| 65 |
-
$param .= '&offset=' . $_GET['offset'];
|
| 66 |
}
|
| 67 |
|
| 68 |
// Navigation urls
|
| 69 |
if ( empty($_GET['offset']) ) {
|
| 70 |
$offset = 0;
|
| 71 |
} else {
|
| 72 |
-
$offset = $_GET['offset'];
|
| 73 |
}
|
| 74 |
|
| 75 |
$tag_count = (int)wp_count_terms('ngg_tag', 'ignore_empty=true');
|
|
@@ -110,9 +113,9 @@ if ($nb_tags < $tag_count && $offset>0) {
|
|
| 110 |
<form method="get">
|
| 111 |
<p>
|
| 112 |
<label for="search"><?php _e('Search tags', 'nggallery'); ?></label><br />
|
| 113 |
-
<input type="hidden" name="page" value="<?php echo esc_attr(stripslashes($_GET['page'])); ?>" />
|
| 114 |
<input type="hidden" name="tag_sortorder" value="<?php echo $sort_order; ?>" />
|
| 115 |
-
<input type="text" name="search" id="search" size="10" value="<?php if (isset($_GET['search'])) echo stripslashes($_GET['search']); ?>" />
|
| 116 |
<input class="button" type="submit" value="<?php _e('Go', 'nggallery'); ?>" />
|
| 117 |
</p>
|
| 118 |
</form>
|
|
@@ -122,7 +125,7 @@ if ($nb_tags < $tag_count && $offset>0) {
|
|
| 122 |
<?php
|
| 123 |
$output = array();
|
| 124 |
foreach( $order_array as $sort => $title ) {
|
| 125 |
-
$output[] = ($sort == $sort_order) ? '<span style="color: red;">'.$title.'</span>' : '<a href="'
|
| 126 |
}
|
| 127 |
echo implode('<br />', $output);
|
| 128 |
$output = array();
|
|
@@ -137,7 +140,7 @@ if ($nb_tags < $tag_count && $offset>0) {
|
|
| 137 |
foreach( $tags as $tag ) {
|
| 138 |
//TODO:Tag link should be call a list of images in manage gallery
|
| 139 |
//echo '<li><span>' . $tag->name . '</span> <a href="'.(ngg_get_tag_link( $tag->term_id )).'" title="'.sprintf(__('View all images tagged with %s', 'nggallery'), $tag->name).'">('.$tag->count.')</a></li>'."\n";
|
| 140 |
-
echo '<li><span>' . $tag->name . '</span> '.'('
|
| 141 |
|
| 142 |
}
|
| 143 |
unset($tags);
|
|
@@ -150,7 +153,7 @@ if ($nb_tags < $tag_count && $offset>0) {
|
|
| 150 |
<?php if ($prev_offset!='') { ?>
|
| 151 |
<form method="get" style="display: inline;">
|
| 152 |
<span>
|
| 153 |
-
<input type="hidden" name="page" value="<?php echo esc_attr(stripslashes($_GET['page'])); ?>" />
|
| 154 |
<input type="hidden" name="tag_sortorder" value="<?php echo $sort_order; ?>" />
|
| 155 |
<input type="hidden" name="offset" value="<?php echo $prev_offset; ?>" />
|
| 156 |
<input class="button" type="submit" value="« <?php _e('Previous tags', 'nggallery'); ?>" />
|
|
@@ -163,7 +166,7 @@ if ($nb_tags < $tag_count && $offset>0) {
|
|
| 163 |
<?php if ($next_offset!='') { ?>
|
| 164 |
<form method="get" style="display: inline;">
|
| 165 |
<span>
|
| 166 |
-
<input type="hidden" name="page" value="<?php echo esc_attr(stripslashes($_GET['page'])); ?>" />
|
| 167 |
<input type="hidden" name="tag_sortorder" value="<?php echo $sort_order; ?>" />
|
| 168 |
<input type="hidden" name="offset" value="<?php echo $next_offset; ?>" />
|
| 169 |
<input class="button" type="submit" value="<?php _e('Next tags', 'nggallery'); ?> »" />
|
|
@@ -181,7 +184,7 @@ if ($nb_tags < $tag_count && $offset>0) {
|
|
| 181 |
<h3><?php _e('Rename Tag', 'nggallery'); ?></h3>
|
| 182 |
<form action="<?php echo $action_url; ?>" method="post">
|
| 183 |
<input type="hidden" name="tag_action" value="renametag" />
|
| 184 |
-
|
| 185 |
|
| 186 |
<table class="form-table">
|
| 187 |
<tr valign="top">
|
|
@@ -207,7 +210,7 @@ if ($nb_tags < $tag_count && $offset>0) {
|
|
| 207 |
<h3><?php _e('Delete Tag', 'nggallery'); ?></h3>
|
| 208 |
<form action="<?php echo $action_url; ?>" method="post">
|
| 209 |
<input type="hidden" name="tag_action" value="deletetag" />
|
| 210 |
-
|
| 211 |
|
| 212 |
<table class="form-table">
|
| 213 |
<tr valign="top">
|
|
@@ -229,7 +232,7 @@ if ($nb_tags < $tag_count && $offset>0) {
|
|
| 229 |
<h3><?php _e('Edit Tag Slug', 'nggallery'); ?></h3>
|
| 230 |
<form action="<?php echo $action_url; ?>" method="post">
|
| 231 |
<input type="hidden" name="tag_action" value="editslug" />
|
| 232 |
-
|
| 233 |
|
| 234 |
<table class="form-table">
|
| 235 |
<tr valign="top">
|
| 9 |
$action_status = array('message' => '', 'status' => 'ok');
|
| 10 |
|
| 11 |
if ( isset($_POST['tag_action']) ) {
|
| 12 |
+
|
| 13 |
+
check_admin_referer('nggallery_admin_tags');
|
| 14 |
+
|
| 15 |
if ( $_POST['tag_action'] == 'renametag' ) {
|
| 16 |
$oldtag = (isset($_POST['renametag_old'])) ? $_POST['renametag_old'] : '';
|
| 17 |
$newtag = (isset($_POST['renametag_new'])) ? $_POST['renametag_new'] : '';
|
| 27 |
}
|
| 28 |
|
| 29 |
// Som useful variables
|
| 30 |
+
$admin_base_url = admin_url() . 'admin.php?page=nggallery-tags';
|
| 31 |
$nb_tags = 50; // Number of tags to show on a single page
|
| 32 |
|
| 33 |
// Manage URL
|
| 34 |
+
|
| 35 |
+
$sort_order = ( isset($_GET['tag_sortorder']) ) ? esc_attr( stripslashes($_GET['tag_sortorder']) ) : 'desc';
|
| 36 |
+
$search_url = ( isset($_GET['search']) ) ? '&search=' . esc_attr ( stripslashes($_GET['search']) ) : '';
|
| 37 |
+
$action_url = $admin_base_url . '&tag_sortorder=' . $sort_order. $search_url;
|
| 38 |
|
| 39 |
// Tags Filters
|
| 40 |
$order_array = array(
|
| 65 |
|
| 66 |
// Offset
|
| 67 |
if ( !empty($_GET['offset']) ) {
|
| 68 |
+
$param .= '&offset=' . intval( $_GET['offset'] );
|
| 69 |
}
|
| 70 |
|
| 71 |
// Navigation urls
|
| 72 |
if ( empty($_GET['offset']) ) {
|
| 73 |
$offset = 0;
|
| 74 |
} else {
|
| 75 |
+
$offset = intval( $_GET['offset'] );
|
| 76 |
}
|
| 77 |
|
| 78 |
$tag_count = (int)wp_count_terms('ngg_tag', 'ignore_empty=true');
|
| 113 |
<form method="get">
|
| 114 |
<p>
|
| 115 |
<label for="search"><?php _e('Search tags', 'nggallery'); ?></label><br />
|
| 116 |
+
<input type="hidden" name="page" value="<?php echo esc_attr( stripslashes($_GET['page']) ); ?>" />
|
| 117 |
<input type="hidden" name="tag_sortorder" value="<?php echo $sort_order; ?>" />
|
| 118 |
+
<input type="text" name="search" id="search" size="10" value="<?php if (isset($_GET['search'])) echo esc_attr( stripslashes($_GET['search']) ); ?>" />
|
| 119 |
<input class="button" type="submit" value="<?php _e('Go', 'nggallery'); ?>" />
|
| 120 |
</p>
|
| 121 |
</form>
|
| 125 |
<?php
|
| 126 |
$output = array();
|
| 127 |
foreach( $order_array as $sort => $title ) {
|
| 128 |
+
$output[] = ($sort == $sort_order) ? '<span style="color: red;">'.$title.'</span>' : '<a href="'. $admin_base_url . '&tag_sortorder=' . $sort . $search_url .'">'.$title.'</a>';
|
| 129 |
}
|
| 130 |
echo implode('<br />', $output);
|
| 131 |
$output = array();
|
| 140 |
foreach( $tags as $tag ) {
|
| 141 |
//TODO:Tag link should be call a list of images in manage gallery
|
| 142 |
//echo '<li><span>' . $tag->name . '</span> <a href="'.(ngg_get_tag_link( $tag->term_id )).'" title="'.sprintf(__('View all images tagged with %s', 'nggallery'), $tag->name).'">('.$tag->count.')</a></li>'."\n";
|
| 143 |
+
echo '<li><span>' . esc_html( $tag->name ). '</span> '.'('. esc_html( $tag->count ).')</li>'."\n";
|
| 144 |
|
| 145 |
}
|
| 146 |
unset($tags);
|
| 153 |
<?php if ($prev_offset!='') { ?>
|
| 154 |
<form method="get" style="display: inline;">
|
| 155 |
<span>
|
| 156 |
+
<input type="hidden" name="page" value="<?php echo esc_attr( stripslashes($_GET['page']) ); ?>" />
|
| 157 |
<input type="hidden" name="tag_sortorder" value="<?php echo $sort_order; ?>" />
|
| 158 |
<input type="hidden" name="offset" value="<?php echo $prev_offset; ?>" />
|
| 159 |
<input class="button" type="submit" value="« <?php _e('Previous tags', 'nggallery'); ?>" />
|
| 166 |
<?php if ($next_offset!='') { ?>
|
| 167 |
<form method="get" style="display: inline;">
|
| 168 |
<span>
|
| 169 |
+
<input type="hidden" name="page" value="<?php echo esc_attr( stripslashes($_GET['page']) ); ?>" />
|
| 170 |
<input type="hidden" name="tag_sortorder" value="<?php echo $sort_order; ?>" />
|
| 171 |
<input type="hidden" name="offset" value="<?php echo $next_offset; ?>" />
|
| 172 |
<input class="button" type="submit" value="<?php _e('Next tags', 'nggallery'); ?> »" />
|
| 184 |
<h3><?php _e('Rename Tag', 'nggallery'); ?></h3>
|
| 185 |
<form action="<?php echo $action_url; ?>" method="post">
|
| 186 |
<input type="hidden" name="tag_action" value="renametag" />
|
| 187 |
+
<?php wp_nonce_field('nggallery_admin_tags'); ?>
|
| 188 |
|
| 189 |
<table class="form-table">
|
| 190 |
<tr valign="top">
|
| 210 |
<h3><?php _e('Delete Tag', 'nggallery'); ?></h3>
|
| 211 |
<form action="<?php echo $action_url; ?>" method="post">
|
| 212 |
<input type="hidden" name="tag_action" value="deletetag" />
|
| 213 |
+
<?php wp_nonce_field('nggallery_admin_tags'); ?>
|
| 214 |
|
| 215 |
<table class="form-table">
|
| 216 |
<tr valign="top">
|
| 232 |
<h3><?php _e('Edit Tag Slug', 'nggallery'); ?></h3>
|
| 233 |
<form action="<?php echo $action_url; ?>" method="post">
|
| 234 |
<input type="hidden" name="tag_action" value="editslug" />
|
| 235 |
+
<?php wp_nonce_field('nggallery_admin_tags'); ?>
|
| 236 |
|
| 237 |
<table class="form-table">
|
| 238 |
<tr valign="top">
|
changelog.txt
CHANGED
|
@@ -6,6 +6,9 @@ by Alex Rabe & NextGEN DEV Team
|
|
| 6 |
* TODO : Switch to Plupload (http://www.plupload.com/) see also http://wordpress.org/extend/plugins/wplupload/
|
| 7 |
* TODO : Rework album page for large amount of galleries
|
| 8 |
|
|
|
|
|
|
|
|
|
|
| 9 |
= V1.8.3 - 07.08.2011 =
|
| 10 |
* Changed : Support for simple custom permalink structures (i.e. /%category%/%postname%/)
|
| 11 |
* Bugfix : Sub-Albums in Albums didn't create the correct link
|
| 6 |
* TODO : Switch to Plupload (http://www.plupload.com/) see also http://wordpress.org/extend/plugins/wplupload/
|
| 7 |
* TODO : Rework album page for large amount of galleries
|
| 8 |
|
| 9 |
+
= V1.8.4 - 26.10.2011 =
|
| 10 |
+
* Bugfix : Fixed security vulnerability (TXH to Alain Schneider)
|
| 11 |
+
|
| 12 |
= V1.8.3 - 07.08.2011 =
|
| 13 |
* Changed : Support for simple custom permalink structures (i.e. /%category%/%postname%/)
|
| 14 |
* Bugfix : Sub-Albums in Albums didn't create the correct link
|
nggallery.php
CHANGED
|
@@ -4,7 +4,7 @@ Plugin Name: NextGEN Gallery
|
|
| 4 |
Plugin URI: http://alexrabe.de/?page_id=80
|
| 5 |
Description: A NextGENeration Photo Gallery for WordPress
|
| 6 |
Author: Alex Rabe
|
| 7 |
-
Version: 1.8.
|
| 8 |
|
| 9 |
Author URI: http://alexrabe.de/
|
| 10 |
|
|
@@ -34,7 +34,7 @@ if(preg_match('#' . basename(__FILE__) . '#', $_SERVER['PHP_SELF'])) { die('You
|
|
| 34 |
if (!class_exists('nggLoader')) {
|
| 35 |
class nggLoader {
|
| 36 |
|
| 37 |
-
var $version = '1.8.
|
| 38 |
var $dbversion = '1.8.0';
|
| 39 |
var $minium_WP = '3.1';
|
| 40 |
var $donators = 'http://nextgen.boelinger.com/donators.php';
|
| 4 |
Plugin URI: http://alexrabe.de/?page_id=80
|
| 5 |
Description: A NextGENeration Photo Gallery for WordPress
|
| 6 |
Author: Alex Rabe
|
| 7 |
+
Version: 1.8.4
|
| 8 |
|
| 9 |
Author URI: http://alexrabe.de/
|
| 10 |
|
| 34 |
if (!class_exists('nggLoader')) {
|
| 35 |
class nggLoader {
|
| 36 |
|
| 37 |
+
var $version = '1.8.4';
|
| 38 |
var $dbversion = '1.8.0';
|
| 39 |
var $minium_WP = '3.1';
|
| 40 |
var $donators = 'http://nextgen.boelinger.com/donators.php';
|
readme.txt
CHANGED
|
@@ -130,6 +130,9 @@ To show the most recent added mages : **[recent max=x ]**
|
|
| 130 |
|
| 131 |
== Changelog ==
|
| 132 |
|
|
|
|
|
|
|
|
|
|
| 133 |
= V1.8.3 - 07.08.2011 =
|
| 134 |
* Changed : Support for simple custom permalink structures (i.e. /%category%/%postname%/)
|
| 135 |
* Bugfix : Sub-Albums in Albums didn't create the correct link
|
| 130 |
|
| 131 |
== Changelog ==
|
| 132 |
|
| 133 |
+
= V1.8.4 - 26.10.2011 =
|
| 134 |
+
* Bugfix : Fixed security vulnerability (TXH to Alain Schneider)
|
| 135 |
+
|
| 136 |
= V1.8.3 - 07.08.2011 =
|
| 137 |
* Changed : Support for simple custom permalink structures (i.e. /%category%/%postname%/)
|
| 138 |
* Bugfix : Sub-Albums in Albums didn't create the correct link
|
