Version Description
- 11.22.2016 =
- Secured: Ensure that only .css files can be edited using Styles tab
Download this release
Release Info
| Developer | photocrati |
| Plugin |  NextGEN Gallery – WordPress Gallery Plugin |
| Version | 2.1.60 |
| Comparing to | |
| See all releases | |
Code changes from version 2.1.59 to 2.1.60
changelog.txt
CHANGED
|
@@ -1,6 +1,9 @@
|
|
| 1 |
NextGEN Gallery
|
| 2 |
by Imagely
|
| 3 |
|
|
|
|
|
|
|
|
|
|
| 4 |
= V2.1.59 - 11.22.2016 =
|
| 5 |
* Secured: Ability to customize CSS Styles
|
| 6 |
* Changed: readme.txt improvements
|
|
@@ -8,6 +11,8 @@ by Imagely
|
|
| 8 |
* Fixed: IGW-inserted tagclouds are incorrect
|
| 9 |
|
| 10 |
= V2.1.57 - 11.14.2016 =
|
|
|
|
|
|
|
| 11 |
* Changed: Display type icons are now clickable in the Insert Gallery Window
|
| 12 |
* Changed: Include backup image files when coping/moving a gallery
|
| 13 |
* Changed: Show gallery name in upload notification
|
| 1 |
NextGEN Gallery
|
| 2 |
by Imagely
|
| 3 |
|
| 4 |
+
= V2.1.60 - 11.22.2016 =
|
| 5 |
+
* Secured: Ensure that only .css files can be edited using Styles tab
|
| 6 |
+
|
| 7 |
= V2.1.59 - 11.22.2016 =
|
| 8 |
* Secured: Ability to customize CSS Styles
|
| 9 |
* Changed: readme.txt improvements
|
| 11 |
* Fixed: IGW-inserted tagclouds are incorrect
|
| 12 |
|
| 13 |
= V2.1.57 - 11.14.2016 =
|
| 14 |
+
* Secured: Custom Styles may only be written to specific directories
|
| 15 |
+
* Secured: SQL injection vulnerability for gallery names
|
| 16 |
* Changed: Display type icons are now clickable in the Insert Gallery Window
|
| 17 |
* Changed: Include backup image files when coping/moving a gallery
|
| 18 |
* Changed: Show gallery name in upload notification
|
nggallery.php
CHANGED
|
@@ -4,7 +4,7 @@ if(preg_match('#' . basename(__FILE__) . '#', $_SERVER['PHP_SELF'])) { die('You
|
|
| 4 |
/**
|
| 5 |
* Plugin Name: NextGEN Gallery
|
| 6 |
* Description: The most popular gallery plugin for WordPress and one of the most popular plugins of all time with over 16 million downloads.
|
| 7 |
-
* Version: 2.1.
|
| 8 |
* Author: Imagely
|
| 9 |
* Plugin URI: https://www.imagely.com/wordpress-gallery-plugin/nextgen-gallery/
|
| 10 |
* Author URI: https://www.imagely.com
|
|
@@ -596,7 +596,7 @@ class C_NextGEN_Bootstrap
|
|
| 596 |
define('NGG_PRODUCT_URL', path_join(str_replace("\\", '/', NGG_PLUGIN_URL), 'products'));
|
| 597 |
define('NGG_MODULE_URL', path_join(str_replace("\\", '/', NGG_PRODUCT_URL), 'photocrati_nextgen/modules'));
|
| 598 |
define('NGG_PLUGIN_STARTED_AT', microtime());
|
| 599 |
-
define('NGG_PLUGIN_VERSION', '2.1.
|
| 600 |
|
| 601 |
if (defined('SCRIPT_DEBUG') && SCRIPT_DEBUG)
|
| 602 |
define('NGG_SCRIPT_VERSION', (string)mt_rand(0, mt_getrandmax()));
|
| 4 |
/**
|
| 5 |
* Plugin Name: NextGEN Gallery
|
| 6 |
* Description: The most popular gallery plugin for WordPress and one of the most popular plugins of all time with over 16 million downloads.
|
| 7 |
+
* Version: 2.1.60
|
| 8 |
* Author: Imagely
|
| 9 |
* Plugin URI: https://www.imagely.com/wordpress-gallery-plugin/nextgen-gallery/
|
| 10 |
* Author URI: https://www.imagely.com
|
| 596 |
define('NGG_PRODUCT_URL', path_join(str_replace("\\", '/', NGG_PLUGIN_URL), 'products'));
|
| 597 |
define('NGG_MODULE_URL', path_join(str_replace("\\", '/', NGG_PRODUCT_URL), 'photocrati_nextgen/modules'));
|
| 598 |
define('NGG_PLUGIN_STARTED_AT', microtime());
|
| 599 |
+
define('NGG_PLUGIN_VERSION', '2.1.60');
|
| 600 |
|
| 601 |
if (defined('SCRIPT_DEBUG') && SCRIPT_DEBUG)
|
| 602 |
define('NGG_SCRIPT_VERSION', (string)mt_rand(0, mt_getrandmax()));
|
products/photocrati_nextgen/modules/nextgen_other_options/package.module.nextgen_other_options.php
CHANGED
|
@@ -482,14 +482,18 @@ class A_Styles_Form extends Mixin
|
|
| 482 |
{
|
| 483 |
// Ensure that we have
|
| 484 |
if ($settings = $this->object->param('style_settings')) {
|
| 485 |
-
|
| 486 |
// the desired file, but users shouldn't use this to write files that don't end in .css anyway
|
| 487 |
-
|
| 488 |
-
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 489 |
}
|
| 490 |
-
$this->object->get_model()->set($settings)->save();
|
| 491 |
// Are we to modify the CSS file?
|
| 492 |
-
if ($contents = $this->object->param('cssfile_contents')) {
|
| 493 |
// Find filename
|
| 494 |
$css_file = $settings['CSSfile'];
|
| 495 |
$styles = C_NextGen_Style_Manager::get_instance();
|
| 482 |
{
|
| 483 |
// Ensure that we have
|
| 484 |
if ($settings = $this->object->param('style_settings')) {
|
| 485 |
+
$valid = TRUE;
|
| 486 |
// the desired file, but users shouldn't use this to write files that don't end in .css anyway
|
| 487 |
+
$file_info = pathinfo($settings['CSSfile']);
|
| 488 |
+
if (strpos($file_info['extension'], 'css') === FALSE) {
|
| 489 |
+
$valid = FALSE;
|
| 490 |
+
}
|
| 491 |
+
// TODO: C_Page's add_error() doesn't seem to work here so we should report that we aren't saving
|
| 492 |
+
if ($valid) {
|
| 493 |
+
$this->object->get_model()->set($settings)->save();
|
| 494 |
}
|
|
|
|
| 495 |
// Are we to modify the CSS file?
|
| 496 |
+
if ($valid && ($contents = $this->object->param('cssfile_contents'))) {
|
| 497 |
// Find filename
|
| 498 |
$css_file = $settings['CSSfile'];
|
| 499 |
$styles = C_NextGen_Style_Manager::get_instance();
|
readme.txt
CHANGED
|
@@ -2,7 +2,7 @@
|
|
| 2 |
Contributors: photocrati, imagely
|
| 3 |
Tags: gallery, wordpress gallery plugin, nextgen, nextgen gallery, photo gallery, photo album, photos, image gallery, image, images, photography, photographer, watermarking, responsive gallery, slideshow, thumbnail gallery, watermarking, watermark
|
| 4 |
Requires at least: 4.0.0
|
| 5 |
-
Stable tag: 2.1.
|
| 6 |
Tested up to: 4.7.0
|
| 7 |
License: GPLv2
|
| 8 |
|
|
@@ -187,6 +187,9 @@ For more information, feel free to visit the official website for the NextGEN Ga
|
|
| 187 |
|
| 188 |
== Changelog ==
|
| 189 |
|
|
|
|
|
|
|
|
|
|
| 190 |
= V2.1.59 - 11.22.2016 =
|
| 191 |
* Secured: Ability to customize CSS Styles
|
| 192 |
* Changed: readme.txt improvements
|
|
@@ -194,6 +197,8 @@ For more information, feel free to visit the official website for the NextGEN Ga
|
|
| 194 |
* Fixed: IGW-inserted tagclouds are incorrect
|
| 195 |
|
| 196 |
= V2.1.57 - 11.14.2016 =
|
|
|
|
|
|
|
| 197 |
* Changed: Display type icons are now clickable in the Insert Gallery Window
|
| 198 |
* Changed: Include backup image files when coping/moving a gallery
|
| 199 |
* Changed: Show gallery name in upload notification
|
| 2 |
Contributors: photocrati, imagely
|
| 3 |
Tags: gallery, wordpress gallery plugin, nextgen, nextgen gallery, photo gallery, photo album, photos, image gallery, image, images, photography, photographer, watermarking, responsive gallery, slideshow, thumbnail gallery, watermarking, watermark
|
| 4 |
Requires at least: 4.0.0
|
| 5 |
+
Stable tag: 2.1.60
|
| 6 |
Tested up to: 4.7.0
|
| 7 |
License: GPLv2
|
| 8 |
|
| 187 |
|
| 188 |
== Changelog ==
|
| 189 |
|
| 190 |
+
= V2.1.60 - 11.22.2016 =
|
| 191 |
+
* Secured: Ensure that only .css files can be edited using Styles tab
|
| 192 |
+
|
| 193 |
= V2.1.59 - 11.22.2016 =
|
| 194 |
* Secured: Ability to customize CSS Styles
|
| 195 |
* Changed: readme.txt improvements
|
| 197 |
* Fixed: IGW-inserted tagclouds are incorrect
|
| 198 |
|
| 199 |
= V2.1.57 - 11.14.2016 =
|
| 200 |
+
* Secured: Custom Styles may only be written to specific directories
|
| 201 |
+
* Secured: SQL injection vulnerability for gallery names
|
| 202 |
* Changed: Display type icons are now clickable in the Insert Gallery Window
|
| 203 |
* Changed: Include backup image files when coping/moving a gallery
|
| 204 |
* Changed: Show gallery name in upload notification
|
