Version Description
- Fixed: Security issue.
Download this release
Release Info
| Developer | 10web |
| Plugin |  Photo Gallery by WD – Responsive Photo Gallery |
| Version | 1.5.56 |
| Comparing to | |
| See all releases | |
Code changes from version 1.5.55 to 1.5.56
- framework/WDWLibrary.php +5 -5
- frontend/models/BWGModelGalleryBox.php +2 -2
- frontend/models/model.php +3 -3
- photo-gallery.php +3 -3
- readme.txt +4 -1
framework/WDWLibrary.php
CHANGED
|
@@ -1229,8 +1229,8 @@ class WDWLibrary {
|
|
| 1229 |
$alt_search = '(';
|
| 1230 |
$description_search = '(';
|
| 1231 |
foreach( $bwg_search_keys as $search_key) {
|
| 1232 |
-
$alt_search .= '`image`.`alt` LIKE "%' . trim($search_key) . '%
|
| 1233 |
-
$description_search .= '`image`.`description` LIKE "%' . trim($search_key) . '%
|
| 1234 |
}
|
| 1235 |
$alt_search = rtrim($alt_search, 'AND ');
|
| 1236 |
$alt_search .= ')';
|
|
@@ -1273,7 +1273,7 @@ class WDWLibrary {
|
|
| 1273 |
$join = $tag ? 'LEFT JOIN ' . $wpdb->prefix . 'bwg_image_tag as tag ON image.id=tag.image_id' : '';
|
| 1274 |
if ( self::get($tag_input_name) ) {
|
| 1275 |
$join .= ' LEFT JOIN (SELECT GROUP_CONCAT(tag_id SEPARATOR ",") AS tags_combined, image_id FROM ' . $wpdb->prefix . 'bwg_image_tag' . ($gallery_id ? ' WHERE gallery_id="' . $gallery_id . '"' : '') . ' GROUP BY image_id) AS tags ON image.id=tags.image_id';
|
| 1276 |
-
$where .= ' AND CONCAT(",", tags.tags_combined, ",") REGEXP ",(' . implode("|", self::get($tag_input_name) ) . ')
|
| 1277 |
}
|
| 1278 |
$join .= ' LEFT JOIN '. $wpdb->prefix .'bwg_gallery as gallery ON gallery.id = image.gallery_id';
|
| 1279 |
$where .= ' AND gallery.published = 1 ';
|
|
@@ -1317,7 +1317,7 @@ class WDWLibrary {
|
|
| 1317 |
$where = (($gallery_id) ? ' `gallery_id`=' . $gallery_id . ($image_id ? ' AND `id`=' . $image_id : '') : 1);
|
| 1318 |
$search = WDWLibrary::get( 's', '' );
|
| 1319 |
if ( $search ) {
|
| 1320 |
-
$where .= ' AND `filename` LIKE "%' . $search . '%
|
| 1321 |
}
|
| 1322 |
$images = $wpdb->get_results( 'SELECT * FROM `' . $wpdb->prefix . 'bwg_image` WHERE ' . $where . $limitstart );
|
| 1323 |
|
|
@@ -1506,7 +1506,7 @@ class WDWLibrary {
|
|
| 1506 |
$where = ($gallery_id) ? ' `gallery_id` = ' . $gallery_id : 1;
|
| 1507 |
$search = WDWLibrary::get('s', '');
|
| 1508 |
if ( $search ) {
|
| 1509 |
-
$where .= ' AND `filename` LIKE "%' . $search . '%
|
| 1510 |
}
|
| 1511 |
$limitstart = '';
|
| 1512 |
if ( !$limit ) {
|
| 1229 |
$alt_search = '(';
|
| 1230 |
$description_search = '(';
|
| 1231 |
foreach( $bwg_search_keys as $search_key) {
|
| 1232 |
+
$alt_search .= $wpdb->prepare( '`image`.`alt` LIKE "%s" AND ', '%' . trim( $search_key ) . '%' );
|
| 1233 |
+
$description_search .= $wpdb->prepare( '`image`.`description` LIKE "%s" AND ', '%' . trim( $search_key ) . '%' );
|
| 1234 |
}
|
| 1235 |
$alt_search = rtrim($alt_search, 'AND ');
|
| 1236 |
$alt_search .= ')';
|
| 1273 |
$join = $tag ? 'LEFT JOIN ' . $wpdb->prefix . 'bwg_image_tag as tag ON image.id=tag.image_id' : '';
|
| 1274 |
if ( self::get($tag_input_name) ) {
|
| 1275 |
$join .= ' LEFT JOIN (SELECT GROUP_CONCAT(tag_id SEPARATOR ",") AS tags_combined, image_id FROM ' . $wpdb->prefix . 'bwg_image_tag' . ($gallery_id ? ' WHERE gallery_id="' . $gallery_id . '"' : '') . ' GROUP BY image_id) AS tags ON image.id=tags.image_id';
|
| 1276 |
+
$where .= $wpdb->prepare(' AND CONCAT(",", tags.tags_combined, ",") REGEXP ",%s," ', '(' . implode("|", self::get($tag_input_name) ) . ')');
|
| 1277 |
}
|
| 1278 |
$join .= ' LEFT JOIN '. $wpdb->prefix .'bwg_gallery as gallery ON gallery.id = image.gallery_id';
|
| 1279 |
$where .= ' AND gallery.published = 1 ';
|
| 1317 |
$where = (($gallery_id) ? ' `gallery_id`=' . $gallery_id . ($image_id ? ' AND `id`=' . $image_id : '') : 1);
|
| 1318 |
$search = WDWLibrary::get( 's', '' );
|
| 1319 |
if ( $search ) {
|
| 1320 |
+
$where .= $wpdb->prepare(' AND `filename` LIKE "%s"', '%' . $search . '%');
|
| 1321 |
}
|
| 1322 |
$images = $wpdb->get_results( 'SELECT * FROM `' . $wpdb->prefix . 'bwg_image` WHERE ' . $where . $limitstart );
|
| 1323 |
|
| 1506 |
$where = ($gallery_id) ? ' `gallery_id` = ' . $gallery_id : 1;
|
| 1507 |
$search = WDWLibrary::get('s', '');
|
| 1508 |
if ( $search ) {
|
| 1509 |
+
$where .= $wpdb->prepare(' AND `filename` LIKE "%s"', '%' . $search . '%');
|
| 1510 |
}
|
| 1511 |
$limitstart = '';
|
| 1512 |
if ( !$limit ) {
|
frontend/models/BWGModelGalleryBox.php
CHANGED
|
@@ -68,8 +68,8 @@ class BWGModelGalleryBox {
|
|
| 68 |
$alt_search = '(';
|
| 69 |
$description_search = '(';
|
| 70 |
foreach( $bwg_search_keys as $search_key) {
|
| 71 |
-
$alt_search .= '`image`.`alt` LIKE "%' . trim($search_key) . '%
|
| 72 |
-
$description_search .= '`image`.`description` LIKE "%' . trim($search_key) . '%
|
| 73 |
}
|
| 74 |
$alt_search = rtrim($alt_search, 'AND ');
|
| 75 |
$alt_search .= ')';
|
| 68 |
$alt_search = '(';
|
| 69 |
$description_search = '(';
|
| 70 |
foreach( $bwg_search_keys as $search_key) {
|
| 71 |
+
$alt_search .= $wpdb->prepare('`image`.`alt` LIKE "%s" AND ', '%' . trim($search_key) . '%');
|
| 72 |
+
$description_search .= $wpdb->prepare('`image`.`description` LIKE "%s" AND ', '%' . trim($search_key) . '%');
|
| 73 |
}
|
| 74 |
$alt_search = rtrim($alt_search, 'AND ');
|
| 75 |
$alt_search .= ')';
|
frontend/models/model.php
CHANGED
|
@@ -87,8 +87,8 @@ class BWGModelSite {
|
|
| 87 |
$alt_search = '(';
|
| 88 |
$description_search = '(';
|
| 89 |
foreach( $bwg_search_keys as $search_key) {
|
| 90 |
-
$alt_search .= '`image`.`alt` LIKE "%' . trim($search_key) . '%
|
| 91 |
-
$description_search .= '`image`.`description` LIKE "%' . trim($search_key) . '%
|
| 92 |
}
|
| 93 |
$alt_search = rtrim($alt_search, 'AND ');
|
| 94 |
$alt_search .= ')';
|
|
@@ -143,7 +143,7 @@ class BWGModelSite {
|
|
| 143 |
$compare_sign = ",";
|
| 144 |
}
|
| 145 |
$join .= ' LEFT JOIN (SELECT GROUP_CONCAT(tag_id order by tag_id SEPARATOR ",") AS tags_combined, image_id FROM ' . $wpdb->prefix . 'bwg_image_tag' . ($gallery_id ? ' WHERE gallery_id="' . $gallery_id . '"' : '') . ' GROUP BY image_id) AS tags ON image.id=tags.image_id';
|
| 146 |
-
$where .= ' AND CONCAT(",", tags.tags_combined, ",") REGEXP ",(' . implode( $compare_sign, $filter_tags_name ) . '),
|
| 147 |
}
|
| 148 |
$join .= ' LEFT JOIN '. $wpdb->prefix .'bwg_gallery as gallery ON gallery.id = image.gallery_id';
|
| 149 |
$where .= ' AND gallery.published = 1 ';
|
| 87 |
$alt_search = '(';
|
| 88 |
$description_search = '(';
|
| 89 |
foreach( $bwg_search_keys as $search_key) {
|
| 90 |
+
$alt_search .= $wpdb->prepare('`image`.`alt` LIKE "%s" AND ', '%' . trim($search_key) . '%');
|
| 91 |
+
$description_search .= $wpdb->prepare('`image`.`description` LIKE "%s" AND ', '%' . trim($search_key) . '%');
|
| 92 |
}
|
| 93 |
$alt_search = rtrim($alt_search, 'AND ');
|
| 94 |
$alt_search .= ')';
|
| 143 |
$compare_sign = ",";
|
| 144 |
}
|
| 145 |
$join .= ' LEFT JOIN (SELECT GROUP_CONCAT(tag_id order by tag_id SEPARATOR ",") AS tags_combined, image_id FROM ' . $wpdb->prefix . 'bwg_image_tag' . ($gallery_id ? ' WHERE gallery_id="' . $gallery_id . '"' : '') . ' GROUP BY image_id) AS tags ON image.id=tags.image_id';
|
| 146 |
+
$where .= $wpdb->prepare(' AND CONCAT(",", tags.tags_combined, ",") REGEXP "%s" ', ',(' . implode( $compare_sign, $filter_tags_name ) . '),');
|
| 147 |
}
|
| 148 |
$join .= ' LEFT JOIN '. $wpdb->prefix .'bwg_gallery as gallery ON gallery.id = image.gallery_id';
|
| 149 |
$where .= ' AND gallery.published = 1 ';
|
photo-gallery.php
CHANGED
|
@@ -3,7 +3,7 @@
|
|
| 3 |
* Plugin Name: Photo Gallery
|
| 4 |
* Plugin URI: https://10web.io/plugins/wordpress-photo-gallery/?utm_source=photo_gallery&utm_medium=free_plugin
|
| 5 |
* Description: This plugin is a fully responsive gallery plugin with advanced functionality. It allows having different image galleries for your posts and pages. You can create unlimited number of galleries, combine them into albums, and provide descriptions and tags.
|
| 6 |
-
* Version: 1.5.
|
| 7 |
* Author: Photo Gallery Team
|
| 8 |
* Author URI: https://10web.io/plugins/?utm_source=photo_gallery&utm_medium=free_plugin
|
| 9 |
* License: GNU/GPLv3 http://www.gnu.org/licenses/gpl-3.0.html
|
|
@@ -105,8 +105,8 @@ final class BWG {
|
|
| 105 |
$this->plugin_url = plugins_url(plugin_basename(dirname(__FILE__)));
|
| 106 |
$this->front_url = $this->plugin_url;
|
| 107 |
$this->main_file = plugin_basename(__FILE__);
|
| 108 |
-
$this->plugin_version = '1.5.
|
| 109 |
-
$this->db_version = '1.5.
|
| 110 |
$this->prefix = 'bwg';
|
| 111 |
$this->nicename = __('Photo Gallery', $this->prefix);
|
| 112 |
|
| 3 |
* Plugin Name: Photo Gallery
|
| 4 |
* Plugin URI: https://10web.io/plugins/wordpress-photo-gallery/?utm_source=photo_gallery&utm_medium=free_plugin
|
| 5 |
* Description: This plugin is a fully responsive gallery plugin with advanced functionality. It allows having different image galleries for your posts and pages. You can create unlimited number of galleries, combine them into albums, and provide descriptions and tags.
|
| 6 |
+
* Version: 1.5.56
|
| 7 |
* Author: Photo Gallery Team
|
| 8 |
* Author URI: https://10web.io/plugins/?utm_source=photo_gallery&utm_medium=free_plugin
|
| 9 |
* License: GNU/GPLv3 http://www.gnu.org/licenses/gpl-3.0.html
|
| 105 |
$this->plugin_url = plugins_url(plugin_basename(dirname(__FILE__)));
|
| 106 |
$this->front_url = $this->plugin_url;
|
| 107 |
$this->main_file = plugin_basename(__FILE__);
|
| 108 |
+
$this->plugin_version = '1.5.56';
|
| 109 |
+
$this->db_version = '1.5.56';
|
| 110 |
$this->prefix = 'bwg';
|
| 111 |
$this->nicename = __('Photo Gallery', $this->prefix);
|
| 112 |
|
readme.txt
CHANGED
|
@@ -3,7 +3,7 @@ Contributors: webdorado,wdsupport,photogallerysupport,10web
|
|
| 3 |
Tags: gallery, photo gallery, image gallery, responsive gallery, wordpress gallery plugin, photo albums, gallery slider, gallery lightbox, wordpress photo gallery plugin, fullscreen gallery, watermarking, video gallery
|
| 4 |
Requires at least: 4.6
|
| 5 |
Tested up to: 5.4
|
| 6 |
-
Stable tag: 1.5.
|
| 7 |
License: GPLv2 or later
|
| 8 |
License URI: http://www.gnu.org/licenses/gpl-2.0.html
|
| 9 |
|
|
@@ -281,6 +281,9 @@ Choose whether to display random or the first/last specific number of images.
|
|
| 281 |
**Theme.** Choose the theme, which will be applied to the gallery/album.
|
| 282 |
|
| 283 |
== Changelog ==
|
|
|
|
|
|
|
|
|
|
| 284 |
= 1.5.55 =
|
| 285 |
* Fixed: Security issue.
|
| 286 |
* Fixed: Minor bug.
|
| 3 |
Tags: gallery, photo gallery, image gallery, responsive gallery, wordpress gallery plugin, photo albums, gallery slider, gallery lightbox, wordpress photo gallery plugin, fullscreen gallery, watermarking, video gallery
|
| 4 |
Requires at least: 4.6
|
| 5 |
Tested up to: 5.4
|
| 6 |
+
Stable tag: 1.5.56
|
| 7 |
License: GPLv2 or later
|
| 8 |
License URI: http://www.gnu.org/licenses/gpl-2.0.html
|
| 9 |
|
| 281 |
**Theme.** Choose the theme, which will be applied to the gallery/album.
|
| 282 |
|
| 283 |
== Changelog ==
|
| 284 |
+
= 1.5.56 =
|
| 285 |
+
* Fixed: Security issue.
|
| 286 |
+
|
| 287 |
= 1.5.55 =
|
| 288 |
* Fixed: Security issue.
|
| 289 |
* Fixed: Minor bug.
|
