NextGEN Gallery – WordPress Gallery Plugin

Version Description

09.09.2015 =
Secured: Image uploads
Fixed: Don't use esc_attr_e() to prevent translation issues
Fixed: Ensure that deleting a gallery doesn't delete anything it shouldn't
Fixed: get_gallery_abspath() should return NULL if the path doesn't exist

Release Info

Developer	photocrati
Plugin	NextGEN Gallery – WordPress Gallery Plugin
Version	2.1.15
Comparing to
See all releases

Code changes from version 2.1.10 to 2.1.15

Files changed (21) hide show

.hg_archival.txt +2 -2
.hgtags +9 -0
changelog.txt +6 -0
nggallery.php +2 -2
products/photocrati_nextgen/modules/attach_to_post/templates/accordion_tab.php +2 -2
products/photocrati_nextgen/modules/attach_to_post/templates/attach_to_post.php +1 -1
products/photocrati_nextgen/modules/attach_to_post/templates/no_display_type_selected.php +1 -1
products/photocrati_nextgen/modules/nextgen_admin/templates/accordion_tab.php +2 -2
products/photocrati_nextgen/modules/nextgen_admin/templates/admin_notice.php +1 -1
products/photocrati_nextgen/modules/nextgen_basic_album/templates/nextgen_basic_album_gallery_display_type.php +4 -4
products/photocrati_nextgen/modules/nextgen_basic_gallery/templates/slideshow/index.php +15 -15
products/photocrati_nextgen/modules/nextgen_basic_gallery/templates/thumbnails/index.php +2 -2
products/photocrati_nextgen/modules/nextgen_basic_templates/templates/nextgen_basic_templates_settings_template.php +1 -1
products/photocrati_nextgen/modules/nextgen_data/package.module.nextgen_data.php +26 -13
products/photocrati_nextgen/modules/nextgen_gallery_display/templates/image/before.php +1 -1
products/photocrati_nextgen/modules/nextgen_other_options/templates/image_options_tab.php +1 -1
products/photocrati_nextgen/modules/nextgen_other_options/templates/lightbox_library_tab.php +1 -1
products/photocrati_nextgen/modules/nextgen_other_options/templates/thumbnail_options_tab.php +1 -1
products/photocrati_nextgen/modules/nextgen_other_options/templates/watermarks_tab.php +2 -2
products/photocrati_nextgen/modules/ngglegacy/admin/thumbnails-template.php +6 -6
readme.txt +11 -1

.hg_archival.txt CHANGED Viewed

	@@ -1,4 +1,4 @@
1	repo: 2b82bc45fbe039c6f4c9f0c667e9cd1ee4d84cbb
2	- node: ~~d017862552ef5106a87f94c3d9959007c0c0f3d5~~
3	branch: default
4	- tag: 2.1.10


1	repo: 2b82bc45fbe039c6f4c9f0c667e9cd1ee4d84cbb
2	+ node: 3f9f49cb9ae1c156b83b728aafc1f25ca60a8111
3	branch: default
4	+ tag: 2.1.15

.hgtags CHANGED Viewed

@@ -315,3 +315,12 @@ e60b028280448eca1c164dd54111623c2edc9997 2.1.3
             b4a06dc685b9d98ae0a082932ef4822be530c429 2.1.7
 f0097e5ccb465c34be15eeadd3e67d44d19dcf6 2.1.8
             eea6705079b13313be58c29ed93bc36b70a95073 2.1.9


315	b4a06dc685b9d98ae0a082932ef4822be530c429 2.1.7
316	1f0097e5ccb465c34be15eeadd3e67d44d19dcf6 2.1.8
317	eea6705079b13313be58c29ed93bc36b70a95073 2.1.9
318	+ d017862552ef5106a87f94c3d9959007c0c0f3d5 2.1.10
319	+ bbc6a008ce6a9700a3855e4f12f3e6cb27553f92 2.1.11
320	+ bbc6a008ce6a9700a3855e4f12f3e6cb27553f92 2.1.11
321	+ 0000000000000000000000000000000000000000 2.1.11
322	+ 0000000000000000000000000000000000000000 2.1.11
323	+ 841a3eeff5f7adbf62b9da60326a68f8f3449d3c 2.1.11
324	+ 7b09155e13df437933b9312ef9589e1b8525742d 2.1.12
325	+ 224613db46bd7bcc40d3a8f1892c0dd543deecc9 2.1.13
326	+ 7252966ee2d3d67bf7e753a2c862eeea4e620bbc 2.1.14

changelog.txt CHANGED Viewed

	@@ -1,6 +1,12 @@
1	NextGEN Gallery
2	by Photocrati Media
3






4	= V2.1.10 - 09.01.2015 =
5	* Secured: Escape output of parameters in templates to avoid XSS
6


1	NextGEN Gallery
2	by Photocrati Media
3
4	+ = V2.1.15 - 09.09.2015 =
5	+ * Secured: Image uploads
6	+ * Fixed: Don't use esc_attr_e() to prevent translation issues
7	+ * Fixed: Ensure that deleting a gallery doesn't delete anything it shouldn't
8	+ * Fixed: get_gallery_abspath() should return NULL if the path doesn't exist
9	+
10	= V2.1.10 - 09.01.2015 =
11	* Secured: Escape output of parameters in templates to avoid XSS
12

nggallery.php CHANGED Viewed

	@@ -4,7 +4,7 @@ if(preg_match('#' . basename(__FILE__) . '#', $_SERVER['PHP_SELF'])) { die('You
4	/**
5	* Plugin Name: NextGEN Gallery by Photocrati
6	* Description: The most popular gallery plugin for WordPress and one of the most popular plugins of all time with over 12 million downloads.
7	- * Version: 2.1.10
8	* Author: Photocrati Media
9	* Plugin URI: http://www.nextgen-gallery.com
10	* Author URI: http://www.photocrati.com
	@@ -587,7 +587,7 @@ class C_NextGEN_Bootstrap
587	define('NGG_PRODUCT_URL', path_join(str_replace("\\", '/', NGG_PLUGIN_URL), 'products'));
588	define('NGG_MODULE_URL', path_join(str_replace("\\", '/', NGG_PRODUCT_URL), 'photocrati_nextgen/modules'));
589	define('NGG_PLUGIN_STARTED_AT', microtime());
590	- define('NGG_PLUGIN_VERSION', '2.1.10');
591
592	if (!defined('NGG_HIDE_STRICT_ERRORS')) {
593	define('NGG_HIDE_STRICT_ERRORS', TRUE);


4	/**
5	* Plugin Name: NextGEN Gallery by Photocrati
6	* Description: The most popular gallery plugin for WordPress and one of the most popular plugins of all time with over 12 million downloads.
7	+ * Version: 2.1.15
8	* Author: Photocrati Media
9	* Plugin URI: http://www.nextgen-gallery.com
10	* Author URI: http://www.photocrati.com

587	define('NGG_PRODUCT_URL', path_join(str_replace("\\", '/', NGG_PLUGIN_URL), 'products'));
588	define('NGG_MODULE_URL', path_join(str_replace("\\", '/', NGG_PRODUCT_URL), 'photocrati_nextgen/modules'));
589	define('NGG_PLUGIN_STARTED_AT', microtime());
590	+ define('NGG_PLUGIN_VERSION', '2.1.15');
591
592	if (!defined('NGG_HIDE_STRICT_ERRORS')) {
593	define('NGG_HIDE_STRICT_ERRORS', TRUE);

products/photocrati_nextgen/modules/attach_to_post/templates/accordion_tab.php CHANGED Viewed

	@@ -1,4 +1,4 @@
1	- <h3 class="accordion_tab" id="<?php ~~esc_attr_e~~($id) ?>"><a href="#"><?php esc_html_e($title) ?></a></h3>
2	- <div id="<?php ~~esc_attr_e~~($id) ?>_content">
3	<?php echo $content ?>
4	</div>


1	+ <h3 class="accordion_tab" id="<?php echo esc_attr($id) ?>"><a href="#"><?php esc_html_e($title) ?></a></h3>
2	+ <div id="<?php echo esc_attr($id) ?>_content">
3	<?php echo $content ?>
4	</div>

products/photocrati_nextgen/modules/attach_to_post/templates/attach_to_post.php CHANGED Viewed

	@@ -20,7 +20,7 @@
20	<?php endforeach ?>
21	</ul>
22	<?php reset($tabs); foreach ($tabs as $id => $tab_params): ?>
23	- <div class="main_menu_tab" id="<?php ~~esc_attr_e~~($id) ?>"><?php echo $tab_params['content'] ?></div>
24	<?php endforeach ?>
25	</div>
26


20	<?php endforeach ?>
21	</ul>
22	<?php reset($tabs); foreach ($tabs as $id => $tab_params): ?>
23	+ <div class="main_menu_tab" id="<?php echo esc_attr($id) ?>"><?php echo $tab_params['content'] ?></div>
24	<?php endforeach ?>
25	</div>
26

products/photocrati_nextgen/modules/attach_to_post/templates/no_display_type_selected.php CHANGED Viewed

	@@ -1,3 +1,3 @@
1	- <p class="<?php ~~esc_attr_e~~($css_class) ?>">
2	<?php esc_html_e($no_display_type_selected)?>
3	</p>


1	+ <p class="<?php echo esc_attr($css_class) ?>">
2	<?php esc_html_e($no_display_type_selected)?>
3	</p>

products/photocrati_nextgen/modules/nextgen_admin/templates/accordion_tab.php CHANGED Viewed

	@@ -1,4 +1,4 @@
1	- <h3 class="accordion_tab" id="<?php ~~esc_attr_e~~($id) ?>"><a href="#"><?php ~~esc_html_e~~($title) ?></a></h3>
2	- <div id="<?php ~~esc_attr_e~~($id) ?>_content">
3	<?php echo $content ?>
4	</div>


1	+ <h3 class="accordion_tab" id="<?php echo esc_attr($id) ?>"><a href="#"><?php echo esc_html($title) ?></a></h3>
2	+ <div id="<?php echo esc_attr($id) ?>_content">
3	<?php echo $content ?>
4	</div>

products/photocrati_nextgen/modules/nextgen_admin/templates/admin_notice.php CHANGED Viewed

	@@ -1,4 +1,4 @@
1	- <div data-notification-name="<?php ~~esc_attr_e~~($notice_name)?>" class="ngg_admin_notice <?php ~~esc_attr_e~~($css_class)?>">
2	<p><?php echo $html ?></p>
3	<?php if ($is_dismissable): ?>
4	<p><a class='dismiss' href="#"><?php esc_html_e(__('Dismiss', 'nggallery')) ?></a></p>


1	+ <div data-notification-name="<?php echo esc_attr($notice_name)?>" class="ngg_admin_notice <?php echo esc_attr($css_class)?>">
2	<p><?php echo $html ?></p>
3	<?php if ($is_dismissable): ?>
4	<p><a class='dismiss' href="#"><?php esc_html_e(__('Dismiss', 'nggallery')) ?></a></p>

products/photocrati_nextgen/modules/nextgen_basic_album/templates/nextgen_basic_album_gallery_display_type.php CHANGED Viewed

	@@ -2,17 +2,17 @@
2	<td>
3	<label for="<?php echo esc_attr($display_type_name) ?>_gallery_display_type"
4	class="tooltip"
5	- title="<?php ~~esc_attr_e~~($gallery_display_type_help)?>">
6	<?php esc_html_e($gallery_display_type_label)?>
7	</label>
8	</td>
9	<td>
10	<select
11	style="width: 400px"
12	- id="<?php ~~esc_attr_e~~($display_type_name) ?>_gallery_display_type"
13	- name="<?php ~~esc_attr_e~~($display_type_name)?>[gallery_display_type]">
14	<?php foreach ($display_types as $display_type): ?>
15	- <option value="<?php ~~esc_attr_e~~($display_type->name) ?>"
16	<?php selected($display_type->name, $gallery_display_type) ?>>
17	<?php esc_html_e(__($display_type->title, 'nggallery')); ?>
18	</option>


2	<td>
3	<label for="<?php echo esc_attr($display_type_name) ?>_gallery_display_type"
4	class="tooltip"
5	+ title="<?php echo esc_attr($gallery_display_type_help)?>">
6	<?php esc_html_e($gallery_display_type_label)?>
7	</label>
8	</td>
9	<td>
10	<select
11	style="width: 400px"
12	+ id="<?php echo esc_attr($display_type_name) ?>_gallery_display_type"
13	+ name="<?php echo esc_attr($display_type_name)?>[gallery_display_type]">
14	<?php foreach ($display_types as $display_type): ?>
15	+ <option value="<?php echo esc_attr($display_type->name) ?>"
16	<?php selected($display_type->name, $gallery_display_type) ?>>
17	<?php esc_html_e(__($display_type->title, 'nggallery')); ?>
18	</option>

products/photocrati_nextgen/modules/nextgen_basic_gallery/templates/slideshow/index.php CHANGED Viewed

	@@ -3,11 +3,11 @@
3	<?php if ($show_thumbnail_link) { ?>
4	<!-- Thumbnails Link -->
5	<div class="slideshowlink">
6	- <a href='<?php ~~esc_attr_e~~($thumbnail_link); ?>'><?php esc_html_e($thumbnail_link_text); ?></a>
7	</div>
8	<?php } ?>
9
10	- <div class="ngg-slideshow-image-list ngg-slideshow-nojs" id="<?php ~~esc_attr_e~~($anchor); ?>-image-list">
11	<?php
12	$this->include_template('photocrati-nextgen_gallery_display#list/before');
13	for ($i = 0; $i < count($images); $i++) {
	@@ -67,26 +67,26 @@
67	</div>
68	<?php $this->include_template('photocrati-nextgen_gallery_display#container/before'); ?>
69	<div class="ngg-galleryoverview ngg-slideshow"
70	- id="<?php ~~esc_attr_e~~($anchor); ?>"
71	data-placeholder="<?php echo nextgen_esc_url($placeholder); ?>"
72	- style="max-width: <?php ~~esc_attr_e~~($gallery_width); ?>px; max-height: <?php ~~esc_attr_e~~($gallery_height); ?>px;">
73	<div class="ngg-slideshow-loader"
74	- id="<?php ~~esc_attr_e~~($anchor); ?>-loader"
75	- style="width: <?php ~~esc_attr_e~~($gallery_width); ?>px; height: <?php ~~esc_attr_e~~($gallery_height); ?>px;">
76	- <img src="<?php ~~esc_attr_e~~(NGGALLERY_URLPATH); ?>images/loader.gif" alt=""/>
77	</div>
78	</div>
79	<?php $this->include_template('photocrati-nextgen_gallery_display#container/after'); ?>
80	<script type="text/javascript">
81	- jQuery('#<?php ~~esc_attr_e~~($anchor); ?>-image-list').hide().removeClass('ngg-slideshow-nojs');
82	jQuery(function($) {
83	- jQuery('#<?php ~~esc_attr_e~~($anchor); ?>').nggShowSlideshow({
84	- id: '<?php ~~esc_attr_e~~($displayed_gallery_id); ?>',
85	- fx: '<?php ~~esc_attr_e~~($cycle_effect); ?>',
86	- width: <?php ~~esc_attr_e~~($gallery_width); ?>,
87	- height: <?php ~~esc_attr_e~~($gallery_height); ?>,
88	- domain: '<?php ~~esc_attr_e~~(trailingslashit(home_url())); ?>',
89	- timeout: <?php ~~esc_attr_e~~(intval($cycle_interval) * 1000); ?>
90	});
91	});
92	</script>


3	<?php if ($show_thumbnail_link) { ?>
4	<!-- Thumbnails Link -->
5	<div class="slideshowlink">
6	+ <a href='<?php echo esc_attr($thumbnail_link); ?>'><?php esc_html_e($thumbnail_link_text); ?></a>
7	</div>
8	<?php } ?>
9
10	+ <div class="ngg-slideshow-image-list ngg-slideshow-nojs" id="<?php echo esc_attr($anchor); ?>-image-list">
11	<?php
12	$this->include_template('photocrati-nextgen_gallery_display#list/before');
13	for ($i = 0; $i < count($images); $i++) {

67	</div>
68	<?php $this->include_template('photocrati-nextgen_gallery_display#container/before'); ?>
69	<div class="ngg-galleryoverview ngg-slideshow"
70	+ id="<?php echo esc_attr($anchor); ?>"
71	data-placeholder="<?php echo nextgen_esc_url($placeholder); ?>"
72	+ style="max-width: <?php echo esc_attr($gallery_width); ?>px; max-height: <?php echo esc_attr($gallery_height); ?>px;">
73	<div class="ngg-slideshow-loader"
74	+ id="<?php echo esc_attr($anchor); ?>-loader"
75	+ style="width: <?php echo esc_attr($gallery_width); ?>px; height: <?php echo esc_attr($gallery_height); ?>px;">
76	+ <img src="<?php echo esc_attr(NGGALLERY_URLPATH); ?>images/loader.gif" alt=""/>
77	</div>
78	</div>
79	<?php $this->include_template('photocrati-nextgen_gallery_display#container/after'); ?>
80	<script type="text/javascript">
81	+ jQuery('#<?php echo esc_attr($anchor); ?>-image-list').hide().removeClass('ngg-slideshow-nojs');
82	jQuery(function($) {
83	+ jQuery('#<?php echo esc_attr($anchor); ?>').nggShowSlideshow({
84	+ id: '<?php echo esc_attr($displayed_gallery_id); ?>',
85	+ fx: '<?php echo esc_attr($cycle_effect); ?>',
86	+ width: <?php echo esc_attr($gallery_width); ?>,
87	+ height: <?php echo esc_attr($gallery_height); ?>,
88	+ domain: '<?php echo esc_attr(trailingslashit(home_url())); ?>',
89	+ timeout: <?php echo esc_attr(intval($cycle_interval) * 1000); ?>
90	});
91	});
92	</script>

products/photocrati_nextgen/modules/nextgen_basic_gallery/templates/thumbnails/index.php CHANGED Viewed

	@@ -5,11 +5,11 @@ $this->start_element('nextgen_gallery.gallery_container', 'container', $displaye
5	?>
6	<div
7	class="ngg-galleryoverview<?php if (!intval($ajax_pagination)) echo ' ngg-ajax-pagination-none'; ?>"
8	- id="ngg-gallery-<?php ~~esc_attr_e~~($displayed_gallery_id)?>-<?php ~~esc_attr_e~~($current_page)?>">
9
10	<?php if (!empty($slideshow_link)): ?>
11	<div class="slideshowlink">
12	- <a href='<?php ~~esc_attr_e~~($slideshow_link) ?>'><?php echo $slideshow_link_text ?></a>
13
14	</div>
15	<?php endif ?>


5	?>
6	<div
7	class="ngg-galleryoverview<?php if (!intval($ajax_pagination)) echo ' ngg-ajax-pagination-none'; ?>"
8	+ id="ngg-gallery-<?php echo esc_attr($displayed_gallery_id)?>-<?php echo esc_attr($current_page)?>">
9
10	<?php if (!empty($slideshow_link)): ?>
11	<div class="slideshowlink">
12	+ <a href='<?php echo esc_attr($slideshow_link) ?>'><?php echo $slideshow_link_text ?></a>
13
14	</div>
15	<?php endif ?>

products/photocrati_nextgen/modules/nextgen_basic_templates/templates/nextgen_basic_templates_settings_template.php CHANGED Viewed

	@@ -14,7 +14,7 @@
14	<option></option>
15	<?php foreach ($templates as $file => $label): ?>
16	<?php if ($file && $label): ?>
17	- <option value="<?php ~~esc_attr_e~~($file) ?>" <?php selected($chosen_file, $file, TRUE); ?>><?php esc_html_e($label); ?></option>
18	<?php endif ?>
19	<?php endforeach ?>
20	</select>


14	<option></option>
15	<?php foreach ($templates as $file => $label): ?>
16	<?php if ($file && $label): ?>
17	+ <option value="<?php echo esc_attr($file) ?>" <?php selected($chosen_file, $file, TRUE); ?>><?php esc_html_e($label); ?></option>
18	<?php endif ?>
19	<?php endforeach ?>
20	</select>

products/photocrati_nextgen/modules/nextgen_data/package.module.nextgen_data.php CHANGED Viewed

	@@ -1086,6 +1086,10 @@ class Mixin_GalleryStorage_Driver_Base extends Mixin
1086	$filename = str_replace($match[0], '.' . $match[1], $filename);
1087	}
1088	$abs_filename = implode(DIRECTORY_SEPARATOR, array($upload_dir, $filename));




1089	// Prevent duplicate filenames: check if the filename exists and
1090	// begin appending '-i' until we find an open slot
1091	if (!ini_get('safe_mode') && @file_exists($abs_filename) && !$override) {
	@@ -1181,24 +1185,27 @@ class Mixin_GalleryStorage_Driver_Base extends Mixin
1181	if (@file_exists($abspath)) {
1182	$fs = C_Fs::get_instance();
1183	// Ensure that this folder has images
1184	- ~~$files_all~~ = ~~scandir($abspath);~~

1185	$files = array();
1186	- // ~~first~~ ~~perform~~ ~~some filtering on~~ file ~~list~~
1187	- foreach ($files_all as $file) {
1188	if ($file == '.' \|\| $file == '..') {
1189	continue;
1190	}
1191	- if ($~~this->object->is_image_file($~~fs->join_paths($abspath, $file)~~)) {~~
1192	- ~~$files[]~~ = ~~$file;~~




1193	}
1194	}
1195	if (!empty($files)) {
1196	// Get needed utilities
1197	$gallery_mapper = C_Gallery_Mapper::get_instance();
1198	// Sometimes users try importing a directory, which actually has all images under another directory
1199	- ~~$first_file_abspath~~ ~~= $fs->join_paths~~($~~abspath, $~~files[0]);
1200	- if ~~(is_dir(~~$~~first_file_abspath) && count~~($files) == 1) {
1201	- return $this->import_gallery_from_fs($first_file_abspath, $gallery_id, $move_files);
1202	}
1203	// If no gallery has been specified, then use the directory name as the gallery name
1204	if (!$gallery_id) {
	@@ -1215,14 +1222,13 @@ class Mixin_GalleryStorage_Driver_Base extends Mixin
1215	// Ensure that we have a gallery id
1216	if ($gallery_id) {
1217	$retval = array('gallery_id' => $gallery_id, 'image_ids' => array());
1218	- foreach ($files as $~~file~~) {
1219	- if (!preg_match('/\\.(jpg\|jpeg\|gif\|png)$/i', $~~file~~)) {
1220	continue;
1221	}
1222	- $file_abspath = $fs->join_paths($abspath, $file);
1223	$image = null;
1224	if ($move_files) {
1225	- $image = $this->object->upload_base64_image($gallery_id, file_get_contents($file_abspath), str_replace(' ', '_', $~~file~~));
1226	} else {
1227	// Create the database record ... TODO cleanup, some duplication here from upload_base64_image
1228	$factory = C_Component_Factory::get_instance();
	@@ -2923,6 +2929,10 @@ class Mixin_NggLegacy_GalleryStorage_Driver extends Mixin
2923	$gallery = $this->object->_gallery_mapper->find($gallery);
2924	}
2925	}




2926	// We we have a gallery, determine it's path
2927	if ($gallery) {
2928	if (isset($gallery->path)) {
	@@ -3330,7 +3340,10 @@ class Mixin_NggLegacy_GalleryStorage_Driver extends Mixin
3330	public function delete_gallery($gallery)
3331	{
3332	$retval = FALSE;
3333	- ~~if (~~$~~abspath~~ = ~~$this->object->get_gallery_abspath~~(~~$gallery~~)~~) {~~



3334	// delete the directory and everything in it
3335	$iterator = new RecursiveIteratorIterator(new RecursiveDirectoryIterator($abspath), RecursiveIteratorIterator::CHILD_FIRST);
3336	foreach ($iterator as $file) {


1086	$filename = str_replace($match[0], '.' . $match[1], $filename);
1087	}
1088	$abs_filename = implode(DIRECTORY_SEPARATOR, array($upload_dir, $filename));
1089	+ // Ensure that the filename is valid
1090	+ if (!preg_match('/(png\|jpeg\|jpg\|gif)$/i', $abs_filename)) {
1091	+ throw new E_UploadException(__('Invalid image file. Acceptable formats: JPG, GIF, and PNG.', 'nggallery'));
1092	+ }
1093	// Prevent duplicate filenames: check if the filename exists and
1094	// begin appending '-i' until we find an open slot
1095	if (!ini_get('safe_mode') && @file_exists($abs_filename) && !$override) {

1185	if (@file_exists($abspath)) {
1186	$fs = C_Fs::get_instance();
1187	// Ensure that this folder has images
1188	+ // Ensure that this folder has images
1189	+ $i = 0;
1190	$files = array();
1191	+ foreach (scandir($abspath) as $file) {

1192	if ($file == '.' \|\| $file == '..') {
1193	continue;
1194	}
1195	+ $file_abspath = $fs->join_paths($abspath, $file);
1196	+ // The first directory is considered valid
1197	+ if (is_dir($file_abspath) && $i === 0) {
1198	+ $files[] = $file_abspath;
1199	+ } elseif ($this->is_image_file($file_abspath)) {
1200	+ $files[] = $file_abspath;
1201	}
1202	}
1203	if (!empty($files)) {
1204	// Get needed utilities
1205	$gallery_mapper = C_Gallery_Mapper::get_instance();
1206	// Sometimes users try importing a directory, which actually has all images under another directory
1207	+ if (is_dir($files[0])) {
1208	+ return $this->import_gallery_from_fs($files[0], $gallery_id, $move_files);

1209	}
1210	// If no gallery has been specified, then use the directory name as the gallery name
1211	if (!$gallery_id) {

1222	// Ensure that we have a gallery id
1223	if ($gallery_id) {
1224	$retval = array('gallery_id' => $gallery_id, 'image_ids' => array());
1225	+ foreach ($files as $file_abspath) {
1226	+ if (!preg_match('/\\.(jpg\|jpeg\|gif\|png)$/i', $file_abspath)) {
1227	continue;
1228	}

1229	$image = null;
1230	if ($move_files) {
1231	+ $image = $this->object->upload_base64_image($gallery_id, file_get_contents($file_abspath), str_replace(' ', '_', M_I18n::mb_basename($file_abspath)));
1232	} else {
1233	// Create the database record ... TODO cleanup, some duplication here from upload_base64_image
1234	$factory = C_Component_Factory::get_instance();

2929	$gallery = $this->object->_gallery_mapper->find($gallery);
2930	}
2931	}
2932	+ // It just doesn't exist
2933	+ if (!$gallery \|\| is_numeric($gallery)) {
2934	+ return $retval;
2935	+ }
2936	// We we have a gallery, determine it's path
2937	if ($gallery) {
2938	if (isset($gallery->path)) {

3340	public function delete_gallery($gallery)
3341	{
3342	$retval = FALSE;
3343	+ $fs = C_Fs::get_instance();
3344	+ $safe_dirs = array(DIRECTORY_SEPARATOR, $fs->get_document_root('plugins'), $fs->get_document_root('plugins_mu'), $fs->get_document_root('templates'), $fs->get_document_root('stylesheets'), $fs->get_document_root('content'), $fs->get_document_root('galleries'), $fs->get_document_root());
3345	+ $abspath = $this->object->get_gallery_abspath($gallery);
3346	+ if ($abspath && file_exists($abspath) && !in_array(stripslashes($abspath), $safe_dirs)) {
3347	// delete the directory and everything in it
3348	$iterator = new RecursiveIteratorIterator(new RecursiveDirectoryIterator($abspath), RecursiveIteratorIterator::CHILD_FIRST);
3349	foreach ($iterator as $file) {

products/photocrati_nextgen/modules/nextgen_gallery_display/templates/image/before.php CHANGED Viewed

	@@ -4,4 +4,4 @@
4	$id = 'ngg-image-' . $index;
5	}
6	?>
7	- <div id="<?php ~~esc_attr_e~~($id) ?>" class="<?php ~~esc_attr_e~~($class) ?>" <?php if (isset($image->style)) echo $image->style; ?>>


4	$id = 'ngg-image-' . $index;
5	}
6	?>
7	+ <div id="<?php echo esc_attr($id) ?>" class="<?php echo esc_attr($class) ?>" <?php if (isset($image->style)) echo $image->style; ?>>

products/photocrati_nextgen/modules/nextgen_other_options/templates/image_options_tab.php CHANGED Viewed

	@@ -105,7 +105,7 @@
105	<?php for($i=100; $i>50; $i--): ?>
106	<option
107	<?php selected($i, $resized_image_quality) ?>
108	- value="<?php ~~esc_attr_e~~($i)?>"><?php esc_html_e($i) ?>%</option>
109	<?php endfor ?>
110	</select>
111	</div>


105	<?php for($i=100; $i>50; $i--): ?>
106	<option
107	<?php selected($i, $resized_image_quality) ?>
108	+ value="<?php echo esc_attr($i)?>"><?php esc_html_e($i) ?>%</option>
109	<?php endfor ?>
110	</select>
111	</div>

products/photocrati_nextgen/modules/nextgen_other_options/templates/lightbox_library_tab.php CHANGED Viewed

	@@ -22,7 +22,7 @@
22	</tr>
23
24	<?php foreach ($sub_fields as $name => $form) { ?>
25	- <tbody class="lightbox_library_settings hidden" id="lightbox_library_<?php ~~esc_attr_e~~($name); ?>">
26	<?php echo $form; ?>
27	</tbody>
28	<?php } ?>


22	</tr>
23
24	<?php foreach ($sub_fields as $name => $form) { ?>
25	+ <tbody class="lightbox_library_settings hidden" id="lightbox_library_<?php echo esc_attr($name); ?>">
26	<?php echo $form; ?>
27	</tbody>
28	<?php } ?>

products/photocrati_nextgen/modules/nextgen_other_options/templates/thumbnail_options_tab.php CHANGED Viewed

	@@ -82,7 +82,7 @@
82	?>
83	<option
84	<?php selected($size, $size) ?>
85	- value="<?php ~~esc_attr_e~~($size)?>"><?php esc_html_e($size) ?></option>
86	<?php
87	}
88	?>


82	?>
83	<option
84	<?php selected($size, $size) ?>
85	+ value="<?php echo esc_attr($size)?>"><?php esc_html_e($size) ?></option>
86	<?php
87	}
88	?>

products/photocrati_nextgen/modules/nextgen_other_options/templates/watermarks_tab.php CHANGED Viewed

	@@ -55,13 +55,13 @@
55	name='watermark_options[wmXpos]'
56	placeholder='0'
57	min='0'
58	- value='<?php ~~esc_attr_e~~($offset_x) ?>'/> /
59	<input type='number'
60	id='nextgen_settings_wmYpos'
61	name='watermark_options[wmYpos]'
62	placeholder='0'
63	min='0'
64	- value='<?php ~~esc_attr_e~~($offset_y) ?>'/>
65	<label for='nextgen_settings_wmYpos'>h</label>
66	</td>
67	</tr>


55	name='watermark_options[wmXpos]'
56	placeholder='0'
57	min='0'
58	+ value='<?php echo esc_attr($offset_x) ?>'/> /
59	<input type='number'
60	id='nextgen_settings_wmYpos'
61	name='watermark_options[wmYpos]'
62	placeholder='0'
63	min='0'
64	+ value='<?php echo esc_attr($offset_y) ?>'/>
65	<label for='nextgen_settings_wmYpos'>h</label>
66	</td>
67	</tr>

products/photocrati_nextgen/modules/ngglegacy/admin/thumbnails-template.php CHANGED Viewed

	@@ -89,16 +89,16 @@ if (!is_null($nextgen_thumb_size_custom_style))
89	<input type="text"
90	size="5"
91	maxlength="5"
92	- id='<?php ~~esc_attr_e~~($thumbnails_template_width_id); ?>'
93	- name="<?php ~~esc_attr_e~~($thumbnails_template_width_name); ?>"
94	- value="<?php ~~esc_attr_e~~($thumbnails_template_width_value); ?>"/>
95	x
96	<input type="text"
97	size="5"
98	maxlength="5"
99	- id='<?php ~~esc_attr_e~~($thumbnails_template_height_id) ?>'
100	- name="<?php ~~esc_attr_e~~($thumbnails_template_height_name) ?>"
101	- value="<?php ~~esc_attr_e~~($thumbnails_template_height_value) ?>"/>
102	<br/>
103	<small><?php _e('These are maximum values', 'nggallery'); ?></small>
104	</span>


89	<input type="text"
90	size="5"
91	maxlength="5"
92	+ id='<?php echo esc_attr($thumbnails_template_width_id); ?>'
93	+ name="<?php echo esc_attr($thumbnails_template_width_name); ?>"
94	+ value="<?php echo esc_attr($thumbnails_template_width_value); ?>"/>
95	x
96	<input type="text"
97	size="5"
98	maxlength="5"
99	+ id='<?php echo esc_attr($thumbnails_template_height_id) ?>'
100	+ name="<?php echo esc_attr($thumbnails_template_height_name) ?>"
101	+ value="<?php echo esc_attr($thumbnails_template_height_value) ?>"/>
102	<br/>
103	<small><?php _e('These are maximum values', 'nggallery'); ?></small>
104	</span>

readme.txt CHANGED Viewed

	@@ -2,7 +2,7 @@
2	Contributors: photocrati
3	Tags: nextgen, nextgen gallery, gallery, galleries, image, images, image gallery, photo, photos, photo gallery, picture, pictures, picture gallery, album, albums, photo albums, image album, media, media gallery, thumbnails, thumbnail gallery, thumbnail galleries, slideshow, slideshows, slideshow gallery, slideshow galleries, fancybox, lightbox, responsive, responsive gallery, responsive galleries, wordpress responsive gallery, nextcellent, wordpress gallery plugin, wordpress photo gallery plugin, wp gallery, wp gallery plugins, best gallery plugin, free photo gallery, singlepic, image captions imagebrowser, watermarks, watermarking, photography, photographer
4	Requires at least: 3.6.1
5	- Stable tag: 2.1.10
6	Tested up to: 4.3.0
7	License: GPLv2
8
	@@ -199,6 +199,16 @@ For more information, feel free to visit the official website for the NextGEN Ga
199
200	== Changelog ==
201










202	= V2.1.10 - 09.01.2015 =
203	* Secured: Escape output of parameters in templates to avoid XSS
204


2	Contributors: photocrati
3	Tags: nextgen, nextgen gallery, gallery, galleries, image, images, image gallery, photo, photos, photo gallery, picture, pictures, picture gallery, album, albums, photo albums, image album, media, media gallery, thumbnails, thumbnail gallery, thumbnail galleries, slideshow, slideshows, slideshow gallery, slideshow galleries, fancybox, lightbox, responsive, responsive gallery, responsive galleries, wordpress responsive gallery, nextcellent, wordpress gallery plugin, wordpress photo gallery plugin, wp gallery, wp gallery plugins, best gallery plugin, free photo gallery, singlepic, image captions imagebrowser, watermarks, watermarking, photography, photographer
4	Requires at least: 3.6.1
5	+ Stable tag: 2.1.15
6	Tested up to: 4.3.0
7	License: GPLv2
8

199
200	== Changelog ==
201
202	+ = V2.1.15 - 09.09.2015 =
203	+ * Secured: Image uploads
204	+ * Fixed: Don't use esc_attr_e() to prevent translation issues
205	+ * Fixed: Ensure that deleting a gallery doesn't delete anything it shouldn't
206	+ * Fixed: get_gallery_abspath() should return NULL if the path doesn't exist
207	+
208	+ = V2.1.13 - 09.09.2015 =
209	+ * Secured: Image uploads
210	+ * Fixed: Don't use esc_attr_e() to present translation issues
211	+
212	= V2.1.10 - 09.01.2015 =
213	* Secured: Escape output of parameters in templates to avoid XSS
214

NextGEN Gallery – WordPress Gallery Plugin - Version 2.1.15

Version Description

Release Info

Code changes from version 2.1.10 to 2.1.15