Photo Gallery by WD – Responsive Photo Gallery

Version Description

Fixed: Security issue.
Fixed: Open Redirect vulnerability.
Fixed: Cross site vulnerability.
Fixed: 10Web Booster integration.

Release Info

Developer	10web
Plugin	Photo Gallery by WD – Responsive Photo Gallery
Version	1.8.3
Comparing to
See all releases

Code changes from version 2.8.2 to 1.8.3

Files changed (24) hide show

addons/style.css +3 -0
booster/List.php +4 -4
booster/TWBLibrary.php +6 -0
booster/assets/css/global.css +24 -10
booster/assets/css/speed.css +49 -0
booster/assets/images/check_white.png +0 -0
booster/assets/images/fm.svg +6 -0
booster/assets/images/pg.svg +9 -0
booster/assets/images/separator.svg +0 -3
booster/assets/js/speed.js +26 -0
booster/controller.php +13 -0
booster/main.php +7 -5
booster/view.php +11 -0
css/bwg_tables.css +4 -0
filemanager/controller.php +28 -12
framework/WDWSitemap.php +1 -1
frontend/views/BWGViewAlbum_compact_preview.php +22 -11
frontend/views/BWGViewAlbum_extended_preview.php +18 -8
frontend/views/BWGViewAlbum_masonry_preview.php +20 -8
frontend/views/BWGViewShare.php +3 -0
images/icons/icon.png +0 -0
images/icons/icon.svg +6 -0
photo-gallery.php +8 -13
readme.txt +7 -1

addons/style.css CHANGED Viewed

	@@ -170,4 +170,7 @@
170	-webkit-transition: -webkit-transform 0.4s, opacity 0.1s;
171	-moz-transition: -moz-transform 0.4s, opacity 0.1s;
172	transition: transform 0.4s, opacity 0.1s;



173	}


170	-webkit-transition: -webkit-transform 0.4s, opacity 0.1s;
171	-moz-transition: -moz-transform 0.4s, opacity 0.1s;
172	transition: transform 0.4s, opacity 0.1s;
173	+ }
174	+ #adminmenu li.toplevel_page_galleries_bwg a.wp-has-current-submenu img {
175	+ filter: brightness(0) invert(1);
176	}

booster/List.php CHANGED Viewed

	@@ -36,11 +36,11 @@ class TWBList {
36	public function add_column( $columns ) {
37	$offset = array_search('author', array_keys($columns));
38
39	- return array_merge(array_slice($columns, 0, $offset), [ 'twb-speed' => __('PageSpeed ~~Score~~', 'tenweb-booster') ], array_slice($columns, $offset, NULL));
40	}
41
42	public function manage_column( $column_key, $post_id ) {
43	- if ( $column_key == 'twb-speed' ) {
44	if ( get_post_status($post_id) != 'publish' ) {
45	return;
46	}
	@@ -58,7 +58,7 @@ class TWBList {
58	}
59	?>
60	<span class="twb-page-speed twb-optimized <?php echo $status == 'completed' ? '' : 'twb-hidden'; ?>">
61	- <a~~><?php~~ ~~_e('Not optimized', 'tenweb-booster'); ?></a><span~~ class="twb-~~page-speed twb-~~see-score"><?php _e('~~See~~ ~~score~~', 'tenweb-booster'); ?></~~span~~>
62	</span>
63	<span data-status="<?php echo $status; ?>" class="twb-page-speed twb-notoptimized <?php echo $status == 'notstarted' ? '' : 'twb-hidden'; ?>">
64	<a data-post_id="<?php echo esc_attr($post_id); ?>"><?php _e('Check score', 'tenweb-booster'); ?></a>
	@@ -67,7 +67,7 @@ class TWBList {
67	<?php _e('Checking...', 'tenweb-booster'); ?>
68	<p class="twb-description"></p>
69	</span>
70	- <?php echo TWBLibrary::score($score, ~~$this->booster->submenu_url~~, $post_id); ?>
71	<div class="twb-score-disabled-container twb-hidden">
72	<div class="twb-score-title"><?php _e('Checking PageSpeed score', 'tenweb-booster'); ?></div>
73	<div class="twb-score-desc"><?php _e('We are checking the PageSpeed score of a different page, please wait until the process is complete to run PageSpeed check on another page.', 'tenweb-booster'); ?></div>


36	public function add_column( $columns ) {
37	$offset = array_search('author', array_keys($columns));
38
39	+ return array_merge(array_slice($columns, 0, $offset), [ 'twb-speed-' . $this->booster->submenu['parent_slug'] => __('PageSpeed score', 'tenweb-booster') ], array_slice($columns, $offset, NULL));
40	}
41
42	public function manage_column( $column_key, $post_id ) {
43	+ if ( $column_key == 'twb-speed-' . $this->booster->submenu['parent_slug'] ) {
44	if ( get_post_status($post_id) != 'publish' ) {
45	return;
46	}

58	}
59	?>
60	<span class="twb-page-speed twb-optimized <?php echo $status == 'completed' ? '' : 'twb-hidden'; ?>">
61	+ <a class="twb-see-score" target="_balnk" href="<?php echo esc_url($this->booster->submenu_url); ?>"><?php _e('Optimize images and speed', 'tenweb-booster'); ?></a>
62	</span>
63	<span data-status="<?php echo $status; ?>" class="twb-page-speed twb-notoptimized <?php echo $status == 'notstarted' ? '' : 'twb-hidden'; ?>">
64	<a data-post_id="<?php echo esc_attr($post_id); ?>"><?php _e('Check score', 'tenweb-booster'); ?></a>

67	<?php _e('Checking...', 'tenweb-booster'); ?>
68	<p class="twb-description"></p>
69	</span>
70	+ <?php echo TWBLibrary::score($score, '', $post_id); ?>
71	<div class="twb-score-disabled-container twb-hidden">
72	<div class="twb-score-title"><?php _e('Checking PageSpeed score', 'tenweb-booster'); ?></div>
73	<div class="twb-score-desc"><?php _e('We are checking the PageSpeed score of a different page, please wait until the process is complete to run PageSpeed check on another page.', 'tenweb-booster'); ?></div>

booster/TWBLibrary.php CHANGED Viewed

	@@ -225,7 +225,13 @@ class TWBLibrary {
225	<div class="twb-reload" data-post_id="<?php echo $post_id; ?>"></div>
226	</div>
227	</div>



228	<div class="twb-score-bottom"><a target="_balnk" href="<?php echo esc_url($url); ?>"><?php _e('Optimize now', 'tenweb-booster'); ?></a></div>



229	</div>
230	<?php
231	}


225	<div class="twb-reload" data-post_id="<?php echo $post_id; ?>"></div>
226	</div>
227	</div>
228	+ <?php
229	+ if ( $url ) {
230	+ ?>
231	<div class="twb-score-bottom"><a target="_balnk" href="<?php echo esc_url($url); ?>"><?php _e('Optimize now', 'tenweb-booster'); ?></a></div>
232	+ <?php
233	+ }
234	+ ?>
235	</div>
236	<?php
237	}

booster/assets/css/global.css CHANGED Viewed

	@@ -112,6 +112,29 @@ a.twb-custom-button:hover,
112	display: none;
113	}
114























115	.twb-page-speed {
116	position: relative;
117	padding-left: 20px;
	@@ -121,12 +144,9 @@ a.twb-custom-button:hover,
121	line-height: 18px;
122	color: #51575D;
123	}
124	- .twb-optimized a {
125	- text-decoration: none;
126	- }
127
128	.twb-notoptimized a,
129	- .twb-see-score {
130	color: #3A70AD;
131	text-decoration: underline;
132	cursor: pointer;
	@@ -142,12 +162,6 @@ a.twb-custom-button:hover,
142	height: 16px;
143	}
144
145	- .twb-see-score:before {
146	- background: transparent url(../images/separator.svg) 0% 0% no-repeat padding-box;
147	- width: 1px;
148	- height: 12px;
149	- margin: 0 10px;
150	- }
151	.twb-optimized:before {
152	background: transparent url(../images/not_optimized.svg) 0% 0% no-repeat padding-box;
153	}


112	display: none;
113	}
114
115	+ #twb-speed-galleries_bwg,
116	+ #twb-speed-manage_fm {
117	+ position: relative;
118	+ padding-left: 30px;
119	+ font-weight: 600;
120	+ }
121	+ #twb-speed-galleries_bwg:before,
122	+ #twb-speed-manage_fm:before {
123	+ content: '';
124	+ position: absolute;
125	+ top: 18px;
126	+ left: 10px;
127	+ transform: translateY(-50%);
128	+ width: 15px;
129	+ height: 15px;
130	+ }
131	+ #twb-speed-galleries_bwg:before {
132	+ background: transparent url(../images/pg.svg) 0% 0% no-repeat padding-box;
133	+ }
134	+ #twb-speed-manage_fm:before {
135	+ background: transparent url(../images/fm.svg) 0% 0% no-repeat padding-box;
136	+ }
137	+
138	.twb-page-speed {
139	position: relative;
140	padding-left: 20px;

144	line-height: 18px;
145	color: #51575D;
146	}



147
148	.twb-notoptimized a,
149	+ a.twb-see-score {
150	color: #3A70AD;
151	text-decoration: underline;
152	cursor: pointer;

162	height: 16px;
163	}
164






165	.twb-optimized:before {
166	background: transparent url(../images/not_optimized.svg) 0% 0% no-repeat padding-box;
167	}

booster/assets/css/speed.css CHANGED Viewed

@@ -235,6 +235,52 @@ input.twb-sign-up-input {
               border-radius: 4px;
+            }
             .twb-analyze-input-container {
               display: flex;
               margin-top: 20px;
@@ -1460,3 +1506,6 @@ p.twb-total_size {
                 margin: 15px auto 0 auto;
+              }
+            }


235	border-radius: 4px;
236	}
237
238	+ .twb-speed-footer {
239	+ display: flex;
240	+ align-items: center;
241	+ width: 714px;
242	+ height: auto;
243	+ background-color: #FFFFFF;
244	+ margin: 20px auto;
245	+ padding: 20px;
246	+ box-sizing: border-box;
247	+ border-radius: 4px;
248	+ font-family: 'Open Sans';
249	+ border: 1px solid #DEDEDE;
250	+ }
251	+
252	+ .twb-speed-footer input[type=checkbox] {
253	+ padding: 0;
254	+ margin: 0 10px 0 0;
255	+ width: 14px;
256	+ height: 14px;
257	+ min-width: 14px;
258	+ border: 1px solid #8c8f94;
259	+ }
260	+ .twb-speed-footer input[type=checkbox]:checked {
261	+ border: none;
262	+ }
263	+ .twb-speed-footer input[type=checkbox]:checked::before {
264	+ content: ' ';
265	+ background: url(../images/check_white.png) 1px 3px no-repeat;
266	+ background-size: 10px;
267	+ background-color: #0A53BE;
268	+ color: #ffffff;
269	+ width: 13px;
270	+ height: 13px;
271	+ margin: 0;
272	+ border-radius: 3px;
273	+ }
274	+
275	+ .twb-speed-footer p {
276	+ padding: 0;
277	+ margin: 0;
278	+ text-align: left;
279	+ font: normal normal 600 12px/18px Open Sans;
280	+ letter-spacing: 0px;
281	+ color: #323A45;
282	+ }
283	+
284	.twb-analyze-input-container {
285	display: flex;
286	margin-top: 20px;

1506	margin: 15px auto 0 auto;
1507	}
1508	}
1509	+ #adminmenu li.toplevel_page_galleries_bwg a.wp-has-current-submenu img {
1510	+ filter: brightness(0) invert(1);
1511	+ }

booster/assets/images/check_white.png ADDED Viewed

Binary file

booster/assets/images/fm.svg ADDED Viewed

	@@ -0,0 +1,6 @@


1	+ <svg xmlns="http://www.w3.org/2000/svg" width="15" height="15" viewBox="0 0 15 15">
2	+ <g id="Group_104206" data-name="Group 104206" transform="translate(-529 -174)">
3	+ <rect id="Rectangle_52354" data-name="Rectangle 52354" width="15" height="15" transform="translate(529 174)" fill="none"/>
4	+ <path id="Path_171434" data-name="Path 171434" d="M14.551,0H.439A.442.442,0,0,0,0,.438V10.523a.442.442,0,0,0,.439.438H14.561A.442.442,0,0,0,15,10.523V.438A.458.458,0,0,0,14.551,0ZM4.967,1.8H9.255v.657H4.967Zm0,1.215H9.255v.657H4.967Zm0,1.1H9.255V4.77H4.967ZM1.237,1.8H4.529V4.76H1.237ZM13.743,9.588H1.237V7.278H13.743Zm0-3.066H1.237V5.536H13.743Zm0-1.762H9.574V4.1h4.169Zm0-1.1H9.574V3.017h4.169Zm0-1.195H9.574V1.832h4.169Z" transform="translate(529 176.019)" fill="#2e3336"/>
5	+ </g>
6	+ </svg>

booster/assets/images/pg.svg ADDED Viewed

	@@ -0,0 +1,9 @@


1	+ <svg xmlns="http://www.w3.org/2000/svg" width="15" height="15" viewBox="0 0 15 15">
2	+ <g id="Group_104205" data-name="Group 104205" transform="translate(-529 -174)">
3	+ <rect id="Rectangle_52354" data-name="Rectangle 52354" width="15" height="15" transform="translate(529 174)" fill="none"/>
4	+ <g id="Group_104203" data-name="Group 104203" transform="translate(509.158 151.942)">
5	+ <path id="Path_171432" data-name="Path 171432" d="M10.828,5.532v.1A5.543,5.543,0,0,1,9.254,9.542a5.244,5.244,0,0,1-3.822,1.583A5.237,5.237,0,0,1,1.547,9.52,5.54,5.54,0,0,1,0,5.52,5.59,5.59,0,0,1,1.6,1.583,5.36,5.36,0,0,1,10.27,3.106H6.863a1.952,1.952,0,0,0-1.4-.49,2.9,2.9,0,0,0-2.849,2.94A2.9,2.9,0,0,0,5.479,8.485a2.5,2.5,0,0,0,2.3-1.219H5.444V4.875h5.409c.012,0-.012.107,0,.215C10.863,5.269,10.828,5.353,10.828,5.532Z" transform="translate(23.986 25.057)" fill="#2e3336"/>
6	+ <path id="Path_171433" data-name="Path 171433" d="M14.557,3.8a6.148,6.148,0,0,0-4.409-2.524,6.086,6.086,0,0,0-4.771,1.69,6.614,6.614,0,0,0,.126,9.3l-.643-.024H1.314a1.223,1.223,0,0,1-1.32-1.395V4.432A2.176,2.176,0,0,1,1.808,2.155c.218-.048.415-.048.4-.369-.011-.227.173-.2.321-.2H4c.264,0,.551-.083.562.393.011.227.677.227.872-.036A10.287,10.287,0,0,0,6.2.761,1.4,1.4,0,0,1,7.522-.014c1.388.012,2.88.012,4.3,0A1.239,1.239,0,0,1,13.1.737C13.49,1.714,14.637,3.884,14.557,3.8Z" transform="translate(19.85 23.08)" fill="#2e3336"/>
7	+ </g>
8	+ </g>
9	+ </svg>

booster/assets/images/separator.svg DELETED Viewed

@@ -1,3 +0,0 @@
-            -
            <svg xmlns="http://www.w3.org/2000/svg" width="1" height="12" viewBox="0 0 1 12">
-            -
              <line id="Line_4812" data-name="Line 4812" y2="12" transform="translate(0.5)" fill="none" stroke="#e4e4e4" stroke-width="1"/>
-            -
            </svg>

booster/assets/js/speed.js CHANGED Viewed

@@ -26,6 +26,32 @@ jQuery(function () {
               if ( twb.compressed_pages_status === "0" ) {
                 set_compressed_pages();
+              }
             });
             /* Count total size of images. */


26	if ( twb.compressed_pages_status === "0" ) {
27	set_compressed_pages();
28	}
29	+
30	+ /* Bind an action to enable/disable CTAs.*/
31	+ jQuery("#twb-show-cta").on("click", function () {
32	+ if ( jQuery(this).attr("disabled") ) {
33	+ return;
34	+ } else {
35	+ jQuery(this).attr("disabled", true);
36	+ }
37	+ var show_cta = 0;
38	+ if ( jQuery(this).prop("checked") ){
39	+ show_cta = 1;
40	+ }
41	+ jQuery.ajax( {
42	+ url: ajaxurl,
43	+ type: "POST",
44	+ data: {
45	+ action: "twb",
46	+ task: "set_show_cta",
47	+ show_cta: show_cta,
48	+ speed_ajax_nonce: twb.speed_ajax_nonce
49	+ },
50	+ complete: function () {
51	+ jQuery("#twb-show-cta").removeAttr("disabled");
52	+ },
53	+ });
54	+ })
55	});
56
57	/* Count total size of images. */

booster/controller.php CHANGED Viewed

	@@ -62,6 +62,8 @@ class BoosterController {
62	$params['is_plugin'] = $this->booster->is_plugin;
63	$params['submenu_parent_slug'] = $this->booster->submenu['parent_slug'];
64	$params['slug'] = $this->booster->slug;


65
66	$params['images_count'] = $this->get_images_count();
67	$params['images_total_size'] = get_option('twb_images_total_size', '0 KB');
	@@ -191,6 +193,17 @@ class BoosterController {
191	die;
192	}
193











194	/**
195	* Get copmpressed pages/images data from DB.
196	*


62	$params['is_plugin'] = $this->booster->is_plugin;
63	$params['submenu_parent_slug'] = $this->booster->submenu['parent_slug'];
64	$params['slug'] = $this->booster->slug;
65	+ $params['show_cta'] = $this->booster->show_cta;
66	+ $params['show_cta_option'] = $this->booster->show_cta_option;
67
68	$params['images_count'] = $this->get_images_count();
69	$params['images_total_size'] = get_option('twb_images_total_size', '0 KB');

193	die;
194	}
195
196	+ /**
197	+ * Update show CTA value.
198	+ *
199	+ * @return void
200	+ */
201	+ public function set_show_cta() {
202	+ $show_cta = isset($_POST['show_cta']) ? intval($_POST['show_cta']) : 0;
203	+ update_option("twb_show_cta", $show_cta);
204	+ die();
205	+ }
206	+
207	/**
208	* Get copmpressed pages/images data from DB.
209	*

booster/main.php CHANGED Viewed

	@@ -29,6 +29,8 @@ class TenWebBooster {
29	private $admin_bar = TRUE;
30	private $gutenberg = TRUE;
31	private $elementor = TRUE;


32	private $list = TRUE;
33
34	public $slug = '';
	@@ -62,9 +64,9 @@ class TenWebBooster {
62	add_action('wp_ajax_twb_check_score', array( $this, 'check_score' ));
63	add_action('wp_ajax_twb_notif_check', array( $this, 'notif_check' ));
64
65	- if ( ~~$this->booster_plugin_status~~ != 2 ) {
66	-
67	- if( $this->admin_bar ) {
68	add_action('admin_bar_menu', array( $this, 'admin_bar_menu' ), 100);
69	}
70
	@@ -224,7 +226,7 @@ class TenWebBooster {
224	'manage_options',
225	self::PREFIX . '_' . $this->slug,
226	array($this, 'admin_page'),
227	- 1,
228	);
229	}
230	else {
	@@ -243,7 +245,6 @@ class TenWebBooster {
243	*/
244	public function admin_page() {
245	require_once($this->plugin_dir . '/controller.php');
246	-
247	$controller = new BoosterController($this);
248	$controller->execute();
249	}
	@@ -275,6 +276,7 @@ class TenWebBooster {
275	* @return void
276	*/
277	public function set_booster_data() {

278	$this->subscription_id = get_transient('tenweb_subscription_id');
279	$this->booster_plugin_status = $this->get_booster_status();
280


29	private $admin_bar = TRUE;
30	private $gutenberg = TRUE;
31	private $elementor = TRUE;
32	+ public $show_cta_option = TRUE;
33	+ public $show_cta = TRUE;
34	private $list = TRUE;
35
36	public $slug = '';

64	add_action('wp_ajax_twb_check_score', array( $this, 'check_score' ));
65	add_action('wp_ajax_twb_notif_check', array( $this, 'notif_check' ));
66
67	+ /* Booster is inactive and (CTAs are enabled from options or option desabled at all).*/
68	+ if ( $this->booster_plugin_status != 2 && ($this->show_cta \|\| !$this->show_cta_option) ) {
69	+ if ( $this->admin_bar ) {
70	add_action('admin_bar_menu', array( $this, 'admin_bar_menu' ), 100);
71	}
72

226	'manage_options',
227	self::PREFIX . '_' . $this->slug,
228	array($this, 'admin_page'),
229	+ 1
230	);
231	}
232	else {

245	*/
246	public function admin_page() {
247	require_once($this->plugin_dir . '/controller.php');

248	$controller = new BoosterController($this);
249	$controller->execute();
250	}

276	* @return void
277	*/
278	public function set_booster_data() {
279	+ $this->show_cta = get_option("twb_show_cta", TRUE);
280	$this->subscription_id = get_transient('tenweb_subscription_id');
281	$this->booster_plugin_status = $this->get_booster_status();
282

booster/view.php CHANGED Viewed

@@ -49,6 +49,17 @@ class BoosterView {
                   </div>
                     <?php
+                  }
                   ?>
                 </div>
               <?php


49	</div>
50	<?php
51	}
52	+
53	+ // If CTAs disable option is enabled.
54	+ if ( $params['show_cta_option']) {
55	+ ?>
56	+ <div class="twb-speed-footer">
57	+ <input type="checkbox" id="twb-show-cta" <?php echo $params['show_cta'] == 1 ? 'checked' : ''; ?>>
58	+ <label for="twb-show-cta"><p><?php _e("Show all PageSpeeds score elements in WordPress admin.", "tenweb-booster"); ?></p></label>
59	+ </div>
60	+ <?php
61	+ }
62	+
63	?>
64	</div>
65	<?php

css/bwg_tables.css CHANGED Viewed

	@@ -4391,3 +4391,7 @@ bwg-gallery-ul {
4391	#bwg_shortcode_form {
4392	padding: 0;
4393	}


4391	#bwg_shortcode_form {
4392	padding: 0;
4393	}
4394	+
4395	+ #adminmenu li.toplevel_page_galleries_bwg a.wp-has-current-submenu img {
4396	+ filter: brightness(0) invert(1);
4397	+ }

filemanager/controller.php CHANGED Viewed

@@ -55,19 +55,35 @@ class FilemanagerController {
                 $session_data['clipboard_files'] = $this->model->get_from_session('clipboard_files', '');
                 $session_data['clipboard_src'] = $this->model->get_from_session('clipboard_src', '');
                 $session_data['clipboard_dest'] = $this->model->get_from_session('clipboard_dest', '');
-            -
                $bwg_filemanager_sorting_array = get_option('bwg_filemanager_sorting', 0);
-            -
                if ($bwg_filemanager_sorting_array !== 0) {
-            -
                  if (array_key_exists(get_current_user_id(), $bwg_filemanager_sorting_array)) {
-            -
                    $session_data['sort_by'] = $bwg_filemanager_sorting_array[get_current_user_id()]['sort_by'];
-            -
                    $session_data['sort_order'] = $bwg_filemanager_sorting_array[get_current_user_id()]['sort_order'];
-            -
                  } else {
-            -
                    $session_data['sort_by'] = 'date_modified';
-            -
                    $session_data['sort_order'] = 'desc';
-            -
                  }
-            -
                } else {
-            -
                  $session_data['sort_by'] = 'date_modified';
-            -
                  $session_data['sort_order'] = 'desc';
+                }
                 $params['orderby'] = $session_data['sort_by'];
                 $params['session_data'] = $session_data;
                 $params['dir'] = ($dir == '' || $dir == '/') ? '/' : $dir .'/';


55	$session_data['clipboard_files'] = $this->model->get_from_session('clipboard_files', '');
56	$session_data['clipboard_src'] = $this->model->get_from_session('clipboard_src', '');
57	$session_data['clipboard_dest'] = $this->model->get_from_session('clipboard_dest', '');
58	+
59	+ // Get ordering for each WP user.
60	+ $bwg_filemanager_sorting_array = get_option('bwg_filemanager_sorting');
61	+ // Set ordering for current WP user if not exist.
62	+ if ( !$bwg_filemanager_sorting_array ) {
63	+ $bwg_filemanager_sorting_array = array();
64	+ }
65	+ if ( empty($bwg_filemanager_sorting_array[get_current_user_id()]) ) {
66	+ $bwg_filemanager_sorting_array[get_current_user_id()]['sort_by'] = 'date_modified';
67	+ $bwg_filemanager_sorting_array[get_current_user_id()]['sort_order'] = 'desc';


68	}
69	+
70	+ // Update ordering if sorted for current WP user.
71	+ $sort_by = WDWLibrary::get('sort_by', '');
72	+ if ( $sort_by !== '' ) {
73	+ $sort_by = in_array($sort_by, array( 'name', 'size', 'date_modified' )) ? $sort_by : 'date_modified';
74	+ $sort_order = WDWLibrary::get('sort_order', 'desc');
75	+ $sort_order = ($sort_order == 'desc') ? 'desc' : 'asc';
76	+
77	+ $bwg_filemanager_sorting_array[get_current_user_id()] = array(
78	+ 'sort_by' => $sort_by,
79	+ 'sort_order' => $sort_order,
80	+ );
81	+ update_option('bwg_filemanager_sorting', $bwg_filemanager_sorting_array);
82	+ }
83	+
84	+ $session_data['sort_by'] = $bwg_filemanager_sorting_array[get_current_user_id()]['sort_by'];
85	+ $session_data['sort_order'] = $bwg_filemanager_sorting_array[get_current_user_id()]['sort_order'];
86	+
87	$params['orderby'] = $session_data['sort_by'];
88	$params['session_data'] = $session_data;
89	$params['dir'] = ($dir == '' \|\| $dir == '/') ? '/' : $dir .'/';

framework/WDWSitemap.php CHANGED Viewed

	@@ -75,7 +75,7 @@ final class WDWSitemap {
75	foreach ( $images as $image ) {
76	if ( strpos($image->filetype, 'EMBED') === FALSE ) {
77	$this->images[] = array(
78	- 'src' => BWG()->upload_url . $image->image_url_raw,
79	'title' => $image->alt,
80	'alt' => $image->alt
81	);


75	foreach ( $images as $image ) {
76	if ( strpos($image->filetype, 'EMBED') === FALSE ) {
77	$this->images[] = array(
78	+ 'src' => BWG()->upload_url . (isset($image->image_url_raw) ? $image->image_url_raw : $image->image_url),
79	'title' => $image->alt,
80	'alt' => $image->alt
81	);

frontend/views/BWGViewAlbum_compact_preview.php CHANGED Viewed

@@ -27,18 +27,29 @@ class BWGViewAlbum_compact_preview extends BWGViewSite {
                 require_once BWG()->plugin_dir . '/frontend/views/BWGView' . $gallery_type . '.php';
                 $view_class = 'BWGView' . $gallery_type;
                 $this->gallery_view = new $view_class();
-            -
            	$theme_row = $params['theme_row'];
-            -
-            -
            	$from = (isset($params['from']) ? esc_html($params['from']) : 0);
-            -
                $breadcrumb_arr = array(
-            -
            		0 => array(
-            -
            				'id' => $params['album_gallery_id'],
-            -
            				'page' => WDWLibrary::get('page_number_' . $bwg, 1, 'intval')
-            -
            			)
-            -
            		);
                 $breadcrumb = WDWLibrary::get('bwg_album_breadcrumb_' . $bwg);
-            -
            	  $breadcrumb = !empty($breadcrumb) ? $breadcrumb : json_encode($breadcrumb_arr);
-            -
                $params['breadcrumb_arr'] = json_decode($breadcrumb);
                 /* Set theme parameters for Gallery/Gallery group title/description.*/
                 $theme_row->thumb_gal_title_font_size = $theme_row->album_compact_gal_title_font_size;


27	require_once BWG()->plugin_dir . '/frontend/views/BWGView' . $gallery_type . '.php';
28	$view_class = 'BWGView' . $gallery_type;
29	$this->gallery_view = new $view_class();
30	+ $theme_row = $params['theme_row'];
31	+
32	+ $from = (isset($params['from']) ? esc_html($params['from']) : 0);
33	+





34	$breadcrumb = WDWLibrary::get('bwg_album_breadcrumb_' . $bwg);
35	+ if ( !empty($breadcrumb) ) {
36	+ $breadcrumb_arr = json_decode($breadcrumb);
37	+ $params['breadcrumb_arr'] = array();
38	+ // Validation json data.
39	+ foreach ( $breadcrumb_arr as $key => $breadcrumb ) {
40	+ $params['breadcrumb_arr'][$key]['id'] = intval($breadcrumb->id);
41	+ $params['breadcrumb_arr'][$key]['page'] = intval($breadcrumb->page);
42	+ }
43	+ }
44	+ else {
45	+ $params['breadcrumb_arr'] = array(
46	+ 0 => array(
47	+ 'id' => $params['album_gallery_id'],
48	+ 'page' => WDWLibrary::get('page_number_' . $bwg, 1, 'intval'),
49	+ ),
50	+ );
51	+ }
52	+ $breadcrumb = json_encode($params['breadcrumb_arr']);
53
54	/* Set theme parameters for Gallery/Gallery group title/description.*/
55	$theme_row->thumb_gal_title_font_size = $theme_row->album_compact_gal_title_font_size;

frontend/views/BWGViewAlbum_extended_preview.php CHANGED Viewed

@@ -33,16 +33,26 @@ class BWGViewAlbum_extended_preview extends BWGViewSite {
                 $this->gallery_view = new $view_class();
                 $theme_row = $params['theme_row'];
-            -
                $breadcrumb_arr = array(
-            -
                  0 => array(
-            -
                    'id' => $params['album_gallery_id'],
-            -
                    'page' => WDWLibrary::get('page_number_' . $bwg, 1, 'intval')
-            -
                  )
-            -
                );
                 $breadcrumb = WDWLibrary::get('bwg_album_breadcrumb_' . $bwg);
-            -
            	  $breadcrumb = !empty($breadcrumb) ? $breadcrumb : json_encode($breadcrumb_arr);
-            -
                $params['breadcrumb_arr'] = json_decode($breadcrumb);
                 /* Set theme parameters for Gallery/Gallery group title/description.*/
                 $theme_row->thumb_gal_title_font_size = $theme_row->album_extended_gal_title_font_size;


33	$this->gallery_view = new $view_class();
34
35	$theme_row = $params['theme_row'];






36
37	$breadcrumb = WDWLibrary::get('bwg_album_breadcrumb_' . $bwg);
38	+ if ( !empty($breadcrumb) ) {
39	+ $breadcrumb_arr = json_decode($breadcrumb);
40	+ $params['breadcrumb_arr'] = array();
41	+ // Validation json data.
42	+ foreach ( $breadcrumb_arr as $key => $breadcrumb ) {
43	+ $params['breadcrumb_arr'][$key]['id'] = intval($breadcrumb->id);
44	+ $params['breadcrumb_arr'][$key]['page'] = intval($breadcrumb->page);
45	+ }
46	+ }
47	+ else {
48	+ $params['breadcrumb_arr'] = array(
49	+ 0 => array(
50	+ 'id' => $params['album_gallery_id'],
51	+ 'page' => WDWLibrary::get('page_number_' . $bwg, 1, 'intval'),
52	+ ),
53	+ );
54	+ }
55	+ $breadcrumb = json_encode($params['breadcrumb_arr']);
56
57	/* Set theme parameters for Gallery/Gallery group title/description.*/
58	$theme_row->thumb_gal_title_font_size = $theme_row->album_extended_gal_title_font_size;

frontend/views/BWGViewAlbum_masonry_preview.php CHANGED Viewed

@@ -10,15 +10,27 @@ class BWGViewAlbum_masonry_preview extends BWGViewSite {
             		$theme_row = $params['theme_row'];
             		$from = (isset($params['from']) ? esc_html($params['from']) : 0);
-            -
                $breadcrumb_arr = array(
-            -
            		0 => array(
-            -
            				'id' => $params['album_gallery_id'],
-            -
            				'page' => WDWLibrary::get('page_number_' . $bwg, 1, 'intval')
-            -
            			)
-            -
            		);
                 $breadcrumb = WDWLibrary::get('bwg_album_breadcrumb_' . $bwg);
-            -
            		$breadcrumb = !empty($breadcrumb) ? $breadcrumb : json_encode($breadcrumb_arr);
-            -
                $params['breadcrumb_arr'] = json_decode($breadcrumb);
                 /* Set theme parameters for Gallery/Gallery group title/description.*/
                 $theme_row->thumb_gal_title_font_size = $theme_row->album_masonry_gal_title_font_size;
                 $theme_row->thumb_gal_title_font_color = $theme_row->album_masonry_gal_title_font_color;


10	$theme_row = $params['theme_row'];
11
12	$from = (isset($params['from']) ? esc_html($params['from']) : 0);
13	+





14	$breadcrumb = WDWLibrary::get('bwg_album_breadcrumb_' . $bwg);
15	+ if ( !empty($breadcrumb) ) {
16	+ $breadcrumb_arr = json_decode($breadcrumb);
17	+ $params['breadcrumb_arr'] = array();
18	+ // Validation json data.
19	+ foreach ( $breadcrumb_arr as $key => $breadcrumb ) {
20	+ $params['breadcrumb_arr'][$key]['id'] = intval($breadcrumb->id);
21	+ $params['breadcrumb_arr'][$key]['page'] = intval($breadcrumb->page);
22	+ }
23	+ }
24	+ else {
25	+ $params['breadcrumb_arr'] = array(
26	+ 0 => array(
27	+ 'id' => $params['album_gallery_id'],
28	+ 'page' => WDWLibrary::get('page_number_' . $bwg, 1, 'intval'),
29	+ ),
30	+ );
31	+ }
32	+ $breadcrumb = json_encode($params['breadcrumb_arr']);
33	+
34	/* Set theme parameters for Gallery/Gallery group title/description.*/
35	$theme_row->thumb_gal_title_font_size = $theme_row->album_masonry_gal_title_font_size;
36	$theme_row->thumb_gal_title_font_color = $theme_row->album_masonry_gal_title_font_color;

frontend/views/BWGViewShare.php CHANGED Viewed

	@@ -10,6 +10,9 @@ class BWGViewShare {
10	public function display() {
11	$image_id = WDWLibrary::get('image_id', 0, 'intval');
12	$curr_url = WDWLibrary::get('curr_url', '', 'esc_url');



13	$current_url = !empty($curr_url) ? html_entity_decode(urldecode(urldecode($curr_url))) : '';
14	if ( !empty($image_id) ) {
15	require_once(BWG()->plugin_dir . '/framework/WDWLibrary.php');


10	public function display() {
11	$image_id = WDWLibrary::get('image_id', 0, 'intval');
12	$curr_url = WDWLibrary::get('curr_url', '', 'esc_url');
13	+ if ( strpos(urlencode($curr_url), urlencode((is_ssl() ? 'https://' : 'http://') . $_SERVER['HTTP_HOST'])) === FALSE ) {
14	+ die();
15	+ }
16	$current_url = !empty($curr_url) ? html_entity_decode(urldecode(urldecode($curr_url))) : '';
17	if ( !empty($image_id) ) {
18	require_once(BWG()->plugin_dir . '/framework/WDWLibrary.php');

images/icons/icon.png DELETED Viewed

Binary file

images/icons/icon.svg ADDED Viewed

	@@ -0,0 +1,6 @@


1	+ <svg xmlns="http://www.w3.org/2000/svg" width="16" height="14" viewBox="0 0 16 14">
2	+ <g id="Group_104204" data-name="Group 104204" transform="translate(-19.842 -23.058)">
3	+ <path id="Path_171432" data-name="Path 171432" d="M11.55,5.9V6a5.913,5.913,0,0,1-1.679,4.175,5.593,5.593,0,0,1-4.077,1.689A5.587,5.587,0,0,1,1.65,10.154,5.909,5.909,0,0,1,0,5.888a5.962,5.962,0,0,1,1.706-4.2,5.718,5.718,0,0,1,9.247,1.625H7.32a2.082,2.082,0,0,0-1.488-.523A3.089,3.089,0,0,0,2.792,5.927,3.088,3.088,0,0,0,5.844,9.051,2.664,2.664,0,0,0,8.3,7.75H5.807V5.2h5.77c.013,0-.013.114,0,.23C11.587,5.62,11.55,5.71,11.55,5.9Z" transform="translate(24.262 25.19)" fill="#67a5f7"/>
4	+ <path id="Path_171433" data-name="Path 171433" d="M15.528,4.055a6.558,6.558,0,0,0-4.7-2.693,6.491,6.491,0,0,0-5.089,1.8,7.055,7.055,0,0,0,.135,9.919l-.685-.026H1.4A1.3,1.3,0,0,1-.005,11.571V4.729A2.321,2.321,0,0,1,1.929,2.3c.233-.051.442-.051.428-.394-.012-.242.184-.216.343-.216H4.267c.282,0,.588-.089.6.419.012.242.722.242.93-.038A10.973,10.973,0,0,0,6.617.813,1.489,1.489,0,0,1,8.024-.014C9.505,0,11.1,0,12.615-.014a1.322,1.322,0,0,1,1.359.8C14.389,1.83,15.613,4.145,15.528,4.055Z" transform="translate(19.85 23.08)" fill="#296ecc"/>
5	+ </g>
6	+ </svg>

photo-gallery.php CHANGED Viewed

	@@ -3,7 +3,7 @@
3	* Plugin Name: Photo Gallery
4	* Plugin URI: https://10web.io/plugins/wordpress-photo-gallery/?utm_source=photo_gallery&utm_medium=free_plugin
5	* Description: This plugin is a fully responsive gallery plugin with advanced functionality. It allows having different image galleries for your posts and pages. You can create unlimited number of galleries, combine them into albums, and provide descriptions and tags.
6	- * Version: 1.8.2
7	* Author: Photo Gallery Team
8	* Author URI: https://10web.io/plugins/?utm_source=photo_gallery&utm_medium=free_plugin
9	* Text Domain: photo-gallery
	@@ -107,8 +107,8 @@ final class BWG {
107	$this->plugin_url = plugins_url(plugin_basename(dirname(__FILE__)));
108	$this->front_url = $this->plugin_url;
109	$this->main_file = plugin_basename(__FILE__);
110	- $this->plugin_version = '1.8.2';
111	- $this->db_version = '1.8.2';
112	$this->prefix = 'bwg';
113	$this->nicename = __('Photo Gallery', 'photo-gallery');
114	require_once($this->plugin_dir . '/framework/WDWLibrary.php');
	@@ -475,7 +475,7 @@ final class BWG {
475	$themes_permission = $this->is_pro && $this->options->theme_role ? $this->options->permissions : 'manage_options';
476	$settings_permission = $this->is_pro && $this->options->settings_role ? $this->options->permissions : 'manage_options';
477	$parent_slug = 'galleries_' . $this->prefix;
478	- add_menu_page($this->nicename, $this->nicename, $permissions, 'galleries_' . $this->prefix, array($this , 'admin_pages'), $this->plugin_url . '/images/icons/icon.~~png~~');
479
480	$galleries_page = add_submenu_page($parent_slug, __('Add Galleries/Images', 'photo-gallery'), __('Add Galleries/Images', 'photo-gallery'), $permissions, 'galleries_' . $this->prefix, array($this , 'admin_pages'));
481	add_action('load-' . $galleries_page, array($this, 'galleries_per_page_option'));
	@@ -797,7 +797,7 @@ final class BWG {
797	require_once(BWG()->plugin_dir . '/framework/WDWLibraryEmbed.php');
798	require_once(BWG()->plugin_dir . '/frontend/controllers/controller.php');
799	$controller = new BWGControllerSite( ucfirst( $params[ 'gallery_type' ] ) );
800	- if ( WDWLibrary::get('shortcode_id', 0) \|\| isset($params['ajax']) ) {
801	$controller->execute($params, 1, WDWLibrary::get('bwg', 0, 'intval'));
802	}
803	else {
	@@ -978,7 +978,7 @@ final class BWG {
978	}
979	require_once(BWG()->plugin_dir . '/filemanager/UploadHandler.php');
980	}
981	- ~~// TODO:~~
982	public function bwg_filemanager_ajax() {
983	$permissions = $this->is_pro ? BWG()->options->permissions : 'manage_options';
984	if (function_exists('current_user_can')) {
	@@ -991,12 +991,7 @@ final class BWG {
991	}
992	require_once(BWG()->plugin_dir . '/framework/WDWLibrary.php');
993	$page = WDWLibrary::get('action');
994	- $~~filemanager_sort_by~~ = ~~WDWLibrary::get(~~'~~sort_by~~', 0);
995	- if ($filemanager_sort_by) {
996	- $filemanager_sort_order = WDWLibrary::get('sort_order', 'desc');
997	- update_option('bwg_filemanager_sorting', [get_current_user_id() => ['sort_by' => $filemanager_sort_by, 'sort_order' => $filemanager_sort_order]]);
998	- }
999	- if (($page != '') && (($page == 'addImages') \|\| ($page == 'addMusic'))) {
1000	if (!WDWLibrary::verify_nonce($page)) {
1001	die('Sorry, your nonce did not verify.');
1002	}
	@@ -1726,7 +1721,7 @@ final class BWG {
1726	"after_subscribe" => admin_url('admin.php?page=galleries_bwg'), // this can be plugin overview page or set up page
1727	"plugin_wizard_link" => '',
1728	"plugin_menu_title" => $this->nicename,
1729	- "plugin_menu_icon" => BWG()->plugin_url . '/images/icons/icon.~~png~~',
1730	"deactivate" => !$this->is_pro,
1731	"subscribe" => false,
1732	"custom_post" => '',


3	* Plugin Name: Photo Gallery
4	* Plugin URI: https://10web.io/plugins/wordpress-photo-gallery/?utm_source=photo_gallery&utm_medium=free_plugin
5	* Description: This plugin is a fully responsive gallery plugin with advanced functionality. It allows having different image galleries for your posts and pages. You can create unlimited number of galleries, combine them into albums, and provide descriptions and tags.
6	+ * Version: 1.8.3
7	* Author: Photo Gallery Team
8	* Author URI: https://10web.io/plugins/?utm_source=photo_gallery&utm_medium=free_plugin
9	* Text Domain: photo-gallery

107	$this->plugin_url = plugins_url(plugin_basename(dirname(__FILE__)));
108	$this->front_url = $this->plugin_url;
109	$this->main_file = plugin_basename(__FILE__);
110	+ $this->plugin_version = '1.8.3';
111	+ $this->db_version = '1.8.3';
112	$this->prefix = 'bwg';
113	$this->nicename = __('Photo Gallery', 'photo-gallery');
114	require_once($this->plugin_dir . '/framework/WDWLibrary.php');

475	$themes_permission = $this->is_pro && $this->options->theme_role ? $this->options->permissions : 'manage_options';
476	$settings_permission = $this->is_pro && $this->options->settings_role ? $this->options->permissions : 'manage_options';
477	$parent_slug = 'galleries_' . $this->prefix;
478	+ add_menu_page($this->nicename, $this->nicename, $permissions, 'galleries_' . $this->prefix, array($this , 'admin_pages'), $this->plugin_url . '/images/icons/icon.svg');
479
480	$galleries_page = add_submenu_page($parent_slug, __('Add Galleries/Images', 'photo-gallery'), __('Add Galleries/Images', 'photo-gallery'), $permissions, 'galleries_' . $this->prefix, array($this , 'admin_pages'));
481	add_action('load-' . $galleries_page, array($this, 'galleries_per_page_option'));

797	require_once(BWG()->plugin_dir . '/framework/WDWLibraryEmbed.php');
798	require_once(BWG()->plugin_dir . '/frontend/controllers/controller.php');
799	$controller = new BWGControllerSite( ucfirst( $params[ 'gallery_type' ] ) );
800	+ if ( WDWLibrary::get('shortcode_id', 0, 'intval') \|\| isset($params['ajax']) ) {
801	$controller->execute($params, 1, WDWLibrary::get('bwg', 0, 'intval'));
802	}
803	else {

978	}
979	require_once(BWG()->plugin_dir . '/filemanager/UploadHandler.php');
980	}
981	+
982	public function bwg_filemanager_ajax() {
983	$permissions = $this->is_pro ? BWG()->options->permissions : 'manage_options';
984	if (function_exists('current_user_can')) {

991	}
992	require_once(BWG()->plugin_dir . '/framework/WDWLibrary.php');
993	$page = WDWLibrary::get('action');
994	+ if ( $page == 'addImages' ) {





995	if (!WDWLibrary::verify_nonce($page)) {
996	die('Sorry, your nonce did not verify.');
997	}

1721	"after_subscribe" => admin_url('admin.php?page=galleries_bwg'), // this can be plugin overview page or set up page
1722	"plugin_wizard_link" => '',
1723	"plugin_menu_title" => $this->nicename,
1724	+ "plugin_menu_icon" => BWG()->plugin_url . '/images/icons/icon.svg',
1725	"deactivate" => !$this->is_pro,
1726	"subscribe" => false,
1727	"custom_post" => '',

readme.txt CHANGED Viewed

	@@ -3,7 +3,7 @@ Contributors: webdorado,wdsupport,photogallerysupport,10web
3	Tags: gallery, photo gallery, image gallery, responsive gallery, wordpress gallery plugin, photo albums, gallery slider, gallery lightbox, wordpress photo gallery plugin, fullscreen gallery, watermarking, video gallery
4	Requires at least: 4.6
5	Tested up to: 6.1
6	- Stable tag: 1.8.2
7	License: GPLv2 or later
8	License URI: http://www.gnu.org/licenses/gpl-2.0.html
9
	@@ -273,6 +273,12 @@ Choose whether to display random or the first/last specific number of images.
273
274	== Changelog ==
275






276	= 1.8.2 =
277	* Improved: 10Web Booster integration.
278


3	Tags: gallery, photo gallery, image gallery, responsive gallery, wordpress gallery plugin, photo albums, gallery slider, gallery lightbox, wordpress photo gallery plugin, fullscreen gallery, watermarking, video gallery
4	Requires at least: 4.6
5	Tested up to: 6.1
6	+ Stable tag: 1.8.3
7	License: GPLv2 or later
8	License URI: http://www.gnu.org/licenses/gpl-2.0.html
9

273
274	== Changelog ==
275
276	+ = 1.8.3 =
277	+ * Fixed: Security issue.
278	+ * Fixed: Open Redirect vulnerability.
279	+ * Fixed: Cross site vulnerability.
280	+ * Fixed: 10Web Booster integration.
281	+
282	= 1.8.2 =
283	* Improved: 10Web Booster integration.
284

Photo Gallery by WD – Responsive Photo Gallery - Version 1.8.3

Version Description

Release Info

Code changes from version 2.8.2 to 1.8.3