Photo Gallery by WD – Responsive Photo Gallery

Version Description

Fixed: Open Redirect and XSS Reflected vulnerability.
Fixed: Tags cloud widget with specified number of items.
Fixed: Gallery tags availability in standard tags cloud widget.
Fixed: Images ordering on adding new images.

Release Info

Developer	10web
Plugin	Photo Gallery by WD – Responsive Photo Gallery
Version	1.8.1
Comparing to
See all releases

Code changes from version 1.8.0 to 1.8.1

Files changed (10) hide show

admin/models/Galleries.php +2 -2
admin/views/Speed.php +1 -1
admin/views/WidgetTags.php +5 -29
filemanager/model.php +1 -1
framework/WDWLibrary.php +1 -0
frontend/models/BWGModelWidget.php +9 -10
frontend/views/BWGViewShare.php +1 -1
js/bwg.js +2 -2
photo-gallery.php +3 -3
readme.txt +8 -2

admin/models/Galleries.php CHANGED Viewed

	@@ -708,7 +708,7 @@ class GalleriesModel_bwg {
708	$save = TRUE;
709	$author = get_current_user_id();
710	$all = WDWLibrary::get('check_all_items', FALSE);
711	- $is_last_ajax = WDWLibrary::get('is_last_ajax', 0);
712	$image_message = '';
713	$checked_items_count = WDWLibrary::get('checked_items_count', 0, 'intval');
714	$action_image_id = array();
	@@ -877,7 +877,7 @@ class GalleriesModel_bwg {
877	}
878	$need_iteration = WDWLibrary::get('need_iteration', 0, 'intval');
879	/* Update ordering of gallery all images during the save action if there is not iterations or it is last iteration. */
880	- if ( $is_last_ajax == ~~'true'~~ \|\| !$need_iteration ) {
881	$wpdb->query('SET @i := 0');
882	$wpdb->query($wpdb->prepare('UPDATE `' . $wpdb->prefix . 'bwg_image` SET `order` = (@i := @i + 1) WHERE `gallery_id` = "%d" ORDER BY `order` ASC', $gallery_id));
883	}


708	$save = TRUE;
709	$author = get_current_user_id();
710	$all = WDWLibrary::get('check_all_items', FALSE);
711	+ $is_last_ajax = WDWLibrary::get('is_last_ajax', 0, 'intval');
712	$image_message = '';
713	$checked_items_count = WDWLibrary::get('checked_items_count', 0, 'intval');
714	$action_image_id = array();

877	}
878	$need_iteration = WDWLibrary::get('need_iteration', 0, 'intval');
879	/* Update ordering of gallery all images during the save action if there is not iterations or it is last iteration. */
880	+ if ( $is_last_ajax == 1 \|\| !$need_iteration ) {
881	$wpdb->query('SET @i := 0');
882	$wpdb->query($wpdb->prepare('UPDATE `' . $wpdb->prefix . 'bwg_image` SET `order` = (@i := @i + 1) WHERE `gallery_id` = "%d" ORDER BY `order` ASC', $gallery_id));
883	}

admin/views/Speed.php CHANGED Viewed

	@@ -415,7 +415,7 @@ class SpeedView_bwg extends AdminView_bwg {
415	<p class="bwg-section-title"><?php esc_html_e('10Web Booster', 'photo-gallery') ?></p>
416	<p class="bwg-header-description"><?php esc_html_e('Use 10Web Website Booster to optimize all website images and boost PageSpeed score.', 'photo-gallery') ?></p>
417	<ul class="bwg-install-booster-steps">
418	- <li class="<?php echo esc_html($booster_plugin_status >= 0) ? 'bwg_so_check_active' : '';?>">
419	<?php esc_html_e('Install 10Web Booster', 'photo-gallery') ?>
420	<span><?php esc_html_e('Activate plugin on the website', 'photo-gallery') ?></span>
421	</li>


415	<p class="bwg-section-title"><?php esc_html_e('10Web Booster', 'photo-gallery') ?></p>
416	<p class="bwg-header-description"><?php esc_html_e('Use 10Web Website Booster to optimize all website images and boost PageSpeed score.', 'photo-gallery') ?></p>
417	<ul class="bwg-install-booster-steps">
418	+ <li class="<?php echo esc_html($booster_plugin_status > 1 ? 'bwg_so_check_active' : '');?>">
419	<?php esc_html_e('Install 10Web Booster', 'photo-gallery') ?>
420	<span><?php esc_html_e('Activate plugin on the website', 'photo-gallery') ?></span>
421	</li>

admin/views/WidgetTags.php CHANGED Viewed

	@@ -80,8 +80,8 @@ class WidgetTagsView_bwg {
80	</p>
81	<p>
82	<label for="<?php echo $id_title; ?>"><?php _e('Type:', 'photo-gallery'); ?></label><br>
83	- <input type="radio" name="<?php echo $name_type; ?>" id="<?php echo $id_type . "_1"; ?>" value="text" class="sel_text" <?php if ($instance['type'] == "text") echo 'checked="checked"'; ?> onclick="~~bwg_change_type_tag~~(~~event~~, this)" /><label for="<?php echo $id_type . "_1"; ?>"><?php echo __('Text', 'photo-gallery'); ?></label><br>
84	- <input type="radio" name="<?php echo $name_type; ?>" id="<?php echo $id_type . "_2"; ?>" value="image" class="sel_image" <?php if ($instance['type'] == "image") echo 'checked="checked"'; ?> onclick="~~bwg_change_type_tag~~(~~event~~, this)" /><label for="<?php echo $id_type . "_2"; ?>"><?php echo __('Image', 'photo-gallery'); ?></label>
85	<input type="hidden" name="<?php echo $name_type; ?>" id="<?php echo $id_type; ?>" value="<?php echo $instance['type']; ?>" class="bwg_hidden" />
86	</p>
87	<p id="p_show_name" style="display:<?php echo ($instance['type'] == 'image') ? "" : "none" ?>;">
	@@ -108,8 +108,8 @@ class WidgetTagsView_bwg {
108	</p>
109	<p>
110	<label><?php _e('Transparent Background:', 'photo-gallery'); ?></label><br>
111	- <input type="radio" name="<?php echo $name_background_transparent; ?>" id="<?php echo $id_background_transparent . "_1"; ?>" value="1" <?php if ($instance['background_transparent']) echo 'checked="checked"'; ?> onclick="~~bwg_change_bg_transparency~~(~~event~~, this)" class="bg_transparent" /><label for="<?php echo $id_background_transparent . "_1"; ?>"><?php _e('Yes', 'photo-gallery'); ?></label><br>
112	- <input type="radio" name="<?php echo $name_background_transparent; ?>" id="<?php echo $id_background_transparent . "_0"; ?>" value="0" <?php if (!$instance['background_transparent']) echo 'checked="checked"'; ?> onclick="~~bwg_change_bg_transparency~~(~~event~~, this)" /><label for="<?php echo $id_background_transparent . "_0"; ?>"><?php _e('No', 'photo-gallery'); ?></label>
113	<input type="hidden" name="<?php echo $name_background_transparent; ?>" id="<?php echo $id_background_transparent; ?>" value="<?php echo $instance['background_transparent']; ?>" class="bwg_hidden" />
114	</p>
115	<p id="p_bg_color" style="display:<?php echo (!$instance['background_transparent']) ? "" : "none" ?>;">
	@@ -131,31 +131,7 @@ class WidgetTagsView_bwg {
131	}
132	?>
133	</select>
134	- </p>
135	- <script>
136	- function bwg_change_type_tag(event, obj) {
137	- var div = jQuery(obj).closest("div");
138	- if (jQuery(jQuery(div).find(".sel_image")[0]).prop("checked")) {
139	- jQuery(jQuery(div).find("#p_show_name")).css("display", "");
140	- jQuery(obj).nextAll(".bwg_hidden").first().attr("value", "image");
141	- }
142	- else {
143	- jQuery(jQuery(div).find("#p_show_name")).css("display", "none");
144	- jQuery(obj).nextAll(".bwg_hidden").first().attr("value", "text");
145	- }
146	- }
147	- function bwg_change_bg_transparency(event, obj) {
148	- var div = jQuery(obj).closest("div");
149	- if (jQuery(jQuery(div).find(".bg_transparent")[0]).prop("checked")) {
150	- jQuery(jQuery(div).find("#p_bg_color")).css("display", "none");
151	- jQuery(obj).nextAll(".bwg_hidden").first().attr("value", "1");
152	- }
153	- else {
154	- jQuery(jQuery(div).find("#p_bg_color")).css("display", "");
155	- jQuery(obj).nextAll(".bwg_hidden").first().attr("value", "0");
156	- }
157	- }
158	- </script>
159	<?php
160	}
161	}


80	</p>
81	<p>
82	<label for="<?php echo $id_title; ?>"><?php _e('Type:', 'photo-gallery'); ?></label><br>
83	+ <input type="radio" name="<?php echo $name_type; ?>" id="<?php echo $id_type . "_1"; ?>" value="text" class="sel_text" <?php if ($instance['type'] == "text") echo 'checked="checked"'; ?> onclick="jQuery(this).nextAll('.bwg_hidden').first().attr('value', 'text'); jQuery(this).closest('div').find('#p_show_name').hide();" /><label for="<?php echo $id_type . "_1"; ?>"><?php echo __('Text', 'photo-gallery'); ?></label><br>
84	+ <input type="radio" name="<?php echo $name_type; ?>" id="<?php echo $id_type . "_2"; ?>" value="image" class="sel_image" <?php if ($instance['type'] == "image") echo 'checked="checked"'; ?> onclick="jQuery(this).nextAll('.bwg_hidden').first().attr('value', 'image'); jQuery(this).closest('div').find('#p_show_name').show();" /><label for="<?php echo $id_type . "_2"; ?>"><?php echo __('Image', 'photo-gallery'); ?></label>
85	<input type="hidden" name="<?php echo $name_type; ?>" id="<?php echo $id_type; ?>" value="<?php echo $instance['type']; ?>" class="bwg_hidden" />
86	</p>
87	<p id="p_show_name" style="display:<?php echo ($instance['type'] == 'image') ? "" : "none" ?>;">

108	</p>
109	<p>
110	<label><?php _e('Transparent Background:', 'photo-gallery'); ?></label><br>
111	+ <input type="radio" name="<?php echo $name_background_transparent; ?>" id="<?php echo $id_background_transparent . "_1"; ?>" value="1" <?php if ($instance['background_transparent']) echo 'checked="checked"'; ?> onclick="jQuery(this).nextAll('.bwg_hidden').first().attr('value', '1'); jQuery(this).closest('div').find('#p_bg_color').hide();" class="bg_transparent" /><label for="<?php echo $id_background_transparent . "_1"; ?>"><?php _e('Yes', 'photo-gallery'); ?></label><br>
112	+ <input type="radio" name="<?php echo $name_background_transparent; ?>" id="<?php echo $id_background_transparent . "_0"; ?>" value="0" <?php if (!$instance['background_transparent']) echo 'checked="checked"'; ?> onclick="jQuery(this).nextAll('.bwg_hidden').first().attr('value', '0'); jQuery(this).closest('div').find('#p_bg_color').show();" /><label for="<?php echo $id_background_transparent . "_0"; ?>"><?php _e('No', 'photo-gallery'); ?></label>
113	<input type="hidden" name="<?php echo $name_background_transparent; ?>" id="<?php echo $id_background_transparent; ?>" value="<?php echo $instance['background_transparent']; ?>" class="bwg_hidden" />
114	</p>
115	<p id="p_bg_color" style="display:<?php echo (!$instance['background_transparent']) ? "" : "none" ?>;">

131	}
132	?>
133	</select>
134	+ </p>
























135	<?php
136	}
137	}

filemanager/model.php CHANGED Viewed

	@@ -225,7 +225,7 @@ class FilemanagerModel {
225	$value = str_replace($dir, '', $item);
226	$value = explode(DIRECTORY_SEPARATOR, $value);
227	$name = end($value);
228	- $author = $wpdb->~~prepare~~($wpdb->~~get_var~~("SELECT `author` FROM `" . $wpdb->prefix . "bwg_file_paths` WHERE `name` = '%s'"), $name);
229	$file = array();
230	$file['path'] = $path;
231	$file['name'] = $name;


225	$value = str_replace($dir, '', $item);
226	$value = explode(DIRECTORY_SEPARATOR, $value);
227	$name = end($value);
228	+ $author = $wpdb->get_var($wpdb->prepare("SELECT `author` FROM `" . $wpdb->prefix . "bwg_file_paths` WHERE `name` = '%s'", $name));
229	$file = array();
230	$file['path'] = $path;
231	$file['name'] = $name;

framework/WDWLibrary.php CHANGED Viewed

	@@ -2471,6 +2471,7 @@ class WDWLibrary {
2471	'hierarchical' => FALSE,
2472	'label' => __('Gallery Tags', 'photo-gallery'),
2473	'query_var' => TRUE,

2474	'rewrite' => TRUE));
2475	}
2476


2471	'hierarchical' => FALSE,
2472	'label' => __('Gallery Tags', 'photo-gallery'),
2473	'query_var' => TRUE,
2474	+ 'show_in_rest' => TRUE,
2475	'rewrite' => TRUE));
2476	}
2477

frontend/models/BWGModelWidget.php CHANGED Viewed

	@@ -1,15 +1,9 @@
1	<?php
2	class BWGModelWidgetFrontEnd {
3	public function get_tags_data($count = 0) {
4	- global $wpdb;
5	- $count = abs(intval($count));
6	- $~~limit~~ = '';
7	- $format = '';
8	- if($count) {
9	- $limit = ' LIMIT %';
10	- $format = $count;
11	- }
12	- $rows = $wpdb->get_results($wpdb->prepare('SELECT
13	`image`.`thumb_url` AS `thumb_url`,
14	`image`.`id` AS `image_id`,
15	`tags`.`name`,
	@@ -20,7 +14,12 @@ class BWGModelWidgetFrontEnd {
20	INNER JOIN ' . $wpdb->prefix . 'term_taxonomy AS taxonomy ON taxonomy.term_id=tags.term_id
21	INNER JOIN
22	(SELECT `image`.`thumb_url`, `tag`.`tag_id`, `image`.`id`, `image`.`filetype` FROM ' . $wpdb->prefix . 'bwg_image AS image
23	- INNER JOIN ' . $wpdb->prefix . 'bwg_image_tag AS tag ON image.id=tag.image_id ORDER BY RAND()) AS image ON image.tag_id=tags.term_id WHERE taxonomy.taxonomy="bwg_tag" GROUP BY tags.term_id' ~~. $limit, $format))~~;





24	foreach ( $rows as $row ) {
25	$row->permalink = WDWLibrary::get_custom_post_permalink(array( 'slug' => $row->slug, 'post_type' => 'tag' ));
26	}


1	<?php
2	class BWGModelWidgetFrontEnd {
3	public function get_tags_data($count = 0) {
4	+ global $wpdb;
5	+ $count = abs(intval($count));
6	+ $query = 'SELECT






7	`image`.`thumb_url` AS `thumb_url`,
8	`image`.`id` AS `image_id`,
9	`tags`.`name`,

14	INNER JOIN ' . $wpdb->prefix . 'term_taxonomy AS taxonomy ON taxonomy.term_id=tags.term_id
15	INNER JOIN
16	(SELECT `image`.`thumb_url`, `tag`.`tag_id`, `image`.`id`, `image`.`filetype` FROM ' . $wpdb->prefix . 'bwg_image AS image
17	+ INNER JOIN ' . $wpdb->prefix . 'bwg_image_tag AS tag ON image.id=tag.image_id ORDER BY RAND()) AS image ON image.tag_id=tags.term_id WHERE taxonomy.taxonomy="bwg_tag" GROUP BY tags.term_id';
18	+ if ( $count ) {
19	+ $query .= ' LIMIT %d';
20	+ $query = $wpdb->prepare($query, $count);
21	+ }
22	+ $rows = $wpdb->get_results($query);
23	foreach ( $rows as $row ) {
24	$row->permalink = WDWLibrary::get_custom_post_permalink(array( 'slug' => $row->slug, 'post_type' => 'tag' ));
25	}

frontend/views/BWGViewShare.php CHANGED Viewed

	@@ -57,7 +57,7 @@ class BWGViewShare {
57	if (bwg_hash.indexOf("bwg") == "-1") {
58	bwg_hash = bwg_hash.replace("#", "#bwg");
59	}
60	- window.location.href = "<?php echo $current_url; ?>" + bwg_hash;
61	}
62	</script>
63	<html>


57	if (bwg_hash.indexOf("bwg") == "-1") {
58	bwg_hash = bwg_hash.replace("#", "#bwg");
59	}
60	+ window.location.href = "<?php echo esc_url($current_url); ?>" + bwg_hash;
61	}
62	</script>
63	<html>

js/bwg.js CHANGED Viewed

	@@ -563,10 +563,10 @@ function spider_ajax_save( form_id, tr_group, is_last_ajax, content_message_id )
563	var msg = jQuery( data ).find( '#bwg_action_last_message' ).attr( "value" );
564	if ( tr_count > bwg_save_count * tr_group \|\| (limit != false && limit < jQuery("#total").val()) ) {
565	if ( tr_count > bwg_save_count * (tr_group + 1) ) {
566	- spider_ajax_save(form_id, ++tr_group, ~~false~~, msg);
567	}
568	else {
569	- spider_ajax_save(form_id, ++tr_group, ~~true~~, msg);
570	}
571	return;
572	}


563	var msg = jQuery( data ).find( '#bwg_action_last_message' ).attr( "value" );
564	if ( tr_count > bwg_save_count * tr_group \|\| (limit != false && limit < jQuery("#total").val()) ) {
565	if ( tr_count > bwg_save_count * (tr_group + 1) ) {
566	+ spider_ajax_save(form_id, ++tr_group, 0, msg);
567	}
568	else {
569	+ spider_ajax_save(form_id, ++tr_group, 1, msg);
570	}
571	return;
572	}

photo-gallery.php CHANGED Viewed

	@@ -3,7 +3,7 @@
3	* Plugin Name: Photo Gallery
4	* Plugin URI: https://10web.io/plugins/wordpress-photo-gallery/?utm_source=photo_gallery&utm_medium=free_plugin
5	* Description: This plugin is a fully responsive gallery plugin with advanced functionality. It allows having different image galleries for your posts and pages. You can create unlimited number of galleries, combine them into albums, and provide descriptions and tags.
6	- * Version: 1.8.0
7	* Author: Photo Gallery Team
8	* Author URI: https://10web.io/plugins/?utm_source=photo_gallery&utm_medium=free_plugin
9	* Text Domain: photo-gallery
	@@ -107,8 +107,8 @@ final class BWG {
107	$this->plugin_url = plugins_url(plugin_basename(dirname(__FILE__)));
108	$this->front_url = $this->plugin_url;
109	$this->main_file = plugin_basename(__FILE__);
110	- $this->plugin_version = '1.8.0';
111	- $this->db_version = '1.8.0';
112	$this->prefix = 'bwg';
113	$this->nicename = __('Photo Gallery', 'photo-gallery');
114	require_once($this->plugin_dir . '/framework/WDWLibrary.php');


3	* Plugin Name: Photo Gallery
4	* Plugin URI: https://10web.io/plugins/wordpress-photo-gallery/?utm_source=photo_gallery&utm_medium=free_plugin
5	* Description: This plugin is a fully responsive gallery plugin with advanced functionality. It allows having different image galleries for your posts and pages. You can create unlimited number of galleries, combine them into albums, and provide descriptions and tags.
6	+ * Version: 1.8.1
7	* Author: Photo Gallery Team
8	* Author URI: https://10web.io/plugins/?utm_source=photo_gallery&utm_medium=free_plugin
9	* Text Domain: photo-gallery

107	$this->plugin_url = plugins_url(plugin_basename(dirname(__FILE__)));
108	$this->front_url = $this->plugin_url;
109	$this->main_file = plugin_basename(__FILE__);
110	+ $this->plugin_version = '1.8.1';
111	+ $this->db_version = '1.8.1';
112	$this->prefix = 'bwg';
113	$this->nicename = __('Photo Gallery', 'photo-gallery');
114	require_once($this->plugin_dir . '/framework/WDWLibrary.php');

readme.txt CHANGED Viewed

	@@ -2,8 +2,8 @@
2	Contributors: webdorado,wdsupport,photogallerysupport,10web
3	Tags: gallery, photo gallery, image gallery, responsive gallery, wordpress gallery plugin, photo albums, gallery slider, gallery lightbox, wordpress photo gallery plugin, fullscreen gallery, watermarking, video gallery
4	Requires at least: 4.6
5	- Tested up to: 6.0
6	- Stable tag: 1.8.0
7	License: GPLv2 or later
8	License URI: http://www.gnu.org/licenses/gpl-2.0.html
9
	@@ -273,6 +273,12 @@ Choose whether to display random or the first/last specific number of images.
273
274	== Changelog ==
275






276	= 1.8.0 =
277	* Improved: File upload.
278	* Improved: Image rotation according EXIF on upload.


2	Contributors: webdorado,wdsupport,photogallerysupport,10web
3	Tags: gallery, photo gallery, image gallery, responsive gallery, wordpress gallery plugin, photo albums, gallery slider, gallery lightbox, wordpress photo gallery plugin, fullscreen gallery, watermarking, video gallery
4	Requires at least: 4.6
5	+ Tested up to: 6.1
6	+ Stable tag: 1.8.1
7	License: GPLv2 or later
8	License URI: http://www.gnu.org/licenses/gpl-2.0.html
9

273
274	== Changelog ==
275
276	+ = 1.8.1 =
277	+ * Fixed: Open Redirect and XSS Reflected vulnerability.
278	+ * Fixed: Tags cloud widget with specified number of items.
279	+ * Fixed: Gallery tags availability in standard tags cloud widget.
280	+ * Fixed: Images ordering on adding new images.
281	+
282	= 1.8.0 =
283	* Improved: File upload.
284	* Improved: Image rotation according EXIF on upload.

Photo Gallery by WD – Responsive Photo Gallery - Version 1.8.1

Version Description

Release Info

Code changes from version 1.8.0 to 1.8.1