NextGEN Gallery – WordPress Gallery Plugin

Version Description

01.05.2015 =
Secured: XSS vulnerabilities in Manage Gallery pages
Secured: Ability to browse and import gallery folders

Release Info

Developer	photocrati
Plugin	NextGEN Gallery – WordPress Gallery Plugin
Version	2.1.23
Comparing to
See all releases

Code changes from version 2.1.20 to 2.1.23

Files changed (9) hide show

.hg_archival.txt +2 -2
.hgtags +4 -0
changelog.txt +3 -2
nggallery.php +2 -2
products/photocrati_nextgen/modules/nextgen_addgallery_page/package.module.nextgen_addgallery_page.php +4 -4
products/photocrati_nextgen/modules/nextgen_data/module.nextgen_data.php +15 -0
products/photocrati_nextgen/modules/nextgen_data/package.module.nextgen_data.php +12 -0
products/photocrati_nextgen/modules/ngglegacy/admin/manage.php +2 -2
readme.txt +4 -3

.hg_archival.txt CHANGED Viewed

	@@ -1,4 +1,4 @@
1	repo: 2b82bc45fbe039c6f4c9f0c667e9cd1ee4d84cbb
2	- node: ~~22e4846d4b3b59177e20e26974edd4b84470c394~~
3	branch: default
4	- tag: 2.1.19


1	repo: 2b82bc45fbe039c6f4c9f0c667e9cd1ee4d84cbb
2	+ node: a3e4a954e5b4c109fb932394d288ba47376223c2
3	branch: default
4	+ tag: 2.1.23

.hgtags CHANGED Viewed

	@@ -333,3 +333,7 @@ e7779f27830389673327ba22b8c74150589fd2c4 2.1.17
333	0000000000000000000000000000000000000000 2.1.18
334	305c0878ca0fa96a99da331df514830d848e1b1c 2.1.18
335	adbd42e0b7450aa76fd70c4218d07bac9beb3c7b 2.1.19


333	0000000000000000000000000000000000000000 2.1.18
334	305c0878ca0fa96a99da331df514830d848e1b1c 2.1.18
335	adbd42e0b7450aa76fd70c4218d07bac9beb3c7b 2.1.19
336	+ adbd42e0b7450aa76fd70c4218d07bac9beb3c7b 2.1.19
337	+ 22e4846d4b3b59177e20e26974edd4b84470c394 2.1.19
338	+ f334e538b611b3210e9187f696b5d61089d6a470 2.1.21
339	+ 56c44c308de1f74ad1411fd5db0ea0eadbdfade9 2.1.22

changelog.txt CHANGED Viewed

	@@ -1,8 +1,9 @@
1	NextGEN Gallery
2	by Photocrati Media
3
4	- = V2.1.20 - 12.23.2015 =
5	- * ~~Fixed~~: ~~Removed~~ ~~inner~~ ~~redundant~~ ~~nextgen-gallery~~ ~~directory~~

6
7	= V2.1.19 - 12.23.2015 =
8	* Fixed: PHP warning about incorrect usage of parse_url()


1	NextGEN Gallery
2	by Photocrati Media
3
4	+ = V2.1.23 - 01.05.2015 =
5	+ * Secured: XSS vulnerabilities in Manage Gallery pages
6	+ * Secured: Ability to browse and import gallery folders
7
8	= V2.1.19 - 12.23.2015 =
9	* Fixed: PHP warning about incorrect usage of parse_url()

nggallery.php CHANGED Viewed

	@@ -4,7 +4,7 @@ if(preg_match('#' . basename(__FILE__) . '#', $_SERVER['PHP_SELF'])) { die('You
4	/**
5	* Plugin Name: NextGEN Gallery by Photocrati
6	* Description: The most popular gallery plugin for WordPress and one of the most popular plugins of all time with over 12 million downloads.
7	- * Version: 2.1.20
8	* Author: Photocrati Media
9	* Plugin URI: http://www.nextgen-gallery.com
10	* Author URI: http://www.photocrati.com
	@@ -589,7 +589,7 @@ class C_NextGEN_Bootstrap
589	define('NGG_PRODUCT_URL', path_join(str_replace("\\", '/', NGG_PLUGIN_URL), 'products'));
590	define('NGG_MODULE_URL', path_join(str_replace("\\", '/', NGG_PRODUCT_URL), 'photocrati_nextgen/modules'));
591	define('NGG_PLUGIN_STARTED_AT', microtime());
592	- define('NGG_PLUGIN_VERSION', '2.1.20');
593
594	if (!defined('NGG_HIDE_STRICT_ERRORS')) {
595	define('NGG_HIDE_STRICT_ERRORS', TRUE);


4	/**
5	* Plugin Name: NextGEN Gallery by Photocrati
6	* Description: The most popular gallery plugin for WordPress and one of the most popular plugins of all time with over 12 million downloads.
7	+ * Version: 2.1.23
8	* Author: Photocrati Media
9	* Plugin URI: http://www.nextgen-gallery.com
10	* Author URI: http://www.photocrati.com

589	define('NGG_PRODUCT_URL', path_join(str_replace("\\", '/', NGG_PLUGIN_URL), 'products'));
590	define('NGG_MODULE_URL', path_join(str_replace("\\", '/', NGG_PRODUCT_URL), 'photocrati_nextgen/modules'));
591	define('NGG_PLUGIN_STARTED_AT', microtime());
592	+ define('NGG_PLUGIN_VERSION', '2.1.23');
593
594	if (!defined('NGG_HIDE_STRICT_ERRORS')) {
595	define('NGG_HIDE_STRICT_ERRORS', TRUE);

products/photocrati_nextgen/modules/nextgen_addgallery_page/package.module.nextgen_addgallery_page.php CHANGED Viewed

	@@ -154,8 +154,8 @@ class A_NextGen_AddGallery_Ajax extends Mixin
154	if ($dir = urldecode($this->param('dir'))) {
155	$fs = C_Fs::get_instance();
156	$root = $this->get_import_root_abspath();
157	- ~~if (!(strpos(~~$~~dir,~~ ~~'.')~~ ~~=== 0 \|\| strpos~~($~~dir~~, ~~'/.') === 0 \|\| strpos(~~$dir~~, '\\.'~~) ~~=== 0)) {~~
158	- $browse_path ~~= $fs->join_paths~~($root, ~~$dir~~);
159	if (@file_exists($browse_path)) {
160	$files = scandir($browse_path);
161	natcasesort($files);
	@@ -197,8 +197,8 @@ class A_NextGen_AddGallery_Ajax extends Mixin
197	try {
198	$keep_files = $this->param('keep_location') == 'on';
199	$root = $this->get_import_root_abspath();
200	- if ($~~folder~~ ~~!= '.' &&~~ $folder ~~!= '..'~~) {
201	- $import_path ~~= $fs->join_paths~~($root, ~~$folder~~);
202	$retval = $storage->import_gallery_from_fs($import_path, FALSE, !$keep_files);
203	if (!$retval) {
204	$retval = array('error' => 'Could not import folder. No images found.');


154	if ($dir = urldecode($this->param('dir'))) {
155	$fs = C_Fs::get_instance();
156	$root = $this->get_import_root_abspath();
157	+ $browse_path = $fs->join_paths($root, $dir);
158	+ if (strpos(realpath($browse_path), realpath($root)) !== FALSE) {
159	if (@file_exists($browse_path)) {
160	$files = scandir($browse_path);
161	natcasesort($files);

197	try {
198	$keep_files = $this->param('keep_location') == 'on';
199	$root = $this->get_import_root_abspath();
200	+ $import_path = $fs->join_paths($root, $folder);
201	+ if (strpos(realpath($import_path), realpath($root)) !== FALSE) {
202	$retval = $storage->import_gallery_from_fs($import_path, FALSE, !$keep_files);
203	if (!$retval) {
204	$retval = array('error' => 'Could not import folder. No images found.');

products/photocrati_nextgen/modules/nextgen_data/module.nextgen_data.php CHANGED Viewed

@@ -103,5 +103,20 @@ class M_NextGen_Data extends C_Base_Module
                 	return $order_by;
+                }
+            }
             new M_NextGen_Data();


103
104	return $order_by;
105	}
106	+
107	+ static function strip_html($data, $just_scripts=FALSE)
108	+ {
109	+ $retval = $data;
110	+
111	+ if (!$just_scripts)
112	+ $retval = wp_strip_all_tags($retval, TRUE);
113	+ else {
114	+ $retval = preg_replace( '@<(script\|style)[^>]?>.?</\\1>@si', '', $retval );
115	+ $retval= preg_replace('/[\r\n\t ]+/', ' ', $retval);
116	+ }
117	+ $retval = preg_replace("/\son[^=]+=/", '', $retval);
118	+
119	+ return $retval;
120	+ }
121	}
122	new M_NextGen_Data();

products/photocrati_nextgen/modules/nextgen_data/package.module.nextgen_data.php CHANGED Viewed

	@@ -226,6 +226,8 @@ class Mixin_NextGen_Gallery_Validation
226	{
227	// If a title is present, we can auto-populate some other properties
228	if ($this->object->title) {


229	// If no name is present, use the title to generate one
230	if (!$this->object->name) {
231	$this->object->name = sanitize_file_name(sanitize_title($this->object->title));
	@@ -241,6 +243,9 @@ class Mixin_NextGen_Gallery_Validation
241	$storage = C_Gallery_Storage::get_instance();
242	$this->object->path = $storage->get_upload_relpath($this->object);
243	unset($storage);



244	}
245	$this->object->validates_presence_of('title');
246	$this->object->validates_presence_of('name');
	@@ -1728,6 +1733,13 @@ class Mixin_NextGen_Gallery_Image_Validation extends Mixin
1728	{
1729	public function validation()
1730	{







1731	$this->validates_presence_of('galleryid', 'filename', 'alttext', 'exclude', 'sortorder', 'imagedate');
1732	$this->validates_numericality_of('galleryid');
1733	$this->validates_numericality_of($this->id());


226	{
227	// If a title is present, we can auto-populate some other properties
228	if ($this->object->title) {
229	+ // Strip html
230	+ $this->object->title = M_NextGen_Data::strip_html($this->object->title, TRUE);
231	// If no name is present, use the title to generate one
232	if (!$this->object->name) {
233	$this->object->name = sanitize_file_name(sanitize_title($this->object->title));

243	$storage = C_Gallery_Storage::get_instance();
244	$this->object->path = $storage->get_upload_relpath($this->object);
245	unset($storage);
246	+ } else {
247	+ $this->object->path = M_NextGen_Data::strip_html($this->object->path);
248	+ $this->object->path = str_replace(array('"', '\'\'', '>', '<'), array('', '', '', ''), $this->object->path);
249	}
250	$this->object->validates_presence_of('title');
251	$this->object->validates_presence_of('name');

1733	{
1734	public function validation()
1735	{
1736	+ // Additional checks...
1737	+ if (isset($this->object->description)) {
1738	+ $this->object->description = M_NextGen_Data::strip_html($this->object->description, TRUE);
1739	+ }
1740	+ if (isset($this->object->alttext)) {
1741	+ $this->object->alttext = M_NextGen_Data::strip_html($this->object->alttext, TRUE);
1742	+ }
1743	$this->validates_presence_of('galleryid', 'filename', 'alttext', 'exclude', 'sortorder', 'imagedate');
1744	$this->validates_numericality_of('galleryid');
1745	$this->validates_numericality_of($this->id());

products/photocrati_nextgen/modules/ngglegacy/admin/manage.php CHANGED Viewed

	@@ -787,7 +787,7 @@ class nggManageGallery {
787	check_admin_referer('ngg_updategallery');
788
789	if ( nggGallery::current_user_can( 'NextGEN Edit gallery options' ) && !isset ($_GET['s']) ) {
790	- $tags = array('<a>', '<abbr>', '<acronym>', '<address>', '<b>', '<base>', '<basefont>', '<big>', '<blockquote>', '<br>', '<br/>', '<caption>', '<center>', '<cite>', '<code>', '<col>', '<colgroup>', '<dd>', '<del>', '<dfn>', '<dir>', '<div>', '<dl>', '<dt>', '<em>', '<fieldset>', '<font>', '<h1>', '<h2>', '<h3>', '<h4>', '<h5>', '<h6>', '<hr>', '<i>', '<img>', '<ins>', '<label>', '<legend>', '<li>', '<menu>', '<noframes>', '<noscript>', '<ol>', '<optgroup>', '<option>', '<p>', '<pre>', '<q>', '<s>', '<samp>', '<select>', '<small>', '<span>', '<strike>', '<strong>', '<sub>', '<sup>', '<table>', '<tbody>', '<td>', '<tfoot>', '<th>', '<thead>', '<tr>', '<tt>', '<u>', '<ul>');
791	$fields = array('title', 'galdesc');
792
793	// Sanitize fields
	@@ -917,7 +917,7 @@ class nggManageGallery {
917	{
918	$updated = 0;
919
920	- if (!$this->can_user_manage_gallery()) $updated;
921
922	if (isset($_POST['images']) && is_array($_POST['images'])) {
923	$image_mapper = C_Image_Mapper::get_instance();


787	check_admin_referer('ngg_updategallery');
788
789	if ( nggGallery::current_user_can( 'NextGEN Edit gallery options' ) && !isset ($_GET['s']) ) {
790	+ $tags = array('<a>', '<abbr>', '<acronym>', '<address>', '<b>', '<base>', '<basefont>', '<big>', '<blockquote>', '<br>', '<br/>', '<caption>', '<center>', '<cite>', '<code>', '<col>', '<colgroup>', '<dd>', '<del>', '<dfn>', '<dir>', '<div>', '<dl>', '<dt>', '<em>', '<fieldset>', '<font>', '<h1>', '<h2>', '<h3>', '<h4>', '<h5>', '<h6>', '<hr>', '<i>', '<img>', '<ins>', '<label>', '<legend>', '<li>', '<menu>', '<noframes>', '<noscript>', '<ol>', '<optgroup>', '<option>', '<p>', '<pre>', '<q>', '<s>', '<samp>', '<select>', '<small>', '<span>', '<strike>', '<strong>', '<sub>', '<sup>', '<table>', '<tbody>', '<td>', '<tfoot>', '<th>', '<thead>', '<tr>', '<tt>', '<u>', '<ul>');
791	$fields = array('title', 'galdesc');
792
793	// Sanitize fields

917	{
918	$updated = 0;
919
920	+ if (!$this->can_user_manage_gallery()) return $updated;
921
922	if (isset($_POST['images']) && is_array($_POST['images'])) {
923	$image_mapper = C_Image_Mapper::get_instance();

readme.txt CHANGED Viewed

	@@ -2,7 +2,7 @@
2	Contributors: photocrati
3	Tags: nextgen, nextgen gallery, gallery, galleries, image, images, image gallery, photo, photos, photo gallery, picture, pictures, picture gallery, album, albums, photo albums, image album, media, media gallery, thumbnails, thumbnail gallery, thumbnail galleries, slideshow, slideshows, slideshow gallery, slideshow galleries, fancybox, lightbox, responsive, responsive gallery, responsive galleries, wordpress responsive gallery, nextcellent, wordpress gallery plugin, wordpress photo gallery plugin, wp gallery, wp gallery plugins, best gallery plugin, free photo gallery, singlepic, image captions imagebrowser, watermarks, watermarking, photography, photographer
4	Requires at least: 4.0.0
5	- Stable tag: 2.1.20
6	Tested up to: 4.4
7	License: GPLv2
8
	@@ -199,8 +199,9 @@ For more information, feel free to visit the official website for the NextGEN Ga
199
200	== Changelog ==
201
202	- = V2.1.20 - 12.23.2015 =
203	- * ~~Fixed~~: ~~Removed~~ ~~inner~~ ~~redundant~~ ~~nextgen-gallery~~ ~~directory~~

204
205	= V2.1.19 - 12.23.2015 =
206	* Fixed: PHP warning about incorrect usage of parse_url()


2	Contributors: photocrati
3	Tags: nextgen, nextgen gallery, gallery, galleries, image, images, image gallery, photo, photos, photo gallery, picture, pictures, picture gallery, album, albums, photo albums, image album, media, media gallery, thumbnails, thumbnail gallery, thumbnail galleries, slideshow, slideshows, slideshow gallery, slideshow galleries, fancybox, lightbox, responsive, responsive gallery, responsive galleries, wordpress responsive gallery, nextcellent, wordpress gallery plugin, wordpress photo gallery plugin, wp gallery, wp gallery plugins, best gallery plugin, free photo gallery, singlepic, image captions imagebrowser, watermarks, watermarking, photography, photographer
4	Requires at least: 4.0.0
5	+ Stable tag: 2.1.23
6	Tested up to: 4.4
7	License: GPLv2
8

199
200	== Changelog ==
201
202	+ = V2.1.23 - 01.05.2015 =
203	+ * Secured: XSS vulnerabilities in Manage Gallery pages
204	+ * Secured: Ability to browse and import gallery folders
205
206	= V2.1.19 - 12.23.2015 =
207	* Fixed: PHP warning about incorrect usage of parse_url()

NextGEN Gallery – WordPress Gallery Plugin - Version 2.1.23

Version Description

Release Info

Code changes from version 2.1.20 to 2.1.23