WP Photo Album Plus - Version 6.9.15

Version Description

  • This version addresses various minor bug fixes and feature requests.
  • This version addresses various security issues.
Download this release

Release Info

Developer opajaap
Plugin Icon wp plugin WP Photo Album Plus
Version 6.9.15
Comparing to
See all releases

Code changes from version 6.9.14 to 6.9.15

Files changed (21) hide show
  1. changelog.txt +12 -1
  2. readme.txt +7 -2
  3. wppa-admin-functions.php +1 -1
  4. wppa-ajax.php +6 -5
  5. wppa-album-admin-autosave.php +493 -347
  6. wppa-boxes-html.php +1 -1
  7. wppa-common-functions.php +1 -0
  8. wppa-exif-iptc-common.php +2 -2
  9. wppa-functions.php +11 -7
  10. wppa-import.php +7 -7
  11. wppa-items.php +3 -3
  12. wppa-maintenance.php +2 -2
  13. wppa-photo-admin-autosave.php +152 -145
  14. wppa-session.php +4 -4
  15. wppa-settings-autosave.php +14 -7
  16. wppa-setup.php +11 -2
  17. wppa-source.php +9 -5
  18. wppa-statistics.php +2 -2
  19. wppa-upload.php +4 -2
  20. wppa-utils.php +122 -3
  21. wppa.php +3 -3
changelog.txt CHANGED
@@ -1,5 +1,16 @@
1
  WP Photo Album Plus Changelog
2
 
 
 
 
 
 
 
 
 
 
 
 
3
  = 6.9.14 =
4
 
5
  = Other Changes =
@@ -16,7 +27,7 @@ WP Photo Album Plus Changelog
16
  = Other Changes =
17
 
18
  * Several security issues found by RIPS Technologies (https://www.ripstech.com)
19
- * If ImageMagick is activated, all filenames of newly uploaded or imported files will be sanitized by sanitize_file_name().
20
  This implies (a.o.) that spaces in filenames will be converted to dashes. Due to security reasons this is a permanent restriction.
21
 
22
  = 6.9.12 =
1
  WP Photo Album Plus Changelog
2
 
3
+ = 6.9.15 =
4
+
5
+ = Other Changes =
6
+
7
+ * When ImageMagick is active and filename as default photoname has been defined:
8
+ Uploading files with spaces and brackets in the name will have their photonames correctly derived from the original filename.
9
+ The filename as saved in the database and on disk will be sanitized.
10
+ This does not apply to photo imports, because their names are always sanitized before processing.
11
+
12
+ * Various security fixes.
13
+
14
  = 6.9.14 =
15
 
16
  = Other Changes =
27
  = Other Changes =
28
 
29
  * Several security issues found by RIPS Technologies (https://www.ripstech.com)
30
+ * If ImageMagick is activated, all filenames of newly uploaded or imported files will be sanitized by sanitize_file_name().
31
  This implies (a.o.) that spaces in filenames will be converted to dashes. Due to security reasons this is a permanent restriction.
32
 
33
  = 6.9.12 =
readme.txt CHANGED
@@ -2,8 +2,8 @@
2
  Contributors: opajaap
3
  Donate link: https://www.paypal.com/cgi-bin/webscr?cmd=_donations&business=OpaJaap@OpaJaap.nl&item_name=WP-Photo-Album-Plus&item_number=Support-Open-Source&currency_code=USD&lc=US
4
  Tags: photo, album, slideshow, video, audio, lightbox, iptc, exif, cloudinary, fotomoto, imagemagick, pdf
5
- Version: 6.9.14
6
- Stable tag: 6.9.13
7
  Author: J.N. Breetvelt
8
  Author URI: http://www.opajaap.nl/
9
  Requires at least: 3.9
@@ -137,6 +137,11 @@ See for the full changelog: <a href="http://www.wppa.nl/changelog/" >The documen
137
 
138
  == Upgrade Notice ==
139
 
 
 
 
 
 
140
  = 6.9.14 =
141
 
142
  * This version addresses various minor bug fixes and feature requests.
2
  Contributors: opajaap
3
  Donate link: https://www.paypal.com/cgi-bin/webscr?cmd=_donations&business=OpaJaap@OpaJaap.nl&item_name=WP-Photo-Album-Plus&item_number=Support-Open-Source&currency_code=USD&lc=US
4
  Tags: photo, album, slideshow, video, audio, lightbox, iptc, exif, cloudinary, fotomoto, imagemagick, pdf
5
+ Version: 6.9.15
6
+ Stable tag: 6.9.14
7
  Author: J.N. Breetvelt
8
  Author URI: http://www.opajaap.nl/
9
  Requires at least: 3.9
137
 
138
  == Upgrade Notice ==
139
 
140
+ = 6.9.15 =
141
+
142
+ * This version addresses various minor bug fixes and feature requests.
143
+ * This version addresses various security issues.
144
+
145
  = 6.9.14 =
146
 
147
  * This version addresses various minor bug fixes and feature requests.
wppa-admin-functions.php CHANGED
@@ -867,7 +867,7 @@ global $warning_given_small;
867
  if ( wppa_make_the_photo_files( $file, $id, $ext, ! wppa_does_thumb_need_watermark( $id ) ) ) {
868
 
869
  // Repair photoname if not supplied and not standard
870
- wppa_set_default_name( $id, $name );
871
 
872
  // Tags
873
  wppa_set_default_tags( $id );
867
  if ( wppa_make_the_photo_files( $file, $id, $ext, ! wppa_does_thumb_need_watermark( $id ) ) ) {
868
 
869
  // Repair photoname if not supplied and not standard
870
+ if ( ! $name ) wppa_set_default_name( $id, $name );
871
 
872
  // Tags
873
  wppa_set_default_tags( $id );
wppa-ajax.php CHANGED
@@ -2,7 +2,7 @@
2
  /* wppa-ajax.php
3
  *
4
  * Functions used in ajax requests
5
- * Version 6.9.14
6
  *
7
  */
8
 
@@ -325,7 +325,7 @@ global $wppa_log_file;
325
  // Custom fields
326
  $custom = wppa_get_photo_item( $photo, 'custom' );
327
  if ( $custom ) {
328
- $custom_data = unserialize( $custom );
329
  }
330
  else {
331
  $custom_data = array( '', '', '', '', '', '', '', '', '', '' );
@@ -693,7 +693,7 @@ global $wppa_log_file;
693
 
694
  // Make the files
695
  if ( $type == 'file' ) {
696
- copy( $source, $dest );
697
  $ext = $data['ext'];
698
  }
699
  elseif ( $type == 'zip' ) {
@@ -1386,7 +1386,7 @@ global $wppa_log_file;
1386
  $index = substr( $item, -1 );
1387
  $custom = wppa_get_album_item( $album, 'custom' );
1388
  if ( $custom ) {
1389
- $custom_data = unserialize( $custom );
1390
  }
1391
  else {
1392
  $custom_data = array( '', '', '', '', '', '', '', '', '', '' );
@@ -2139,7 +2139,7 @@ global $wppa_log_file;
2139
  $index = substr( $item, -1 );
2140
  $custom = wppa_get_photo_item( $photo, 'custom' );
2141
  if ( $custom ) {
2142
- $custom_data = unserialize( $custom );
2143
  }
2144
  else {
2145
  $custom_data = array( '', '', '', '', '', '', '', '', '', '' );
@@ -2172,6 +2172,7 @@ global $wppa_log_file;
2172
  wppa_make_o1_source( $photo );
2173
 
2174
  // Make the files
 
2175
  $bret = wppa_make_the_photo_files( $_FILES['photo']['tmp_name'], $photo, strtolower( wppa_get_ext( $_FILES['photo']['name'] ) ) );
2176
  if ( $bret ) {
2177
 
2
  /* wppa-ajax.php
3
  *
4
  * Functions used in ajax requests
5
+ * Version 6.9.15
6
  *
7
  */
8
 
325
  // Custom fields
326
  $custom = wppa_get_photo_item( $photo, 'custom' );
327
  if ( $custom ) {
328
+ $custom_data = wppa_unserialize( $custom );
329
  }
330
  else {
331
  $custom_data = array( '', '', '', '', '', '', '', '', '', '' );
693
 
694
  // Make the files
695
  if ( $type == 'file' ) {
696
+ copy( str_replace( '../', '', $source ), str_replace( '../', '', $dest ) );
697
  $ext = $data['ext'];
698
  }
699
  elseif ( $type == 'zip' ) {
1386
  $index = substr( $item, -1 );
1387
  $custom = wppa_get_album_item( $album, 'custom' );
1388
  if ( $custom ) {
1389
+ $custom_data = wppa_unserialize( $custom );
1390
  }
1391
  else {
1392
  $custom_data = array( '', '', '', '', '', '', '', '', '', '' );
2139
  $index = substr( $item, -1 );
2140
  $custom = wppa_get_photo_item( $photo, 'custom' );
2141
  if ( $custom ) {
2142
+ $custom_data = wppa_unserialize( $custom );
2143
  }
2144
  else {
2145
  $custom_data = array( '', '', '', '', '', '', '', '', '', '' );
2172
  wppa_make_o1_source( $photo );
2173
 
2174
  // Make the files
2175
+ wppa( 'unsanitized_filename', $_FILES['photo']['name'] );
2176
  $bret = wppa_make_the_photo_files( $_FILES['photo']['tmp_name'], $photo, strtolower( wppa_get_ext( $_FILES['photo']['name'] ) ) );
2177
  if ( $bret ) {
2178
 
wppa-album-admin-autosave.php CHANGED
@@ -3,208 +3,275 @@
3
  * Package: wp-photo-album-plus
4
  *
5
  * create, edit and delete albums
6
- * Version 6.9.14
7
  *
8
  */
9
 
10
  if ( ! defined( 'ABSPATH' ) ) die( "Can't load this file directly" );
11
 
12
  function _wppa_admin() {
13
- global $wpdb;
14
- global $q_config;
15
- global $wppa_revno;
16
 
17
  echo '
18
  <script type="text/javascript" >
19
  /* <![CDATA[ */
20
- wppaAjaxUrl = "'.admin_url('admin-ajax.php').'";
21
- wppaUploadToThisAlbum = "'.__('Upload to this album', 'wp-photo-album-plus').'";
22
- wppaImageDirectory = "'.wppa_get_imgdir().'";
23
  /* ]]> */
24
  </script>
25
  ';
26
 
27
  // Delete trashed comments
28
- $query = "DELETE FROM `" . WPPA_COMMENTS . "` WHERE status='trash'";
29
- $wpdb->query($query);
30
 
31
  $sel = 'selected="selected"';
32
 
33
  // warn if the uploads directory is no writable
34
- if (!is_writable(WPPA_UPLOAD_PATH)) {
35
- wppa_error_message(__('Warning:', 'wp-photo-album-plus') . sprintf(__('The uploads directory does not exist or is not writable by the server. Please make sure that %s is writeable by the server.', 'wp-photo-album-plus'), WPPA_UPLOAD_PATH));
 
 
 
 
36
  }
37
 
38
- // Fix orphan albums and deleted target pages
39
- $albs = $wpdb->get_results("SELECT * FROM $wpdb->wppa_albums", ARRAY_A);
40
-
41
- // Now we have them, put them in cache
42
  wppa_cache_album( 'add', $albs );
43
 
 
44
  if ( $albs ) {
45
- foreach ($albs as $alb) {
46
- if ( $alb['a_parent'] > '0' && wppa_get_parentalbumid($alb['a_parent']) <= '-9' ) { // Parent died?
47
- $wpdb->query("UPDATE $wpdb->wppa_albums SET `a_parent` = '-1' WHERE `id` = '".$alb['id']."'");
 
 
48
  }
49
  if ( $alb['cover_linkpage'] > '0' ) {
50
- $iret = $wpdb->get_var($wpdb->prepare("SELECT COUNT(*) FROM `".$wpdb->posts."` WHERE `ID` = %s AND `post_type` = 'page' AND `post_status` = 'publish'", $alb['cover_linkpage']));
 
 
 
 
 
51
  if ( ! $iret ) { // Page gone?
52
- $wpdb->query("UPDATE $wpdb->wppa_albums SET `cover_linkpage` = '0' WHERE `id` = '".$alb['id']."'");
 
 
53
  }
54
  }
55
  }
56
  }
57
 
58
- if (isset($_REQUEST['tab'])) {
 
 
59
  // album edit page
60
- if ($_REQUEST['tab'] == 'edit'){
61
- if ( isset($_REQUEST['edit_id']) ) {
 
 
62
  $ei = $_REQUEST['edit_id'];
63
- if ( $ei != 'new' && $ei != 'search' && $ei != 'trash' && $ei != 'single' && ! is_numeric($ei) ) {
64
- wp_die('Security check failure 1');
 
 
65
  }
66
  if ( ! wp_verify_nonce( $_REQUEST['wppa_nonce'], 'wppa_nonce' ) ) {
67
- wp_die('Security check failure 2');
68
  }
69
  }
70
 
71
  if ( $_REQUEST['edit_id'] == 'single' ) {
72
- ?>
73
- <div class="wrap">
74
- <h2><?php _e( 'Edit Single Photo', 'wp-photo-album-plus' );
75
- echo ' - <small><i>'.__('Edit photo information', 'wp-photo-album-plus').'</i></small>';
76
- ?>
77
- </h2>
78
- <?php
79
- wppa_album_photos($ei);
80
- ?>
81
- </div>
82
- <?php
83
 
 
 
 
 
 
 
 
84
  return;
85
  }
86
 
87
  if ( $_REQUEST['edit_id'] == 'search' ) {
88
 
89
- $back_url = get_admin_url().'admin.php?page=wppa_admin_menu';
90
- if ( isset ( $_REQUEST['wppa-searchstring'] ) ) {
91
- $back_url .= '&wppa-searchstring='.wppa_sanitize_searchstring( $_REQUEST['wppa-searchstring'] );
 
 
 
 
 
 
 
 
 
 
 
92
  }
93
- $back_url .= '#wppa-edit-search-tag';
94
- ?>
95
- <a name="manage-photos" id="manage-photos" ></a>
96
- <h2><?php _e('Manage Photos', 'wp-photo-album-plus');
97
- if ( isset($_REQUEST['bulk']) ) echo ' - <small><i>'.__('Copy / move / delete / edit name / edit description / change status', 'wp-photo-album-plus').'</i></small>';
98
- elseif ( isset($_REQUEST['quick']) ) echo ' - <small><i>'.__('Edit photo information except copy and move', 'wp-photo-album-plus').'</i></small>';
99
- else echo ' - <small><i>'.__('Edit photo information', 'wp-photo-album-plus').'</i></small>';
100
- ?></h2>
 
 
 
 
 
 
101
 
102
- <a href="<?php echo $back_url ?>"><?php _e('Back to album table', 'wp-photo-album-plus') ?></a><br /><br />
 
 
 
103
 
104
- <?php
105
- if ( isset($_REQUEST['bulk']) ) wppa_album_photos_bulk($ei);
106
- else wppa_album_photos($ei);
107
- ?>
 
 
 
 
108
  <a href="#manage-photos">
109
- <div style="position:fixed;right:30px;bottom:30px;background-color:lightblue;" >&nbsp;<?php _e('Top of page', 'wp-photo-album-plus') ?>&nbsp;</div>
 
 
110
  </a>
111
- <br /><a href="<?php echo $back_url ?>"><?php _e('Back to album table', 'wp-photo-album-plus') ?></a>
112
- <?php
 
 
 
113
  return;
114
  }
115
 
116
- if ($_REQUEST['edit_id'] == 'trash' ) {
117
- ?>
 
118
  <div class="wrap">
119
- <h2><?php _e('Manage Trashed Photos', 'wp-photo-album-plus');
120
- echo ' - <small><i>'.__('Edit photo information', 'wp-photo-album-plus').'</i></small>';
121
- ?>
122
- </h2>
123
- <?php
124
- wppa_album_photos($ei);
125
- ?>
126
- </div>
127
- <?php
128
 
129
  return;
130
  }
131
 
 
 
 
 
 
 
132
 
133
- if ($_REQUEST['edit_id'] == 'new') {
134
- if ( ! wppa_can_create_album() ) wp_die('No rights to create an album');
135
- $id = wppa_nextkey(WPPA_ALBUMS);
136
- if (isset($_REQUEST['parent_id'])) {
137
  $parent = $_REQUEST['parent_id'];
138
- if ( ! is_numeric($parent) ) {
139
  wp_die('Security check failure 3');
140
  }
141
- $name = wppa_get_album_name($parent).'-#'.$id;
142
- if ( ! current_user_can('administrator') ) { // someone creating an album for someone else?
143
- $parentowner = $wpdb->get_var($wpdb->prepare("SELECT `owner` FROM $wpdb->wppa_albums WHERE `id` = %s", $parent));
144
- if ( $parentowner !== wppa_get_user() ) wp_die('You are not allowed to create an album for someone else');
 
 
145
  }
146
  }
 
 
147
  else {
148
  $parent = wppa_opt( 'default_parent' );
149
- if ( ! $wpdb->get_var( $wpdb->prepare( "SELECT COUNT(*) FROM $wpdb->wppa_albums WHERE `id` = %s", $parent ) ) ) { // Deafault parent vanished
 
 
150
  wppa_update_option( 'wppa_default_parent', '0' );
151
  $parent = '0';
152
  }
153
- $name = __('New Album', 'wp-photo-album-plus');
154
- if ( ! wppa_can_create_top_album() ) wp_die('No rights to create a top-level album');
 
 
155
  }
 
 
156
  $id = wppa_create_album_entry( array( 'id' => $id, 'name' => $name, 'a_parent' => $parent ) );
157
  if ( ! $id ) {
158
- wppa_error_message( __('Could not create album.', 'wp-photo-album-plus') );
159
- wp_die('Sorry, cannot continue');
160
  }
 
 
161
  else {
162
- $edit_id = $id;
163
- wppa_set_last_album($edit_id);
164
- wppa_invalidate_treecounts($edit_id);
165
- wppa_index_add('album', $id);
166
- wppa_update_message(__('Album #', 'wp-photo-album-plus') . ' ' . $edit_id . ' ' . __('Added.', 'wp-photo-album-plus'));
167
  wppa_create_pl_htaccess();
 
168
  }
169
  }
170
  else {
171
- $edit_id = $_REQUEST['edit_id'];
172
  }
173
 
174
- $album_owner = $wpdb->get_var($wpdb->prepare("SELECT `owner` FROM " . WPPA_ALBUMS . " WHERE `id` = %s", $edit_id));
175
- if ( ( $album_owner == '--- public ---' && ! current_user_can('wppa_admin') ) || ! wppa_have_access($edit_id) ) {
176
- wp_die('You do not have the rights to edit this album');
 
177
  }
178
 
179
  // Apply new desc
180
- if ( isset($_REQUEST['applynewdesc']) ) {
181
- if ( ! wp_verify_nonce($_REQUEST['wppa_nonce'], 'wppa_nonce') ) wp_die('You do not have the rights to do this');
182
- $iret = $wpdb->query($wpdb->prepare("UPDATE $wpdb->wppa_photos SET `description` = %s WHERE `album` = %s", wppa_opt( 'newphoto_description' ), $edit_id));
183
- wppa_ok_message($iret.' descriptions updated.');
 
 
 
 
184
  }
185
 
186
  // Remake album
187
- if ( isset($_REQUEST['remakealbum']) ) {
188
- if ( ! wp_verify_nonce($_REQUEST['wppa_nonce'], 'wppa_nonce') ) wp_die('You do not have the rights to do this');
189
- if ( get_option('wppa_remake_start_album_'.$edit_id) ) { // Continue after time up
190
- wppa_ok_message('Continuing remake, please wait');
 
 
 
 
191
  }
192
  else {
193
- update_option('wppa_remake_start_album_'.$edit_id, time());
194
- wppa_ok_message('Remaking photofiles, please wait');
195
  }
196
- $iret = wppa_remake_files($edit_id);
 
 
197
  if ( $iret ) {
198
- wppa_ok_message('Photo files remade');
199
- update_option('wppa_remake_start_album_'.$edit_id, '0');
200
  }
201
  else {
202
- wppa_error_message('Remake of photo files did NOT complete');
203
  }
204
  }
205
 
206
  // Get the album information
207
- $albuminfo = $wpdb->get_row( $wpdb->prepare( "SELECT * FROM $wpdb->wppa_albums WHERE `id` = %s", $edit_id ), ARRAY_A );
 
208
 
209
  // We may not use extract(), so we do something like it here manually, hence controlled.
210
  $id = $albuminfo['id'];
@@ -240,105 +307,86 @@ function _wppa_admin() {
240
  wppa_admin_spinner();
241
 
242
  // Local js functions placed here as long as there is not yet a possibility to translate texts in js files
243
- ?>
244
- <script>
245
- function wppaTryInheritCats( id ) {
246
-
247
- var query;
248
-
249
- query = '<?php echo esc_js( __( 'Are you sure you want to inherit categories to all (grand)children of this album?', 'wp-photo-album-plus' ) ) ?>';
250
-
251
- if ( confirm( query ) ) {
252
- wppaAjaxUpdateAlbum( id, 'inherit_cats', Math.random() );
253
- }
254
- }
255
-
256
- function wppaTryAddCats( id ) {
257
-
258
- var query;
259
-
260
- query = '<?php echo esc_js( __( 'Are you sure you want to add the categories to all (grand)children of this album?', 'wp-photo-album-plus' ) ) ?>';
261
-
262
- if ( confirm( query ) ) {
263
- wppaAjaxUpdateAlbum( id, 'inhadd_cats', Math.random() );
264
- }
265
- }
266
-
267
- function wppaTryApplyDeftags( id ) {
268
-
269
- var query;
270
 
271
- query = '<?php echo esc_js( __( 'Are you sure you want to set the default tags to all photos in this album?', 'wp-photo-album-plus' ) ) ?>';
272
-
273
- if ( confirm( query ) ) {
274
- wppaAjaxUpdateAlbum( id, 'set_deftags', Math.random(), true );
275
- }
276
- }
277
-
278
- function wppaTryAddDeftags( id ) {
279
-
280
- var query;
281
 
282
- query = '<?php echo esc_js( __( 'Are you sure you want to add the default tags to all photos in this album?', 'wp-photo-album-plus' ) ) ?>';
283
 
284
- if ( confirm( query ) ) {
285
- wppaAjaxUpdateAlbum( id, 'add_deftags', Math.random(), true );
286
- }
287
- }
 
288
 
289
- function wppaTryScheduleAll( id ) {
290
 
291
- var query;
 
 
 
 
292
 
293
- if ( jQuery( '#schedule-box' ).attr( 'checked' ) != 'checked' ) {
294
- query = '<?php echo esc_js( __( 'Please switch feature on and set date/time to schedule first', 'wp-photo-album-plus' ) ) ?>';
295
- alert( query );
296
- return;
297
- }
298
 
299
- query = '<?php echo esc_js( __( 'Are you sure you want to schedule all photos in this album?', 'wp-photo-album-plus' ) ) ?>';
 
 
 
 
300
 
301
- if ( confirm( query ) ) {
302
- wppaAjaxUpdateAlbum( id, 'setallscheduled', Math.random(), true );
303
- }
304
- }
305
 
306
- </script>
307
- <?php
 
 
 
 
 
 
 
 
 
 
308
 
309
  // The header
310
- echo
311
- '<img src="' . WPPA_URL . '/img/album32.png' . '" alt="Album icon" />' .
312
- '<h1 style="display:inline;" >' .
313
- __('Edit Album Information', 'wp-photo-album-plus') .
314
- '</h1>' .
315
- '<p class="description">' .
316
- __('All modifications are instantly updated on the server, except for those that require a button push.', 'wp-photo-album-plus' ) . ' ' .
317
- __('The <b style="color:#070" >Remark</b> fields keep you informed on the actions taken at the background.', 'wp-photo-album-plus' ) .
318
- '</p>' .
319
- '<input' .
320
- ' type="hidden"' .
321
- ' id="album-nonce-' . $id . '"' .
322
- ' value="' . wp_create_nonce( 'wppa_nonce_' . $id ) . '"' .
323
- ' />';
324
 
325
  // The edit albuminfo panel
326
- echo
327
- '<div' .
328
- ' id="albumitem-' . $id . '"' .
329
- ' class="wppa-table-wrap"' .
330
- ' style="width:100%;position:relative;"' .
331
- ' >';
332
  {
333
  // Section 1
334
- echo
335
- "\n" . '<!-- Album Section 1 -->' .
336
- '<table' .
337
- ' class="wppa-table wppa-album-table"' .
338
- ' >' .
339
- '<tbody>' .
340
- '<tr>' .
341
- '<td>';
342
 
343
  // More or less static data
344
  // Album number
@@ -400,36 +448,34 @@ function wppaTryScheduleAll( id ) {
400
  }
401
  }
402
  else {
403
- $usercount = wppa_get_user_count();
404
- if ( $usercount > wppa_opt( 'max_users' ) ) {
405
- echo
406
- '<input' .
407
- ' type="text"' .
408
- ' value="' . esc_attr( $owner ) . '"' .
409
- ' onchange="wppaAjaxUpdateAlbum( ' . $id . ', \'owner\', this )"' .
410
- ' />';
411
  }
412
  else {
413
- echo
414
- '<select' .
415
- ' onchange="wppaAjaxUpdateAlbum( ' . $id . ', \'owner\', this )"' .
416
- ' >';
417
  wppa_user_select( $owner );
418
- echo
419
- '</select>' . ' ';
420
  }
421
  }
422
 
423
  // Order # -->
424
  echo
425
- __( 'Album order #', 'wp-photo-album-plus' ) . ': ' .
426
- '<input' .
427
- ' type="text"' .
428
- ' onkeyup="wppaAjaxUpdateAlbum( ' . $id . ', \'a_order\', this )"' .
429
- ' onchange="wppaAjaxUpdateAlbum( ' . $id . ', \'a_order\', this )"' .
430
- ' value="' . esc_attr( $a_order ) . '"' .
431
- ' style="width:50px;' .
432
- '" />' . ' ';
433
  if ( wppa_opt( 'list_albums_by' ) != '1' && $a_order != '0' ) {
434
  echo
435
  '<small class="description" style="color:red" >' .
@@ -439,7 +485,7 @@ function wppaTryScheduleAll( id ) {
439
 
440
  // Parent
441
  echo
442
- __( 'Parent album:', 'wp-photo-album-plus' ) . ' ';
443
  if ( wppa_extended_access() ) {
444
  echo
445
  wppa_album_select_a( array( 'checkaccess' => true,
@@ -464,12 +510,12 @@ function wppaTryScheduleAll( id ) {
464
  '</select>';
465
  }
466
  else {
467
- echo
468
- '<select' .
469
- ' id="wppa-parsel"' .
470
- ' style="max-width:300px;"' .
471
- ' onchange="wppaAjaxUpdateAlbum( '. $id . ', \'a_parent\', this )"' .
472
- ' >' .
473
  wppa_album_select_a( array( 'checkaccess' => true,
474
  'exclude' => $id,
475
  'selected' => $a_parent,
@@ -481,7 +527,7 @@ function wppaTryScheduleAll( id ) {
481
  ) .
482
  '</select>';
483
  }
484
- echo ' ';
485
 
486
  // P-order-by
487
  echo
@@ -516,124 +562,123 @@ function wppaTryScheduleAll( id ) {
516
  '-5',
517
  '-7'
518
  );
519
- echo
520
- '<select' .
521
- ' onchange="wppaAjaxUpdateAlbum( ' . $id . ', \'p_order_by\', this )"' .
522
- ' >';
523
  foreach ( array_keys( $options ) as $key ) {
524
  $sel = $values[$key] == $p_order_by ? ' selected="selected"' : '';
525
- echo '<option value="'.$values[$key].'"'.$sel.' >'.$options[$key].'</option>';
526
  }
527
- echo
528
- '</select>' . ' ';
529
 
530
  // Child album order
 
531
  echo
532
- __( 'Sub album sort order:', 'wp-photo-album-plus' ) . ' ' .
533
- '<select' .
534
- ' onchange="wppaAjaxUpdateAlbum( ' . $id . ', \'suba_order_by\', this )"' .
535
- ' >' .
536
- '<option value="0"' . ( $suba_order_by == '0' ? 'selected="selected"' : '' ) . ' >' . __( '--- default --- See Table IV-D1', 'wp-photo-album-plus' ) . '</option>' .
537
- '<option value="3"' . ( $suba_order_by == '3' ? 'selected="selected"' : '' ) . ' >' . __( 'Random', 'wp-photo-album-plus' ) . '</option>' .
538
- '<option value="1"' . ( $suba_order_by == '1' ? 'selected="selected"' : '' ) . ' >' . __( 'Order #', 'wp-photo-album-plus' ) . '</option>' .
539
- '<option value="-1"' . ( $suba_order_by == '-1' ? 'selected="selected"' : '' ) . ' >' . __( 'Order # reverse', 'wp-photo-album-plus' ) . '</option>' .
540
- '<option value="2"' . ( $suba_order_by == '2' ? 'selected="selected"' : '' ) . ' >' . __( 'Name', 'wp-photo-album-plus' ) . '</option>' .
541
- '<option value="-2"' . ( $suba_order_by == '-2' ? 'selected="selected"' : '' ) . ' >' . __( 'Name reverse', 'wp-photo-album-plus' ) . '</option>' .
542
- '<option value="5"' . ( $suba_order_by == '5' ? 'selected="selected"' : '' ) . ' >' . __( 'Timestamp', 'wp-photo-album-plus' ) . '</option>' .
543
- '<option value="-5"' . ( $suba_order_by == '-5' ? 'selected="selected"' : '' ) . ' >' . __( 'Timestamp reverse', 'wp-photo-album-plus' ) . '</option>' .
544
- '</select>' . ' ';
545
 
546
  // Alternative thumbnail size
547
- if ( ! wppa_switch( 'alt_is_restricted') || current_user_can('administrator') ) {
548
- echo __( 'Use alt thumbsize:', 'wp-photo-album-plus' ) .
549
- '<select' .
550
- ' onchange="wppaAjaxUpdateAlbum( ' . $id . ', \'alt_thumbsize\', this )"' .
551
- ' >' .
552
- '<option value="0"' . ( $alt_thumbsize ? '' : ' selected="selected"' ) . ' >' .
553
- __( 'no', 'wp-photo-album-plus' ) .
554
- '</option>' .
555
- '<option value="yes"' . ( $alt_thumbsize ? ' selected="selected"' : '' ) . ' >' .
556
- __( 'yes', 'wp-photo-album-plus' ) .
557
- '</option>' .
558
- '</select>' . ' ';
559
  }
560
 
561
  // Cover type
562
  if ( ! wppa_switch( 'covertype_is_restricted' ) || wppa_user_is( 'administrator' ) ) {
563
- echo
564
- __( 'Cover Type:', 'wp-photo-album-plus' ) . ' ';
565
  $sel = ' selected="selected"';
566
  echo
567
- '<select' .
568
- ' onchange="wppaAjaxUpdateAlbum( '. $id . ', \'cover_type\', this )"' .
569
- ' >' .
570
- '<option value=""' . ( $cover_type == '' ? $sel : '' ) . ' >' .
571
- __( '--- default --- See Table IV-D6', 'wp-photo-album-plus' ) .
572
- '</option>' .
573
- '<option value="default"' . ( $cover_type == 'default' ? $sel : '' ) . ' >' .
574
- __( 'Standard', 'wp-photo-album-plus' ) .
575
- '</option>' .
576
- '<option value="longdesc"' . ( $cover_type == 'longdesc' ? $sel : '' ) . ' >' .
577
- __( 'Long Descriptions', 'wp-photo-album-plus' ) .
578
- '</option>' .
579
- '<option value="imagefactory"' . ( $cover_type == 'imagefactory' ? $sel : '' ) . ' >' .
580
- __( 'Image Factory', 'wp-photo-album-plus' ) .
581
- '</option>' .
582
- '<option value="default-mcr"' . ( $cover_type == 'default-mcr' ? $sel : '' ) . ' >' .
583
- __( 'Standard mcr', 'wp-photo-album-plus' ) .
584
- '</option>' .
585
- '<option value="longdesc-mcr"' . ( $cover_type == 'longdesc-mcr' ? $sel : '' ) . ' >' .
586
- __( 'Long Descriptions mcr', 'wp-photo-album-plus' ) .
587
- '</option>' .
588
- '<option value="imagefactory-mcr"' . ( $cover_type == 'imagefactory-mcr' ? $sel : '' ) . ' >' .
589
- __( 'Image Factory mcr', 'wp-photo-album-plus' ) .
590
- '</option>' .
591
- '</select>' . ' ';
592
  }
593
 
594
  // Cover photo
595
  echo
596
- __( 'Cover Photo:', 'wp-photo-album-plus' ) . ' ' .
597
- wppa_main_photo( $main_photo , $cover_type ) . ' ';
598
 
599
  // Upload limit
600
  echo
601
- __( 'Upload limit:', 'wp-photo-album-plus' ) . ' ';
602
  $lims = explode( '/', $upload_limit );
603
  if ( ! is_array( $lims ) ) {
604
  $lims = array( '0', '0' );
605
  }
606
  if ( wppa_user_is( 'administrator' ) ) {
607
- echo
608
- '<input' .
609
- ' type="text"' .
610
- ' id="upload_limit_count"' .
611
- ' value="' . $lims[0] . '"' .
612
- ' style="width:50px"' .
613
- ' title="' . esc_attr( __( 'Set the upload limit (0 means unlimited).', 'wp-photo-album-plus' ) ) . '"' .
614
- ' onchange="wppaRefreshAfter(); wppaAjaxUpdateAlbum( ' . $id . ', \'upload_limit_count\', this )"' .
615
- ' />';
616
  $sel = ' selected="selected"';
617
- echo
618
- '<select onchange="wppaRefreshAfter(); wppaAjaxUpdateAlbum( ' . $id . ', \'upload_limit_time\', this )" >' .
619
- '<option value="0"' . ( $lims[1] == '0' ? $sel : '' ) . ' >' . __( 'for ever', 'wp-photo-album-plus' ) . '</option>' .
620
- '<option value="3600"' . ( $lims[1] == '3600' ? $sel : '' ) . ' >' . __( 'per hour', 'wp-photo-album-plus' ) . '</option>' .
621
- '<option value="86400"' . ( $lims[1] == '86400' ? $sel : '' ) . ' >' . __( 'per day', 'wp-photo-album-plus' ) . '</option>' .
622
- '<option value="604800"' . ( $lims[1] == '604800' ? $sel : '' ) . ' >' . __( 'per week', 'wp-photo-album-plus' ) . '</option>' .
623
- '<option value="2592000"' . ( $lims[1] == '2592000' ? $sel : '' ) . ' >' . __( 'per month', 'wp-photo-album-plus' ) . '</option>' .
624
- '<option value="31536000"' . ( $lims[1] == '31536000' ? $sel : '' ) . ' >' . __( 'per year', 'wp-photo-album-plus' ) . '</option>' .
625
- '</select>' . ' ';
 
 
 
 
 
 
 
 
626
  }
627
  else {
628
- if ( $lims[0] == '0' ) _e( 'Unlimited', 'wp-photo-album-plus' );
 
 
629
  else {
630
- echo $lims[0].' ';
631
- switch ($lims[1]) {
632
  case '3600': _e( 'per hour', 'wp-photo-album-plus' ); break;
633
  case '86400': _e( 'per day', 'wp-photo-album-plus' ); break;
634
  case '604800': _e( 'per week', 'wp-photo-album-plus' ); break;
635
  case '2592000': _e( 'per month', 'wp-photo-album-plus' ); break;
636
  case '31536000': _e( 'per year', 'wp-photo-album-plus' ); break;
 
637
  }
638
  }
639
  echo '. ';
@@ -646,50 +691,44 @@ function wppaTryScheduleAll( id ) {
646
  echo '<br />';
647
 
648
  echo
649
- __( 'Watermark file:', 'wp-photo-album-plus' ) .
650
- '<select' .
651
- ' onchange="wppaAjaxUpdateAlbum( ' . $id . ', \'wmfile\', this )"' .
652
- ' >' .
653
- wppa_watermark_file_select( 'album', $id ) .
654
- '</select>' .
655
- ' ' .
656
- __( 'Watermark pos:', 'wp-photo-album-plus' ) .
657
- '<select' .
658
- ' onchange="wppaAjaxUpdateAlbum( ' . $id . ', \'wmpos\', this )"' .
659
- ' >' .
660
- wppa_watermark_pos_select( 'album', $id ) .
661
- '</select>';
662
  }
663
 
664
  // Status
665
  echo '<br />' .
666
- __( 'Remark:', 'wp-photo-album-plus' ) . ' ' .
667
- '<span' .
668
- ' id="albumstatus-' . $id . '"' .
669
- ' style="font-weight:bold;color:#00AA00;"' .
670
- ' >' .
671
- sprintf( __( 'Album %s is not modified yet', 'wp-photo-album-plus' ), $id ) .
672
- '</span>';
673
-
674
-
675
- echo
676
- '</td>' .
677
- '</tr>' .
678
- '</tbody>' .
679
- '</table>';
680
  }
 
681
  {
682
  // Section 2
683
- echo
684
- "\n" . '<!-- Album Section 2 -->' .
685
- '<table' .
686
- ' class="wppa-table wppa-album-table"' .
687
- ' >' .
688
- '<tbody>';
689
 
690
  // Name
691
- echo
692
- '<tr>' .
693
  '<td>' .
694
  __( 'Name:', 'wp-photo-album-plus' ) .
695
  '</td>' .
@@ -826,7 +865,7 @@ function wppaTryScheduleAll( id ) {
826
  if ( wppa_switch( 'album_custom_fields' ) ) {
827
  $custom = wppa_get_album_item( $edit_id, 'custom' );
828
  if ( $custom ) {
829
- $custom_data = unserialize( $custom );
830
  }
831
  else {
832
  $custom_data = array( '', '', '', '', '', '', '', '', '', '' );
@@ -1160,7 +1199,16 @@ function wppaTryScheduleAll( id ) {
1160
  <?php
1161
  if ( isset($_REQUEST['bulk']) ) wppa_album_photos_bulk($edit_id);
1162
  elseif ( isset($_REQUEST['seq']) ) wppa_album_photos_sequence($edit_id);
1163
- else wppa_album_photos($edit_id)
 
 
 
 
 
 
 
 
 
1164
  ?>
1165
  <a href="#manage-photos">
1166
  <div style="position:fixed;right:30px;bottom:30px;background-color:lightblue;" >&nbsp;<?php _e('Top of page', 'wp-photo-album-plus') ?>&nbsp;</div>
@@ -1244,8 +1292,14 @@ function wppaTryScheduleAll( id ) {
1244
  </div>
1245
  <?php
1246
  }
 
 
 
 
1247
  }
1248
- else { // 'tab' not set. default, album manage page.
 
 
1249
 
1250
  // if add form has been submitted
1251
  // if (isset($_POST['wppa-na-submit'])) {
@@ -1372,7 +1426,53 @@ global $wpdb;
1372
  }
1373
 
1374
  // Read all albums, pre-ordered
1375
- $albums = $wpdb->get_results( "SELECT * FROM $wpdb->wppa_albums ORDER BY " . get_option( 'wppa_album_order_'.wppa_get_user(), 'id' ) . ( get_option( 'wppa_album_order_' . wppa_get_user() . '_reverse' ) == 'yes' ? " DESC" : "" ) , ARRAY_A );
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
1376
 
1377
  // Remove non accessible albums
1378
  $temp = $albums;
@@ -1740,7 +1840,53 @@ global $wpdb;
1740
  }
1741
 
1742
  // Read all albums, pre-ordered
1743
- $albums = $wpdb->get_results( "SELECT * FROM $wpdb->wppa_albums ORDER BY " . get_option( 'wppa_album_order_'.wppa_get_user(), 'id' ) . ( get_option( 'wppa_album_order_' . wppa_get_user() . '_reverse' ) == 'yes' ? " DESC" : "" ) , ARRAY_A );
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
1744
 
1745
  // Remove non accessible albums
1746
  $temp = $albums;
@@ -1784,7 +1930,7 @@ global $wpdb;
1784
  $done = false;
1785
 
1786
  // Add missing parent
1787
- $albums[] = $wpdb->get_row( $wpdb->prepare( "SELECT * FROM $wpdb->wppa_albums WHERE `id` = %d", $parent ), ARRAY_A );
1788
  }
1789
  }
1790
  }
@@ -2370,7 +2516,7 @@ global $wpdb;
2370
  function wppa_have_accessible_children( $alb ) {
2371
  global $wpdb;
2372
 
2373
- $albums = $wpdb->get_results( $wpdb->prepare( "SELECT * FROM $wpdb->wppa_albums WHERE `a_parent` = %d", $alb['id'] ), ARRAY_A );
2374
 
2375
  if ( ! $albums || ! count( $albums ) ) return false;
2376
  foreach ( $albums as $album ) {
@@ -2393,11 +2539,11 @@ global $wpdb;
2393
  }
2394
 
2395
  // Photos in the album
2396
- $photos = $wpdb->get_results( $wpdb->prepare( "SELECT * FROM $wpdb->wppa_photos WHERE `album` = %s", $id ), ARRAY_A );
2397
 
2398
  if ( is_array( $photos ) ) {
2399
  foreach ( $photos as $photo ) {
2400
- $wpdb->query( $wpdb->prepare( "UPDATE $wpdb->wppa_photos SET `album` = %s WHERE `id` = %s", $move, $photo['id'] ) );
2401
 
2402
  // Move to trash?
2403
  if ( $move > '0' ) {
@@ -2419,7 +2565,7 @@ global $wpdb;
2419
  wppa_invalidate_treecounts( $id );
2420
 
2421
  // Now delete the album
2422
- $wpdb->query( $wpdb->prepare( "DELETE FROM $wpdb->wppa_albums WHERE `id` = %s LIMIT 1", $id ) );
2423
  wppa_delete_album_source( $id );
2424
  wppa_index_remove( 'album', $id );
2425
  wppa_clear_catlist();
3
  * Package: wp-photo-album-plus
4
  *
5
  * create, edit and delete albums
6
+ * Version 6.9.16
7
  *
8
  */
9
 
10
  if ( ! defined( 'ABSPATH' ) ) die( "Can't load this file directly" );
11
 
12
  function _wppa_admin() {
13
+ global $wpdb;
14
+ global $q_config;
15
+ global $wppa_revno;
16
 
17
  echo '
18
  <script type="text/javascript" >
19
  /* <![CDATA[ */
20
+ wppaAjaxUrl = "' . admin_url( 'admin-ajax.php' ) . '";
21
+ wppaUploadToThisAlbum = "' . __( 'Upload to this album', 'wp-photo-album-plus' ) . '";
22
+ wppaImageDirectory = "' . wppa_get_imgdir() . '";
23
  /* ]]> */
24
  </script>
25
  ';
26
 
27
  // Delete trashed comments
28
+ $wpdb->query( "DELETE FROM {$wpdb->prefix}wppa_comments WHERE status = 'trash'" );
 
29
 
30
  $sel = 'selected="selected"';
31
 
32
  // warn if the uploads directory is no writable
33
+ if ( ! is_writable( WPPA_UPLOAD_PATH ) ) {
34
+ wppa_error_message(
35
+ __( 'Warning:', 'wp-photo-album-plus' ) .
36
+ sprintf( __( 'The uploads directory does not exist or is not writable by the server. Please make sure that %s is writeable by the server.', 'wp-photo-album-plus' ),
37
+ WPPA_UPLOAD_PATH
38
+ ) );
39
  }
40
 
41
+ // Get all albums and cache them
42
+ $albs = $wpdb->get_results( "SELECT * FROM {$wpdb->prefix}wppa_albums", ARRAY_A );
 
 
43
  wppa_cache_album( 'add', $albs );
44
 
45
+ // Fix orphan albums and deleted target pages
46
  if ( $albs ) {
47
+ foreach ( $albs as $alb ) {
48
+ if ( $alb['a_parent'] > '0' && wppa_get_parentalbumid( $alb['a_parent'] ) <= '-9' ) { // Parent died?
49
+ $wpdb->query( $wpdb->prepare( "UPDATE {$wpdb->prefix}wppa_albums
50
+ SET a_parent = -1
51
+ WHERE id = %d", $alb['id'] ) );
52
  }
53
  if ( $alb['cover_linkpage'] > '0' ) {
54
+ $iret = $wpdb->get_var( $wpdb->prepare( "SELECT COUNT(*)
55
+ FROM {$wpdb->posts}
56
+ WHERE ID = %d
57
+ AND post_type = 'page'
58
+ AND post_status = 'publish'", $alb['cover_linkpage'] ) );
59
+
60
  if ( ! $iret ) { // Page gone?
61
+ $wpdb->query( $wpdb->prepare( "UPDATE {$wpdb->prefix}wppa_albums
62
+ SET cover_linkpage = 0
63
+ WHERE id = %d", $alb['id'] ) );
64
  }
65
  }
66
  }
67
  }
68
 
69
+
70
+ if ( isset( $_REQUEST['tab'] ) ) {
71
+
72
  // album edit page
73
+ if ( $_REQUEST['tab'] == 'edit' ) {
74
+
75
+ if ( isset( $_REQUEST['edit_id'] ) ) {
76
+
77
  $ei = $_REQUEST['edit_id'];
78
+ if ( $ei != 'new' && $ei != 'search' && $ei != 'trash' && $ei != 'single' && ! is_numeric( $ei ) ) {
79
+ wppa_error_message( sprintf( __( 'Album edit id %s is not implemented', 'wp-photo-album-plus' ),
80
+ '<b>' . sanitize_text_field( $ei ) . '</b>' ) );
81
+ return;
82
  }
83
  if ( ! wp_verify_nonce( $_REQUEST['wppa_nonce'], 'wppa_nonce' ) ) {
84
+ wp_die('Security check failure');
85
  }
86
  }
87
 
88
  if ( $_REQUEST['edit_id'] == 'single' ) {
 
 
 
 
 
 
 
 
 
 
 
89
 
90
+ echo '
91
+ <div class="wrap" >
92
+ <h2>' . __( 'Edit Single Photo', 'wp-photo-album-plus' ) .
93
+ ' - <small><i>' . __( 'Edit photo information', 'wp-photo-album-plus' ) . '</i></small>
94
+ </h2>' .
95
+ wppa_album_photos( $ei ) . '
96
+ </div>';
97
  return;
98
  }
99
 
100
  if ( $_REQUEST['edit_id'] == 'search' ) {
101
 
102
+ $back_url = get_admin_url() . 'admin.php?page=wppa_admin_menu';
103
+ if ( isset ( $_REQUEST['wppa-searchstring'] ) ) {
104
+ $back_url .= '&wppa-searchstring=' . wppa_sanitize_searchstring( $_REQUEST['wppa-searchstring'] );
105
+ }
106
+ $back_url .= '#wppa-edit-search-tag';
107
+
108
+ echo '
109
+ <a name="manage-photos" id="manage-photos" ></a>
110
+ <h2>' . __( 'Manage Photos', 'wp-photo-album-plus' );
111
+ if ( isset( $_REQUEST['bulk'] ) ) {
112
+ echo
113
+ ' - <small><i>' .
114
+ __( 'Copy / move / delete / edit name / edit description / change status', 'wp-photo-album-plus' ) .
115
+ '</i></small>';
116
  }
117
+ elseif ( isset( $_REQUEST['quick'] ) ) {
118
+ echo
119
+ ' - <small><i>' .
120
+ __( 'Edit photo information except copy and move', 'wp-photo-album-plus' ) .
121
+ '</i></small>';
122
+ }
123
+ else {
124
+ echo
125
+ ' - <small><i>' .
126
+ __( 'Edit photo information', 'wp-photo-album-plus' ) .
127
+ '</i></small>';
128
+ }
129
+ echo '
130
+ </h2>
131
 
132
+ <a href="' . $back_url . '" >' .
133
+ __( 'Back to album table', 'wp-photo-album-plus' ) .
134
+ '</a>
135
+ <br /><br />';
136
 
137
+ if ( isset( $_REQUEST['bulk'] ) ) {
138
+ wppa_album_photos_bulk( $ei );
139
+ }
140
+ else {
141
+ wppa_album_photos( $ei );
142
+ }
143
+
144
+ echo '
145
  <a href="#manage-photos">
146
+ <div style="position:fixed;right:30px;bottom:30px;background-color:lightblue;" >
147
+ &nbsp;' . __( 'Top of page', 'wp-photo-album-plus' ) . '&nbsp;
148
+ </div>
149
  </a>
150
+ <br />
151
+ <a href="' . $back_url . '" >' .
152
+ __( 'Back to album table', 'wp-photo-album-plus' ) .
153
+ '</a>';
154
+
155
  return;
156
  }
157
 
158
+ if ( $_REQUEST['edit_id'] == 'trash' ) {
159
+
160
+ echo '
161
  <div class="wrap">
162
+ <h2>' . __( 'Manage Trashed Photos', 'wp-photo-album-plus' ) .
163
+ ' - <small><i>' . __( 'Edit photo information', 'wp-photo-album-plus' ) . '</i></small>
164
+ </h2>' .
165
+ wppa_album_photos( $ei ) . '
166
+ </div>';
 
 
 
 
167
 
168
  return;
169
  }
170
 
171
+ if ( $_REQUEST['edit_id'] == 'new' ) {
172
+
173
+ if ( ! wppa_can_create_album() ) {
174
+ wp_die( __( 'You have insufficient rights to create an album', 'wp-photo-album-plus' ) );
175
+ }
176
+ $id = wppa_nextkey( WPPA_ALBUMS );
177
 
178
+ // Creating a sub-album of a given parent?
179
+ if ( isset( $_REQUEST['parent_id'] ) ) {
 
 
180
  $parent = $_REQUEST['parent_id'];
181
+ if ( ! is_numeric( $parent ) ) {
182
  wp_die('Security check failure 3');
183
  }
184
+ $name = wppa_get_album_name( $parent ) . '-#' . $id;
185
+ if ( ! current_user_can( 'administrator' ) ) { // someone creating an album for someone else?
186
+ $parentowner = $wpdb->get_var( $wpdb->prepare( "SELECT owner FROM {$wpdb->prefix}wppa_albums WHERE id = %s", $parent ) );
187
+ if ( $parentowner !== wppa_get_user() ) {
188
+ wp_die( __( 'You are not allowed to create an album for someone else', 'wp-photo-album-plus' ) );
189
+ }
190
  }
191
  }
192
+
193
+ // Create album with default parent or toplevel
194
  else {
195
  $parent = wppa_opt( 'default_parent' );
196
+
197
+ // Default parent still exists?
198
+ if ( ! $wpdb->get_var( $wpdb->prepare( "SELECT COUNT(*) FROM {$wpdb->prefix}wppa_albums WHERE id = %s", $parent ) ) ) {
199
  wppa_update_option( 'wppa_default_parent', '0' );
200
  $parent = '0';
201
  }
202
+ $name = __( 'New Album', 'wp-photo-album-plus' );
203
+ if ( $parent == '0' && ! wppa_can_create_top_album() ) {
204
+ wp_die( __( 'You have insufficient rights to create a top-level album', 'wp-photo-album-plus' ) );
205
+ }
206
  }
207
+
208
+ // Finally, now we can create the album
209
  $id = wppa_create_album_entry( array( 'id' => $id, 'name' => $name, 'a_parent' => $parent ) );
210
  if ( ! $id ) {
211
+ wppa_error_message( __( 'Could not create album.', 'wp-photo-album-plus' ) );
212
+ wp_die( __( 'Sorry, cannot continue', 'wp-photo-album-plus' ) );
213
  }
214
+
215
+ // Album created, do housekeeping and go edit it.
216
  else {
217
+ wppa_set_last_album( $id );
218
+ wppa_invalidate_treecounts( $id );
219
+ wppa_index_add( 'album', $id );
220
+ wppa_update_message( sprintf( __( 'Album #%d added', 'wp-photo-album-plus' ), $id ) );
 
221
  wppa_create_pl_htaccess();
222
+ $edit_id = $id;
223
  }
224
  }
225
  else {
226
+ $edit_id = strval( intval( $_REQUEST['edit_id'] ) );
227
  }
228
 
229
+ // See if this user may edit this album
230
+ $album_owner = $wpdb->get_var( $wpdb->prepare( "SELECT owner FROM {$wpdb->prefix}wppa_albums WHERE id = %s", $edit_id ) );
231
+ if ( ( $album_owner == '--- public ---' && ! current_user_can( 'wppa_admin' ) ) || ! wppa_have_access( $edit_id ) ) {
232
+ wp_die( __( 'You have insufficient rights to edit this album', 'wp-photo-album-plus' ) );
233
  }
234
 
235
  // Apply new desc
236
+ if ( isset( $_REQUEST['applynewdesc'] ) ) {
237
+ if ( ! wp_verify_nonce( $_REQUEST['wppa_nonce'], 'wppa_nonce') ) {
238
+ wp_die( __( 'You do not have the rights to do this', 'wp-photo-album-plus' ) );
239
+ }
240
+ $iret = $wpdb->query( $wpdb->prepare( "UPDATE {$wpdb->prefix}wppa_photos
241
+ SET description = %s
242
+ WHERE album = %d", wppa_opt( 'newphoto_description' ), $edit_id ) );
243
+ wppa_ok_message( sprintf( __( '%d photo descriptions updated', 'wp-photo-album-plus' ), $iret ) );
244
  }
245
 
246
  // Remake album
247
+ if ( isset( $_REQUEST['remakealbum'] ) ) {
248
+ if ( ! wp_verify_nonce( $_REQUEST['wppa_nonce'], 'wppa_nonce' ) ) {
249
+ wp_die( __( 'You do not have the rights to do this', 'wp-photo-album-plus' ) );
250
+ }
251
+
252
+ // Continue after time up?
253
+ if ( get_option( 'wppa_remake_start_album_' . $edit_id ) ) {
254
+ wppa_ok_message( __( 'Continuing remake, please wait...', 'wp-photo-album-plus' ) );
255
  }
256
  else {
257
+ update_option( 'wppa_remake_start_album_' . $edit_id, time() );
258
+ wppa_ok_message( __( 'Remaking photofiles, please wait...', 'wp-photo-album-plus' ) );
259
  }
260
+
261
+ // Do the remake
262
+ $iret = wppa_remake_files( $edit_id );
263
  if ( $iret ) {
264
+ wppa_ok_message( __( 'Photo files remade', 'wp-photo-album-plus' ) );
265
+ update_option( 'wppa_remake_start_album_' . $edit_id, '0' );
266
  }
267
  else {
268
+ wppa_error_message( __( 'Remake of photo files did NOT complete', 'wp-photo-album-plus' ) );
269
  }
270
  }
271
 
272
  // Get the album information
273
+ $albuminfo = $wpdb->get_row( $wpdb->prepare( "SELECT * FROM {$wpdb->prefix}wppa_albums
274
+ WHERE id = %s", $edit_id ), ARRAY_A );
275
 
276
  // We may not use extract(), so we do something like it here manually, hence controlled.
277
  $id = $albuminfo['id'];
307
  wppa_admin_spinner();
308
 
309
  // Local js functions placed here as long as there is not yet a possibility to translate texts in js files
310
+ echo '
311
+ <script>
312
+ function wppaTryInheritCats( id ) {
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
313
 
314
+ var query = ' . esc_js( __( 'Are you sure you want to inherit categories to all (grand)children of this album?', 'wp-photo-album-plus' ) ) . '
315
+ if ( confirm( query ) ) {
316
+ wppaAjaxUpdateAlbum( id, \'inherit_cats\', Math.random() );
317
+ }
318
+ }
 
 
 
 
 
319
 
320
+ function wppaTryAddCats( id ) {
321
 
322
+ var query = ' . esc_js( __( 'Are you sure you want to add the categories to all (grand)children of this album?', 'wp-photo-album-plus' ) ) . '
323
+ if ( confirm( query ) ) {
324
+ wppaAjaxUpdateAlbum( id, \'inhadd_cats\', Math.random() );
325
+ }
326
+ }
327
 
328
+ function wppaTryApplyDeftags( id ) {
329
 
330
+ var query = ' . esc_js( __( 'Are you sure you want to set the default tags to all photos in this album?', 'wp-photo-album-plus' ) ) . '
331
+ if ( confirm( query ) ) {
332
+ wppaAjaxUpdateAlbum( id, \'set_deftags\', Math.random(), true );
333
+ }
334
+ }
335
 
336
+ function wppaTryAddDeftags( id ) {
 
 
 
 
337
 
338
+ var query = ' . esc_js( __( 'Are you sure you want to add the default tags to all photos in this album?', 'wp-photo-album-plus' ) ) . '
339
+ if ( confirm( query ) ) {
340
+ wppaAjaxUpdateAlbum( id, \'add_deftags\', Math.random(), true );
341
+ }
342
+ }
343
 
344
+ function wppaTryScheduleAll( id ) {
 
 
 
345
 
346
+ var query;
347
+ if ( ! jQuery( "#schedule-box" ).prop( "checked" ) ) {
348
+ query = ' . esc_js( __( 'Please switch feature on and set date/time to schedule first', 'wp-photo-album-plus' ) ) . '
349
+ alert( query );
350
+ return;
351
+ }
352
+ query = ' . esc_js( __( 'Are you sure you want to schedule all photos in this album?', 'wp-photo-album-plus' ) ) . '
353
+ if ( confirm( query ) ) {
354
+ wppaAjaxUpdateAlbum( id, \'setallscheduled\', Math.random(), true );
355
+ }
356
+ }
357
+ </script>';
358
 
359
  // The header
360
+ echo '
361
+ <img src="' . WPPA_URL . '/img/album32.png' . '" alt="Album icon" />
362
+ <h1 style="display:inline;" >' .
363
+ __( 'Edit Album Information', 'wp-photo-album-plus' ) . '
364
+ </h1>
365
+ <p class="description">' .
366
+ __( 'All modifications are instantly updated on the server, except for those that require a button push.', 'wp-photo-album-plus' ) . ' ' .
367
+ __( 'The <b style="color:#070" >Remark</b> fields keep you informed on the actions taken at the background.', 'wp-photo-album-plus' ) . '
368
+ </p>
369
+ <input
370
+ type="hidden"
371
+ id="album-nonce-' . $id . '"
372
+ value="' . wp_create_nonce( 'wppa_nonce_' . $id ) . '"
373
+ />';
374
 
375
  // The edit albuminfo panel
376
+ echo '
377
+ <div
378
+ id="albumitem-' . $id . '"
379
+ class="wppa-table-wrap"
380
+ style="width:100%;position:relative;"
381
+ >';
382
  {
383
  // Section 1
384
+ echo '
385
+ <!-- Album Section 1 -->
386
+ <table class="wppa-table wppa-album-table" >
387
+ <tbody>
388
+ <tr>
389
+ <td>';
 
 
390
 
391
  // More or less static data
392
  // Album number
448
  }
449
  }
450
  else {
451
+ if ( wppa_get_user_count() > wppa_opt( 'max_users' ) ) {
452
+ echo '
453
+ <input
454
+ type="text"
455
+ value="' . esc_attr( $owner ) . '"
456
+ onchange="wppaAjaxUpdateAlbum( ' . $id . ', \'owner\', this )"
457
+ />&nbsp;';
 
458
  }
459
  else {
460
+ echo '
461
+ <select
462
+ onchange="wppaAjaxUpdateAlbum( ' . $id . ', \'owner\', this )"';
 
463
  wppa_user_select( $owner );
464
+ echo '
465
+ </select>&nbsp;';
466
  }
467
  }
468
 
469
  // Order # -->
470
  echo
471
+ __( 'Album order #', 'wp-photo-album-plus' ) . ':&nbsp;
472
+ <input
473
+ type="text"
474
+ onkeyup="wppaAjaxUpdateAlbum( ' . $id . ', \'a_order\', this )"
475
+ onchange="wppaAjaxUpdateAlbum( ' . $id . ', \'a_order\', this )"
476
+ value="' . esc_attr( $a_order ) . '"
477
+ style="width:50px;"
478
+ />&nbsp';
479
  if ( wppa_opt( 'list_albums_by' ) != '1' && $a_order != '0' ) {
480
  echo
481
  '<small class="description" style="color:red" >' .
485
 
486
  // Parent
487
  echo
488
+ __( 'Parent album', 'wp-photo-album-plus' ) . ':&nbsp;';
489
  if ( wppa_extended_access() ) {
490
  echo
491
  wppa_album_select_a( array( 'checkaccess' => true,
510
  '</select>';
511
  }
512
  else {
513
+ echo '
514
+ <select
515
+ id="wppa-parsel"
516
+ style="max-width:300px;"
517
+ onchange="wppaAjaxUpdateAlbum( '. $id . ', \'a_parent\', this )"
518
+ >' .
519
  wppa_album_select_a( array( 'checkaccess' => true,
520
  'exclude' => $id,
521
  'selected' => $a_parent,
527
  ) .
528
  '</select>';
529
  }
530
+ echo '&nbsp;';
531
 
532
  // P-order-by
533
  echo
562
  '-5',
563
  '-7'
564
  );
565
+ echo '
566
+ <select
567
+ onchange="wppaAjaxUpdateAlbum( ' . $id . ', \'p_order_by\', this )"
568
+ >';
569
  foreach ( array_keys( $options ) as $key ) {
570
  $sel = $values[$key] == $p_order_by ? ' selected="selected"' : '';
571
+ echo '<option value="' . $values[$key] . '"' . $sel . ' >' . $options[$key] . '</option>';
572
  }
573
+ echo '
574
+ </select>&nbsp;';
575
 
576
  // Child album order
577
+ $sel = ' selected="selected"';
578
  echo
579
+ __( 'Sub album sort order', 'wp-photo-album-plus' ) . ':&nbsp;
580
+ <select
581
+ onchange="wppaAjaxUpdateAlbum( ' . $id . ', \'suba_order_by\', this )"
582
+ >
583
+ <option value="0"' . ( $suba_order_by == '0' ? $sel : '' ) . ' >' . __( '--- default --- See Table IV-D1', 'wp-photo-album-plus' ) . '</option>
584
+ <option value="3"' . ( $suba_order_by == '3' ? $sel : '' ) . ' >' . __( 'Random', 'wp-photo-album-plus' ) . '</option>
585
+ <option value="1"' . ( $suba_order_by == '1' ? $sel : '' ) . ' >' . __( 'Order #', 'wp-photo-album-plus' ) . '</option>
586
+ <option value="-1"' . ( $suba_order_by == '-1' ? $sel : '' ) . ' >' . __( 'Order # reverse', 'wp-photo-album-plus' ) . '</option>
587
+ <option value="2"' . ( $suba_order_by == '2' ? $sel : '' ) . ' >' . __( 'Name', 'wp-photo-album-plus' ) . '</option>
588
+ <option value="-2"' . ( $suba_order_by == '-2' ? $sel : '' ) . ' >' . __( 'Name reverse', 'wp-photo-album-plus' ) . '</option>
589
+ <option value="5"' . ( $suba_order_by == '5' ? $sel : '' ) . ' >' . __( 'Timestamp', 'wp-photo-album-plus' ) . '</option>
590
+ <option value="-5"' . ( $suba_order_by == '-5' ? $sel : '' ) . ' >' . __( 'Timestamp reverse', 'wp-photo-album-plus' ) . '</option>
591
+ </select>&nbsp;';
592
 
593
  // Alternative thumbnail size
594
+ if ( ! wppa_switch( 'alt_is_restricted' ) || wppa_user_is( 'administrator' ) ) {
595
+ $sel = ' selected="selected"';
596
+ echo __( 'Use alt thumbsize', 'wp-photo-album-plus' ) . ':&nbsp;
597
+ <select onchange="wppaAjaxUpdateAlbum( ' . $id . ', \'alt_thumbsize\', this )" >
598
+ <option value="0"' . ( $alt_thumbsize ? '' : $sel ) . ' >' .
599
+ __( 'no', 'wp-photo-album-plus' ) . '
600
+ </option>
601
+ <option value="yes"' . ( $alt_thumbsize ? $sel : '' ) . ' >' .
602
+ __( 'yes', 'wp-photo-album-plus' ) . '
603
+ </option>
604
+ </select>&nbsp;';
 
605
  }
606
 
607
  // Cover type
608
  if ( ! wppa_switch( 'covertype_is_restricted' ) || wppa_user_is( 'administrator' ) ) {
 
 
609
  $sel = ' selected="selected"';
610
  echo
611
+ __( 'Cover Type', 'wp-photo-album-plus' ) . ':&nbsp;
612
+ <select onchange="wppaAjaxUpdateAlbum( '. $id . ', \'cover_type\', this )" >
613
+ <option value=""' . ( $cover_type == '' ? $sel : '' ) . ' >' .
614
+ __( '--- default --- See Table IV-D6', 'wp-photo-album-plus' ) . '
615
+ </option>
616
+ <option value="default"' . ( $cover_type == 'default' ? $sel : '' ) . ' >' .
617
+ __( 'Standard', 'wp-photo-album-plus' ) . '
618
+ </option>
619
+ <option value="longdesc"' . ( $cover_type == 'longdesc' ? $sel : '' ) . ' >' .
620
+ __( 'Long Descriptions', 'wp-photo-album-plus' ) . '
621
+ </option>
622
+ <option value="imagefactory"' . ( $cover_type == 'imagefactory' ? $sel : '' ) . ' >' .
623
+ __( 'Image Factory', 'wp-photo-album-plus' ) . '
624
+ </option>
625
+ <option value="default-mcr"' . ( $cover_type == 'default-mcr' ? $sel : '' ) . ' >' .
626
+ __( 'Standard mcr', 'wp-photo-album-plus' ) . '
627
+ </option>
628
+ <option value="longdesc-mcr"' . ( $cover_type == 'longdesc-mcr' ? $sel : '' ) . ' >' .
629
+ __( 'Long Descriptions mcr', 'wp-photo-album-plus' ) . '
630
+ </option>
631
+ <option value="imagefactory-mcr"' . ( $cover_type == 'imagefactory-mcr' ? $sel : '' ) . ' >' .
632
+ __( 'Image Factory mcr', 'wp-photo-album-plus' ) . '
633
+ </option>
634
+ </select>&nbsp;';
 
635
  }
636
 
637
  // Cover photo
638
  echo
639
+ __( 'Cover Photo:', 'wp-photo-album-plus' ) . '&nbsp;' .
640
+ wppa_main_photo( $main_photo, $cover_type ) . '&nbsp;';
641
 
642
  // Upload limit
643
  echo
644
+ __( 'Upload limit:', 'wp-photo-album-plus' ) . '&nbsp;';
645
  $lims = explode( '/', $upload_limit );
646
  if ( ! is_array( $lims ) ) {
647
  $lims = array( '0', '0' );
648
  }
649
  if ( wppa_user_is( 'administrator' ) ) {
 
 
 
 
 
 
 
 
 
650
  $sel = ' selected="selected"';
651
+ echo '
652
+ <input
653
+ type="text"
654
+ id="upload_limit_count"
655
+ value="' . $lims[0] . '"
656
+ style="width:50px"
657
+ title="' . esc_attr( __( 'Set the upload limit (0 means unlimited).', 'wp-photo-album-plus' ) ) . '"
658
+ onchange="wppaRefreshAfter(); wppaAjaxUpdateAlbum( ' . $id . ', \'upload_limit_count\', this )"
659
+ />
660
+ <select onchange="wppaRefreshAfter(); wppaAjaxUpdateAlbum( ' . $id . ', \'upload_limit_time\', this )" >
661
+ <option value="0"' . ( $lims[1] == '0' ? $sel : '' ) . ' >' . __( 'for ever', 'wp-photo-album-plus' ) . '</option>
662
+ <option value="3600"' . ( $lims[1] == '3600' ? $sel : '' ) . ' >' . __( 'per hour', 'wp-photo-album-plus' ) . '</option>
663
+ <option value="86400"' . ( $lims[1] == '86400' ? $sel : '' ) . ' >' . __( 'per day', 'wp-photo-album-plus' ) . '</option>
664
+ <option value="604800"' . ( $lims[1] == '604800' ? $sel : '' ) . ' >' . __( 'per week', 'wp-photo-album-plus' ) . '</option>
665
+ <option value="2592000"' . ( $lims[1] == '2592000' ? $sel : '' ) . ' >' . __( 'per month', 'wp-photo-album-plus' ) . '</option>
666
+ <option value="31536000"' . ( $lims[1] == '31536000' ? $sel : '' ) . ' >' . __( 'per year', 'wp-photo-album-plus' ) . '</option>
667
+ </select>&nbsp;';
668
  }
669
  else {
670
+ if ( $lims[0] == '0' ) {
671
+ _e( 'Unlimited', 'wp-photo-album-plus' );
672
+ }
673
  else {
674
+ echo $lims[0] . '&nbsp;';
675
+ switch ( $lims[1] ) {
676
  case '3600': _e( 'per hour', 'wp-photo-album-plus' ); break;
677
  case '86400': _e( 'per day', 'wp-photo-album-plus' ); break;
678
  case '604800': _e( 'per week', 'wp-photo-album-plus' ); break;
679
  case '2592000': _e( 'per month', 'wp-photo-album-plus' ); break;
680
  case '31536000': _e( 'per year', 'wp-photo-album-plus' ); break;
681
+ default: echo sprintf( 'per %d seconds', $lims[1] );
682
  }
683
  }
684
  echo '. ';
691
  echo '<br />';
692
 
693
  echo
694
+ __( 'Watermark file:', 'wp-photo-album-plus' ) . '
695
+ <select onchange="wppaAjaxUpdateAlbum( ' . $id . ', \'wmfile\', this )" >' .
696
+ wppa_watermark_file_select( 'album', $id ) . '
697
+ </select>&nbsp;' .
698
+ __( 'Watermark pos:', 'wp-photo-album-plus' ) . '
699
+ <select onchange="wppaAjaxUpdateAlbum( ' . $id . ', \'wmpos\', this )" >' .
700
+ wppa_watermark_pos_select( 'album', $id ) . '
701
+ </select>';
 
 
 
 
 
702
  }
703
 
704
  // Status
705
  echo '<br />' .
706
+ __( 'Remark', 'wp-photo-album-plus' ) . ':&nbsp;
707
+ <span
708
+ id="albumstatus-' . $id . '"
709
+ style="font-weight:bold;color:#00AA00;"
710
+ >' .
711
+ sprintf( __( 'Album %s is not modified yet', 'wp-photo-album-plus' ), $id ) . '
712
+ </span>';
713
+
714
+
715
+ echo '
716
+ </td>
717
+ </tr>
718
+ </tbody>
719
+ </table>';
720
  }
721
+ /*hbi*/
722
  {
723
  // Section 2
724
+ echo '
725
+ <!-- Album Section 2 -->
726
+ <table class="wppa-table wppa-album-table" >
727
+ <tbody>';
 
 
728
 
729
  // Name
730
+ echo '
731
+ <tr>' .
732
  '<td>' .
733
  __( 'Name:', 'wp-photo-album-plus' ) .
734
  '</td>' .
865
  if ( wppa_switch( 'album_custom_fields' ) ) {
866
  $custom = wppa_get_album_item( $edit_id, 'custom' );
867
  if ( $custom ) {
868
+ $custom_data = wppa_unserialize( $custom );
869
  }
870
  else {
871
  $custom_data = array( '', '', '', '', '', '', '', '', '', '' );
1199
  <?php
1200
  if ( isset($_REQUEST['bulk']) ) wppa_album_photos_bulk($edit_id);
1201
  elseif ( isset($_REQUEST['seq']) ) wppa_album_photos_sequence($edit_id);
1202
+ else wppa_album_photos($edit_id);
1203
+
1204
+
1205
+ $back_url = get_admin_url() . 'admin.php?page=wppa_admin_menu';
1206
+ echo '
1207
+ <br />
1208
+ <a href="' . $back_url . '" >' .
1209
+ __( 'Back to album table', 'wp-photo-album-plus' ) .
1210
+ '</a>';
1211
+
1212
  ?>
1213
  <a href="#manage-photos">
1214
  <div style="position:fixed;right:30px;bottom:30px;background-color:lightblue;" >&nbsp;<?php _e('Top of page', 'wp-photo-album-plus') ?>&nbsp;</div>
1292
  </div>
1293
  <?php
1294
  }
1295
+ else {
1296
+ wppa_error_message( sprintf( __( 'Album admin action %s is not implemented', 'wp-photo-album-plus' ),
1297
+ '<b>' . sanitize_text_field( $_REQUEST['tab'] ) . '</b>' ) );
1298
+ }
1299
  }
1300
+
1301
+ // 'tab' not set. default, album manage page.
1302
+ else {
1303
 
1304
  // if add form has been submitted
1305
  // if (isset($_POST['wppa-na-submit'])) {
1426
  }
1427
 
1428
  // Read all albums, pre-ordered
1429
+ $order_by = get_option( 'wppa_album_order_' . wppa_get_user(), 'id' );
1430
+ $order_desc = get_option( 'wppa_album_order_' . wppa_get_user() . '_reverse' );
1431
+ // A dynamic query is regarded as being insecure, so we make a switch statemnent with all possible sequences.
1432
+ // $albums = $wpdb->get_results( "SELECT * FROM {$wpdb->prefix}wppa_albums ORDER BY " . $order_by . ( $order_desc == 'yes' ? " DESC" : "" ) , ARRAY_A );
1433
+ if ( $order_desc == 'yes' ) {
1434
+ switch( $order_by ) {
1435
+ case 'name':
1436
+ $query = "SELECT * FROM {$wpdb->prefix}wppa_albums ORDER BY name DESC";
1437
+ break;
1438
+ case 'description':
1439
+ $query = "SELECT * FROM {$wpdb->prefix}wppa_albums ORDER BY description DESC";
1440
+ break;
1441
+ case 'owner':
1442
+ $query = "SELECT * FROM {$wpdb->prefix}wppa_albums ORDER BY owner DESC";
1443
+ break;
1444
+ case 'a_order':
1445
+ $query = "SELECT * FROM {$wpdb->prefix}wppa_albums ORDER BY a_order DESC";
1446
+ break;
1447
+ case 'a_parent':
1448
+ $query = "SELECT * FROM {$wpdb->prefix}wppa_albums ORDER BY a_parent DESC";
1449
+ break;
1450
+ default:
1451
+ $query = "SELECT * FROM {$wpdb->prefix}wppa_albums ORDER BY id DESC";
1452
+ }
1453
+ }
1454
+ else {
1455
+ switch( $order_by ) {
1456
+ case 'name':
1457
+ $query = "SELECT * FROM {$wpdb->prefix}wppa_albums ORDER BY name";
1458
+ break;
1459
+ case 'description':
1460
+ $query = "SELECT * FROM {$wpdb->prefix}wppa_albums ORDER BY description";
1461
+ break;
1462
+ case 'owner':
1463
+ $query = "SELECT * FROM {$wpdb->prefix}wppa_albums ORDER BY owner";
1464
+ break;
1465
+ case 'a_order':
1466
+ $query = "SELECT * FROM {$wpdb->prefix}wppa_albums ORDER BY a_order";
1467
+ break;
1468
+ case 'a_parent':
1469
+ $query = "SELECT * FROM {$wpdb->prefix}wppa_albums ORDER BY a_parent";
1470
+ break;
1471
+ default:
1472
+ $query = "SELECT * FROM {$wpdb->prefix}wppa_albums ORDER BY id";
1473
+ }
1474
+ }
1475
+ $albums = $wpdb->get_results( $query, ARRAY_A );
1476
 
1477
  // Remove non accessible albums
1478
  $temp = $albums;
1840
  }
1841
 
1842
  // Read all albums, pre-ordered
1843
+ // $albums = $wpdb->get_results( "SELECT * FROM $wpdb->wppa_albums ORDER BY " . get_option( 'wppa_album_order_'.wppa_get_user(), 'id' ) . ( get_option( 'wppa_album_order_' . wppa_get_user() . '_reverse' ) == 'yes' ? " DESC" : "" ) , ARRAY_A );
1844
+ $order_by = get_option( 'wppa_album_order_' . wppa_get_user(), 'id' );
1845
+ $order_desc = get_option( 'wppa_album_order_' . wppa_get_user() . '_reverse' );
1846
+ // A dynamic query is regarded as being insecure, so we make a switch statemnent with all possible sequences.
1847
+ if ( $order_desc == 'yes' ) {
1848
+ switch( $order_by ) {
1849
+ case 'name':
1850
+ $query = "SELECT * FROM {$wpdb->prefix}wppa_albums ORDER BY name DESC";
1851
+ break;
1852
+ case 'description':
1853
+ $query = "SELECT * FROM {$wpdb->prefix}wppa_albums ORDER BY description DESC";
1854
+ break;
1855
+ case 'owner':
1856
+ $query = "SELECT * FROM {$wpdb->prefix}wppa_albums ORDER BY owner DESC";
1857
+ break;
1858
+ case 'a_order':
1859
+ $query = "SELECT * FROM {$wpdb->prefix}wppa_albums ORDER BY a_order DESC";
1860
+ break;
1861
+ case 'a_parent':
1862
+ $query = "SELECT * FROM {$wpdb->prefix}wppa_albums ORDER BY a_parent DESC";
1863
+ break;
1864
+ default:
1865
+ $query = "SELECT * FROM {$wpdb->prefix}wppa_albums ORDER BY id DESC";
1866
+ }
1867
+ }
1868
+ else {
1869
+ switch( $order_by ) {
1870
+ case 'name':
1871
+ $query = "SELECT * FROM {$wpdb->prefix}wppa_albums ORDER BY name";
1872
+ break;
1873
+ case 'description':
1874
+ $query = "SELECT * FROM {$wpdb->prefix}wppa_albums ORDER BY description";
1875
+ break;
1876
+ case 'owner':
1877
+ $query = "SELECT * FROM {$wpdb->prefix}wppa_albums ORDER BY owner";
1878
+ break;
1879
+ case 'a_order':
1880
+ $query = "SELECT * FROM {$wpdb->prefix}wppa_albums ORDER BY a_order";
1881
+ break;
1882
+ case 'a_parent':
1883
+ $query = "SELECT * FROM {$wpdb->prefix}wppa_albums ORDER BY a_parent";
1884
+ break;
1885
+ default:
1886
+ $query = "SELECT * FROM {$wpdb->prefix}wppa_albums ORDER BY id";
1887
+ }
1888
+ }
1889
+ $albums = $wpdb->get_results( $query, ARRAY_A );
1890
 
1891
  // Remove non accessible albums
1892
  $temp = $albums;
1930
  $done = false;
1931
 
1932
  // Add missing parent
1933
+ $albums[] = $wpdb->get_row( $wpdb->prepare( "SELECT * FROM {$wpdb->prefix}wppa_albums WHERE id = %d", $parent ), ARRAY_A );
1934
  }
1935
  }
1936
  }
2516
  function wppa_have_accessible_children( $alb ) {
2517
  global $wpdb;
2518
 
2519
+ $albums = $wpdb->get_results( $wpdb->prepare( "SELECT * FROM {$wpdb->prefix}wppa_albums WHERE a_parent = %d", $alb['id'] ), ARRAY_A );
2520
 
2521
  if ( ! $albums || ! count( $albums ) ) return false;
2522
  foreach ( $albums as $album ) {
2539
  }
2540
 
2541
  // Photos in the album
2542
+ $photos = $wpdb->get_results( $wpdb->prepare( "SELECT * FROM {$wpdb->prefix}wppa_photos WHERE album = %s", $id ), ARRAY_A );
2543
 
2544
  if ( is_array( $photos ) ) {
2545
  foreach ( $photos as $photo ) {
2546
+ $wpdb->query( $wpdb->prepare( "UPDATE {$wpdb->prefix}wppa_photos SET album = %s WHERE id = %d", $move, $photo['id'] ) );
2547
 
2548
  // Move to trash?
2549
  if ( $move > '0' ) {
2565
  wppa_invalidate_treecounts( $id );
2566
 
2567
  // Now delete the album
2568
+ $wpdb->query( $wpdb->prepare( "DELETE FROM {$wpdb->prefix}wppa_albums WHERE id = %d", $id ) );
2569
  wppa_delete_album_source( $id );
2570
  wppa_index_remove( 'album', $id );
2571
  wppa_clear_catlist();
wppa-boxes-html.php CHANGED
@@ -3411,7 +3411,7 @@ function wppa_user_albumedit_html( $alb, $width, $where = '', $mcr = false ) {
3411
  // Custom data
3412
  $custom = wppa_get_album_item( $alb, 'custom' );
3413
  if ( $custom ) {
3414
- $custom_data = unserialize( $custom );
3415
  }
3416
  else {
3417
  $custom_data = array( '', '', '', '', '', '', '', '', '', '' );
3411
  // Custom data
3412
  $custom = wppa_get_album_item( $alb, 'custom' );
3413
  if ( $custom ) {
3414
+ $custom_data = wppa_unserialize( $custom );
3415
  }
3416
  else {
3417
  $custom_data = array( '', '', '', '', '', '', '', '', '', '' );
wppa-common-functions.php CHANGED
@@ -221,6 +221,7 @@ global $thumbs;
221
  'is_random' => false,
222
  'cron' => $cron,
223
  'has_panorama' => $pano,
 
224
 
225
  );
226
  }
221
  'is_random' => false,
222
  'cron' => $cron,
223
  'has_panorama' => $pano,
224
+ 'unsanitized_filename' => '',
225
 
226
  );
227
  }
wppa-exif-iptc-common.php CHANGED
@@ -3,7 +3,7 @@
3
  * Package: wp-photo-album-plus
4
  *
5
  * exif and iptc common functions
6
- * version 6.9.14
7
  *
8
  *
9
  */
@@ -185,7 +185,7 @@ global $wppa_exif_error_output;
185
 
186
  // If array, make it readable
187
  if ( is_serialized( $data ) ) {
188
- $data_arr = @unserialize( $data ); // This may cause Out of memory error
189
  if ( is_array( $data_arr ) ) {
190
  $data = implode( ', ', $data_arr );
191
  }
3
  * Package: wp-photo-album-plus
4
  *
5
  * exif and iptc common functions
6
+ * version 6.9.15
7
  *
8
  *
9
  */
185
 
186
  // If array, make it readable
187
  if ( is_serialized( $data ) ) {
188
+ $data_arr = wppa_unserialize( $data ); // This may cause Out of memory error
189
  if ( is_array( $data_arr ) ) {
190
  $data = implode( ', ', $data_arr );
191
  }
wppa-functions.php CHANGED
@@ -3,7 +3,7 @@
3
  * Package: wp-photo-album-plus
4
  *
5
  * Various functions
6
- * Version 6.9.14
7
  *
8
  */
9
 
@@ -4399,6 +4399,7 @@ global $wppa_upload_succes_id;
4399
  $fail = '0';
4400
  foreach ( $_FILES as $file ) {
4401
  if ( ! is_array( $file['error'] ) ) {
 
4402
  $iret = wppa_do_frontend_file_upload( $file, $alb ); // this should no longer happen since the name is incl []
4403
  if ( $iret ) {
4404
  $uploaded_ids[] = $iret;
@@ -4416,9 +4417,10 @@ global $wppa_upload_succes_id;
4416
  if ( $iret ) {
4417
  $f['error'] = $file['error'][$i];
4418
  $f['tmp_name'] = $file['tmp_name'][$i];
4419
- $f['name'] = wppa_sima( $file['name'][$i] );
4420
  $f['type'] = $file['type'][$i];
4421
  $f['size'] = $file['size'][$i];
 
4422
  $iret = wppa_do_frontend_file_upload( $f, $alb );
4423
 
4424
  // Report phto id if from tinymce photo shortcode generator upload
@@ -4578,7 +4580,7 @@ global $wppa_upload_succes_id;
4578
  // Custom data
4579
  $custom = wppa_get_album_item( $alb, 'custom' );
4580
  if ( $custom ) {
4581
- $custom_data = unserialize( $custom );
4582
  }
4583
  else {
4584
  $custom_data = array( '', '', '', '', '', '', '', '', '', '' );
@@ -4655,7 +4657,7 @@ global $wppa_alert;
4655
  $name = wppa_get_post( 'user-name' );
4656
  }
4657
  else {
4658
- $name = wppa_sima( $file['name'] );
4659
  }
4660
  $name = wppa_sanitize_photo_name( $name );
4661
 
@@ -4696,7 +4698,9 @@ global $wppa_alert;
4696
 
4697
  // Repair name if not standard
4698
  if ( ! wppa_get_post( 'user-name' ) ) {
4699
- wppa_set_default_name( $id, wppa_sima( $file['name'] ) );
 
 
4700
  }
4701
 
4702
  // tags
@@ -4779,7 +4783,7 @@ global $wppa_alert;
4779
  $name = wppa_get_post( 'user-name' );
4780
  }
4781
  else {
4782
- $name = wppa_sima( $file['name'] );
4783
  }
4784
 
4785
  // Sanitize input
@@ -4832,7 +4836,7 @@ global $wppa_alert;
4832
 
4833
  // Repair photoname if not standard
4834
  if ( ! wppa_get_post( 'user-name' ) ) {
4835
- wppa_set_default_name( $id, wppa_sima( $file['name'] ) );
4836
  }
4837
 
4838
  // Custom data
3
  * Package: wp-photo-album-plus
4
  *
5
  * Various functions
6
+ * Version 6.9.15
7
  *
8
  */
9
 
4399
  $fail = '0';
4400
  foreach ( $_FILES as $file ) {
4401
  if ( ! is_array( $file['error'] ) ) {
4402
+ wppa( 'unsanitized_filename', $file['name'] );
4403
  $iret = wppa_do_frontend_file_upload( $file, $alb ); // this should no longer happen since the name is incl []
4404
  if ( $iret ) {
4405
  $uploaded_ids[] = $iret;
4417
  if ( $iret ) {
4418
  $f['error'] = $file['error'][$i];
4419
  $f['tmp_name'] = $file['tmp_name'][$i];
4420
+ $f['name'] = $file['name'][$i];
4421
  $f['type'] = $file['type'][$i];
4422
  $f['size'] = $file['size'][$i];
4423
+ wppa( 'unsanitized_filename', $file['name'][$i] );
4424
  $iret = wppa_do_frontend_file_upload( $f, $alb );
4425
 
4426
  // Report phto id if from tinymce photo shortcode generator upload
4580
  // Custom data
4581
  $custom = wppa_get_album_item( $alb, 'custom' );
4582
  if ( $custom ) {
4583
+ $custom_data = wppa_unserialize( $custom );
4584
  }
4585
  else {
4586
  $custom_data = array( '', '', '', '', '', '', '', '', '', '' );
4657
  $name = wppa_get_post( 'user-name' );
4658
  }
4659
  else {
4660
+ $name = $file['name'];
4661
  }
4662
  $name = wppa_sanitize_photo_name( $name );
4663
 
4698
 
4699
  // Repair name if not standard
4700
  if ( ! wppa_get_post( 'user-name' ) ) {
4701
+ wppa_log('obs', 'in functions 4700:'.$file['name']);
4702
+ wppa( 'unsanitized_filename', $file['name'] );
4703
+ wppa_set_default_name( $id, $file['name'] );
4704
  }
4705
 
4706
  // tags
4783
  $name = wppa_get_post( 'user-name' );
4784
  }
4785
  else {
4786
+ $name = $file['name'];
4787
  }
4788
 
4789
  // Sanitize input
4836
 
4837
  // Repair photoname if not standard
4838
  if ( ! wppa_get_post( 'user-name' ) ) {
4839
+ wppa_set_default_name( $id );
4840
  }
4841
 
4842
  // Custom data
wppa-import.php CHANGED
@@ -3,7 +3,7 @@
3
  * Package: wp-photo-album-plus
4
  *
5
  * Contains all the import pages and functions
6
- * Version 6.9.14
7
  *
8
  */
9
 
@@ -1697,7 +1697,7 @@ global $wppa_supported_audio_extensions;
1697
  $parent = '0';
1698
  $porder = '0';
1699
  $owner = '';
1700
- $handle = fopen( $album, "r" );
1701
  if ( $handle ) {
1702
  $buffer = fgets( $handle, 4096 );
1703
  while ( !feof( $handle ) ) {
@@ -2237,12 +2237,12 @@ global $wppa_supported_audio_extensions;
2237
  copy ( $file, $tempfile );
2238
 
2239
  // Open file
2240
- $handle = fopen( $tempfile, "rt" );
2241
  if ( ! $handle ) {
2242
  wppa_error_message( __( 'Can not open file. Can not continue. (1)', 'wp-photo-album-plus') );
2243
  return;
2244
  }
2245
- $write_handle = fopen( $file, "wt" );
2246
  if ( ! $write_handle ) {
2247
  wppa_error_message( __( 'Can not open file. Can not continue. (2)', 'wp-photo-album-plus') );
2248
  return;
@@ -2461,7 +2461,7 @@ global $wppa_supported_audio_extensions;
2461
  }
2462
  if ( $photos ) {
2463
  foreach( $photos as $photo ) {
2464
- $cust_data = $photo['custom'] ? unserialize( $photo['custom'] ) : array( '', '', '', '', '', '', '', '', '', '' );
2465
 
2466
  // Update custom fields
2467
  foreach( array_keys( $custptrs ) as $idx ) {
@@ -2787,7 +2787,7 @@ function wppa_get_meta_data( $file, $item, $opt ) {
2787
  if ( $opt == '{' ) $opt2 = '}';
2788
  if ( $opt == '[' ) $opt2 = ']';
2789
  if ( is_file( $file ) ) {
2790
- $handle = fopen( $file, "r" );
2791
  if ( $handle ) {
2792
  while ( ( $buffer = fgets( $handle, 4096 ) ) !== false ) {
2793
  if ( substr( $buffer, 0, 5 ) == $item.'=' ) {
@@ -2834,7 +2834,7 @@ function wppa_extract( $xpath, $delz ) {
2834
  $ext = strtolower( wppa_get_ext( $xpath ) );
2835
  if ( $ext == 'zip' ) {
2836
  $zip = new ZipArchive;
2837
- if ( $zip->open( $xpath ) === true ) {
2838
 
2839
  $supported_file_ext = array( 'jpg', 'png', 'gif', 'JPG', 'PNG', 'GIF', 'amf', 'pmf', 'zip', 'csv' );
2840
  $done = '0';
3
  * Package: wp-photo-album-plus
4
  *
5
  * Contains all the import pages and functions
6
+ * Version 6.9.15
7
  *
8
  */
9
 
1697
  $parent = '0';
1698
  $porder = '0';
1699
  $owner = '';
1700
+ $handle = fopen( str_replace( '../', '', $album ), "r" );
1701
  if ( $handle ) {
1702
  $buffer = fgets( $handle, 4096 );
1703
  while ( !feof( $handle ) ) {
2237
  copy ( $file, $tempfile );
2238
 
2239
  // Open file
2240
+ $handle = fopen( str_replace( '../', '', $tempfile ), "rt" );
2241
  if ( ! $handle ) {
2242
  wppa_error_message( __( 'Can not open file. Can not continue. (1)', 'wp-photo-album-plus') );
2243
  return;
2244
  }
2245
+ $write_handle = fopen( str_replace( '../', '', $file ), "wt" );
2246
  if ( ! $write_handle ) {
2247
  wppa_error_message( __( 'Can not open file. Can not continue. (2)', 'wp-photo-album-plus') );
2248
  return;
2461
  }
2462
  if ( $photos ) {
2463
  foreach( $photos as $photo ) {
2464
+ $cust_data = $photo['custom'] ? wppa_unserialize( $photo['custom'] ) : array( '', '', '', '', '', '', '', '', '', '' );
2465
 
2466
  // Update custom fields
2467
  foreach( array_keys( $custptrs ) as $idx ) {
2787
  if ( $opt == '{' ) $opt2 = '}';
2788
  if ( $opt == '[' ) $opt2 = ']';
2789
  if ( is_file( $file ) ) {
2790
+ $handle = fopen( str_replace( '../', '', $file ), "r" );
2791
  if ( $handle ) {
2792
  while ( ( $buffer = fgets( $handle, 4096 ) ) !== false ) {
2793
  if ( substr( $buffer, 0, 5 ) == $item.'=' ) {
2834
  $ext = strtolower( wppa_get_ext( $xpath ) );
2835
  if ( $ext == 'zip' ) {
2836
  $zip = new ZipArchive;
2837
+ if ( $zip->open( str_replace( '../', '', $xpath ) ) === true ) {
2838
 
2839
  $supported_file_ext = array( 'jpg', 'png', 'gif', 'JPG', 'PNG', 'GIF', 'amf', 'pmf', 'zip', 'csv' );
2840
  $done = '0';
wppa-items.php CHANGED
@@ -3,7 +3,7 @@
3
  * Package: wp-photo-album-plus
4
  *
5
  * Contains functions to retrieve album and photo items
6
- * Version 6.9.14
7
  *
8
  */
9
 
@@ -433,7 +433,7 @@ function wppa_translate_photo_keywords( $id, $text ) {
433
  // Custom data fields
434
  if ( wppa_switch( 'custom_fields' ) ) {
435
  $custom = $thumb['custom'];
436
- $custom_data = $custom ? unserialize( $custom ) : array( '', '', '', '', '', '', '', '', '', '' );
437
  for ( $i = '0'; $i < '10'; $i++ ) {
438
  if ( wppa_opt( 'custom_caption_'.$i ) ) { // Field defined
439
  if ( wppa_switch( 'custom_visible_'.$i ) ) { // May be displayed
@@ -712,7 +712,7 @@ function wppa_translate_album_keywords( $id, $text, $translate = true ) {
712
 
713
  // Get raw data
714
  $custom = $album['custom'];
715
- $custom_data = $custom ? unserialize( $custom ) : array( '', '', '', '', '', '', '', '', '', '' );
716
 
717
  // Process max all 10 sub-items
718
  for ( $i = '0'; $i < '10'; $i++ ) {
3
  * Package: wp-photo-album-plus
4
  *
5
  * Contains functions to retrieve album and photo items
6
+ * Version 6.9.15
7
  *
8
  */
9
 
433
  // Custom data fields
434
  if ( wppa_switch( 'custom_fields' ) ) {
435
  $custom = $thumb['custom'];
436
+ $custom_data = $custom ? wppa_unserialize( $custom ) : array( '', '', '', '', '', '', '', '', '', '' );
437
  for ( $i = '0'; $i < '10'; $i++ ) {
438
  if ( wppa_opt( 'custom_caption_'.$i ) ) { // Field defined
439
  if ( wppa_switch( 'custom_visible_'.$i ) ) { // May be displayed
712
 
713
  // Get raw data
714
  $custom = $album['custom'];
715
+ $custom_data = $custom ? wppa_unserialize( $custom ) : array( '', '', '', '', '', '', '', '', '', '' );
716
 
717
  // Process max all 10 sub-items
718
  for ( $i = '0'; $i < '10'; $i++ ) {
wppa-maintenance.php CHANGED
@@ -3,7 +3,7 @@
3
  * Package: wp-photo-album-plus
4
  *
5
  * Contains (not yet, but in the future maybe) all the maintenance routines
6
- * Version 6.9.14
7
  *
8
  */
9
 
@@ -1332,7 +1332,7 @@ global $wppa_log_file;
1332
  </thead>
1333
  <tbody style="overflow:auto;" >';
1334
  foreach ( $sessions as $session ) {
1335
- $data = unserialize( $session['data'] );
1336
  $result .= '
1337
  <tr>
1338
  <td>'.$session['id'].'</td>
3
  * Package: wp-photo-album-plus
4
  *
5
  * Contains (not yet, but in the future maybe) all the maintenance routines
6
+ * Version 6.9.15
7
  *
8
  */
9
 
1332
  </thead>
1333
  <tbody style="overflow:auto;" >';
1334
  foreach ( $sessions as $session ) {
1335
+ $data = wppa_unserialize( $session['data'] );
1336
  $result .= '
1337
  <tr>
1338
  <td>'.$session['id'].'</td>
wppa-photo-admin-autosave.php CHANGED
@@ -3,7 +3,7 @@
3
  * Package: wp-photo-album-plus
4
  *
5
  * edit and delete photos
6
- * Version 6.9.14
7
  *
8
  */
9
 
@@ -87,17 +87,16 @@ global $wpdb;
87
  wppa_vfy_arg( 'wppa-page' );
88
 
89
  $pagesize = wppa_opt( 'photo_admin_pagesize' );
90
- $page = isset ( $_GET['wppa-page'] ) ? $_GET['wppa-page'] : '1';
91
  $skip = ( $page - '1' ) * $pagesize;
92
- $limit = ( $pagesize < '1' ) ? '' : ' LIMIT ' . $skip . ',' . $pagesize;
93
 
94
  // Edit the photos in a specific album
95
  if ( $album ) {
96
 
97
  // Special album case: search (see last album line in album table)
98
  if ( $album == 'search' ) {
99
- $count = wppa_get_edit_search_photos( '', 'count_only' );
100
- $photos = wppa_get_edit_search_photos( $limit );
101
  $link = wppa_dbg_url( get_admin_url() . 'admin.php' .
102
  '?page=wppa_admin_menu' .
103
  '&tab=edit' .
@@ -109,9 +108,10 @@ global $wpdb;
109
 
110
  // Edit trashed photos
111
  elseif ( $album == 'trash' ) {
112
- $count = $wpdb->get_var( "SELECT COUNT(*) FROM $wpdb->wppa_photos WHERE `album` < '0'" );
113
- $photos = $wpdb->get_results( "SELECT * FROM $wpdb->wppa_photos WHERE `album` < '0' ORDER BY `modified` DESC " . $limit, ARRAY_A );
114
- // $count = count( $photos );
 
115
  $link = wppa_dbg_url( get_admin_url() . 'admin.php' .
116
  '?page=wppa_admin_menu' .
117
  '&tab=edit' .
@@ -124,8 +124,9 @@ global $wpdb;
124
  elseif ( $album == 'single' ) {
125
  $p = strval( intval( $_REQUEST['photo'] ) );
126
  $count = $p ? 1 : 0;
127
- $photos = $wpdb->get_results( "SELECT * FROM $wpdb->wppa_photos WHERE `id` = '$p'", ARRAY_A );
128
- $count = count( $photos );
 
129
  $link = '';
130
  }
131
 
@@ -133,14 +134,11 @@ global $wpdb;
133
  else {
134
  $counts = wppa_get_treecounts_a( $album, true );
135
  $count = $counts['selfphotos'] + $counts['pendselfphotos'] + $counts['scheduledselfphotos'];
136
- $photos = $wpdb->get_results( $wpdb->prepare( "SELECT * " .
137
- "FROM $wpdb->wppa_photos " .
138
- "WHERE `album` = %s " .
139
- wppa_get_photo_order( $album, 'norandom' ) .
140
- $limit,
141
- $album
142
- ), ARRAY_A
143
- );
144
  $link = wppa_dbg_url( get_admin_url() . 'admin.php' .
145
  '?page=wppa_admin_menu' .
146
  '&tab=edit' .
@@ -153,31 +151,18 @@ global $wpdb;
153
  // Edit a single photo
154
  elseif ( $photo && ! $moderate ) {
155
  $count = '1';
156
- $photos = $wpdb->get_results( $wpdb->prepare( "SELECT * " .
157
- "FROM $wpdb->wppa_photos " .
158
- "WHERE `id` = %s",
159
- $photo
160
- ), ARRAY_A
161
- );
162
  $link = '';
163
  }
164
 
165
  // Edit the photos of a specific owner
166
  elseif ( $owner ) {
167
- $count = $wpdb->get_var( $wpdb->prepare( "SELECT COUNT(*) " .
168
- "FROM $wpdb->wppa_photos " .
169
- "WHERE `owner` = %s",
170
- $owner
171
- )
172
- );
173
- $photos = $wpdb->get_results( $wpdb->prepare( "SELECT * " .
174
- "FROM $wpdb->wppa_photos " .
175
- "WHERE `owner` = %s " .
176
- "ORDER BY `timestamp` DESC " .
177
- $limit,
178
- $owner
179
- ), ARRAY_A
180
- );
181
  $link = wppa_dbg_url( get_admin_url() . 'admin.php' . '?page=wppa_edit_photo' . '&wppa_nonce=' . wp_create_nonce('wppa_nonce') );
182
  }
183
 
@@ -191,43 +176,31 @@ global $wpdb;
191
 
192
  // Moderate a single photo
193
  if ( $photo ) {
194
- $count = '1';
195
- $photos = $wpdb->get_results( $wpdb->prepare( "SELECT * " .
196
- "FROM $wpdb->wppa_photos " .
197
- "WHERE `id` = %s",
198
- $photo
199
- ), ARRAY_A
200
- );
201
  $link = '';
202
  }
203
 
204
  // Are there photos with pending comments?
205
  else {
206
- $cmt = $wpdb->get_results( "SELECT `photo` " .
207
- "FROM $wpdb->wppa_comments " .
208
- "WHERE `status` = 'pending' " .
209
- "OR `status` = 'spam'",
210
- ARRAY_A
211
- );
212
 
213
- if ( $cmt ) {
214
- $orphotois = '';
215
- foreach ( $cmt as $c ) {
216
- $orphotois .= "OR `id` = '" . $c['photo'] . "' ";
 
 
 
 
 
 
 
 
 
 
217
  }
218
  }
219
- else $orphotois = '';
220
- $count = $wpdb->get_var( "SELECT COUNT(*) " .
221
- "FROM $wpdb->wppa_photos " .
222
- "WHERE `status` = 'pending' " .
223
- $orphotois
224
- );
225
- $photos = $wpdb->get_results( "SELECT * " .
226
- "FROM $wpdb->wppa_photos " .
227
- "WHERE `status` = 'pending' " . $orphotois . " " .
228
- "ORDER BY `album` DESC, `timestamp` DESC " .
229
- $limit, ARRAY_A
230
- );
231
  $link = wppa_dbg_url( get_admin_url() . 'admin.php' . '?page=wppa_moderate_photos' . '&wppa_nonce=' . wp_create_nonce('wppa_nonce') );
232
  }
233
 
@@ -256,15 +229,12 @@ global $wpdb;
256
  '<h3>' .
257
  __( 'Manage all photos by timestamp' , 'wp-photo-album-plus') .
258
  '</h3>';
259
- $count = $wpdb->get_var( "SELECT COUNT(*) " .
260
- "FROM $wpdb->wppa_photos"
261
- );
262
- $photos = $wpdb->get_results( "SELECT * " .
263
- "FROM $wpdb->wppa_photos " .
264
- "ORDER BY `timestamp` DESC" .
265
- $limit,
266
- ARRAY_A
267
- );
268
  $link = wppa_dbg_url( get_admin_url() . 'admin.php' . '?page=wppa_moderate_photos' . '&wppa_nonce=' . wp_create_nonce('wppa_nonce') );
269
  }
270
 
@@ -460,7 +430,7 @@ function wppaTryMagick( id, slug ) {
460
 
461
  if ( true || confirm( query ) ) {
462
  jQuery( '#wppa-admin-spinner' ).css( 'display', 'inline' );
463
- _wppaAjaxUpdatePhoto( id, slug, 0, false ); //<?php echo ( wppa( 'front_edit' ) ? 'false' : 'true' ) ?> );
464
  }
465
  }
466
 
@@ -506,7 +476,6 @@ function wppaToggleExif( id, count ) {
506
 
507
 
508
  // Display the pagelinks
509
- // echo 'page_links called with: '.$page.' '.$pagesize.' '.$count.' '.$link;
510
  wppa_admin_page_links( $page, $pagesize, $count, $link );
511
 
512
  // Horizon
@@ -1849,7 +1818,7 @@ function wppaToggleExif( id, count ) {
1849
  if ( wppa_switch( 'custom_fields' ) ) {
1850
  $custom = wppa_get_photo_item( $photo['id'], 'custom' );
1851
  if ( $custom ) {
1852
- $custom_data = unserialize( $custom );
1853
  }
1854
  else {
1855
  $custom_data = array( '', '', '', '', '', '', '', '', '', '' );
@@ -2087,9 +2056,9 @@ function wppaToggleExif( id, count ) {
2087
 
2088
  // Exif
2089
  if ( ! $quick ) {
2090
- $exifs = $wpdb->get_results( $wpdb->prepare( "SELECT * FROM $wpdb->wppa_exif " .
2091
- "WHERE `photo` = %s " .
2092
- "ORDER BY `tag`, `id` ", $id ), ARRAY_A );
2093
  if ( ! empty( $exifs ) ) {
2094
  $brand = wppa_get_camera_brand( $id );
2095
  echo
@@ -2119,7 +2088,7 @@ function wppaToggleExif( id, count ) {
2119
  foreach ( $exifs as $exif ) {
2120
  $desc = $exif['description'];
2121
  if ( is_serialized( $desc ) ) {
2122
- $desc = 'Array(' . count( unserialize( $desc ) ) . ')';
2123
  }
2124
  echo '
2125
  <tr id="exif-tr-' . $exif['id'] . '" >
@@ -2158,9 +2127,9 @@ function wppaToggleExif( id, count ) {
2158
 
2159
  // Comments
2160
  if ( ! $quick ) {
2161
- $comments = $wpdb->get_results( $wpdb->prepare( "SELECT * FROM `" . WPPA_COMMENTS . "` " .
2162
- "WHERE `photo` = %s " .
2163
- "ORDER BY `timestamp` DESC ", $id ), ARRAY_A );
2164
  if ( ! empty( $comments ) ) {
2165
  echo
2166
  '<table' .
@@ -2270,9 +2239,9 @@ function wppa_album_photos_bulk( $album ) {
2270
  break;
2271
  case 'wppa-bulk-move-to':
2272
  if ( $newalb ) {
2273
- $photo = $wpdb->get_row( $wpdb->prepare( "SELECT * FROM $wpdb->wppa_photos WHERE `id` = %s", $id ), ARRAY_A );
2274
  if ( wppa_switch( 'void_dups' ) ) { // Check for already exists
2275
- $exists = $wpdb->get_var ( $wpdb->prepare ( "SELECT COUNT(*) FROM $wpdb->wppa_photos WHERE `filename` = %s AND `album` = %s", $photo['filename'], $newalb ) );
2276
  if ( $exists ) { // Already exists
2277
  wppa_error_message ( sprintf ( __( 'A photo with filename %s already exists in album %s.' , 'wp-photo-album-plus'), $photo['filename'], $newalb ) );
2278
  $skip = true;
@@ -2290,7 +2259,7 @@ function wppa_album_photos_bulk( $album ) {
2290
  if ( $newalb ) {
2291
  $photo = $wpdb->get_row( $wpdb->prepare( 'SELECT * FROM '.WPPA_PHOTOS.' WHERE `id` = %s', $id ), ARRAY_A );
2292
  if ( wppa_switch( 'void_dups' ) ) { // Check for already exists
2293
- $exists = $wpdb->get_var ( $wpdb->prepare ( "SELECT COUNT(*) FROM $wpdb->wppa_photos WHERE `filename` = %s AND `album` = %s", $photo['filename'], $newalb ) );
2294
  if ( $exists ) { // Already exists
2295
  wppa_error_message ( sprintf ( __( $exists.'A photo with filename %s already exists in album %s.' , 'wp-photo-album-plus'), $photo['filename'], $newalb ) );
2296
  $skip = true;
@@ -2309,7 +2278,7 @@ function wppa_album_photos_bulk( $album ) {
2309
  }
2310
  if ( current_user_can( 'wppa_admin' ) || current_user_can( 'wppa_moderate' ) ) {
2311
  if ( $status == 'publish' || $status == 'pending' || wppa_user_is( 'administrator' ) || ! wppa_switch( 'ext_status_restricted' ) ) {
2312
- $wpdb->query( $wpdb->prepare( "UPDATE $wpdb->wppa_photos SET `status` = %s WHERE `id` = %d", $status, $id ) );
2313
  wppa_invalidate_treecounts( wppa_get_photo_item( $id, 'album' ) );
2314
  }
2315
  else wp_die( 'Security check failure 2' );
@@ -2322,7 +2291,7 @@ function wppa_album_photos_bulk( $album ) {
2322
  $owner = sanitize_user( $owner );
2323
  $exists = $wpdb->get_var( "SELECT COUNT(*) FROM `".$wpdb->users."` WHERE `user_login` = '".$owner."'" );
2324
  if ( $exists ) {
2325
- $wpdb->query( $wpdb->prepare( "UPDATE $wpdb->wppa_photos SET `owner` = %s WHERE `id` = %d", $owner, $id ) );
2326
  }
2327
  else {
2328
  wppa_error_message( 'A user with login name '.$owner.' does not exist.' );
@@ -2374,37 +2343,38 @@ function wppa_album_photos_bulk( $album ) {
2374
  }
2375
  }
2376
 
2377
- $pagesize = wppa_opt( 'photo_admin_pagesize' );
2378
  $next_after = isset ( $_REQUEST['next-after'] ) ? strval( intval( $_REQUEST['next-after'] ) ) : '0';
2379
  $page = ( isset( $_GET['wppa-page'] ) ? max( strval( intval( $_GET['wppa-page'] ) ), '1' ) : '1' ) + ( isset( $_POST['next-after'] ) ? $_POST['next-after'] : '0' );
2380
  $skip = ( $page > '0' ? ( $page - '1' ) * $pagesize : '0' );
2381
- $limit = ( $pagesize < '1' ) ? '' : ' LIMIT '.$skip.','.$pagesize;
2382
- // $no_confirm_delete = wppa_getCookie(); //( isset( $_REQUEST['no-confirm-delete'] ) ? true : false );
2383
- // $no_confirm_move = wppa_getCookie(); //( isset( $_REQUEST['no-confirm-move'] ) ? true : false );
2384
- /*
2385
- echo 'Post=';
2386
- print_r($_POST);
2387
- echo '<br />';
2388
- print_r($_GET);
2389
- echo '<br />';
2390
- echo 'Page='.$page;
2391
- */
2392
  if ( $album ) {
2393
  if ( $album == 'moderate' ) {
2394
- $photos = $wpdb->get_results( "SELECT * FROM $wpdb->wppa_photos WHERE `status` = 'pending' ORDER BY `album` DESC, `timestamp` DESC " . $limit, ARRAY_A );
2395
- $count = count( $photos );
 
 
 
 
 
2396
  $link = wppa_dbg_url( get_admin_url().'admin.php?page=wppa_moderate_photos' );
2397
  }
2398
  elseif ( $album == 'search' ) {
2399
- $count = wppa_get_edit_search_photos( '', 'count_only' );
2400
- $photos = wppa_get_edit_search_photos( $limit );
 
2401
  $link = wppa_dbg_url( get_admin_url().'admin.php?page=wppa_admin_menu&tab=edit&edit_id='.$album.'&wppa-searchstring='.wppa_sanitize_searchstring($_REQUEST['wppa-searchstring']).'&bulk'.'&wppa_nonce=' . wp_create_nonce('wppa_nonce') );
2402
  wppa_show_search_statistics();
2403
  }
2404
  else {
2405
- $counts = wppa_get_treecounts_a( $album, true );
2406
- $count = $counts['selfphotos'] + $counts['pendselfphotos'] + $counts['scheduledselfphotos'];
2407
- $photos = $wpdb->get_results( $wpdb->prepare( 'SELECT * FROM `'.WPPA_PHOTOS.'` WHERE `album` = %s '.wppa_get_photo_order( $album, 'norandom' ).$limit, $album ), ARRAY_A );
 
 
 
 
 
2408
  $link = wppa_dbg_url( get_admin_url().'admin.php?page=wppa_admin_menu&tab=edit&edit_id='.$album.'&bulk'.'&wppa_nonce=' . wp_create_nonce('wppa_nonce') );
2409
  }
2410
 
@@ -2906,7 +2876,10 @@ global $wpdb;
2906
  $photoorder = wppa_get_photo_order( $album, 'norandom' );
2907
  $is_descending = strpos( $photoorder, 'DESC' ) !== false;
2908
  $is_p_order = strpos( $photoorder, 'p_order' ) !== false;
2909
- $photos = $wpdb->get_results( $wpdb->prepare( 'SELECT * FROM `'.WPPA_PHOTOS.'` WHERE `album` = %s '.$photoorder, $album ), ARRAY_A );
 
 
 
2910
  $link = wppa_dbg_url( get_admin_url().'admin.php?page=wppa_admin_menu&tab=edit&edit_id='.$album.'&bulk'.'&wppa_nonce=' . wp_create_nonce('wppa_nonce') );
2911
  $size = '180';
2912
 
@@ -3101,7 +3074,7 @@ global $wpdb;
3101
  }
3102
  }
3103
 
3104
- function wppa_get_edit_search_photos( $limit = '', $count_only = false ) {
3105
  global $wpdb;
3106
  global $wppa_search_stats;
3107
 
@@ -3137,53 +3110,77 @@ global $wppa_search_stats;
3137
 
3138
  // Find lines in index db table
3139
  if ( wppa_switch( 'wild_front' ) ) {
3140
- $pidxs = $wpdb->get_results( "SELECT `slug`, `photos` FROM `".WPPA_INDEX."` WHERE `slug` LIKE '%".$word."%'", ARRAY_A );
3141
  }
3142
  else {
3143
- $pidxs = $wpdb->get_results( "SELECT `slug`, `photos` FROM `".WPPA_INDEX."` WHERE `slug` LIKE '".$word."%'", ARRAY_A );
3144
  }
3145
 
3146
- $photos = '';
 
 
 
 
 
 
 
3147
 
 
3148
  foreach ( $pidxs as $pi ) {
3149
- $photos .= $pi['photos'].',';
 
 
 
3150
  }
 
3151
 
3152
  if ( $first ) {
3153
- $photo_array = wppa_index_string_to_array( trim( $photos, ',' ) );
3154
  $count = empty( $photo_array ) ? '0' : count( $photo_array );
3155
- $list = implode( ',', $photo_array );
3156
- if ( ! $list ) {
3157
- $list = '0';
 
 
 
 
 
 
 
3158
  }
 
3159
 
3160
  if ( current_user_can( 'wppa_admin' ) && current_user_can( 'wppa_moderate' ) ) {
3161
- $real_count = $wpdb->get_var( "SELECT COUNT(*) FROM $wpdb->wppa_photos WHERE `id` IN (".$list.") " );
3162
  if ( $count != $real_count ) {
3163
  update_option( 'wppa_remake_index_photos_status', __('Required', 'wp-photo-album-plus') );
3164
  }
3165
  }
3166
- else { // Not admin, can edit own photos only
3167
- $real_count = $wpdb->get_var( $wpdb->prepare( "SELECT COUNT(*) FROM $wpdb->wppa_photos WHERE `id` IN (".$list.") AND `owner` = %s", wppa_get_user() ) );
3168
- }
3169
 
3170
  $wppa_search_stats[] = array( 'word' => $word, 'count' => $real_count );
3171
  $first = false;
3172
  }
3173
  else {
3174
- $temp_array = wppa_index_string_to_array( trim( $photos, ',' ) );
3175
  $count = empty( $temp_array ) ? '0' : count( $temp_array );
3176
  $list = implode( ',', $temp_array );
3177
 
 
 
 
 
 
 
 
 
 
 
 
 
3178
  if ( current_user_can( 'wppa_admin' ) && current_user_can( 'wppa_moderate' ) ) {
3179
- $real_count = $wpdb->get_var( "SELECT COUNT(*) FROM $wpdb->wppa_photos WHERE `id` IN (".$list.") " );
3180
  if ( $count != $real_count ) {
3181
  update_option( 'wppa_remake_index_photos_status', __('Required', 'wp-photo-album-plus') );
3182
  }
3183
  }
3184
- else { // Not admin, can edit own photos only
3185
- $real_count = $wpdb->get_var( $wpdb->prepare( "SELECT COUNT(*) FROM $wpdb->wppa_photos WHERE `id` IN (".$list.") AND `owner` = %s", wppa_get_user() ) );
3186
- }
3187
 
3188
  $wppa_search_stats[] = array( 'word' => $word, 'count' => $real_count );
3189
  $photo_array = array_intersect( $photo_array, $temp_array );
@@ -3193,25 +3190,35 @@ global $wppa_search_stats;
3193
 
3194
  if ( ! empty( $photo_array ) ) {
3195
 
3196
- foreach( array_keys( $photo_array ) as $key ) {
3197
- $photo_array[$key] = "'" . strval( intval ( $photo_array[$key] ) ) . "'";
3198
- }
3199
- $list = implode( ',', $photo_array );
3200
-
3201
- if ( current_user_can( 'wppa_admin' ) && current_user_can( 'wppa_moderate' ) ) {
3202
- $totcount = $wpdb->get_var( "SELECT COUNT(*) FROM $wpdb->wppa_photos WHERE `id` IN (".$list.") " );
3203
- }
3204
- else { // Not admin, can edit own photos only
3205
- $totcount = $wpdb->get_var( $wpdb->prepare( "SELECT COUNT(*) FROM $wpdb->wppa_photos WHERE `id` IN (".$list.") AND `owner` = %s" , wppa_get_user() ) );
3206
  }
 
3207
 
3208
  $wppa_search_stats[] = array( 'word' => __( 'Combined', 'wp-photo-album-plus'), 'count' => $totcount );
3209
 
3210
- if ( current_user_can( 'wppa_admin' ) && current_user_can( 'wppa_moderate' ) ) {
3211
- $photos = $wpdb->get_results( "SELECT * FROM $wpdb->wppa_photos WHERE `id` IN (".$list.") " . wppa_get_photo_order( '0', 'norandom' ).$limit, ARRAY_A );
3212
- }
3213
- else { // Not admin, can edit own photos only
3214
- $photos = $wpdb->get_results( $wpdb->prepare( "SELECT * FROM $wpdb->wppa_photos WHERE `id` IN (".$list.") AND `owner` = %s" . wppa_get_photo_order( '0', 'norandom' ).$limit, wppa_get_user() ), ARRAY_A );
 
 
 
 
 
 
 
 
 
 
3215
  }
3216
  }
3217
  else {
@@ -3368,7 +3375,7 @@ function wppa_fe_edit_new_style( $photo ) {
3368
  // Get custom data
3369
  $custom = wppa_get_photo_item( $photo, 'custom' );
3370
  if ( $custom ) {
3371
- $custom_data = unserialize( $custom );
3372
  }
3373
  else {
3374
  $custom_data = array( '', '', '', '', '', '', '', '', '', '' );
3
  * Package: wp-photo-album-plus
4
  *
5
  * edit and delete photos
6
+ * Version 6.9.15
7
  *
8
  */
9
 
87
  wppa_vfy_arg( 'wppa-page' );
88
 
89
  $pagesize = wppa_opt( 'photo_admin_pagesize' );
90
+ $page = isset ( $_GET['wppa-page'] ) ? strval( intval( $_GET['wppa-page'] ) ) : '1';
91
  $skip = ( $page - '1' ) * $pagesize;
 
92
 
93
  // Edit the photos in a specific album
94
  if ( $album ) {
95
 
96
  // Special album case: search (see last album line in album table)
97
  if ( $album == 'search' ) {
98
+ $count = wppa_get_edit_search_photos( '', '', 'count_only' );
99
+ $photos = wppa_get_edit_search_photos( $skip, $pagesize );
100
  $link = wppa_dbg_url( get_admin_url() . 'admin.php' .
101
  '?page=wppa_admin_menu' .
102
  '&tab=edit' .
108
 
109
  // Edit trashed photos
110
  elseif ( $album == 'trash' ) {
111
+ $photos = $wpdb->get_results( $wpdb->prepare( "SELECT * FROM {$wpdb->prefix}wppa_photos
112
+ WHERE album < '0' ORDER BY modified DESC
113
+ LIMIT %d, %d", $skip, $pagesize ), ARRAY_A );
114
+ $count = is_array( $photos ) ? count( $photos ) : 0;
115
  $link = wppa_dbg_url( get_admin_url() . 'admin.php' .
116
  '?page=wppa_admin_menu' .
117
  '&tab=edit' .
124
  elseif ( $album == 'single' ) {
125
  $p = strval( intval( $_REQUEST['photo'] ) );
126
  $count = $p ? 1 : 0;
127
+ $photos = $wpdb->get_results( $wpdb->prepare( "SELECT * FROM {$wpdb->prefix}wppa_photos
128
+ WHERE id = %d", $p ), ARRAY_A );
129
+ $count = is_array( $photos ) ? count( $photos ) : 0;
130
  $link = '';
131
  }
132
 
134
  else {
135
  $counts = wppa_get_treecounts_a( $album, true );
136
  $count = $counts['selfphotos'] + $counts['pendselfphotos'] + $counts['scheduledselfphotos'];
137
+ $photos = $wpdb->get_results( $wpdb->prepare( "SELECT * FROM {$wpdb->prefix}wppa_photos
138
+ WHERE album = %s
139
+ " . wppa_get_photo_order( $album ) . "
140
+ LIMIT %d, %d", $album, $skip, $pagesize ), ARRAY_A );
141
+
 
 
 
142
  $link = wppa_dbg_url( get_admin_url() . 'admin.php' .
143
  '?page=wppa_admin_menu' .
144
  '&tab=edit' .
151
  // Edit a single photo
152
  elseif ( $photo && ! $moderate ) {
153
  $count = '1';
154
+ $photos = $wpdb->get_results( $wpdb->prepare( "SELECT * FROM {$wpdb->prefix}wppa_photos
155
+ WHERE id = %s", $photo ), ARRAY_A );
 
 
 
 
156
  $link = '';
157
  }
158
 
159
  // Edit the photos of a specific owner
160
  elseif ( $owner ) {
161
+ $photos = $wpdb->get_results( $wpdb->prepare( "SELECT * FROM {$wpdb->prefix}wppa_photos
162
+ WHERE owner = %s
163
+ ORDER BY timestamp DESC
164
+ LIMIT %d, %d", $owner, $skip, $pagesize ), ARRAY_A );
165
+ $count = is_array( $photos ) ? count( $photos ) : 0;
 
 
 
 
 
 
 
 
 
166
  $link = wppa_dbg_url( get_admin_url() . 'admin.php' . '?page=wppa_edit_photo' . '&wppa_nonce=' . wp_create_nonce('wppa_nonce') );
167
  }
168
 
176
 
177
  // Moderate a single photo
178
  if ( $photo ) {
179
+ $photos = $wpdb->get_results( $wpdb->prepare( "SELECT * FROM {$wpdb->prefix}wppa_photos
180
+ WHERE `id` = %s", $photo ), ARRAY_A );
181
+ $count = is_array( $photos ) ? count( $photos ) : 0;
 
 
 
 
182
  $link = '';
183
  }
184
 
185
  // Are there photos with pending comments?
186
  else {
 
 
 
 
 
 
187
 
188
+ // Find pending comments
189
+ $cmt = $wpdb->get_results( "SELECT photo FROM {$wpdb->prefix}wppa_comments
190
+ WHERE status = 'pending'
191
+ OR `status` = 'spam'", ARRAY_A );
192
+
193
+ $photos = array();
194
+
195
+ if ( is_array( $cmt ) && count( $cmt ) ) {
196
+
197
+ $cmt = array_unique( $cmt );
198
+
199
+ foreach( $cmt as $id ) {
200
+ $photos[] = $wpdb->get_row( $wpdb->prepare( "SELECT * FROM {$wpdb->prefix}wppa_photos
201
+ WHERE id = %d", $id ), ARRAY_A );
202
  }
203
  }
 
 
 
 
 
 
 
 
 
 
 
 
204
  $link = wppa_dbg_url( get_admin_url() . 'admin.php' . '?page=wppa_moderate_photos' . '&wppa_nonce=' . wp_create_nonce('wppa_nonce') );
205
  }
206
 
229
  '<h3>' .
230
  __( 'Manage all photos by timestamp' , 'wp-photo-album-plus') .
231
  '</h3>';
232
+
233
+ $photos = $wpdb->get_results( $wpdb->prepare( "SELECT * FROM {$wpdb->prefix}wppa_photos
234
+ ORDER BY `timestamp` DESC
235
+ LIMIT %d, %d", $skip, $pagesize ), ARRAY_A );
236
+
237
+ $count = is_array( $photos ) ? count( $phots ) : 0;
 
 
 
238
  $link = wppa_dbg_url( get_admin_url() . 'admin.php' . '?page=wppa_moderate_photos' . '&wppa_nonce=' . wp_create_nonce('wppa_nonce') );
239
  }
240
 
430
 
431
  if ( true || confirm( query ) ) {
432
  jQuery( '#wppa-admin-spinner' ).css( 'display', 'inline' );
433
+ _wppaAjaxUpdatePhoto( id, slug, 0, false );
434
  }
435
  }
436
 
476
 
477
 
478
  // Display the pagelinks
 
479
  wppa_admin_page_links( $page, $pagesize, $count, $link );
480
 
481
  // Horizon
1818
  if ( wppa_switch( 'custom_fields' ) ) {
1819
  $custom = wppa_get_photo_item( $photo['id'], 'custom' );
1820
  if ( $custom ) {
1821
+ $custom_data = wppa_unserialize( $custom );
1822
  }
1823
  else {
1824
  $custom_data = array( '', '', '', '', '', '', '', '', '', '' );
2056
 
2057
  // Exif
2058
  if ( ! $quick ) {
2059
+ $exifs = $wpdb->get_results( $wpdb->prepare( "SELECT * FROM {$wpdb->prefix}wppa_exif
2060
+ WHERE photo = %s
2061
+ ORDER BY tag, id", $id ), ARRAY_A );
2062
  if ( ! empty( $exifs ) ) {
2063
  $brand = wppa_get_camera_brand( $id );
2064
  echo
2088
  foreach ( $exifs as $exif ) {
2089
  $desc = $exif['description'];
2090
  if ( is_serialized( $desc ) ) {
2091
+ $desc = 'Array(' . count( wppa_unserialize( $desc ) ) . ')';
2092
  }
2093
  echo '
2094
  <tr id="exif-tr-' . $exif['id'] . '" >
2127
 
2128
  // Comments
2129
  if ( ! $quick ) {
2130
+ $comments = $wpdb->get_results( $wpdb->prepare( "SELECT * FROM {$wpdb->prefix}wppa_comments
2131
+ WHERE photo = %s
2132
+ ORDER BY timestamp DESC ", $id ), ARRAY_A );
2133
  if ( ! empty( $comments ) ) {
2134
  echo
2135
  '<table' .
2239
  break;
2240
  case 'wppa-bulk-move-to':
2241
  if ( $newalb ) {
2242
+ $photo = $wpdb->get_row( $wpdb->prepare( "SELECT * FROM {$wpdb->prefix}wppa_photos WHERE `id` = %s", $id ), ARRAY_A );
2243
  if ( wppa_switch( 'void_dups' ) ) { // Check for already exists
2244
+ $exists = $wpdb->get_var ( $wpdb->prepare ( "SELECT COUNT(*) FROM {$wpdb->prefix}wppa_photos WHERE `filename` = %s AND `album` = %s", $photo['filename'], $newalb ) );
2245
  if ( $exists ) { // Already exists
2246
  wppa_error_message ( sprintf ( __( 'A photo with filename %s already exists in album %s.' , 'wp-photo-album-plus'), $photo['filename'], $newalb ) );
2247
  $skip = true;
2259
  if ( $newalb ) {
2260
  $photo = $wpdb->get_row( $wpdb->prepare( 'SELECT * FROM '.WPPA_PHOTOS.' WHERE `id` = %s', $id ), ARRAY_A );
2261
  if ( wppa_switch( 'void_dups' ) ) { // Check for already exists
2262
+ $exists = $wpdb->get_var ( $wpdb->prepare ( "SELECT COUNT(*) FROM {$wpdb->prefix}wppa_photos WHERE `filename` = %s AND `album` = %s", $photo['filename'], $newalb ) );
2263
  if ( $exists ) { // Already exists
2264
  wppa_error_message ( sprintf ( __( $exists.'A photo with filename %s already exists in album %s.' , 'wp-photo-album-plus'), $photo['filename'], $newalb ) );
2265
  $skip = true;
2278
  }
2279
  if ( current_user_can( 'wppa_admin' ) || current_user_can( 'wppa_moderate' ) ) {
2280
  if ( $status == 'publish' || $status == 'pending' || wppa_user_is( 'administrator' ) || ! wppa_switch( 'ext_status_restricted' ) ) {
2281
+ $wpdb->query( $wpdb->prepare( "UPDATE {$wpdb->prefix}wppa_photos SET `status` = %s WHERE `id` = %d", $status, $id ) );
2282
  wppa_invalidate_treecounts( wppa_get_photo_item( $id, 'album' ) );
2283
  }
2284
  else wp_die( 'Security check failure 2' );
2291
  $owner = sanitize_user( $owner );
2292
  $exists = $wpdb->get_var( "SELECT COUNT(*) FROM `".$wpdb->users."` WHERE `user_login` = '".$owner."'" );
2293
  if ( $exists ) {
2294
+ $wpdb->query( $wpdb->prepare( "UPDATE {$wpdb->prefix}wppa_photos SET `owner` = %s WHERE `id` = %d", $owner, $id ) );
2295
  }
2296
  else {
2297
  wppa_error_message( 'A user with login name '.$owner.' does not exist.' );
2343
  }
2344
  }
2345
 
2346
+ $pagesize = wppa_opt( 'photo_admin_pagesize' ) ? wppa_opt( 'photo_admin_pagesize' ) : '20';
2347
  $next_after = isset ( $_REQUEST['next-after'] ) ? strval( intval( $_REQUEST['next-after'] ) ) : '0';
2348
  $page = ( isset( $_GET['wppa-page'] ) ? max( strval( intval( $_GET['wppa-page'] ) ), '1' ) : '1' ) + ( isset( $_POST['next-after'] ) ? $_POST['next-after'] : '0' );
2349
  $skip = ( $page > '0' ? ( $page - '1' ) * $pagesize : '0' );
2350
+
 
 
 
 
 
 
 
 
 
 
2351
  if ( $album ) {
2352
  if ( $album == 'moderate' ) {
2353
+ $count = $wpdb->get_var( "SELECT COUNT(*) FROM {$wpdb->prefix}wppa_photos WHERE status = 'pending'" );
2354
+
2355
+ $photos = $wpdb->get_results( $wpdb->prepare( "SELECT * FROM {$wpdb->prefix}wppa_photos
2356
+ WHERE status = 'pending'
2357
+ ORDER BY album DESC, timestamp DESC
2358
+ LIMIT %d, %d", $skip, $pagesize ), ARRAY_A );
2359
+
2360
  $link = wppa_dbg_url( get_admin_url().'admin.php?page=wppa_moderate_photos' );
2361
  }
2362
  elseif ( $album == 'search' ) {
2363
+ $count = wppa_get_edit_search_photos( '', '', 'count_only' );
2364
+ $photos = wppa_get_edit_search_photos( $skip, $pagesize );
2365
+
2366
  $link = wppa_dbg_url( get_admin_url().'admin.php?page=wppa_admin_menu&tab=edit&edit_id='.$album.'&wppa-searchstring='.wppa_sanitize_searchstring($_REQUEST['wppa-searchstring']).'&bulk'.'&wppa_nonce=' . wp_create_nonce('wppa_nonce') );
2367
  wppa_show_search_statistics();
2368
  }
2369
  else {
2370
+ $count = $wpdb->get_var( $wpdb->prepare( "SELECT COUNT(*) FROM {$wpdb->prefix}wppa_photos
2371
+ WHERE album = %s", $album ) );
2372
+
2373
+ $photos = $wpdb->get_results( $wpdb->prepare( "SELECT * FROM {$wpdb->prefix}wppa_photos
2374
+ WHERE album = %s
2375
+ " . wppa_get_photo_order( $album ) . "
2376
+ LIMIT %d, %d", $album, $skip, $pagesize ), ARRAY_A );
2377
+
2378
  $link = wppa_dbg_url( get_admin_url().'admin.php?page=wppa_admin_menu&tab=edit&edit_id='.$album.'&bulk'.'&wppa_nonce=' . wp_create_nonce('wppa_nonce') );
2379
  }
2380
 
2876
  $photoorder = wppa_get_photo_order( $album, 'norandom' );
2877
  $is_descending = strpos( $photoorder, 'DESC' ) !== false;
2878
  $is_p_order = strpos( $photoorder, 'p_order' ) !== false;
2879
+
2880
+ $photos = $wpdb->get_results( $wpdb->prepare( "SELECT * FROM {$wpdb->prefix}wppa_photos
2881
+ WHERE album = %s" . $photoorder, $album ), ARRAY_A );
2882
+
2883
  $link = wppa_dbg_url( get_admin_url().'admin.php?page=wppa_admin_menu&tab=edit&edit_id='.$album.'&bulk'.'&wppa_nonce=' . wp_create_nonce('wppa_nonce') );
2884
  $size = '180';
2885
 
3074
  }
3075
  }
3076
 
3077
+ function wppa_get_edit_search_photos( $skip = '', $pagesize = '', $count_only = false ) {
3078
  global $wpdb;
3079
  global $wppa_search_stats;
3080
 
3110
 
3111
  // Find lines in index db table
3112
  if ( wppa_switch( 'wild_front' ) ) {
3113
+ $pword = '%' . $wpdb->esc_like( $word ) . '%';
3114
  }
3115
  else {
3116
+ $pword = $wpdb->esc_like( $word ) . '%';
3117
  }
3118
 
3119
+ // According to the doc ( https://codex.wordpress.org/Class_Reference/wpdb/esc_like ) this should work,
3120
+ // but it generates an error saying: Too few arguments to function wpdb::prepare(), 1 passed in /... and exactly 2 expected
3121
+ // $pidxs = $wpdb->get_results( $wpdb->prepare( "SELECT slug, photos FROM {$wpdb->prefix}wppa_index
3122
+ // WHERE slug LIKE %s" ), $pword, ARRAY_A );
3123
+ // So we must do it without prepare:
3124
+ $pidxs = $wpdb->get_results( "SELECT slug, photos FROM {$wpdb->prefix}wppa_index
3125
+ WHERE slug LIKE '" . $pword . "'", ARRAY_A );
3126
+ $photos = array();
3127
 
3128
+ // Accumulate photo ids
3129
  foreach ( $pidxs as $pi ) {
3130
+
3131
+ $delta_arr = wppa_index_string_to_array( trim( $pi['photos'], ',' ) );
3132
+ $photos = array_merge( $photos, $delta_arr );
3133
+
3134
  }
3135
+ $photos = array_unique( $photos, SORT_NUMERIC );
3136
 
3137
  if ( $first ) {
3138
+ $photo_array = $photos;
3139
  $count = empty( $photo_array ) ? '0' : count( $photo_array );
3140
+
3141
+ // If not admin, remove not owned photos from array
3142
+ if ( ! current_user_can( 'wppa_admin' ) || ! current_user_can( 'wppa_moderate' ) ) {
3143
+ $u = wppa_get_user();
3144
+ foreach( array_keys( $photo_array ) as $k ) {
3145
+ $id = $photo_array[$k];
3146
+ if ( $wpdb->get_var( $wpdb->prepare( "SELECT owner FROM {$wpdb->prefix}wppa_photos WHERE id = %d", $id ) ) != $u ) {
3147
+ unset( $photo_array[$k] );
3148
+ }
3149
+ }
3150
  }
3151
+ $real_count = count( $photo_array );
3152
 
3153
  if ( current_user_can( 'wppa_admin' ) && current_user_can( 'wppa_moderate' ) ) {
 
3154
  if ( $count != $real_count ) {
3155
  update_option( 'wppa_remake_index_photos_status', __('Required', 'wp-photo-album-plus') );
3156
  }
3157
  }
 
 
 
3158
 
3159
  $wppa_search_stats[] = array( 'word' => $word, 'count' => $real_count );
3160
  $first = false;
3161
  }
3162
  else {
3163
+ $temp_array = $photos;
3164
  $count = empty( $temp_array ) ? '0' : count( $temp_array );
3165
  $list = implode( ',', $temp_array );
3166
 
3167
+ // If not admin, remove not owned photos from array
3168
+ if ( ! current_user_can( 'wppa_admin' ) || ! current_user_can( 'wppa_moderate' ) ) {
3169
+ $u = wppa_get_user();
3170
+ foreach( array_keys( $temp_array ) as $k ) {
3171
+ $id = $temp_array[$k];
3172
+ if ( $wpdb->get_var( $wpdb->prepare( "SELECT owner FROM {$wpdb->prefix}wppa_photos WHERE id = %d", $id ) ) != $u ) {
3173
+ unset( $temp_array[$k] );
3174
+ }
3175
+ }
3176
+ }
3177
+ $real_count = count( $temp_array );
3178
+
3179
  if ( current_user_can( 'wppa_admin' ) && current_user_can( 'wppa_moderate' ) ) {
 
3180
  if ( $count != $real_count ) {
3181
  update_option( 'wppa_remake_index_photos_status', __('Required', 'wp-photo-album-plus') );
3182
  }
3183
  }
 
 
 
3184
 
3185
  $wppa_search_stats[] = array( 'word' => $word, 'count' => $real_count );
3186
  $photo_array = array_intersect( $photo_array, $temp_array );
3190
 
3191
  if ( ! empty( $photo_array ) ) {
3192
 
3193
+ // If not admin, remove not owned photos from array
3194
+ if ( ! current_user_can( 'wppa_admin' ) || ! current_user_can( 'wppa_moderate' ) ) {
3195
+ $u = wppa_get_user();
3196
+ foreach( array_keys( $photo_array ) as $k ) {
3197
+ $id = $photo_array[$k];
3198
+ if ( $wpdb->get_var( $wpdb->prepare( "SELECT owner FROM {$wpdb->prefix}wppa_photos WHERE id = %d", $id ) ) != $u ) {
3199
+ unset( $photo_array[$k] );
3200
+ }
3201
+ }
 
3202
  }
3203
+ $totcount = count( $photo_array );
3204
 
3205
  $wppa_search_stats[] = array( 'word' => __( 'Combined', 'wp-photo-album-plus'), 'count' => $totcount );
3206
 
3207
+ $photos = array();
3208
+ sort( $photo_array, SORT_NUMERIC );
3209
+
3210
+ $photo_array = array_reverse( $photo_array );
3211
+ $s = $skip;
3212
+ $l = $pagesize;
3213
+ if ( ! $l ) $l = 1000;
3214
+ foreach( $photo_array as $id ) {
3215
+ if ( $s ) {
3216
+ $s--;
3217
+ }
3218
+ elseif( $l ) {
3219
+ $photos[] = $wpdb->get_row( $wpdb->prepare( "SELECT * FROM {$wpdb->prefix}wppa_photos WHERE id = %d", $id ), ARRAY_A );
3220
+ $l--;
3221
+ }
3222
  }
3223
  }
3224
  else {
3375
  // Get custom data
3376
  $custom = wppa_get_photo_item( $photo, 'custom' );
3377
  if ( $custom ) {
3378
+ $custom_data = wppa_unserialize( $custom );
3379
  }
3380
  else {
3381
  $custom_data = array( '', '', '', '', '', '', '', '', '', '' );
wppa-session.php CHANGED
@@ -3,7 +3,7 @@
3
  * Package: wp-photo-album-plus
4
  *
5
  * Contains all session routines
6
- * Version 6.9.14
7
  *
8
  * Firefox modifies data in the superglobal $_SESSION.
9
  * See https://bugzilla.mozilla.org/show_bug.cgi?id=991019
@@ -42,10 +42,10 @@ global $wppa_session;
42
  // Started but expired?
43
  if ( $session ) {
44
  if ( $session['timestamp'] < $expire ) {
45
-
46
  $wpdb->query( $wpdb->prepare( "UPDATE $wpdb->wppa_session SET `status` = 'expired' WHERE `id` = %s", $session['id'] ) );
47
  $session = false;
48
-
49
  // Anonimize all expired sessions, except robots (for the statistics widget)
50
  $wpdb->query( "UPDATE $wpdb->wppa_session " .
51
  "SET `ip` = '', `user` = '', `data` = '' " .
@@ -92,7 +92,7 @@ global $wppa_session;
92
 
93
  // Session exists, Update counter
94
  else {
95
- $wppa_session = unserialize( $data );
96
 
97
  $wpdb->query( $wpdb->prepare( "UPDATE $wpdb->wppa_session SET `count` = %s WHERE `id` = %s", $session['count'] + '1', $session['id'] ) );
98
  }
3
  * Package: wp-photo-album-plus
4
  *
5
  * Contains all session routines
6
+ * Version 6.9.15
7
  *
8
  * Firefox modifies data in the superglobal $_SESSION.
9
  * See https://bugzilla.mozilla.org/show_bug.cgi?id=991019
42
  // Started but expired?
43
  if ( $session ) {
44
  if ( $session['timestamp'] < $expire ) {
45
+
46
  $wpdb->query( $wpdb->prepare( "UPDATE $wpdb->wppa_session SET `status` = 'expired' WHERE `id` = %s", $session['id'] ) );
47
  $session = false;
48
+
49
  // Anonimize all expired sessions, except robots (for the statistics widget)
50
  $wpdb->query( "UPDATE $wpdb->wppa_session " .
51
  "SET `ip` = '', `user` = '', `data` = '' " .
92
 
93
  // Session exists, Update counter
94
  else {
95
+ $wppa_session = wppa_unserialize( $data );
96
 
97
  $wpdb->query( $wpdb->prepare( "UPDATE $wpdb->wppa_session SET `count` = %s WHERE `id` = %s", $session['count'] + '1', $session['id'] ) );
98
  }
wppa-settings-autosave.php CHANGED
@@ -3,7 +3,7 @@
3
  * Package: wp-photo-album-plus
4
  *
5
  * manage all options
6
- * Version 6.9.14
7
  *
8
  */
9
 
@@ -29,6 +29,13 @@ global $wppa_supported_camara_brands;
29
  // Start test area
30
  /*
31
  echo '<input type="button" vaue="Click me" onclick="wppaTimedConfirm( \'My Text\' )" />';
 
 
 
 
 
 
 
32
  */
33
  // End test area
34
 
@@ -8603,9 +8610,9 @@ echo '<input type="button" vaue="Click me" onclick="wppaTimedConfirm( \'My Text\
8603
  $desc = __('The number of albums per page on the Edit Album admin page.', 'wp-photo-album-plus');
8604
  $help = '';
8605
  $slug = 'wppa_album_admin_pagesize';
8606
- $options = array( __('--- off ---', 'wp-photo-album-plus'), '10', '20', '50', '100', '200');
8607
- $values = array('0', '10', '20', '50', '100', '200');
8608
- $html = wppa_select($slug, $options, $values);
8609
  $clas = '';
8610
  $tags = 'system,page';
8611
  wppa_setting($slug, '6.1', $name, $desc, $html, $help, $clas, $tags);
@@ -8614,9 +8621,9 @@ echo '<input type="button" vaue="Click me" onclick="wppaTimedConfirm( \'My Text\
8614
  $desc = __('The number of photos per page on the <br/>Edit Album -> Manage photos and Edit Photos admin pages.', 'wp-photo-album-plus');
8615
  $help = '';
8616
  $slug = 'wppa_photo_admin_pagesize';
8617
- $options = array( __('--- off ---', 'wp-photo-album-plus'), '10', '20', '50', '100', '200');
8618
- $values = array('0', '10', '20', '50', '100', '200');
8619
- $html = wppa_select($slug, $options, $values);
8620
  $clas = '';
8621
  $tags = 'system,page';
8622
  wppa_setting($slug, '6.2', $name, $desc, $html, $help, $clas, $tags);
3
  * Package: wp-photo-album-plus
4
  *
5
  * manage all options
6
+ * Version 6.9.15
7
  *
8
  */
9
 
29
  // Start test area
30
  /*
31
  echo '<input type="button" vaue="Click me" onclick="wppaTimedConfirm( \'My Text\' )" />';
32
+ *//*
33
+ $session = $wpdb->get_row("SELECT * FROM {$wpdb->prefix}wppa_session ORDER BY id DESC LIMIT 1", ARRAY_A );
34
+ echo $session['data'].'<br /><br />';
35
+ var_dump ( unserialize($session['data']));
36
+ echo '<br /><br />';
37
+ var_dump ( wppa_unserialize($session['data']));
38
+ echo '<br /><br />';
39
  */
40
  // End test area
41
 
8610
  $desc = __('The number of albums per page on the Edit Album admin page.', 'wp-photo-album-plus');
8611
  $help = '';
8612
  $slug = 'wppa_album_admin_pagesize';
8613
+ $opts = array( '10', '20', '50', '100', '200' );
8614
+ $vals = array( '10', '20', '50', '100', '200' );
8615
+ $html = wppa_select($slug, $opts, $vals);
8616
  $clas = '';
8617
  $tags = 'system,page';
8618
  wppa_setting($slug, '6.1', $name, $desc, $html, $help, $clas, $tags);
8621
  $desc = __('The number of photos per page on the <br/>Edit Album -> Manage photos and Edit Photos admin pages.', 'wp-photo-album-plus');
8622
  $help = '';
8623
  $slug = 'wppa_photo_admin_pagesize';
8624
+ $opts = array( '10', '20', '50', '100', '200' );
8625
+ $vals = array( '10', '20', '50', '100', '200' );
8626
+ $html = wppa_select($slug, $opts, $vals);
8627
  $clas = '';
8628
  $tags = 'system,page';
8629
  wppa_setting($slug, '6.2', $name, $desc, $html, $help, $clas, $tags);
wppa-setup.php CHANGED
@@ -3,7 +3,7 @@
3
  * Package: wp-photo-album-plus
4
  *
5
  * Contains all the setup stuff
6
- * Version 6.9.14
7
  *
8
  */
9
 
@@ -575,6 +575,15 @@ global $silent;
575
  wppa_schedule_maintenance_proc( 'wppa_recup' );
576
  }
577
  }
 
 
 
 
 
 
 
 
 
578
  }
579
 
580
  // Set Defaults
@@ -1634,7 +1643,7 @@ cursorborder:'2px solid transparent',";
1634
  'wppa_hier_albsel' => 'yes',
1635
  'wppa_hier_pagesel' => 'no',
1636
  'wppa_alt_type' => 'fullname',
1637
- 'wppa_album_admin_pagesize' => '0',
1638
  'wppa_photo_admin_pagesize' => '20',
1639
  'wppa_photo_admin_max_albums' => '500',
1640
  'wppa_comment_admin_pagesize' => '10',
3
  * Package: wp-photo-album-plus
4
  *
5
  * Contains all the setup stuff
6
+ * Version 6.9.15
7
  *
8
  */
9
 
575
  wppa_schedule_maintenance_proc( 'wppa_recup' );
576
  }
577
  }
578
+
579
+ if ( $old_rev <= '6915' ) {
580
+ if ( ! get_option( 'wppa_album_admin_pagesize', '0' ) ) {
581
+ update_option( 'wppa_album_admin_pagesize', '100' );
582
+ }
583
+ if ( ! get_option( 'wppa_photo_admin_pagesize', '0' ) ) {
584
+ update_option( 'wppa_photo_admin_pagesize', '20' );
585
+ }
586
+ }
587
  }
588
 
589
  // Set Defaults
1643
  'wppa_hier_albsel' => 'yes',
1644
  'wppa_hier_pagesel' => 'no',
1645
  'wppa_alt_type' => 'fullname',
1646
+ 'wppa_album_admin_pagesize' => '100',
1647
  'wppa_photo_admin_pagesize' => '20',
1648
  'wppa_photo_admin_max_albums' => '500',
1649
  'wppa_comment_admin_pagesize' => '10',
wppa-source.php CHANGED
@@ -3,7 +3,7 @@
3
  * Package: wp-photo-album-plus
4
  *
5
  * Contains photo source file management routines
6
- * Version 6.6.03
7
  *
8
  */
9
 
@@ -42,7 +42,7 @@ function wppa_save_source( $file, $name, $alb ) {
42
  wppa_log( 'Err', 'Could not create source directory ' . $albdir );
43
  }
44
  $dest = $albdir . '/' . wppa_sanitize_file_name( $name );
45
- if ( $file != $dest ) @ copy( $file, $dest ); // Do not copy to self, and do not bother on failure
46
  if ( is_file( $dest ) ) {
47
  wppa_chmod( $dest );
48
  }
@@ -60,7 +60,7 @@ function wppa_delete_source( $name, $alb ) {
60
 
61
  $all_paths = glob( $path . '.*' );
62
  $o1paths = glob( $path . '-o1.*' );
63
-
64
  if ( is_array( $all_paths ) && is_array( $o1paths ) ) {
65
  $all_paths = array_merge( $all_paths, $o1paths );
66
  }
@@ -118,6 +118,10 @@ global $wppa_supported_photo_extensions;
118
 
119
  // rename without warnings
120
  function wppa_rename( $from, $to ) {
 
 
 
 
121
  if ( is_file( $from ) ) {
122
  if ( is_file( $to ) ) {
123
  copy( $from, $to );
@@ -147,10 +151,10 @@ global $wppa_supported_photo_extensions;
147
 
148
  foreach( $supext as $ext ) {
149
  if ( is_file( $frompath.'.'.$ext ) ) {
150
- @ copy( $frompath.'.'.$ext, $topath.'.'.$ext );
151
  }
152
  if ( is_file( $frompath.'-o1.'.$ext ) ) {
153
- @ copy( $frompath.'-o1.'.$ext, $topath.'-o1.'.$ext );
154
  }
155
  }
156
  }
3
  * Package: wp-photo-album-plus
4
  *
5
  * Contains photo source file management routines
6
+ * Version 6.9.15
7
  *
8
  */
9
 
42
  wppa_log( 'Err', 'Could not create source directory ' . $albdir );
43
  }
44
  $dest = $albdir . '/' . wppa_sanitize_file_name( $name );
45
+ if ( $file != $dest ) @ copy( str_replace( '../', '', $file ), str_replace( '../', '', $dest ) ); // Do not copy to self, and do not bother on failure
46
  if ( is_file( $dest ) ) {
47
  wppa_chmod( $dest );
48
  }
60
 
61
  $all_paths = glob( $path . '.*' );
62
  $o1paths = glob( $path . '-o1.*' );
63
+
64
  if ( is_array( $all_paths ) && is_array( $o1paths ) ) {
65
  $all_paths = array_merge( $all_paths, $o1paths );
66
  }
118
 
119
  // rename without warnings
120
  function wppa_rename( $from, $to ) {
121
+
122
+ $from = str_replace( '../', '', $from );
123
+ $to = str_replace( '../', '', $to );
124
+
125
  if ( is_file( $from ) ) {
126
  if ( is_file( $to ) ) {
127
  copy( $from, $to );
151
 
152
  foreach( $supext as $ext ) {
153
  if ( is_file( $frompath.'.'.$ext ) ) {
154
+ @ copy( str_replace( '../', '', $frompath.'.'.$ext ), str_replace( '../', '', $topath.'.'.$ext ) );
155
  }
156
  if ( is_file( $frompath.'-o1.'.$ext ) ) {
157
+ @ copy( str_replace( '../', '', $frompath.'-o1.'.$ext ), str_replace( '../', '', $topath.'-o1.'.$ext ) );
158
  }
159
  }
160
  }
wppa-statistics.php CHANGED
@@ -4,7 +4,7 @@
4
  *
5
  * Functions for counts etc
6
  * Common use front and admin
7
- * Version 6.9.14
8
  *
9
  */
10
 
@@ -585,7 +585,7 @@ global $wpdb;
585
 
586
  // Convert to array
587
  if ( $treecount_string ) {
588
- $treecount_array = unserialize( $treecount_string );
589
  }
590
  else {
591
  $treecount_array = array();
4
  *
5
  * Functions for counts etc
6
  * Common use front and admin
7
+ * Version 6.9.15
8
  *
9
  */
10
 
585
 
586
  // Convert to array
587
  if ( $treecount_string ) {
588
+ $treecount_array = wppa_unserialize( $treecount_string );
589
  }
590
  else {
591
  $treecount_array = array();
wppa-upload.php CHANGED
@@ -561,8 +561,9 @@ global $upload_album;
561
  return;
562
  }
563
  if ( ! $file['error'][$i] ) {
 
564
  wppa_pdf_preprocess( $file, $upload_album, $i );
565
- $id = wppa_insert_photo( $file['tmp_name'][$i], $upload_album, wppa_sima($file['name'][$i]) );
566
  if ( $id ) {
567
  $uploaded_a_file = true;
568
  $count++;
@@ -597,8 +598,9 @@ global $upload_album;
597
  $count = '0';
598
  foreach ( $_FILES as $file ) {
599
  if ( $file['tmp_name'] != '' ) {
 
600
  wppa_pdf_preprocess( $file, $upload_album );
601
- $id = wppa_insert_photo( $file['tmp_name'], $upload_album, wppa_sima( $file['name'] ) );
602
  if ( $id ) {
603
  $uploaded_a_file = true;
604
  $count++;
561
  return;
562
  }
563
  if ( ! $file['error'][$i] ) {
564
+ wppa( 'unsanitized_filename', $file['name'][$i] );
565
  wppa_pdf_preprocess( $file, $upload_album, $i );
566
+ $id = wppa_insert_photo( $file['tmp_name'][$i], $upload_album, $file['name'][$i] );
567
  if ( $id ) {
568
  $uploaded_a_file = true;
569
  $count++;
598
  $count = '0';
599
  foreach ( $_FILES as $file ) {
600
  if ( $file['tmp_name'] != '' ) {
601
+ wppa( 'unsanitized_filename', $file['name'] );
602
  wppa_pdf_preprocess( $file, $upload_album );
603
+ $id = wppa_insert_photo( $file['tmp_name'], $upload_album, $file['name'] );
604
  if ( $id ) {
605
  $uploaded_a_file = true;
606
  $count++;
wppa-utils.php CHANGED
@@ -3,7 +3,7 @@
3
  * Package: wp-photo-album-plus
4
  *
5
  * Contains low-level utility routines
6
- * Version 6.9.14
7
  *
8
  */
9
 
@@ -2123,6 +2123,10 @@ global $wpdb;
2123
  $name = $thumb['filename']; // The default default
2124
  $filename = $thumb['filename'];
2125
 
 
 
 
 
2126
  switch ( $method ) {
2127
  case 'none':
2128
  $name = '';
@@ -2151,11 +2155,11 @@ global $wpdb;
2151
  break;
2152
  }
2153
  if ( ( $name && $name != $filename ) || $method == 'none' ) { // Update name
2154
- $wpdb->query( $wpdb->prepare( "UPDATE $wpdb->wppa_photos SET `name` = %s WHERE `id` = %s", $name, $id ) );
2155
  wppa_cache_thumb( 'invalidate', $id ); // Invalidate cache
2156
  }
2157
  if ( ! wppa_switch( 'save_iptc') ) { // He doesn't want to keep the iptc data, so...
2158
- $wpdb->query($wpdb->prepare( "DELETE FROM `".WPPA_IPTC."` WHERE `photo` = %s", $id ) );
2159
  }
2160
 
2161
  // In case owner must be set to name.
@@ -4938,4 +4942,119 @@ function wppa_rename_files_sanitized( $root ) {
4938
  }
4939
  }
4940
  }
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
4941
  }
3
  * Package: wp-photo-album-plus
4
  *
5
  * Contains low-level utility routines
6
+ * Version 6.9.15
7
  *
8
  */
9
 
2123
  $name = $thumb['filename']; // The default default
2124
  $filename = $thumb['filename'];
2125
 
2126
+ if ( ! $filename_raw ) {
2127
+ $filename_raw = wppa( 'unsanitized_filename' );
2128
+ }
2129
+
2130
  switch ( $method ) {
2131
  case 'none':
2132
  $name = '';
2155
  break;
2156
  }
2157
  if ( ( $name && $name != $filename ) || $method == 'none' ) { // Update name
2158
+ $wpdb->query( $wpdb->prepare( "UPDATE {$wpdb->prefix}wppa_photos SET `name` = %s WHERE `id` = %s", $name, $id ) );
2159
  wppa_cache_thumb( 'invalidate', $id ); // Invalidate cache
2160
  }
2161
  if ( ! wppa_switch( 'save_iptc') ) { // He doesn't want to keep the iptc data, so...
2162
+ $wpdb->query($wpdb->prepare( "DELETE FROM {$wpdb->prefix}wppa_iptc WHERE `photo` = %s", $id ) );
2163
  }
2164
 
2165
  // In case owner must be set to name.
4942
  }
4943
  }
4944
  }
4945
+ }
4946
+
4947
+ // PHP unserialize() is unsafe because it can produce dangerous objects
4948
+ // This function unserializes arrays only
4949
+ // In case of error or dangerous data, returns an empty array
4950
+ function wppa_unserialize( $xstring ) {
4951
+
4952
+ $string = $xstring;
4953
+
4954
+ $result = array();
4955
+
4956
+ // Assume its an array, else return the input string
4957
+ $type = substr( $string, 0, 2 );
4958
+ $string = substr( $string, 2 );
4959
+
4960
+ $cpos = strpos( $string, ':' );
4961
+ $count = substr( $string, 0, $cpos );
4962
+ $string = substr( $string, $cpos + 1 );
4963
+ $string = trim( $string, '{}' );
4964
+
4965
+ if ( $type != 'a:' ) {
4966
+ // echo 'Exit 1';
4967
+ wppa_log( 'Err', 'Not serialized arraydata encountered in wppa_unserialize()' );
4968
+ return array();
4969
+ }
4970
+
4971
+ // Process data items
4972
+ while ( strlen( $string ) ) {
4973
+
4974
+ // Decode the key
4975
+ $keytype = substr( $string, 0, 2 );
4976
+ $string = substr( $string, 2 );
4977
+ switch ( $keytype ) {
4978
+
4979
+ // Integer key
4980
+ case 'i:':
4981
+ $cpos = strpos( $string, ';' );
4982
+ $key = intval( substr( $string, 0, $cpos ) );
4983
+ $string = substr( $string, $cpos + 1 );
4984
+ //echo 'Keytype=' . $keytype . ', keyvalue=' . $key . ', string=' . $string . '<br />';
4985
+ break;
4986
+
4987
+ // String key
4988
+ case 's:':
4989
+ $cpos = strpos( $string, ':' );
4990
+ $keylen = intval( substr( $string, 0, $cpos ) );
4991
+ $string = substr( $string, $cpos + 1 );
4992
+ $cpos = strpos( $string, ';' );
4993
+ $key = substr( $string, 1, $keylen );
4994
+ $string = substr( $string, $cpos + 1 );
4995
+ //echo 'Keytype='. $keytype . ', keylen=' . $keylen . ', keyvalue=' . $key . ', string='. $string.'<br />';;
4996
+
4997
+ break;
4998
+
4999
+ // Unimplemented key type
5000
+ default:
5001
+ // echo 'Exit 2' . $type;
5002
+ wppa_log( 'Err', 'Unimplemented keytype ' . $keytype . ' encountered in wppa_unserialize()' );
5003
+ return array();
5004
+ }
5005
+
5006
+ // Decode the data
5007
+ $datatype = substr( $string, 0, 2 );
5008
+ $string = substr( $string, 2 );
5009
+
5010
+ switch ( $datatype ) {
5011
+
5012
+ // Integer data
5013
+ case 'i:':
5014
+ $cpos = strpos( $string, ';' );
5015
+ $data = intval( substr( $string, 0, $cpos ) );
5016
+ $string = substr( $string, $cpos + 1 );
5017
+ //echo 'Datatype='. $datatype . ', datavalue=' . $data . ', string='. $string.'<br />';;
5018
+ break;
5019
+
5020
+ // String data
5021
+ case 's:':
5022
+ $cpos = strpos( $string, ':' );
5023
+ $datalen = intval( substr( $string, 0, $cpos ) );
5024
+ $string = substr( $string, $cpos + 1 );
5025
+ $data = substr( $string, 1, $datalen );
5026
+ $string = substr( $string, $datalen + 3 );
5027
+ //echo 'Datatype='. $datatype . ', datalen=' . $datalen . ', datavalue=' . $data . ', string='. $string.'<br />';;
5028
+ break;
5029
+
5030
+ // Boolean
5031
+ case 'b:':
5032
+ $data = substr( $string, 0, 1 ) == '1';
5033
+ $string = substr( $string, 2 );
5034
+ break;
5035
+
5036
+ // NULL
5037
+ case 'N;':
5038
+ $data = NULL;
5039
+ break;
5040
+
5041
+ // Array data
5042
+ case 'a:':
5043
+ $cbpos = strpos( $string, '}' );
5044
+ $data = wppa_unserialize( 'a:' . substr( $string, 0, $cbpos + 1 ) );
5045
+ $string = substr( $string, $cbpos + 1 );
5046
+ break;
5047
+
5048
+ // Unimplemented data type
5049
+ default:
5050
+ // echo 'Exit 3 '.$datatype;
5051
+ wppa_log( 'Err', 'Unimplemented data type ' . $datatype . ' encountered in wppa_unserialize()' );
5052
+ return array();
5053
+ }
5054
+
5055
+ // Add to result array
5056
+ $result[$key] = $data;
5057
+ }
5058
+
5059
+ return $result;
5060
  }
wppa.php CHANGED
@@ -2,7 +2,7 @@
2
  /*
3
  * Plugin Name: WP Photo Album Plus
4
  * Description: Easily manage and display your photo albums and slideshows within your WordPress site.
5
- * Version: 6.9.14.002
6
  * Author: J.N. Breetvelt a.k.a. OpaJaap
7
  * Author URI: http://wppa.opajaap.nl/
8
  * Plugin URI: http://wordpress.org/extend/plugins/wp-photo-album-plus/
@@ -22,8 +22,8 @@ global $wpdb;
22
  global $wp_version;
23
 
24
  /* WPPA GLOBALS */
25
- global $wppa_revno; $wppa_revno = '6914'; // WPPA db version
26
- global $wppa_api_version; $wppa_api_version = '6-9-14-002'; // WPPA software version
27
 
28
  /* start timers */
29
  global $wppa_starttime; $wppa_starttime = microtime( true );
2
  /*
3
  * Plugin Name: WP Photo Album Plus
4
  * Description: Easily manage and display your photo albums and slideshows within your WordPress site.
5
+ * Version: 6.9.15.004
6
  * Author: J.N. Breetvelt a.k.a. OpaJaap
7
  * Author URI: http://wppa.opajaap.nl/
8
  * Plugin URI: http://wordpress.org/extend/plugins/wp-photo-album-plus/
22
  global $wp_version;
23
 
24
  /* WPPA GLOBALS */
25
+ global $wppa_revno; $wppa_revno = '6915'; // WPPA db version
26
+ global $wppa_api_version; $wppa_api_version = '6-9-15-004'; // WPPA software version
27
 
28
  /* start timers */
29
  global $wppa_starttime; $wppa_starttime = microtime( true );