NextGEN Gallery – WordPress Gallery Plugin - Version 2.2.50

Version Description

  • 02.20.2018 =
  • Secured: Gallery paths and the ability to manage tags
  • Kudos: ElevenPaths (Telefonica Cybersecurity Unit)
Download this release

Release Info

Developer photocrati
Plugin Icon 128x128 NextGEN Gallery – WordPress Gallery Plugin
Version 2.2.50
Comparing to
See all releases

Code changes from version 2.2.46 to 2.2.50

Files changed (10) hide show
  1. changelog.txt +4 -0
  2. nggallery.php +2 -2
  3. products/photocrati_nextgen/modules/fs/package.module.fs.php +17 -0
  4. products/photocrati_nextgen/modules/nextgen_data/package.module.nextgen_data.php +14 -0
  5. products/photocrati_nextgen/modules/nextgen_other_options/package.module.nextgen_other_options.php +11 -23
  6. products/photocrati_nextgen/modules/ngglegacy/admin/manage.php +29 -14
  7. products/photocrati_nextgen/modules/ngglegacy/admin/tags.php +2 -1
  8. products/photocrati_nextgen/modules/ngglegacy/admin/wpmu.php +13 -2
  9. products/photocrati_nextgen/modules/ngglegacy/module.ngglegacy.php +1 -1
  10. readme.txt +5 -1
changelog.txt CHANGED
@@ -1,6 +1,10 @@
1
  NextGEN Gallery
2
  by Imagely
3
 
 
 
 
 
4
  = V2.2.46 - 02.15.2018 =
5
  * Fixed: Broken Manage Albums page
6
 
1
  NextGEN Gallery
2
  by Imagely
3
 
4
+ = V2.2.50 - 02.20.2018 =
5
+ * Secured: Gallery paths and the ability to manage tags
6
+ * Kudos: ElevenPaths (Telefonica cibersecurity Unit)
7
+
8
  = V2.2.46 - 02.15.2018 =
9
  * Fixed: Broken Manage Albums page
10
 
nggallery.php CHANGED
@@ -4,7 +4,7 @@ if(preg_match('#' . basename(__FILE__) . '#', $_SERVER['PHP_SELF'])) { die('You
4
  /**
5
  * Plugin Name: NextGEN Gallery
6
  * Description: The most popular gallery plugin for WordPress and one of the most popular plugins of all time with over 20 million downloads.
7
- * Version: 2.2.46
8
  * Author: Imagely
9
  * Plugin URI: https://www.imagely.com/wordpress-gallery-plugin/nextgen-gallery/
10
  * Author URI: https://www.imagely.com
@@ -672,7 +672,7 @@ class C_NextGEN_Bootstrap
672
  define('NGG_PRODUCT_URL', path_join(str_replace("\\", '/', NGG_PLUGIN_URL), 'products'));
673
  define('NGG_MODULE_URL', path_join(str_replace("\\", '/', NGG_PRODUCT_URL), 'photocrati_nextgen/modules'));
674
  define('NGG_PLUGIN_STARTED_AT', microtime());
675
- define('NGG_PLUGIN_VERSION', '2.2.46');
676
 
677
  if (defined('SCRIPT_DEBUG') && SCRIPT_DEBUG)
678
  define('NGG_SCRIPT_VERSION', (string)mt_rand(0, mt_getrandmax()));
4
  /**
5
  * Plugin Name: NextGEN Gallery
6
  * Description: The most popular gallery plugin for WordPress and one of the most popular plugins of all time with over 20 million downloads.
7
+ * Version: 2.2.50
8
  * Author: Imagely
9
  * Plugin URI: https://www.imagely.com/wordpress-gallery-plugin/nextgen-gallery/
10
  * Author URI: https://www.imagely.com
672
  define('NGG_PRODUCT_URL', path_join(str_replace("\\", '/', NGG_PLUGIN_URL), 'products'));
673
  define('NGG_MODULE_URL', path_join(str_replace("\\", '/', NGG_PRODUCT_URL), 'photocrati_nextgen/modules'));
674
  define('NGG_PLUGIN_STARTED_AT', microtime());
675
+ define('NGG_PLUGIN_VERSION', '2.2.50');
676
 
677
  if (defined('SCRIPT_DEBUG') && SCRIPT_DEBUG)
678
  define('NGG_SCRIPT_VERSION', (string)mt_rand(0, mt_getrandmax()));
products/photocrati_nextgen/modules/fs/package.module.fs.php CHANGED
@@ -346,6 +346,23 @@ class Mixin_Fs_Instance_Methods extends Mixin
346
  }
347
  return $retval;
348
  }
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
349
  /**
350
  * Sets the document root for this application
351
  * @param type $value
346
  }
347
  return $retval;
348
  }
349
+ function get_absolute_path($path)
350
+ {
351
+ $path = str_replace(array('/', '\\'), DIRECTORY_SEPARATOR, $path);
352
+ $parts = array_filter(explode(DIRECTORY_SEPARATOR, $path), 'strlen');
353
+ $absolutes = array();
354
+ foreach ($parts as $part) {
355
+ if ('.' == $part) {
356
+ continue;
357
+ }
358
+ if ('..' == $part) {
359
+ array_pop($absolutes);
360
+ } else {
361
+ $absolutes[] = $part;
362
+ }
363
+ }
364
+ return implode(DIRECTORY_SEPARATOR, $absolutes);
365
+ }
366
  /**
367
  * Sets the document root for this application
368
  * @param type $value
products/photocrati_nextgen/modules/nextgen_data/package.module.nextgen_data.php CHANGED
@@ -282,6 +282,20 @@ class Mixin_NextGen_Gallery_Validation
282
  $this->object->path = M_NextGen_Data::strip_html($this->object->path);
283
  $this->object->path = str_replace(array('"', "''", ">", "<"), array('', '', '', ''), $this->object->path);
284
  }
 
 
 
 
 
 
 
 
 
 
 
 
 
 
285
  $this->object->validates_presence_of('title');
286
  $this->object->validates_presence_of('name');
287
  $this->object->validates_uniqueness_of('slug');
282
  $this->object->path = M_NextGen_Data::strip_html($this->object->path);
283
  $this->object->path = str_replace(array('"', "''", ">", "<"), array('', '', '', ''), $this->object->path);
284
  }
285
+ // Ensure that the gallery path is restriected to $fs->get_document_root('galleries')
286
+ $fs = C_Fs::get_instance();
287
+ $root = $fs->get_document_root('galleries');
288
+ $gallery_abspath = $fs->get_absolute_path($fs->join_paths($root, $this->object->path));
289
+ if ($gallery_abspath[0] != DIRECTORY_SEPARATOR) {
290
+ $gallery_abspath = DIRECTORY_SEPARATOR . $gallery_abspath;
291
+ }
292
+ if (strpos($gallery_abspath, $root) === FALSE) {
293
+ $this->object->add_error(sprintf(__("Gallery path must be located in %s", 'nggallery'), $root), 'gallerypath');
294
+ $storage = C_Gallery_Storage::get_instance();
295
+ $this->object->path = $storage->get_upload_relpath($this->object);
296
+ unset($storage);
297
+ }
298
+ $this->object->path = trailingslashit($this->object->path);
299
  $this->object->validates_presence_of('title');
300
  $this->object->validates_presence_of('name');
301
  $this->object->validates_uniqueness_of('slug');
products/photocrati_nextgen/modules/nextgen_other_options/package.module.nextgen_other_options.php CHANGED
@@ -154,30 +154,18 @@ class A_Image_Options_Form extends Mixin
154
  // Update the gallery path. Moves all images to the new location
155
  if (isset($image_options['gallerypath']) && (!is_multisite() || get_current_blog_id() == 1)) {
156
  $fs = C_Fs::get_instance();
157
- $original_dir = $fs->get_abspath($this->object->get_model()->get('gallerypath'));
158
- $new_dir = $fs->get_abspath($image_options['gallerypath']);
159
  $image_options['gallerypath'] = $fs->add_trailing_slash($image_options['gallerypath']);
160
- // Note: the below file move is disabled because it's quite unreliable as it doesn't perform any checks
161
- // For instance changing gallery path from /wp-content to /wp-content/gallery would attempt a recursive copy and then delete ALL files under wp-content, which would be disastreus
162
- # // If the gallery path has changed...
163
- # if ($original_dir != $new_dir) {
164
- # // Try creating the new directory
165
- # if ($this->object->_create_gallery_storage_dir($new_dir) AND is_writable($new_dir)) {
166
- # // Try moving files
167
- # $this->object->recursive_copy($original_dir, $new_dir);
168
- # $this->object->recursive_delete($original_dir);
169
- # // Update gallery paths
170
- # $mapper = $this->get_registry()->get_utility('I_Gallery_Mapper');
171
- # foreach ($mapper->find_all() as $gallery) {
172
- # $gallery->path = $image_options['gallerypath'] . $gallery->name;
173
- # $mapper->save($gallery);
174
- # }
175
- # }
176
- # else {
177
- # $this->get_model()->add_error("Unable to change gallery path. Insufficient filesystem permissions");
178
- # $save = FALSE;
179
- # }
180
- # }
181
  } elseif (isset($image_options['gallerypath'])) {
182
  unset($image_options['gallerypath']);
183
  }
154
  // Update the gallery path. Moves all images to the new location
155
  if (isset($image_options['gallerypath']) && (!is_multisite() || get_current_blog_id() == 1)) {
156
  $fs = C_Fs::get_instance();
157
+ $root = $fs->get_document_root('galleries');
 
158
  $image_options['gallerypath'] = $fs->add_trailing_slash($image_options['gallerypath']);
159
+ $gallery_abspath = $fs->get_absolute_path($fs->join_paths($root, $image_options['gallerypath']));
160
+ if ($gallery_abspath[0] != DIRECTORY_SEPARATOR) {
161
+ $gallery_abspath = DIRECTORY_SEPARATOR . $gallery_abspath;
162
+ }
163
+ if (strpos($gallery_abspath, $root) === FALSE) {
164
+ $this->object->get_model()->add_error(sprintf(__("Gallery path must be located in %s", 'nggallery'), $root), 'gallerypath');
165
+ $storage = C_Gallery_Storage::get_instance();
166
+ $image_options['gallerypath'] = trailingslashit($storage->get_upload_relpath());
167
+ unset($storage);
168
+ }
 
 
 
 
 
 
 
 
 
 
 
169
  } elseif (isset($image_options['gallerypath'])) {
170
  unset($image_options['gallerypath']);
171
  }
products/photocrati_nextgen/modules/ngglegacy/admin/manage.php CHANGED
@@ -17,7 +17,7 @@ class nggManageGallery {
17
  // GET variables
18
  if( isset($_GET['gid']) ) {
19
  $this->gid = (int) $_GET['gid'];
20
- $this->gallery = C_Gallery_Mapper::get_instance()->find($this->gid);
21
  }
22
  if( isset($_GET['pid']) )
23
  $this->pid = (int) $_GET['pid'];
@@ -798,6 +798,8 @@ class nggManageGallery {
798
 
799
  if (isset ($_POST['updatepictures']) ) {
800
  // Update pictures
 
 
801
 
802
  check_admin_referer('ngg_updategallery');
803
 
@@ -813,29 +815,42 @@ class nggManageGallery {
813
  $html = strip_tags($html, implode('', $tags));
814
  $_POST[$field] = $html;
815
  }
 
 
816
 
817
  // Update the gallery
818
- $mapper = C_Gallery_Mapper::get_instance();
819
- if ($entity = $mapper->find($this->gid)) {
820
- foreach ($_POST as $key => $value) {
821
- $entity->$key = $value;
822
- }
823
- $mapper->save($entity);
824
  }
825
 
826
- if ($entity->path == '../' || FALSE !== strpos($entity->path, '/../'))
827
- nggGallery::show_message(sprintf(__('One or more "../" in Gallery paths could be unsafe and NextGen Gallery will not delete this gallery automatically', 'nggallery'), $entity->{$entity->id_field}));
 
 
 
828
 
829
- wp_cache_delete($this->gid, 'ngg_gallery');
 
 
 
 
 
 
830
 
 
 
 
831
  }
832
 
833
- $this->update_pictures();
834
 
835
- //hook for other plugin to update the fields
836
- do_action('ngg_update_gallery', $this->gid, $_POST);
 
 
 
837
 
838
- nggGallery::show_message(__('Updated successfully', 'nggallery'));
 
839
  }
840
 
841
  if (isset ($_POST['scanfolder'])) {
17
  // GET variables
18
  if( isset($_GET['gid']) ) {
19
  $this->gid = (int) $_GET['gid'];
20
+ $this->gallery = C_Gallery_Mapper::get_instance()->find($this->gid, TRUE);
21
  }
22
  if( isset($_GET['pid']) )
23
  $this->pid = (int) $_GET['pid'];
798
 
799
  if (isset ($_POST['updatepictures']) ) {
800
  // Update pictures
801
+ $success = FALSE;
802
+
803
 
804
  check_admin_referer('ngg_updategallery');
805
 
815
  $html = strip_tags($html, implode('', $tags));
816
  $_POST[$field] = $html;
817
  }
818
+
819
+ $mapper = C_Gallery_Mapper::get_instance();
820
 
821
  // Update the gallery
822
+ if (!$this->gallery) {
823
+ $this->gallery = $mapper->find($this->gid, TRUE);
 
 
 
 
824
  }
825
 
826
+ if ($this->gallery) {
827
+ foreach ($_POST as $key => $value) {
828
+ $this->gallery->$key = $value;
829
+ }
830
+ $mapper->save($this->gallery);
831
 
832
+ if ($this->gallery->is_invalid()) {
833
+ foreach ($this->gallery->get_errors() as $property => $errors) {
834
+ foreach ($errors as $error) {
835
+ nggGallery::show_error($error);
836
+ }
837
+ }
838
+ }
839
 
840
+ wp_cache_delete($this->gid, 'ngg_gallery');
841
+ $success = $this->gallery->is_valid();
842
+ }
843
  }
844
 
 
845
 
846
+ if ($success) {
847
+ $this->update_pictures();
848
+
849
+ //hook for other plugin to update the fields
850
+ do_action('ngg_update_gallery', $this->gid, $_POST);
851
 
852
+ nggGallery::show_message(__('Updated successfully', 'nggallery'));
853
+ }
854
  }
855
 
856
  if (isset ($_POST['scanfolder'])) {
products/photocrati_nextgen/modules/ngglegacy/admin/tags.php CHANGED
@@ -20,8 +20,9 @@ if ( isset($_POST['tag_action']) ) {
20
  $todelete = (isset($_POST['deletetag_name'])) ? $_POST['deletetag_name'] : '';
21
  $action_status = nggTags::delete_tags( $todelete );
22
  } elseif ( $_POST['tag_action'] == 'editslug' ) {
23
- $matchtag = (isset($_POST['tagname_match'])) ? $_POST['tagname_match'] : '';
24
  $newslug = (isset($_POST['tagslug_new'])) ? $_POST['tagslug_new'] : '';
 
25
  $action_status = nggTags::edit_tag_slug( $matchtag, $newslug );
26
  }
27
  }
20
  $todelete = (isset($_POST['deletetag_name'])) ? $_POST['deletetag_name'] : '';
21
  $action_status = nggTags::delete_tags( $todelete );
22
  } elseif ( $_POST['tag_action'] == 'editslug' ) {
23
+ $matchtag = esc_html((isset($_POST['tagname_match'])) ? $_POST['tagname_match'] : '');
24
  $newslug = (isset($_POST['tagslug_new'])) ? $_POST['tagslug_new'] : '';
25
+ $newslug = esc_html(M_NextGen_Data::strip_html($newslug));
26
  $action_status = nggTags::edit_tag_slug( $matchtag, $newslug );
27
  }
28
  }
products/photocrati_nextgen/modules/ngglegacy/admin/wpmu.php CHANGED
@@ -28,9 +28,20 @@ if(preg_match('#' . basename(__FILE__) . '#', $_SERVER['PHP_SELF'])) { die('You
28
 
29
  // the path should always end with a slash
30
  $ngg_options['gallerypath'] = trailingslashit($ngg_options['gallerypath']);
 
 
 
 
 
 
 
 
 
 
 
 
 
31
  update_site_option('ngg_options', $ngg_options);
32
-
33
- $messagetext = __('Updated successfully','nggallery');
34
  }
35
 
36
  // Show donation message only one time.
28
 
29
  // the path should always end with a slash
30
  $ngg_options['gallerypath'] = trailingslashit($ngg_options['gallerypath']);
31
+ $fs = C_Fs::get_instance();
32
+ $root = $fs->get_document_root('galleries');
33
+ $gallery_abspath = $fs->get_absolute_path($fs->join_paths($root, $ngg_options['gallerypath']));
34
+ if ($gallery_abspath[0] != DIRECTORY_SEPARATOR) $gallery_abspath = DIRECTORY_SEPARATOR.$gallery_abspath;
35
+ if (strpos($gallery_abspath, $root) === FALSE) {
36
+ $messagetext = sprintf(__("Gallery path must be located in %s", 'nggallery'), $root);
37
+ $storage = C_Gallery_Storage::get_instance();
38
+ $ngg_options['gallerypath'] = implode(DIRECTORY_SEPARATOR, array('wp-content', 'uploads', 'sites', '%BLOG_ID%', 'nggallery')).DIRECTORY_SEPARATOR;
39
+ unset($storage);
40
+ }
41
+ else {
42
+ $messagetext = __('Updated successfully','nggallery');
43
+ }
44
  update_site_option('ngg_options', $ngg_options);
 
 
45
  }
46
 
47
  // Show donation message only one time.
products/photocrati_nextgen/modules/ngglegacy/module.ngglegacy.php CHANGED
@@ -23,7 +23,7 @@ class M_NggLegacy extends C_Base_Module
23
  'photocrati-nextgen-legacy',
24
  'NextGEN Legacy',
25
  'Embeds the original version of NextGEN 1.9.3 by Alex Rabe',
26
- '0.23',
27
  'https://www.imagely.com/wordpress-gallery-plugin/nextgen-gallery/',
28
  'Imagely',
29
  'https://www.imagely.com'
23
  'photocrati-nextgen-legacy',
24
  'NextGEN Legacy',
25
  'Embeds the original version of NextGEN 1.9.3 by Alex Rabe',
26
+ '0.26',
27
  'https://www.imagely.com/wordpress-gallery-plugin/nextgen-gallery/',
28
  'Imagely',
29
  'https://www.imagely.com'
readme.txt CHANGED
@@ -2,7 +2,7 @@
2
  Contributors: photocrati, imagely
3
  Tags: wordpress gallery plugin, gallery, nextgen, nextgen gallery, photo gallery, image gallery, photography, slideshow, images, photo, photo album, watermark
4
  Requires at least: 4.0.0
5
- Stable tag: 2.2.46
6
  Tested up to: 4.9.2
7
  License: GPLv2
8
 
@@ -187,6 +187,10 @@ For more information, feel free to visit the official website for the NextGEN Ga
187
 
188
  == Changelog ==
189
 
 
 
 
 
190
  = V2.2.46 - 02.15.2018 =
191
  * Fixed: Broken Manage Albums page
192
 
2
  Contributors: photocrati, imagely
3
  Tags: wordpress gallery plugin, gallery, nextgen, nextgen gallery, photo gallery, image gallery, photography, slideshow, images, photo, photo album, watermark
4
  Requires at least: 4.0.0
5
+ Stable tag: 2.2.50
6
  Tested up to: 4.9.2
7
  License: GPLv2
8
 
187
 
188
  == Changelog ==
189
 
190
+ = V2.2.50 - 02.20.2018 =
191
+ * Secured: Gallery paths and the ability to manage tags
192
+ * Kudos: ElevenPaths (Telefonica Cybersecurity Unit)
193
+
194
  = V2.2.46 - 02.15.2018 =
195
  * Fixed: Broken Manage Albums page
196