Version Description
- Fixed: Security issue
Download this release
Release Info
Developer | webdorado |
Plugin | Photo Gallery by WD – Responsive Photo Gallery |
Version | 1.2.42 |
Comparing to | |
See all releases |
Code changes from version 1.2.41 to 1.2.42
admin/models/BWGModelAlbums_bwg.php
CHANGED
@@ -37,9 +37,10 @@ class BWGModelAlbums_bwg {
|
|
37 |
$where = " WHERE author>=0 ";
|
38 |
}
|
39 |
$where .= ((isset($_POST['search_value'])) ? ' AND name LIKE "%' . esc_html(stripslashes($_POST['search_value'])) . '%"' : '');
|
40 |
-
$asc_or_desc = ((isset($_POST['asc_or_desc'])
|
41 |
-
$
|
42 |
-
$order_by =
|
|
|
43 |
if (isset($_POST['page_number']) && $_POST['page_number']) {
|
44 |
$limit = ((int) $_POST['page_number'] - 1) * $this->per_page;
|
45 |
}
|
37 |
$where = " WHERE author>=0 ";
|
38 |
}
|
39 |
$where .= ((isset($_POST['search_value'])) ? ' AND name LIKE "%' . esc_html(stripslashes($_POST['search_value'])) . '%"' : '');
|
40 |
+
$asc_or_desc = ((isset($_POST['asc_or_desc']) && esc_html($_POST['asc_or_desc']) == 'desc') ? 'desc' : 'asc');
|
41 |
+
$order_by_arr = array('id', 'name', 'slug', 'order', 'author', 'published');
|
42 |
+
$order_by = ((isset($_POST['order_by']) && in_array(esc_html($_POST['order_by']), $order_by_arr)) ? esc_html($_POST['order_by']) : 'order');
|
43 |
+
$order_by = ' ORDER BY `' . $order_by . '` ' . $asc_or_desc;
|
44 |
if (isset($_POST['page_number']) && $_POST['page_number']) {
|
45 |
$limit = ((int) $_POST['page_number'] - 1) * $this->per_page;
|
46 |
}
|
admin/models/BWGModelGalleries_bwg.php
CHANGED
@@ -39,18 +39,20 @@ class BWGModelGalleries_bwg {
|
|
39 |
$where = " WHERE author>=0 ";
|
40 |
}
|
41 |
$where .= ((isset($_POST['search_value'])) ? ' AND filename LIKE "%' . esc_html(stripslashes($_POST['search_value'])) . '%"' : '');
|
42 |
-
$asc_or_desc = ((isset($_POST['asc_or_desc'])) ? esc_html(stripslashes($_POST['asc_or_desc'])) : 'asc');
|
43 |
$image_asc_or_desc = ((isset($_POST['image_asc_or_desc'])) ? esc_html(stripslashes($_POST['image_asc_or_desc'])) : ((isset($_COOKIE['bwg_image_asc_or_desc'])) ? esc_html(stripslashes($_COOKIE['bwg_image_asc_or_desc'])) : 'asc'));
|
44 |
$image_asc_or_desc = ($image_asc_or_desc != 'asc') ? 'desc' : 'asc';
|
45 |
$image_order_by = ((isset($_POST['image_order_by']) && esc_html(stripslashes($_POST['image_order_by'])) != '') ? esc_html(stripslashes($_POST['image_order_by'])) : ((isset($_COOKIE['bwg_image_order_by']) && esc_html(stripslashes($_COOKIE['bwg_image_order_by'])) != '') ? esc_html(stripslashes($_COOKIE['bwg_image_order_by'])) : 'order'));
|
|
|
|
|
46 |
$image_order_by = ' ORDER BY `' . $image_order_by . '` ' . $image_asc_or_desc;
|
|
|
47 |
if (isset($_POST['page_number']) && $_POST['page_number']) {
|
48 |
$limit = ((int) $_POST['page_number'] - 1) * $this->per_page;
|
49 |
}
|
50 |
else {
|
51 |
$limit = 0;
|
52 |
}
|
53 |
-
$row = $wpdb->get_results("SELECT * FROM " . $wpdb->prefix . "bwg_image " . $where . " AND gallery_id='" . $gallery_id . "' " . $image_order_by . " LIMIT " . $limit . ","
|
54 |
return $row;
|
55 |
}
|
56 |
|
@@ -69,9 +71,10 @@ class BWGModelGalleries_bwg {
|
|
69 |
$where = " WHERE author>=0 ";
|
70 |
}
|
71 |
$where .= ((isset($_POST['search_value'])) ? ' AND name LIKE "%' . esc_html(stripslashes($_POST['search_value'])) . '%"' : '');
|
72 |
-
$asc_or_desc = ((isset($_POST['asc_or_desc'])
|
73 |
-
$
|
74 |
-
$order_by =
|
|
|
75 |
if (isset($_POST['page_number']) && $_POST['page_number']) {
|
76 |
$limit = ((int) $_POST['page_number'] - 1) * $this->per_page;
|
77 |
}
|
39 |
$where = " WHERE author>=0 ";
|
40 |
}
|
41 |
$where .= ((isset($_POST['search_value'])) ? ' AND filename LIKE "%' . esc_html(stripslashes($_POST['search_value'])) . '%"' : '');
|
|
|
42 |
$image_asc_or_desc = ((isset($_POST['image_asc_or_desc'])) ? esc_html(stripslashes($_POST['image_asc_or_desc'])) : ((isset($_COOKIE['bwg_image_asc_or_desc'])) ? esc_html(stripslashes($_COOKIE['bwg_image_asc_or_desc'])) : 'asc'));
|
43 |
$image_asc_or_desc = ($image_asc_or_desc != 'asc') ? 'desc' : 'asc';
|
44 |
$image_order_by = ((isset($_POST['image_order_by']) && esc_html(stripslashes($_POST['image_order_by'])) != '') ? esc_html(stripslashes($_POST['image_order_by'])) : ((isset($_COOKIE['bwg_image_order_by']) && esc_html(stripslashes($_COOKIE['bwg_image_order_by'])) != '') ? esc_html(stripslashes($_COOKIE['bwg_image_order_by'])) : 'order'));
|
45 |
+
$order_by_arr = array('filename', 'alt', 'description', 'published');
|
46 |
+
$image_order_by = in_array($image_order_by, $order_by_arr) ? $image_order_by : 'order';
|
47 |
$image_order_by = ' ORDER BY `' . $image_order_by . '` ' . $image_asc_or_desc;
|
48 |
+
|
49 |
if (isset($_POST['page_number']) && $_POST['page_number']) {
|
50 |
$limit = ((int) $_POST['page_number'] - 1) * $this->per_page;
|
51 |
}
|
52 |
else {
|
53 |
$limit = 0;
|
54 |
}
|
55 |
+
$row = $wpdb->get_results("SELECT * FROM " . $wpdb->prefix . "bwg_image " . $where . " AND gallery_id='" . $gallery_id . "' " . $image_order_by . " LIMIT " . $limit . "," . $this->per_page);
|
56 |
return $row;
|
57 |
}
|
58 |
|
71 |
$where = " WHERE author>=0 ";
|
72 |
}
|
73 |
$where .= ((isset($_POST['search_value'])) ? ' AND name LIKE "%' . esc_html(stripslashes($_POST['search_value'])) . '%"' : '');
|
74 |
+
$asc_or_desc = ((isset($_POST['asc_or_desc']) && esc_html($_POST['asc_or_desc']) == 'desc') ? 'desc' : 'asc');
|
75 |
+
$order_by_arr = array('id', 'name', 'slug', 'order', 'author', 'published');
|
76 |
+
$order_by = ((isset($_POST['order_by']) && in_array(esc_html($_POST['order_by']), $order_by_arr)) ? esc_html($_POST['order_by']) : 'order');
|
77 |
+
$order_by = ' ORDER BY `' . $order_by . '` ' . $asc_or_desc;
|
78 |
if (isset($_POST['page_number']) && $_POST['page_number']) {
|
79 |
$limit = ((int) $_POST['page_number'] - 1) * $this->per_page;
|
80 |
}
|
admin/models/BWGModelTags_bwg.php
CHANGED
@@ -32,16 +32,17 @@ class BWGModelTags_bwg {
|
|
32 |
public function get_rows_data() {
|
33 |
global $wpdb;
|
34 |
$where = ((isset($_POST['search_value']) && (esc_html(stripslashes($_POST['search_value'])) != '')) ? 'AND A.name LIKE "%' . esc_html(stripslashes($_POST['search_value'])) . '%"' : '');
|
35 |
-
$asc_or_desc = ((isset($_POST['asc_or_desc'])
|
36 |
-
$
|
37 |
-
$order_by =
|
|
|
38 |
if (isset($_POST['page_number']) && $_POST['page_number']) {
|
39 |
$limit = ((int) $_POST['page_number'] - 1) * $this->per_page;
|
40 |
}
|
41 |
else {
|
42 |
$limit = 0;
|
43 |
}
|
44 |
-
$query ="SELECT * FROM ".$wpdb->prefix."terms as A LEFT JOIN ".$wpdb->prefix ."term_taxonomy as B ON A.term_id = B.term_id WHERE B.taxonomy
|
45 |
$rows = $wpdb->get_results($query);
|
46 |
return $rows;
|
47 |
}
|
32 |
public function get_rows_data() {
|
33 |
global $wpdb;
|
34 |
$where = ((isset($_POST['search_value']) && (esc_html(stripslashes($_POST['search_value'])) != '')) ? 'AND A.name LIKE "%' . esc_html(stripslashes($_POST['search_value'])) . '%"' : '');
|
35 |
+
$asc_or_desc = ((isset($_POST['asc_or_desc']) && esc_html($_POST['asc_or_desc']) == 'desc') ? 'desc' : 'asc');
|
36 |
+
$order_by_arr = array('A.term_id', 'A.name', 'A.slug', 'B.count');
|
37 |
+
$order_by = ((isset($_POST['order_by']) && in_array(esc_html($_POST['order_by']), $order_by_arr)) ? esc_html($_POST['order_by']) : 'A.term_id');
|
38 |
+
$order_by = ' ORDER BY ' . $order_by . ' ' . $asc_or_desc;
|
39 |
if (isset($_POST['page_number']) && $_POST['page_number']) {
|
40 |
$limit = ((int) $_POST['page_number'] - 1) * $this->per_page;
|
41 |
}
|
42 |
else {
|
43 |
$limit = 0;
|
44 |
}
|
45 |
+
$query ="SELECT * FROM ".$wpdb->prefix."terms as A LEFT JOIN ".$wpdb->prefix ."term_taxonomy as B ON A.term_id = B.term_id WHERE B.taxonomy='bwg_tag' " . $where . $order_by . " LIMIT " . $limit . "," . $this->per_page;
|
46 |
$rows = $wpdb->get_results($query);
|
47 |
return $rows;
|
48 |
}
|
admin/models/BWGModelThemes_bwg.php
CHANGED
@@ -31,9 +31,10 @@ class BWGModelThemes_bwg {
|
|
31 |
public function get_rows_data() {
|
32 |
global $wpdb;
|
33 |
$where = ((isset($_POST['search_value']) && (esc_html($_POST['search_value']) != '')) ? 'WHERE name LIKE "%' . esc_html($_POST['search_value']) . '%"' : '');
|
34 |
-
$asc_or_desc = ((isset($_POST['asc_or_desc'])
|
35 |
-
$
|
36 |
-
$order_by =
|
|
|
37 |
if (isset($_POST['page_number']) && $_POST['page_number']) {
|
38 |
$limit = ((int) $_POST['page_number'] - 1) * $this->per_page;
|
39 |
}
|
31 |
public function get_rows_data() {
|
32 |
global $wpdb;
|
33 |
$where = ((isset($_POST['search_value']) && (esc_html($_POST['search_value']) != '')) ? 'WHERE name LIKE "%' . esc_html($_POST['search_value']) . '%"' : '');
|
34 |
+
$asc_or_desc = ((isset($_POST['asc_or_desc']) && esc_html($_POST['asc_or_desc']) == 'desc') ? 'desc' : 'asc');
|
35 |
+
$order_by_arr = array('id', 'name', 'default');
|
36 |
+
$order_by = ((isset($_POST['order_by']) && in_array(esc_html($_POST['order_by']), $order_by_arr)) ? esc_html($_POST['order_by']) : 'id');
|
37 |
+
$order_by = ' ORDER BY `' . $order_by . '` ' . $asc_or_desc;
|
38 |
if (isset($_POST['page_number']) && $_POST['page_number']) {
|
39 |
$limit = ((int) $_POST['page_number'] - 1) * $this->per_page;
|
40 |
}
|
photo-gallery.php
CHANGED
@@ -4,7 +4,7 @@
|
|
4 |
* Plugin Name: Photo Gallery
|
5 |
* Plugin URI: https://web-dorado.com/products/wordpress-photo-gallery-plugin.html
|
6 |
* Description: This plugin is a fully responsive gallery plugin with advanced functionality. It allows having different image galleries for your posts and pages. You can create unlimited number of galleries, combine them into albums, and provide descriptions and tags.
|
7 |
-
* Version: 1.2.
|
8 |
* Author: WebDorado
|
9 |
* Author URI: https://web-dorado.com/
|
10 |
* License: GNU/GPLv3 http://www.gnu.org/licenses/gpl-3.0.html
|
@@ -3346,7 +3346,7 @@ function bwg_activate() {
|
|
3346 |
));
|
3347 |
}
|
3348 |
$version = get_option("wd_bwg_version");
|
3349 |
-
$new_version = '1.2.
|
3350 |
if ($version && version_compare($version, $new_version, '<')) {
|
3351 |
require_once WD_BWG_DIR . "/update/bwg_update.php";
|
3352 |
bwg_update($version);
|
@@ -3364,7 +3364,7 @@ wp_oembed_add_provider( '#https://instagr(\.am|am\.com)/p/.*#i', 'https://api.in
|
|
3364 |
|
3365 |
function bwg_update_hook() {
|
3366 |
$version = get_option("wd_bwg_version");
|
3367 |
-
$new_version = '1.2.
|
3368 |
if ($version && version_compare($version, $new_version, '<')) {
|
3369 |
require_once WD_BWG_DIR . "/update/bwg_update.php";
|
3370 |
bwg_update($version);
|
4 |
* Plugin Name: Photo Gallery
|
5 |
* Plugin URI: https://web-dorado.com/products/wordpress-photo-gallery-plugin.html
|
6 |
* Description: This plugin is a fully responsive gallery plugin with advanced functionality. It allows having different image galleries for your posts and pages. You can create unlimited number of galleries, combine them into albums, and provide descriptions and tags.
|
7 |
+
* Version: 1.2.42
|
8 |
* Author: WebDorado
|
9 |
* Author URI: https://web-dorado.com/
|
10 |
* License: GNU/GPLv3 http://www.gnu.org/licenses/gpl-3.0.html
|
3346 |
));
|
3347 |
}
|
3348 |
$version = get_option("wd_bwg_version");
|
3349 |
+
$new_version = '1.2.42';
|
3350 |
if ($version && version_compare($version, $new_version, '<')) {
|
3351 |
require_once WD_BWG_DIR . "/update/bwg_update.php";
|
3352 |
bwg_update($version);
|
3364 |
|
3365 |
function bwg_update_hook() {
|
3366 |
$version = get_option("wd_bwg_version");
|
3367 |
+
$new_version = '1.2.42';
|
3368 |
if ($version && version_compare($version, $new_version, '<')) {
|
3369 |
require_once WD_BWG_DIR . "/update/bwg_update.php";
|
3370 |
bwg_update($version);
|
readme.txt
CHANGED
@@ -4,7 +4,7 @@ Donate link: https://web-dorado.com/products/wordpress-photo-gallery-plugin.html
|
|
4 |
Tags: photo, photo gallery, image gallery, video gallery, gallery, galleries, wordpress gallery plugin, images gallery, album, photo albums, simple gallery, best gallery plugin, free photo gallery, wp gallery, wordpress gallery, website gallery, gallery shortcode, best gallery, picture, pictures, gallery slider, photo album, photogallery, widget gallery, image, images, photos, gallery lightbox, photoset, wordpress photo gallery plugin, wp gallery plugins, responsive wordpress photo gallery, media, image album, filterable gallery, banner rotator, fullscreen gallery, fotogalerie, galleria, galerie, galeri, responsive gallery, add album, add gallery, add pictures, fotoalbum, foto, gallery decription, multiple pictures, photoalbum, upload images, upload photos, view images, view pictures, admin, AJAX, comments, gallery image, image lightbox, image rotate, image slideshow, image slider, jquery, jquery gallery, slide show, slideshow, thumbnail, thumbnail view, thumbnails, thumbs, responsive, watermarking, watermarks,fullscreen slider, lightbox, photography, sidebar, slide, youtube, vimeo, videos, instagram, mosaic
|
5 |
Requires at least: 3.4
|
6 |
Tested up to: 4.2
|
7 |
-
Stable tag: 1.2.
|
8 |
License: GPLv2 or later
|
9 |
License URI: http://www.gnu.org/licenses/gpl-2.0.html
|
10 |
|
@@ -207,6 +207,9 @@ Yes, it is possible to add advertising and/or watermark over the images. In both
|
|
207 |
|
208 |
== Changelog ==
|
209 |
|
|
|
|
|
|
|
210 |
= 1.2.41 =
|
211 |
* Fixed: Embed media for wordpress lower than 4.0.0.
|
212 |
|
4 |
Tags: photo, photo gallery, image gallery, video gallery, gallery, galleries, wordpress gallery plugin, images gallery, album, photo albums, simple gallery, best gallery plugin, free photo gallery, wp gallery, wordpress gallery, website gallery, gallery shortcode, best gallery, picture, pictures, gallery slider, photo album, photogallery, widget gallery, image, images, photos, gallery lightbox, photoset, wordpress photo gallery plugin, wp gallery plugins, responsive wordpress photo gallery, media, image album, filterable gallery, banner rotator, fullscreen gallery, fotogalerie, galleria, galerie, galeri, responsive gallery, add album, add gallery, add pictures, fotoalbum, foto, gallery decription, multiple pictures, photoalbum, upload images, upload photos, view images, view pictures, admin, AJAX, comments, gallery image, image lightbox, image rotate, image slideshow, image slider, jquery, jquery gallery, slide show, slideshow, thumbnail, thumbnail view, thumbnails, thumbs, responsive, watermarking, watermarks,fullscreen slider, lightbox, photography, sidebar, slide, youtube, vimeo, videos, instagram, mosaic
|
5 |
Requires at least: 3.4
|
6 |
Tested up to: 4.2
|
7 |
+
Stable tag: 1.2.42
|
8 |
License: GPLv2 or later
|
9 |
License URI: http://www.gnu.org/licenses/gpl-2.0.html
|
10 |
|
207 |
|
208 |
== Changelog ==
|
209 |
|
210 |
+
= 1.2.42 =
|
211 |
+
* Fixed: Security issue
|
212 |
+
|
213 |
= 1.2.41 =
|
214 |
* Fixed: Embed media for wordpress lower than 4.0.0.
|
215 |
|