Version Description
- Fixed: Sanitize files data.
Download this release
Release Info
| Developer | 10web |
| Plugin |  Photo Gallery by WD – Responsive Photo Gallery |
| Version | 1.5.78 |
| Comparing to | |
| See all releases | |
Code changes from version 1.5.77 to 1.5.78
- filemanager/UploadHandler.php +23 -1
- photo-gallery.php +3 -3
- readme.txt +4 -1
filemanager/UploadHandler.php
CHANGED
|
@@ -1006,7 +1006,7 @@ class bwg_UploadHandler {
|
|
| 1006 |
if ( isset($_REQUEST['_method']) && WDWLibrary::get('_method','','sanitize_text_field','REQUEST') === 'DELETE' ) {
|
| 1007 |
return $this->delete($print_response);
|
| 1008 |
}
|
| 1009 |
-
$upload = isset($_FILES[$this->options['param_name']]) ? $_FILES[$this->options['param_name']] : NULL;
|
| 1010 |
$files = array();
|
| 1011 |
// Parse the Content-Disposition header, if available:
|
| 1012 |
$file_name = isset($_SERVER['HTTP_CONTENT_DISPOSITION']) ? rawurldecode(preg_replace('/(^[^"]+")|("$)/', '', $_SERVER['HTTP_CONTENT_DISPOSITION'])) : NULL;
|
|
@@ -1037,6 +1037,28 @@ class bwg_UploadHandler {
|
|
| 1037 |
return $this->generate_response(array( $this->options['param_name'] => $files ), $print_response);
|
| 1038 |
}
|
| 1039 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 1040 |
public function delete( $print_response = TRUE ) {
|
| 1041 |
$file_name = $this->get_file_name_param();
|
| 1042 |
$file_path = $this->get_upload_path($file_name);
|
| 1006 |
if ( isset($_REQUEST['_method']) && WDWLibrary::get('_method','','sanitize_text_field','REQUEST') === 'DELETE' ) {
|
| 1007 |
return $this->delete($print_response);
|
| 1008 |
}
|
| 1009 |
+
$upload = isset($_FILES[$this->options['param_name']]) ? $this->bwg_sanitize_file_data( $_FILES[$this->options['param_name']] ) : NULL;
|
| 1010 |
$files = array();
|
| 1011 |
// Parse the Content-Disposition header, if available:
|
| 1012 |
$file_name = isset($_SERVER['HTTP_CONTENT_DISPOSITION']) ? rawurldecode(preg_replace('/(^[^"]+")|("$)/', '', $_SERVER['HTTP_CONTENT_DISPOSITION'])) : NULL;
|
| 1037 |
return $this->generate_response(array( $this->options['param_name'] => $files ), $print_response);
|
| 1038 |
}
|
| 1039 |
|
| 1040 |
+
/**
|
| 1041 |
+
* Sanitize File data
|
| 1042 |
+
*
|
| 1043 |
+
* @param $file_data array
|
| 1044 |
+
*
|
| 1045 |
+
* @return array
|
| 1046 |
+
*/
|
| 1047 |
+
public function bwg_sanitize_file_data( $file_data ) {
|
| 1048 |
+
foreach ( $file_data as $key=>$val ) {
|
| 1049 |
+
if( $key == 'name' && !empty($val) ) {
|
| 1050 |
+
$file_data[$key][0] = sanitize_file_name($val[0]);
|
| 1051 |
+
} elseif( $key == 'tmp_name' && !empty($val) ) {
|
| 1052 |
+
$file_data[$key][0] = realpath($val[0]);
|
| 1053 |
+
} elseif ( $key == 'tmp_name' && !empty($val) ) {
|
| 1054 |
+
$file_data[$key][0] = intval($val[0]);
|
| 1055 |
+
} elseif ( !empty($val) ) {
|
| 1056 |
+
$file_data[$key][0] = sanitize_text_field($val[0]);
|
| 1057 |
+
}
|
| 1058 |
+
}
|
| 1059 |
+
return $file_data;
|
| 1060 |
+
}
|
| 1061 |
+
|
| 1062 |
public function delete( $print_response = TRUE ) {
|
| 1063 |
$file_name = $this->get_file_name_param();
|
| 1064 |
$file_path = $this->get_upload_path($file_name);
|
photo-gallery.php
CHANGED
|
@@ -3,7 +3,7 @@
|
|
| 3 |
* Plugin Name: Photo Gallery
|
| 4 |
* Plugin URI: https://10web.io/plugins/wordpress-photo-gallery/?utm_source=photo_gallery&utm_medium=free_plugin
|
| 5 |
* Description: This plugin is a fully responsive gallery plugin with advanced functionality. It allows having different image galleries for your posts and pages. You can create unlimited number of galleries, combine them into albums, and provide descriptions and tags.
|
| 6 |
-
* Version: 1.5.
|
| 7 |
* Author: Photo Gallery Team
|
| 8 |
* Author URI: https://10web.io/plugins/?utm_source=photo_gallery&utm_medium=free_plugin
|
| 9 |
* License: GNU/GPLv3 http://www.gnu.org/licenses/gpl-3.0.html
|
|
@@ -105,8 +105,8 @@ final class BWG {
|
|
| 105 |
$this->plugin_url = plugins_url(plugin_basename(dirname(__FILE__)));
|
| 106 |
$this->front_url = $this->plugin_url;
|
| 107 |
$this->main_file = plugin_basename(__FILE__);
|
| 108 |
-
$this->plugin_version = '1.5.
|
| 109 |
-
$this->db_version = '1.5.
|
| 110 |
$this->prefix = 'bwg';
|
| 111 |
$this->nicename = __('Photo Gallery', $this->prefix);
|
| 112 |
require_once($this->plugin_dir . '/framework/WDWLibrary.php');
|
| 3 |
* Plugin Name: Photo Gallery
|
| 4 |
* Plugin URI: https://10web.io/plugins/wordpress-photo-gallery/?utm_source=photo_gallery&utm_medium=free_plugin
|
| 5 |
* Description: This plugin is a fully responsive gallery plugin with advanced functionality. It allows having different image galleries for your posts and pages. You can create unlimited number of galleries, combine them into albums, and provide descriptions and tags.
|
| 6 |
+
* Version: 1.5.78
|
| 7 |
* Author: Photo Gallery Team
|
| 8 |
* Author URI: https://10web.io/plugins/?utm_source=photo_gallery&utm_medium=free_plugin
|
| 9 |
* License: GNU/GPLv3 http://www.gnu.org/licenses/gpl-3.0.html
|
| 105 |
$this->plugin_url = plugins_url(plugin_basename(dirname(__FILE__)));
|
| 106 |
$this->front_url = $this->plugin_url;
|
| 107 |
$this->main_file = plugin_basename(__FILE__);
|
| 108 |
+
$this->plugin_version = '1.5.78';
|
| 109 |
+
$this->db_version = '1.5.78';
|
| 110 |
$this->prefix = 'bwg';
|
| 111 |
$this->nicename = __('Photo Gallery', $this->prefix);
|
| 112 |
require_once($this->plugin_dir . '/framework/WDWLibrary.php');
|
readme.txt
CHANGED
|
@@ -3,7 +3,7 @@ Contributors: webdorado,wdsupport,photogallerysupport,10web
|
|
| 3 |
Tags: gallery, photo gallery, image gallery, responsive gallery, wordpress gallery plugin, photo albums, gallery slider, gallery lightbox, wordpress photo gallery plugin, fullscreen gallery, watermarking, video gallery
|
| 4 |
Requires at least: 4.6
|
| 5 |
Tested up to: 5.7
|
| 6 |
-
Stable tag: 1.5.
|
| 7 |
License: GPLv2 or later
|
| 8 |
License URI: http://www.gnu.org/licenses/gpl-2.0.html
|
| 9 |
|
|
@@ -282,6 +282,9 @@ Choose whether to display random or the first/last specific number of images.
|
|
| 282 |
|
| 283 |
== Changelog ==
|
| 284 |
|
|
|
|
|
|
|
|
|
|
| 285 |
= 1.5.77 =
|
| 286 |
* Added: Select gallery/gallery group type on preview.
|
| 287 |
* Fixed: XSS vulnerability.
|
| 3 |
Tags: gallery, photo gallery, image gallery, responsive gallery, wordpress gallery plugin, photo albums, gallery slider, gallery lightbox, wordpress photo gallery plugin, fullscreen gallery, watermarking, video gallery
|
| 4 |
Requires at least: 4.6
|
| 5 |
Tested up to: 5.7
|
| 6 |
+
Stable tag: 1.5.78
|
| 7 |
License: GPLv2 or later
|
| 8 |
License URI: http://www.gnu.org/licenses/gpl-2.0.html
|
| 9 |
|
| 282 |
|
| 283 |
== Changelog ==
|
| 284 |
|
| 285 |
+
= 1.5.78 =
|
| 286 |
+
* Fixed: Sanitize files data.
|
| 287 |
+
|
| 288 |
= 1.5.77 =
|
| 289 |
* Added: Select gallery/gallery group type on preview.
|
| 290 |
* Fixed: XSS vulnerability.
|
