Version Description
- Fixed: Security issue in filemanager.
Download this release
Release Info
| Developer | webdorado |
| Plugin |  Photo Gallery by WD – Responsive Photo Gallery |
| Version | 1.3.34 |
| Comparing to | |
| See all releases | |
Code changes from version 1.3.33 to 1.3.34
- filemanager/controller.php +5 -0
- filemanager/view.php +3 -3
- photo-gallery.php +3 -3
- readme.txt +7 -4
filemanager/controller.php
CHANGED
|
@@ -91,6 +91,7 @@ class FilemanagerController {
|
|
| 91 |
$file_names = explode('**#**', (isset($_REQUEST['file_names']) ? stripslashes(esc_html($_REQUEST['file_names'])) : ''));
|
| 92 |
$file_name = $file_names[0];
|
| 93 |
$file_name = htmlspecialchars_decode($file_name, ENT_COMPAT | ENT_QUOTES);
|
|
|
|
| 94 |
|
| 95 |
$file_new_name = (isset($_REQUEST['file_new_name']) ? stripslashes(esc_html($_REQUEST['file_new_name'])) : '');
|
| 96 |
$file_new_name = htmlspecialchars_decode($file_new_name, ENT_COMPAT | ENT_QUOTES);
|
|
@@ -100,6 +101,7 @@ class FilemanagerController {
|
|
| 100 |
$original_file_path = $cur_dir_path . '/.original/' . $file_name;
|
| 101 |
|
| 102 |
$msg = '';
|
|
|
|
| 103 |
if (file_exists($file_path) == false) {
|
| 104 |
$msg = "File doesn't exist.";
|
| 105 |
}
|
|
@@ -136,6 +138,7 @@ class FilemanagerController {
|
|
| 136 |
$msg = '';
|
| 137 |
foreach ($file_names as $file_name) {
|
| 138 |
$file_name = htmlspecialchars_decode($file_name, ENT_COMPAT | ENT_QUOTES);
|
|
|
|
| 139 |
$file_path = $cur_dir_path . '/' . $file_name;
|
| 140 |
$thumb_file_path = $cur_dir_path . '/thumb/' . $file_name;
|
| 141 |
$original_file_path = $cur_dir_path . '/.original/' . $file_name;
|
|
@@ -178,6 +181,7 @@ class FilemanagerController {
|
|
| 178 |
case 'copy':
|
| 179 |
foreach ($file_names as $file_name) {
|
| 180 |
$file_name = htmlspecialchars_decode($file_name, ENT_COMPAT | ENT_QUOTES);
|
|
|
|
| 181 |
$src = $src_dir . '/' . $file_name;
|
| 182 |
if (file_exists($src) == false) {
|
| 183 |
$msg = "Failed to copy some of the files.";
|
|
@@ -222,6 +226,7 @@ class FilemanagerController {
|
|
| 222 |
if ($src_dir != $dest_dir) {
|
| 223 |
foreach ($file_names as $file_name) {
|
| 224 |
$file_name = htmlspecialchars_decode($file_name, ENT_COMPAT | ENT_QUOTES);
|
|
|
|
| 225 |
$src = $src_dir . '/' . $file_name;
|
| 226 |
$dest = $dest_dir . '/' . $file_name;
|
| 227 |
if (!is_dir($src_dir . '/' . $file_name)) {
|
| 91 |
$file_names = explode('**#**', (isset($_REQUEST['file_names']) ? stripslashes(esc_html($_REQUEST['file_names'])) : ''));
|
| 92 |
$file_name = $file_names[0];
|
| 93 |
$file_name = htmlspecialchars_decode($file_name, ENT_COMPAT | ENT_QUOTES);
|
| 94 |
+
$file_name = str_replace('../', '', $file_name);
|
| 95 |
|
| 96 |
$file_new_name = (isset($_REQUEST['file_new_name']) ? stripslashes(esc_html($_REQUEST['file_new_name'])) : '');
|
| 97 |
$file_new_name = htmlspecialchars_decode($file_new_name, ENT_COMPAT | ENT_QUOTES);
|
| 101 |
$original_file_path = $cur_dir_path . '/.original/' . $file_name;
|
| 102 |
|
| 103 |
$msg = '';
|
| 104 |
+
|
| 105 |
if (file_exists($file_path) == false) {
|
| 106 |
$msg = "File doesn't exist.";
|
| 107 |
}
|
| 138 |
$msg = '';
|
| 139 |
foreach ($file_names as $file_name) {
|
| 140 |
$file_name = htmlspecialchars_decode($file_name, ENT_COMPAT | ENT_QUOTES);
|
| 141 |
+
$file_name = str_replace('../', '', $file_name);
|
| 142 |
$file_path = $cur_dir_path . '/' . $file_name;
|
| 143 |
$thumb_file_path = $cur_dir_path . '/thumb/' . $file_name;
|
| 144 |
$original_file_path = $cur_dir_path . '/.original/' . $file_name;
|
| 181 |
case 'copy':
|
| 182 |
foreach ($file_names as $file_name) {
|
| 183 |
$file_name = htmlspecialchars_decode($file_name, ENT_COMPAT | ENT_QUOTES);
|
| 184 |
+
$file_name = str_replace('../', '', $file_name);
|
| 185 |
$src = $src_dir . '/' . $file_name;
|
| 186 |
if (file_exists($src) == false) {
|
| 187 |
$msg = "Failed to copy some of the files.";
|
| 226 |
if ($src_dir != $dest_dir) {
|
| 227 |
foreach ($file_names as $file_name) {
|
| 228 |
$file_name = htmlspecialchars_decode($file_name, ENT_COMPAT | ENT_QUOTES);
|
| 229 |
+
$file_name = str_replace('../', '', $file_name);
|
| 230 |
$src = $src_dir . '/' . $file_name;
|
| 231 |
$dest = $dest_dir . '/' . $file_name;
|
| 232 |
if (!is_dir($src_dir . '/' . $file_name)) {
|
filemanager/view.php
CHANGED
|
@@ -82,9 +82,9 @@ class FilemanagerView {
|
|
| 82 |
var callback = "<?php echo (isset($_REQUEST['callback']) ? esc_html($_REQUEST['callback']) : ''); ?>";
|
| 83 |
var sortBy = "<?php echo $sort_by; ?>";
|
| 84 |
var sortOrder = "<?php echo $sort_order; ?>";
|
| 85 |
-
var wdb_all_files = <?php echo isset($file_manager_data["all_files"]) ? json_encode($file_manager_data["all_files"]) : ""; ?>;
|
| 86 |
-
var media_library_files = <?php echo isset($file_manager_data["media_library_files_all"]) ? json_encode($file_manager_data["media_library_files_all"]) : ""; ?>;
|
| 87 |
-
var element_load_count = <?php echo isset($file_manager_data["element_load_count"]) ? json_encode($file_manager_data["element_load_count"]) : ""; ?>;
|
| 88 |
</script>
|
| 89 |
<script src="<?php echo WD_BWG_URL; ?>/filemanager/js/default.js?ver=<?php echo wd_bwg_version(); ?>"></script>
|
| 90 |
<link href="<?php echo WD_BWG_URL; ?>/filemanager/css/default.css?ver=<?php echo wd_bwg_version(); ?>" type="text/css" rel="stylesheet">
|
| 82 |
var callback = "<?php echo (isset($_REQUEST['callback']) ? esc_html($_REQUEST['callback']) : ''); ?>";
|
| 83 |
var sortBy = "<?php echo $sort_by; ?>";
|
| 84 |
var sortOrder = "<?php echo $sort_order; ?>";
|
| 85 |
+
var wdb_all_files = <?php echo isset($file_manager_data["all_files"]) && json_encode($file_manager_data["all_files"]) ? json_encode($file_manager_data["all_files"]) : "''"; ?>;
|
| 86 |
+
var media_library_files = <?php echo isset($file_manager_data["media_library_files_all"]) && json_encode($file_manager_data["media_library_files_all"]) ? json_encode($file_manager_data["media_library_files_all"]) : "''"; ?>;
|
| 87 |
+
var element_load_count = <?php echo isset($file_manager_data["element_load_count"]) && json_encode($file_manager_data["element_load_count"]) ? json_encode($file_manager_data["element_load_count"]) : "''"; ?>;
|
| 88 |
</script>
|
| 89 |
<script src="<?php echo WD_BWG_URL; ?>/filemanager/js/default.js?ver=<?php echo wd_bwg_version(); ?>"></script>
|
| 90 |
<link href="<?php echo WD_BWG_URL; ?>/filemanager/css/default.css?ver=<?php echo wd_bwg_version(); ?>" type="text/css" rel="stylesheet">
|
photo-gallery.php
CHANGED
|
@@ -4,7 +4,7 @@
|
|
| 4 |
* Plugin Name: Photo Gallery
|
| 5 |
* Plugin URI: https://web-dorado.com/products/wordpress-photo-gallery-plugin.html
|
| 6 |
* Description: This plugin is a fully responsive gallery plugin with advanced functionality. It allows having different image galleries for your posts and pages. You can create unlimited number of galleries, combine them into albums, and provide descriptions and tags.
|
| 7 |
-
* Version: 1.3.
|
| 8 |
* Author: WebDorado
|
| 9 |
* Author URI: https://web-dorado.com/
|
| 10 |
* License: GNU/GPLv3 http://www.gnu.org/licenses/gpl-3.0.html
|
|
@@ -1617,7 +1617,7 @@ function bwg_activate() {
|
|
| 1617 |
));
|
| 1618 |
}
|
| 1619 |
$version = get_option('wd_bwg_version');
|
| 1620 |
-
$new_version = '1.3.
|
| 1621 |
if ($version && version_compare($version, $new_version, '<')) {
|
| 1622 |
require_once WD_BWG_DIR . "/update/bwg_update.php";
|
| 1623 |
bwg_update($version);
|
|
@@ -1669,7 +1669,7 @@ wp_oembed_add_provider( '#https://instagr(\.am|am\.com)/p/.*#i', 'https://api.in
|
|
| 1669 |
|
| 1670 |
function bwg_update_hook() {
|
| 1671 |
$version = get_option('wd_bwg_version');
|
| 1672 |
-
$new_version = '1.3.
|
| 1673 |
if ($version && version_compare($version, $new_version, '<')) {
|
| 1674 |
require_once WD_BWG_DIR . "/update/bwg_update.php";
|
| 1675 |
bwg_update($version);
|
| 4 |
* Plugin Name: Photo Gallery
|
| 5 |
* Plugin URI: https://web-dorado.com/products/wordpress-photo-gallery-plugin.html
|
| 6 |
* Description: This plugin is a fully responsive gallery plugin with advanced functionality. It allows having different image galleries for your posts and pages. You can create unlimited number of galleries, combine them into albums, and provide descriptions and tags.
|
| 7 |
+
* Version: 1.3.34
|
| 8 |
* Author: WebDorado
|
| 9 |
* Author URI: https://web-dorado.com/
|
| 10 |
* License: GNU/GPLv3 http://www.gnu.org/licenses/gpl-3.0.html
|
| 1617 |
));
|
| 1618 |
}
|
| 1619 |
$version = get_option('wd_bwg_version');
|
| 1620 |
+
$new_version = '1.3.34';
|
| 1621 |
if ($version && version_compare($version, $new_version, '<')) {
|
| 1622 |
require_once WD_BWG_DIR . "/update/bwg_update.php";
|
| 1623 |
bwg_update($version);
|
| 1669 |
|
| 1670 |
function bwg_update_hook() {
|
| 1671 |
$version = get_option('wd_bwg_version');
|
| 1672 |
+
$new_version = '1.3.34';
|
| 1673 |
if ($version && version_compare($version, $new_version, '<')) {
|
| 1674 |
require_once WD_BWG_DIR . "/update/bwg_update.php";
|
| 1675 |
bwg_update($version);
|
readme.txt
CHANGED
|
@@ -1,14 +1,14 @@
|
|
| 1 |
-
=== Gallery ===
|
| 2 |
Contributors: webdorado,wdsupport
|
| 3 |
Donate link: https://web-dorado.com/products/wordpress-photo-gallery-plugin.html
|
| 4 |
-
Tags:
|
| 5 |
Requires at least: 3.4
|
| 6 |
Tested up to: 4.7
|
| 7 |
-
Stable tag: 1.3.
|
| 8 |
License: GPLv2 or later
|
| 9 |
License URI: http://www.gnu.org/licenses/gpl-2.0.html
|
| 10 |
|
| 11 |
-
Gallery is an advanced plugin with a list of tools and options for adding and editing images for different views. It is fully responsive.
|
| 12 |
|
| 13 |
== Description ==
|
| 14 |
|
|
@@ -175,6 +175,9 @@ To enable the feature of adding Media Library images, go to Photo Gallery > Opti
|
|
| 175 |
|
| 176 |
== Changelog ==
|
| 177 |
|
|
|
|
|
|
|
|
|
|
| 178 |
= 1.3.33 =
|
| 179 |
* Fixed: Filemanager.
|
| 180 |
* Fixed: Saving gallery autoupdate interval.
|
| 1 |
+
=== Photo Gallery by WD – Responsive Photo Gallery for WordPress ===
|
| 2 |
Contributors: webdorado,wdsupport
|
| 3 |
Donate link: https://web-dorado.com/products/wordpress-photo-gallery-plugin.html
|
| 4 |
+
Tags: photo gallery, responsive gallery, gallery, gallery image, lightbox gallery, image gallery, images gallery, media gallery, thumbnail gallery, wordpress gallery, youtube gallery, content gallery
|
| 5 |
Requires at least: 3.4
|
| 6 |
Tested up to: 4.7
|
| 7 |
+
Stable tag: 1.3.34
|
| 8 |
License: GPLv2 or later
|
| 9 |
License URI: http://www.gnu.org/licenses/gpl-2.0.html
|
| 10 |
|
| 11 |
+
Photo Gallery is an advanced plugin with a list of tools and options for adding and editing images for different views. It is fully responsive.
|
| 12 |
|
| 13 |
== Description ==
|
| 14 |
|
| 175 |
|
| 176 |
== Changelog ==
|
| 177 |
|
| 178 |
+
= 1.3.34 =
|
| 179 |
+
* Fixed: Security issue in filemanager.
|
| 180 |
+
|
| 181 |
= 1.3.33 =
|
| 182 |
* Fixed: Filemanager.
|
| 183 |
* Fixed: Saving gallery autoupdate interval.
|
