WP Photo Album Plus - Version 6.9.16

Version Description

  • This version addresses various minor bug fixes and feature requests.
  • This version addresses various security issues.
Download this release

Release Info

Developer opajaap
Plugin Icon wp plugin WP Photo Album Plus
Version 6.9.16
Comparing to
See all releases

Code changes from version 6.9.15 to 6.9.16

Files changed (32) hide show
  1. changelog.txt +10 -0
  2. readme.txt +7 -2
  3. wppa-admin-functions.php +10 -9
  4. wppa-ajax.php +21 -14
  5. wppa-album-admin-autosave.php +232 -178
  6. wppa-album-covers.php +86 -36
  7. wppa-audio.php +2 -2
  8. wppa-common-functions.php +137 -3
  9. wppa-cron.php +2 -2
  10. wppa-exif-iptc-common.php +10 -5
  11. wppa-export.php +8 -7
  12. wppa-functions.php +25 -14
  13. wppa-htaccess.php +5 -5
  14. wppa-import.php +24 -19
  15. wppa-init.php +2 -1
  16. wppa-items.php +5 -2
  17. wppa-maintenance.php +13 -2
  18. wppa-non-admin.php +5 -5
  19. wppa-photo-admin-autosave.php +8 -13
  20. wppa-photo-files.php +5 -14
  21. wppa-session.php +21 -11
  22. wppa-settings-autosave.php +45 -20
  23. wppa-setup.php +5 -4
  24. wppa-source.php +15 -5
  25. wppa-statistics.php +10 -2
  26. wppa-styles.php +2 -2
  27. wppa-tinymce-photo-front.php +2 -2
  28. wppa-upload.php +2 -2
  29. wppa-utils.php +81 -168
  30. wppa-video.php +2 -2
  31. wppa-wrappers.php +142 -0
  32. wppa.php +3 -3
changelog.txt CHANGED
@@ -1,5 +1,15 @@
1
  WP Photo Album Plus Changelog
2
 
 
 
 
 
 
 
 
 
 
 
3
  = 6.9.15 =
4
 
5
  = Other Changes =
1
  WP Photo Album Plus Changelog
2
 
3
+ = 6.9.16 =
4
+
5
+ = Other Changes =
6
+
7
+ * Increased number of options in Table IX-B6.1 and Table IX-B6.: Album and Photo admin pagesize.
8
+ * Added 'Filename without extension, spaces for hyphens' as option to Table IX-D13.
9
+ * Added maintenance proc Table VIII-B20: Remove all hyphens from all photo names and replace them by spaces.
10
+ * Imported photos now get the name as defined by the new name method in Table VIII-B20.
11
+ * Various security fixes.
12
+
13
  = 6.9.15 =
14
 
15
  = Other Changes =
readme.txt CHANGED
@@ -2,8 +2,8 @@
2
  Contributors: opajaap
3
  Donate link: https://www.paypal.com/cgi-bin/webscr?cmd=_donations&business=OpaJaap@OpaJaap.nl&item_name=WP-Photo-Album-Plus&item_number=Support-Open-Source&currency_code=USD&lc=US
4
  Tags: photo, album, slideshow, video, audio, lightbox, iptc, exif, cloudinary, fotomoto, imagemagick, pdf
5
- Version: 6.9.15
6
- Stable tag: 6.9.14
7
  Author: J.N. Breetvelt
8
  Author URI: http://www.opajaap.nl/
9
  Requires at least: 3.9
@@ -137,6 +137,11 @@ See for the full changelog: <a href="http://www.wppa.nl/changelog/" >The documen
137
 
138
  == Upgrade Notice ==
139
 
 
 
 
 
 
140
  = 6.9.15 =
141
 
142
  * This version addresses various minor bug fixes and feature requests.
2
  Contributors: opajaap
3
  Donate link: https://www.paypal.com/cgi-bin/webscr?cmd=_donations&business=OpaJaap@OpaJaap.nl&item_name=WP-Photo-Album-Plus&item_number=Support-Open-Source&currency_code=USD&lc=US
4
  Tags: photo, album, slideshow, video, audio, lightbox, iptc, exif, cloudinary, fotomoto, imagemagick, pdf
5
+ Version: 6.9.16
6
+ Stable tag: 6.9.15
7
  Author: J.N. Breetvelt
8
  Author URI: http://www.opajaap.nl/
9
  Requires at least: 3.9
137
 
138
  == Upgrade Notice ==
139
 
140
+ = 6.9.16 =
141
+
142
+ * This version addresses various minor bug fixes and feature requests.
143
+ * This version addresses various security issues.
144
+
145
  = 6.9.15 =
146
 
147
  * This version addresses various minor bug fixes and feature requests.
wppa-admin-functions.php CHANGED
@@ -3,7 +3,7 @@
3
  * Package: wp-photo-album-plus
4
  *
5
  * gp admin functions
6
- * Version 6.9.14
7
  *
8
  */
9
 
@@ -17,7 +17,7 @@ global $wppa_bu_err;
17
  $fname = WPPA_DEPOT_PATH.'/settings.bak';
18
  if ( wppa( 'debug' ) ) wppa_dbg_msg( 'Backing up to: '.$fname );
19
 
20
- $file = fopen( $fname, 'wb' );
21
  // Backup
22
  if ( $file ) {
23
  array_walk( $wppa_opt, 'wppa_save_an_option', $file );
@@ -90,7 +90,7 @@ function wppa_restore_settings( $fname, $type = '' ) {
90
  }
91
 
92
  // Open file
93
- $file = fopen( $fname, 'r' );
94
  // Restore
95
  if ( $file ) {
96
  $buffer = fgets( $file, 4096 );
@@ -266,8 +266,8 @@ global $wpdb;
266
  $status = $photo['status'];
267
  $filename = $photo['filename'];
268
  $location = $photo['location'];
269
- $oldimage = wppa_get_photo_path( $photo['id'] );
270
- $oldthumb = wppa_get_thumb_path( $photo['id'] );
271
  $tags = $photo['tags'];
272
  $exifdtm = $photo['exifdtm'];
273
 
@@ -300,6 +300,7 @@ global $wpdb;
300
 
301
  $err = '4';
302
  // Find copied photo details
 
303
  if ( ! $id ) return $err;
304
  $image_id = $id;
305
  $newimage = wppa_strip_ext( wppa_get_photo_path( $image_id, false ) ) . '.' . wppa_get_ext( $oldimage );
@@ -317,13 +318,13 @@ global $wpdb;
317
  $err = '6';
318
  // Copy photo or poster
319
  if ( is_file( $oldimage ) ) {
320
- if ( ! copy( $oldimage, $newimage ) ) return $err;
321
  }
322
 
323
  $err = '7';
324
  // Copy thumbnail
325
  if ( is_file( $oldthumb ) ) {
326
- if ( ! copy( $oldthumb, $newthumb ) ) return $err;
327
  }
328
 
329
  $err = '8';
@@ -867,7 +868,7 @@ global $warning_given_small;
867
  if ( wppa_make_the_photo_files( $file, $id, $ext, ! wppa_does_thumb_need_watermark( $id ) ) ) {
868
 
869
  // Repair photoname if not supplied and not standard
870
- if ( ! $name ) wppa_set_default_name( $id, $name );
871
 
872
  // Tags
873
  wppa_set_default_tags( $id );
@@ -932,7 +933,7 @@ global $wpdb;
932
 
933
  // Open outputfile
934
  $path = WPPA_UPLOAD_PATH . '/temp/' . $table . '.csv';
935
- $file = fopen( $path, 'wb' );
936
  if ( ! $file ) {
937
  return false;
938
  }
3
  * Package: wp-photo-album-plus
4
  *
5
  * gp admin functions
6
+ * Version 6.9.16
7
  *
8
  */
9
 
17
  $fname = WPPA_DEPOT_PATH.'/settings.bak';
18
  if ( wppa( 'debug' ) ) wppa_dbg_msg( 'Backing up to: '.$fname );
19
 
20
+ $file = wppa_fopen( $fname, 'wb' );
21
  // Backup
22
  if ( $file ) {
23
  array_walk( $wppa_opt, 'wppa_save_an_option', $file );
90
  }
91
 
92
  // Open file
93
+ $file = wppa_fopen( $fname, 'r' );
94
  // Restore
95
  if ( $file ) {
96
  $buffer = fgets( $file, 4096 );
266
  $status = $photo['status'];
267
  $filename = $photo['filename'];
268
  $location = $photo['location'];
269
+ $oldimage = wppa_get_photo_path( strval( intval( $photo['id'] ) ) );
270
+ $oldthumb = wppa_get_thumb_path( strval( intval( $photo['id'] ) ) );
271
  $tags = $photo['tags'];
272
  $exifdtm = $photo['exifdtm'];
273
 
300
 
301
  $err = '4';
302
  // Find copied photo details
303
+ $id = strval( intval( $id ) );
304
  if ( ! $id ) return $err;
305
  $image_id = $id;
306
  $newimage = wppa_strip_ext( wppa_get_photo_path( $image_id, false ) ) . '.' . wppa_get_ext( $oldimage );
318
  $err = '6';
319
  // Copy photo or poster
320
  if ( is_file( $oldimage ) ) {
321
+ if ( ! wppa_copy( $oldimage, $newimage ) ) return $err;
322
  }
323
 
324
  $err = '7';
325
  // Copy thumbnail
326
  if ( is_file( $oldthumb ) ) {
327
+ if ( ! wppa_copy( $oldthumb, $newthumb ) ) return $err;
328
  }
329
 
330
  $err = '8';
868
  if ( wppa_make_the_photo_files( $file, $id, $ext, ! wppa_does_thumb_need_watermark( $id ) ) ) {
869
 
870
  // Repair photoname if not supplied and not standard
871
+ if ( ! $name ) wppa_set_default_name( $id );
872
 
873
  // Tags
874
  wppa_set_default_tags( $id );
933
 
934
  // Open outputfile
935
  $path = WPPA_UPLOAD_PATH . '/temp/' . $table . '.csv';
936
+ $file = wppa_fopen( $path, 'wb' );
937
  if ( ! $file ) {
938
  return false;
939
  }
wppa-ajax.php CHANGED
@@ -2,7 +2,7 @@
2
  /* wppa-ajax.php
3
  *
4
  * Functions used in ajax requests
5
- * Version 6.9.15
6
  *
7
  */
8
 
@@ -345,9 +345,13 @@ global $wppa_log_file;
345
  break;
346
 
347
  case 'do-comment':
 
348
  // Security check
349
- $mocc = $_REQUEST['moccur'];
350
- $nonce = $_REQUEST['wppa-nonce'];
 
 
 
351
  if ( ! wp_verify_nonce( $nonce, 'wppa-nonce-'.$mocc ) ) {
352
  _e( 'Security check failure' , 'wp-photo-album-plus');
353
  wppa_exit();
@@ -370,17 +374,17 @@ global $wppa_log_file;
370
  }
371
  }
372
 
373
- wppa( 'mocc', $_REQUEST['moccur'] );
374
- wppa( 'comment_photo', isset( $_REQUEST['photo-id'] ) ? $_REQUEST['photo-id'] : '0' );
375
- wppa( 'comment_id', isset( $_REQUEST['comment-edit'] ) ? $_REQUEST['comment-edit'] : '0' );
376
 
377
  $comment_allowed = ( ! wppa_switch( 'comment_login' ) || is_user_logged_in() );
378
  if ( wppa_switch( 'show_comments' ) && $comment_allowed && $doit ) {
379
- wppa_do_comment( $_REQUEST['photo-id'] ); // Process the comment
380
- if ( wppa_switch( 'search_comments' ) ) wppa_index_update( 'photo', $_REQUEST['photo-id'] );
381
  }
382
  wppa( 'no_esc', true );
383
- echo wppa_comment_html( $_REQUEST['photo-id'], $comment_allowed ); // Retrieve the new commentbox content
384
  wppa_exit();
385
  break;
386
 
@@ -634,6 +638,8 @@ global $wppa_log_file;
634
 
635
  case 'makeorigname':
636
  $photo = wppa_decrypt_photo( $_REQUEST['photo-id'] );
 
 
637
  $from = $_REQUEST['from'];
638
  if ( $from == 'fsname' ) {
639
  $type = wppa_opt( 'art_monkey_link' );
@@ -646,7 +652,8 @@ global $wppa_log_file;
646
  wppa_exit();
647
  }
648
 
649
- $data = $wpdb->get_row( $wpdb->prepare( "SELECT * FROM $wpdb->wppa_photos WHERE `id` = %s", $photo ), ARRAY_A );
 
650
 
651
  if ( $data ) { // The photo is supposed to exist
652
 
@@ -693,7 +700,7 @@ global $wppa_log_file;
693
 
694
  // Make the files
695
  if ( $type == 'file' ) {
696
- copy( str_replace( '../', '', $source ), str_replace( '../', '', $dest ) );
697
  $ext = $data['ext'];
698
  }
699
  elseif ( $type == 'zip' ) {
@@ -746,7 +753,7 @@ global $wppa_log_file;
746
  echo $result;
747
  wppa_exit();
748
  break;
749
-
750
  case 'getshortcodedrendered':
751
  require_once 'wppa-non-admin.php';
752
  $id = trim( substr( $_REQUEST['shortcode'], 6 ), ' ]' );
@@ -1695,7 +1702,7 @@ global $wppa_log_file;
1695
  $filename = wppa_get_photo_item( $id, 'filename' );
1696
  $filename = wppa_strip_ext( $filename ) . '.' . wppa_get_photo_item( $id, 'ext' );
1697
  $path = wppa_get_photo_path( $id );
1698
- copy( $path, $src_alb_dir . '/' . $filename );
1699
  wppa_log( 'fso', 'Backup created for magic: ' . $src_alb_dir . '/' . $filename );
1700
  }
1701
  switch ( $item ) {
@@ -2418,7 +2425,7 @@ global $wppa_log_file;
2418
  if ( ! is_dir( dirname( $path ) ) ) {
2419
  mkdir( dirname( $path ) );
2420
  }
2421
- $file = fopen( $path, 'wb' );
2422
  if ( ! $file ) {
2423
  $err = true;
2424
  }
2
  /* wppa-ajax.php
3
  *
4
  * Functions used in ajax requests
5
+ * Version 6.9.16
6
  *
7
  */
8
 
345
  break;
346
 
347
  case 'do-comment':
348
+
349
  // Security check
350
+ $mocc = isset( $_REQUEST['moccur'] ) ? strval( intval( $_REQUEST['moccur'] ) ) : '0';
351
+ $nonce = $_REQUEST['wppa-nonce'];
352
+ $photoid = isset( $_REQUEST['photo-id'] ) ? strval( intval( $_REQUEST['photo-id'] ) ) : '0';
353
+ $commentid = isset( $_REQUEST['comment-edit'] ) ? strval( intval( $_REQUEST['comment-edit'] ) ) : '0';
354
+
355
  if ( ! wp_verify_nonce( $nonce, 'wppa-nonce-'.$mocc ) ) {
356
  _e( 'Security check failure' , 'wp-photo-album-plus');
357
  wppa_exit();
374
  }
375
  }
376
 
377
+ wppa( 'mocc', $mocc );
378
+ wppa( 'comment_photo', $photoid );
379
+ wppa( 'comment_id', $commentid );
380
 
381
  $comment_allowed = ( ! wppa_switch( 'comment_login' ) || is_user_logged_in() );
382
  if ( wppa_switch( 'show_comments' ) && $comment_allowed && $doit ) {
383
+ wppa_do_comment( $photoid ); // Process the comment
384
+ if ( wppa_switch( 'search_comments' ) ) wppa_index_update( 'photo', $photoid );
385
  }
386
  wppa( 'no_esc', true );
387
+ echo wppa_comment_html( $photoid, $comment_allowed ); // Retrieve the new commentbox content
388
  wppa_exit();
389
  break;
390
 
638
 
639
  case 'makeorigname':
640
  $photo = wppa_decrypt_photo( $_REQUEST['photo-id'] );
641
+ $photo = strval( intval( $photo ) );
642
+
643
  $from = $_REQUEST['from'];
644
  if ( $from == 'fsname' ) {
645
  $type = wppa_opt( 'art_monkey_link' );
652
  wppa_exit();
653
  }
654
 
655
+ $data = $wpdb->get_row( $wpdb->prepare( "SELECT * FROM {$wpdb->prefix}wppa_photos
656
+ WHERE id = %s", $photo ), ARRAY_A );
657
 
658
  if ( $data ) { // The photo is supposed to exist
659
 
700
 
701
  // Make the files
702
  if ( $type == 'file' ) {
703
+ wppa_copy( $source, $dest );
704
  $ext = $data['ext'];
705
  }
706
  elseif ( $type == 'zip' ) {
753
  echo $result;
754
  wppa_exit();
755
  break;
756
+
757
  case 'getshortcodedrendered':
758
  require_once 'wppa-non-admin.php';
759
  $id = trim( substr( $_REQUEST['shortcode'], 6 ), ' ]' );
1702
  $filename = wppa_get_photo_item( $id, 'filename' );
1703
  $filename = wppa_strip_ext( $filename ) . '.' . wppa_get_photo_item( $id, 'ext' );
1704
  $path = wppa_get_photo_path( $id );
1705
+ wppa_copy( $path, $src_alb_dir . '/' . basename( $filename ) );
1706
  wppa_log( 'fso', 'Backup created for magic: ' . $src_alb_dir . '/' . $filename );
1707
  }
1708
  switch ( $item ) {
2425
  if ( ! is_dir( dirname( $path ) ) ) {
2426
  mkdir( dirname( $path ) );
2427
  }
2428
+ $file = wppa_fopen( $path, 'wb' );
2429
  if ( ! $file ) {
2430
  $err = true;
2431
  }
wppa-album-admin-autosave.php CHANGED
@@ -718,7 +718,6 @@ global $wppa_revno;
718
  </tbody>
719
  </table>';
720
  }
721
- /*hbi*/
722
  {
723
  // Section 2
724
  echo '
@@ -728,35 +727,35 @@ global $wppa_revno;
728
 
729
  // Name
730
  echo '
731
- <tr>' .
732
- '<td>' .
733
- __( 'Name:', 'wp-photo-album-plus' ) .
734
- '</td>' .
735
- '<td>' .
736
- '<input' .
737
- ' type="text"' .
738
- ' style="width:100%;"' .
739
- ' onkeyup="wppaAjaxUpdateAlbum( ' . $id . ', \'name\', this )"' .
740
- ' onchange="wppaAjaxUpdateAlbum( ' . $id . ', \'name\', this )"' .
741
- ' value="' . esc_attr( $name ) . '"' .
742
- ' />' .
743
- '<span class="description" >' .
744
- __( 'Type the name of the album. Do not leave this empty.', 'wp-photo-album-plus' ) .
745
- '</span>' .
746
- '</td>' .
747
- '<td>' .
748
- '</td>' .
749
- '</tr>';
750
 
751
  // Description
752
- echo
753
- '<tr>' .
754
- '<td>' .
755
- __( 'Description:', 'wp-photo-album-plus' ) .
756
- '</td>';
757
  if ( wppa_switch( 'use_wp_editor') ) {
758
- echo
759
- '<td>';
760
  wp_editor( $description,
761
  'wppaalbumdesc',
762
  array( 'wpautop' => true,
@@ -765,101 +764,103 @@ global $wppa_revno;
765
  'tinymce' => true
766
  )
767
  );
768
- echo
769
- '<input' .
770
- ' type="button"' .
771
- ' class="button-secundary"' .
772
- ' value="' . esc_attr( __( 'Update Album description', 'wp-photo-album-plus' ) ) . '"' .
773
- ' onclick="wppaAjaxUpdateAlbum( ' . $id . ', \'description\', document.getElementById( \'wppaalbumdesc\' ) )"' .
774
- ' />' .
775
- '<img' .
776
- ' id="wppa-album-spin"' .
777
- ' src="' . wppa_get_imgdir() . 'spinner.' . ( wppa_use_svg() ? 'svg' : 'gif' ) . '"' .
778
- ' alt="Spin"' .
779
- ' style="visibility:hidden"' .
780
- ' />' .
781
- '</td>';
782
  }
783
  else {
784
- echo
785
- '<td>' .
786
- '<textarea' .
787
- ' style="width:100%;height:60px;"' .
788
- ' onkeyup="wppaAjaxUpdateAlbum( ' . $id . ', \'description\', this )"' .
789
- ' onchange="wppaAjaxUpdateAlbum( ' . $id . ', \'description\', this )"' .
790
- ' >' .
791
- $description .
792
- '</textarea>' .
793
- '</td>';
794
  }
795
- echo
796
- '<td>' .
797
- '</td>' .
798
- '</tr>';
799
 
800
  // Categories
801
- echo
802
- '<tr>' .
803
- '<td>' .
804
- __( 'Categories:', 'wp-photo-album-plus' ) .
805
- '</td>' .
806
- '<td>' .
807
- '<input' .
808
- ' id="cats"' .
809
- ' type="text"' .
810
- ' style="width:100%;"' .
811
- ' onkeyup="wppaAjaxUpdateAlbum( ' . $id . ', \'cats\', this )"' .
812
- ' onchange="wppaAjaxUpdateAlbum( ' . $id . ', \'cats\', this )"' .
813
- ' value="' . esc_attr( $cats ) . '"' .
814
- ' />' .
815
- '<br />' .
816
- '<span class="description" >' .
817
- __( 'Separate categories with commas.', 'wp-photo-album-plus' ) .
818
- '</span>' .
819
- '<select' .
820
- ' onchange="wppaAddCat( this.value, \'cats\' ); wppaAjaxUpdateAlbum( ' . $id . ', \'cats\', document.getElementById( \'cats\' ) )"' .
821
- ' >';
822
  $catlist = wppa_get_catlist();
823
  if ( is_array( $catlist ) ) {
824
- echo '<option value="" >' . __( '- select to add -', 'wp-photo-album-plus' ) . '</option>';
 
825
  foreach ( $catlist as $cat ) {
826
- echo '<option value="' . $cat['cat'] . '" >' . $cat['cat'] . '</option>';
 
827
  }
828
  }
829
  else {
830
- echo '<option value="0" >' . __( 'No categories yet', 'wp-photo-album-plus') . '</option>';
 
831
  }
832
- echo
833
- '</select>' .
834
- '</td>' .
835
- '<td>' .
836
- '</td>' .
837
- '</tr>';
838
 
839
  // Default tags
840
- echo
841
- '<tr>' .
842
- '<td>' .
843
- __( 'Default photo tags:', 'wp-photo-album-plus' ) .
844
- '</td>' .
845
- '<td>' .
846
- '<input' .
847
- ' type="text"' .
848
- ' id="default_tags"' .
849
- ' value="' . esc_attr( $default_tags ) . '"' .
850
- ' style="width:100%"' .
851
- ' onkeyup="wppaAjaxUpdateAlbum( ' . $id . ', \'default_tags\', this )"' .
852
- ' onchange="wppaAjaxUpdateAlbum( ' . $id . ', \'default_tags\', this )"' .
853
- ' />' .
854
- '<br />' .
855
- '<span class="description">' .
856
- __( 'Enter the tags that you want to be assigned to new photos in this album.', 'wp-photo-album-plus' ) .
857
- '</span>' .
858
- '</td>' .
859
- '<td>' .
860
- '</td>' .
861
- '</tr>';
862
-
863
 
864
  // Custom
865
  if ( wppa_switch( 'album_custom_fields' ) ) {
@@ -872,87 +873,91 @@ global $wppa_revno;
872
  }
873
  foreach( array_keys( $custom_data ) as $key ) {
874
  if ( wppa_opt( 'album_custom_caption_' . $key ) ) {
875
- echo
876
- '<tr>' .
877
- '<td>' .
878
- apply_filters( 'translate_text', wppa_opt( 'album_custom_caption_' . $key ) ) .
879
- '<small style="float:right" >' .
880
- '(w#cc'.$key.')' .
881
- '</small>:' .
882
- '</td>' .
883
- '<td>' .
884
- '<input' .
885
- ' type="text"' .
886
- ' style="width:100%;"' .
887
- ' id="album_custom_' . $key . '-' . $id . '"' .
888
- ' onkeyup="wppaAjaxUpdateAlbum( ' . $id . ', \'album_custom_' . $key . '\', this );"' .
889
- ' onchange="wppaAjaxUpdateAlbum( ' . $id . ', \'album_custom_' . $key . '\', this );"' .
890
- ' value="' . esc_attr( stripslashes( $custom_data[$key] ) ) . '"' .
891
- ' />' .
892
- '</td>' .
893
- '<td>' .
894
- '<small>' .
895
- '(w#cd' . $key . ')' .
896
- '</small>' .
897
- '</td>' .
898
- '</tr>';
899
  }
900
  }
901
  }
902
 
903
  // Link type
904
- echo
905
- '<tr>' .
906
- '<td>' .
907
- __( 'Link type:', 'wp-photo-album-plus' ) .
908
- '</td>' .
909
- '<td>';
910
  $sel = ' selected="selected"';
911
  $lt = $cover_linktype;
912
- /* if ( !$linktype ) $linktype = 'content'; /* Default */
913
- /* if ( $albuminfo['cover_linkpage'] == '-1' ) $linktype = 'none'; /* for backward compatibility */
914
- echo
915
- '<select onchange="wppaAjaxUpdateAlbum( '. $id . ', \'cover_linktype\', this )" >' .
916
- '<option value="content"' . ( $lt == 'content' ? $sel : '' ) . ' >' . __( 'the sub-albums and thumbnails', 'wp-photo-album-plus' ) . '</option>' .
917
- '<option value="albums"' . ( $lt == 'albums' ? $sel : '' ) . ' >' . __( 'the sub-albums', 'wp-photo-album-plus' ) . '</option>' .
918
- '<option value="thumbs"' . ( $lt == 'thumbs' ? $sel : '' ) . ' >' . __( 'the thumbnails', 'wp-photo-album-plus' ) . '</option>' .
919
- '<option value="slide"' . ( $lt == 'slide' ? $sel : '' ) . ' >' . __( 'the album photos as slideshow', 'wp-photo-album-plus' ) . '</option>' .
920
- '<option value="page"' . ( $lt == 'page' ? $sel : '' ) . ' >' . __( 'the link page with a clean url', 'wp-photo-album-plus' ) . '</option>' .
921
- '<option value="none"' . ( $lt == 'none' ? $sel : '' ) . ' >' . __( 'no link at all', 'wp-photo-album-plus' ) . '</option>' .
922
- '</select>' .
923
- '<br />' .
924
- '<span class="description">';
925
- if ( wppa_switch( 'auto_page') ) {
926
  _e( 'If you select "the link page with a clean url", select an Auto Page of one of the photos in this album.', 'wp-photo-album-plus' );
927
  }
928
  else {
929
  _e( 'If you select "the link page with a clean url", make sure you enter the correct shortcode on the target page.', 'wp-photo-album-plus' );
930
  }
931
- echo
932
- '</span>' .
933
- '</td>' .
934
- '<td>' .
935
- '</td>' .
936
- '</tr>';
937
 
938
  // Link page
939
  if ( ! wppa_switch( 'link_is_restricted' ) || wppa_user_is( 'administrator' ) ) {
940
- echo
941
- '<tr>' .
942
- '<td>' .
943
- __( 'Link to:', 'wp-photo-album-plus' ) .
944
- '</td>' .
945
- '<td>';
946
- $query = "SELECT `ID`, `post_title` FROM `" . $wpdb->posts . "` WHERE `post_type` = 'page' AND `post_status` = 'publish' ORDER BY `post_title` ASC";
 
 
 
947
  $pages = $wpdb->get_results( $query, ARRAY_A );
948
  if ( empty( $pages ) ) {
949
  _e( 'There are no pages (yet) to link to.', 'wp-photo-album-plus' );
950
  }
951
  else {
952
  $linkpage = $albuminfo['cover_linkpage'];
953
- if ( ! is_numeric( $linkpage ) ) $linkpage = '0';
954
- echo
955
- '<select' .
 
 
 
956
  ' onchange="wppaAjaxUpdateAlbum( '. $id . ' , \'cover_linkpage\', this )"' .
957
  ' style="max-width:100%;"' .
958
  '>' .
@@ -1317,16 +1322,16 @@ global $wppa_revno;
1317
  wp_die('You do not have the rights to delete this album');
1318
  }
1319
 
1320
- if ($_POST['wppa-del-photos'] == 'move') {
1321
- $move = $_POST['wppa-move-album'];
1322
- if ( wppa_have_access($move) ) {
1323
- wppa_del_album($_POST['wppa-del-id'], $move);
1324
  }
1325
  else {
1326
  wppa_error_message(__('Unable to move photos. Album not deleted.', 'wp-photo-album-plus'));
1327
  }
1328
  } else {
1329
- wppa_del_album( $_POST['wppa-del-id'] );
1330
  }
1331
  }
1332
 
@@ -2642,10 +2647,59 @@ global $wpdb;
2642
  function wppa_album_sequence( $parent ) {
2643
  global $wpdb;
2644
 
2645
- // Get the albums
2646
- $albumorder = wppa_get_album_order( $parent );
2647
- $is_descending = strpos( $albumorder, 'DESC' ) !== false;
2648
- $albums = $wpdb->get_results( $wpdb->prepare( "SELECT * FROM $wpdb->wppa_albums WHERE `a_parent` = %s " . $albumorder, $parent ), ARRAY_A );
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
2649
 
2650
  // Anything to do here ?
2651
  if ( empty ( $albums ) ) {
@@ -2660,7 +2714,7 @@ global $wpdb;
2660
  }
2661
 
2662
  // Check album order
2663
- if ( ! strpos( $albumorder, 'a_order' ) ) {
2664
  if ( $parent == '0') {
2665
  echo '<br />';
2666
  _e( 'You can edit top-level album sequence order here when you set the album order to "Order #" or "Order # desc" in Table IV-D1.' );
718
  </tbody>
719
  </table>';
720
  }
 
721
  {
722
  // Section 2
723
  echo '
727
 
728
  // Name
729
  echo '
730
+ <tr>
731
+ <td>' .
732
+ __( 'Name:', 'wp-photo-album-plus' ) . '
733
+ </td>
734
+ <td>
735
+ <input
736
+ type="text"
737
+ style="width:100%;"
738
+ onkeyup="wppaAjaxUpdateAlbum( ' . $id . ', \'name\', this )"
739
+ onchange="wppaAjaxUpdateAlbum( ' . $id . ', \'name\', this )"
740
+ value="' . esc_attr( $name ) . '"
741
+ />
742
+ <span class="description" >' .
743
+ __( 'Type the name of the album. Do not leave this empty.', 'wp-photo-album-plus' ) . '
744
+ </span>
745
+ </td>
746
+ <td>
747
+ </td>
748
+ </tr>';
749
 
750
  // Description
751
+ echo '
752
+ <tr>
753
+ <td>' .
754
+ __( 'Description:', 'wp-photo-album-plus' ) . '
755
+ </td>';
756
  if ( wppa_switch( 'use_wp_editor') ) {
757
+ echo '
758
+ <td>';
759
  wp_editor( $description,
760
  'wppaalbumdesc',
761
  array( 'wpautop' => true,
764
  'tinymce' => true
765
  )
766
  );
767
+ echo '
768
+ <input
769
+ type="button"
770
+ class="button-secundary"
771
+ value="' . esc_attr( __( 'Update Album description', 'wp-photo-album-plus' ) ) . '"
772
+ onclick="wppaAjaxUpdateAlbum( ' . $id . ', \'description\', document.getElementById( \'wppaalbumdesc\' ) )"
773
+ />
774
+ <img
775
+ id="wppa-album-spin"
776
+ src="' . wppa_get_imgdir() . 'spinner.' . ( wppa_use_svg() ? 'svg' : 'gif' ) . '"
777
+ alt="Spin"
778
+ style="visibility:hidden"
779
+ />
780
+ </td>';
781
  }
782
  else {
783
+ echo '
784
+ <td>
785
+ <textarea
786
+ style="width:100%;height:60px;"
787
+ onkeyup="wppaAjaxUpdateAlbum( ' . $id . ', \'description\', this )"
788
+ onchange="wppaAjaxUpdateAlbum( ' . $id . ', \'description\', this )"
789
+ >
790
+ ' . $description . '
791
+ </textarea>
792
+ </td>';
793
  }
794
+ echo '
795
+ <td>
796
+ </td>
797
+ </tr>';
798
 
799
  // Categories
800
+ echo '
801
+ <tr>
802
+ <td>' .
803
+ __( 'Categories:', 'wp-photo-album-plus' ) . '
804
+ </td>
805
+ <td>
806
+ <input
807
+ id="cats"
808
+ type="text"
809
+ style="width:100%;"
810
+ onkeyup="wppaAjaxUpdateAlbum( ' . $id . ', \'cats\', this )"
811
+ onchange="wppaAjaxUpdateAlbum( ' . $id . ', \'cats\', this )"
812
+ value="' . esc_attr( $cats ) . '"
813
+ />
814
+ <br />
815
+ <span class="description" >' .
816
+ __( 'Separate categories with commas.', 'wp-photo-album-plus' ) . '
817
+ </span>
818
+ <select
819
+ onchange="wppaAddCat( this.value, \'cats\' ); wppaAjaxUpdateAlbum( ' . $id . ', \'cats\', document.getElementById( \'cats\' ) )"
820
+ >';
821
  $catlist = wppa_get_catlist();
822
  if ( is_array( $catlist ) ) {
823
+ echo '
824
+ <option value="" >' . __( '- select to add -', 'wp-photo-album-plus' ) . '</option>';
825
  foreach ( $catlist as $cat ) {
826
+ echo '
827
+ <option value="' . $cat['cat'] . '" >' . $cat['cat'] . '</option>';
828
  }
829
  }
830
  else {
831
+ echo '
832
+ <option value="0" >' . __( 'No categories yet', 'wp-photo-album-plus') . '</option>';
833
  }
834
+ echo '
835
+ </select>
836
+ </td>
837
+ <td>
838
+ </td>
839
+ </tr>';
840
 
841
  // Default tags
842
+ echo '
843
+ <tr>
844
+ <td>
845
+ ' . __( 'Default photo tags:', 'wp-photo-album-plus' ) . '
846
+ </td>
847
+ <td>
848
+ <input
849
+ type="text"
850
+ id="default_tags"
851
+ value="' . esc_attr( $default_tags ) . '"
852
+ style="width:100%"
853
+ onkeyup="wppaAjaxUpdateAlbum( ' . $id . ', \'default_tags\', this )"
854
+ onchange="wppaAjaxUpdateAlbum( ' . $id . ', \'default_tags\', this )"
855
+ />
856
+ <br />
857
+ <span class="description">' .
858
+ __( 'Enter the tags that you want to be assigned to new photos in this album.', 'wp-photo-album-plus' ) . '
859
+ </span>
860
+ </td>
861
+ <td>
862
+ </td>
863
+ </tr>';
 
864
 
865
  // Custom
866
  if ( wppa_switch( 'album_custom_fields' ) ) {
873
  }
874
  foreach( array_keys( $custom_data ) as $key ) {
875
  if ( wppa_opt( 'album_custom_caption_' . $key ) ) {
876
+ echo '
877
+ <tr>
878
+ <td>
879
+ ' . apply_filters( 'translate_text', wppa_opt( 'album_custom_caption_' . $key ) ) . '
880
+ <small style="float:right" >
881
+ (w#cc' . $key . ')
882
+ </small>:
883
+ </td>
884
+ <td>
885
+ <input
886
+ type="text"
887
+ style="width:100%;"
888
+ id="album_custom_' . $key . '-' . $id . '"
889
+ onkeyup="wppaAjaxUpdateAlbum( ' . $id . ', \'album_custom_' . $key . '\', this );"
890
+ onchange="wppaAjaxUpdateAlbum( ' . $id . ', \'album_custom_' . $key . '\', this );"
891
+ value="' . esc_attr( stripslashes( $custom_data[$key] ) ) . '"
892
+ />
893
+ </td>
894
+ <td>
895
+ <small>
896
+ (w#cd' . $key . ')
897
+ </small>
898
+ </td>
899
+ </tr>';
900
  }
901
  }
902
  }
903
 
904
  // Link type
905
+ echo '
906
+ <tr>
907
+ <td>
908
+ ' . __( 'Link type:', 'wp-photo-album-plus' ) . '
909
+ </td>
910
+ <td>';
911
  $sel = ' selected="selected"';
912
  $lt = $cover_linktype;
913
+ echo '
914
+ <select onchange="wppaAjaxUpdateAlbum( '. $id . ', \'cover_linktype\', this )" >
915
+ <option value="content"' . ( $lt == 'content' ? $sel : '' ) . ' >' . __( 'the sub-albums and thumbnails', 'wp-photo-album-plus' ) . '</option>
916
+ <option value="albums"' . ( $lt == 'albums' ? $sel : '' ) . ' >' . __( 'the sub-albums', 'wp-photo-album-plus' ) . '</option>
917
+ <option value="thumbs"' . ( $lt == 'thumbs' ? $sel : '' ) . ' >' . __( 'the thumbnails', 'wp-photo-album-plus' ) . '</option>
918
+ <option value="slide"' . ( $lt == 'slide' ? $sel : '' ) . ' >' . __( 'the album photos as slideshow', 'wp-photo-album-plus' ) . '</option>
919
+ <option value="page"' . ( $lt == 'page' ? $sel : '' ) . ' >' . __( 'the link page with a clean url', 'wp-photo-album-plus' ) . '</option>
920
+ <option value="none"' . ( $lt == 'none' ? $sel : '' ) . ' >' . __( 'no link at all', 'wp-photo-album-plus' ) . '</option>
921
+ </select>
922
+ <br />
923
+ <span class="description">';
924
+ if ( wppa_switch( 'auto_page' ) ) {
 
 
925
  _e( 'If you select "the link page with a clean url", select an Auto Page of one of the photos in this album.', 'wp-photo-album-plus' );
926
  }
927
  else {
928
  _e( 'If you select "the link page with a clean url", make sure you enter the correct shortcode on the target page.', 'wp-photo-album-plus' );
929
  }
930
+ echo '
931
+ </span>
932
+ </td>
933
+ <td>
934
+ </td>
935
+ </tr>';
936
 
937
  // Link page
938
  if ( ! wppa_switch( 'link_is_restricted' ) || wppa_user_is( 'administrator' ) ) {
939
+ echo '
940
+ <tr>
941
+ <td>
942
+ ' . __( 'Link to:', 'wp-photo-album-plus' ) . '
943
+ </td>
944
+ <td>';
945
+ $query = "SELECT ID, post_title FROM {$wpdb->prefix}posts
946
+ WHERE post_type = 'page'
947
+ AND post_status = 'publish'
948
+ ORDER BY post_title ASC";
949
  $pages = $wpdb->get_results( $query, ARRAY_A );
950
  if ( empty( $pages ) ) {
951
  _e( 'There are no pages (yet) to link to.', 'wp-photo-album-plus' );
952
  }
953
  else {
954
  $linkpage = $albuminfo['cover_linkpage'];
955
+ if ( ! is_numeric( $linkpage ) ) {
956
+ $linkpage = '0';
957
+ }
958
+ /*hbi*/
959
+ echo '
960
+ <select' .
961
  ' onchange="wppaAjaxUpdateAlbum( '. $id . ' , \'cover_linkpage\', this )"' .
962
  ' style="max-width:100%;"' .
963
  '>' .
1322
  wp_die('You do not have the rights to delete this album');
1323
  }
1324
 
1325
+ if ( $_POST['wppa-del-photos'] == 'move' ) {
1326
+ $move = strval( intval( $_POST['wppa-move-album'] ) );
1327
+ if ( wppa_have_access( $move ) ) {
1328
+ wppa_del_album( strval( intval( $_POST['wppa-del-id'] ) ), $move);
1329
  }
1330
  else {
1331
  wppa_error_message(__('Unable to move photos. Album not deleted.', 'wp-photo-album-plus'));
1332
  }
1333
  } else {
1334
+ wppa_del_album( strval( intval ( $_POST['wppa-del-id'] ) ) );
1335
  }
1336
  }
1337
 
2647
  function wppa_album_sequence( $parent ) {
2648
  global $wpdb;
2649
 
2650
+ // Get the albums sort order column and desc flag
2651
+ $albumorder_col = wppa_get_album_order_column( $parent );
2652
+ $is_descending = wppa_is_album_order_desc( $parent );
2653
+
2654
+ // If random...
2655
+ if ( $albumorder_col == 'random' ) {
2656
+
2657
+ $query = "SELECT * FROM {$wpdb->prefix}wppa_albums WHERE a_parent = %s ORDER BY RAND(%d)";
2658
+
2659
+ $albums = $wpdb->get_results( $wpdb->prepare( $query, $parent, wppa_get_randseed() ), ARRAY_A );
2660
+ }
2661
+
2662
+ // Not random, Decending?
2663
+ else if ( $is_descending ) {
2664
+
2665
+ switch ( $albumorder_col ) {
2666
+
2667
+ case 'a_order':
2668
+ $query = "SELECT * FROM {$wpdb->prefix}wppa_albums WHERE a_parent = %d ORDER BY a_order DESC";
2669
+ break;
2670
+ case 'name':
2671
+ $query = "SELECT * FROM {$wpdb->prefix}wppa_albums WHERE a_parent = %d ORDER BY name DESC";
2672
+ break;
2673
+ case 'timestamp':
2674
+ $query = "SELECT * FROM {$wpdb->prefix}wppa_albums WHERE a_parent = %d ORDER BY timestamp DESC";
2675
+ break;
2676
+ default:
2677
+ $query = "SELECT * FROM {$wpdb->prefix}wppa_albums WHERE a_parent = %d ORDER BY id DESC";
2678
+
2679
+ }
2680
+ }
2681
+
2682
+ // Not descending
2683
+ else {
2684
+
2685
+ switch ( $albumorder_col ) {
2686
+
2687
+ case 'a_order':
2688
+ $query = "SELECT * FROM {$wpdb->prefix}wppa_albums WHERE a_parent = %d ORDER BY a_order";
2689
+ break;
2690
+ case 'name':
2691
+ $query = "SELECT * FROM {$wpdb->prefix}wppa_albums WHERE a_parent = %d ORDER BY name";
2692
+ break;
2693
+ case 'timestamp':
2694
+ $query = "SELECT * FROM {$wpdb->prefix}wppa_albums WHERE a_parent = %d ORDER BY timestamp";
2695
+ break;
2696
+ default:
2697
+ $query = "SELECT * FROM {$wpdb->prefix}wppa_albums WHERE a_parent = %d ORDER BY id";
2698
+
2699
+ }
2700
+ }
2701
+
2702
+ $albums = $wpdb->get_results( $wpdb->prepare( $query, $parent ), ARRAY_A );
2703
 
2704
  // Anything to do here ?
2705
  if ( empty ( $albums ) ) {
2714
  }
2715
 
2716
  // Check album order
2717
+ if ( $albumorder_col != 'a_order' ) {
2718
  if ( $parent == '0') {
2719
  echo '<br />';
2720
  _e( 'You can edit top-level album sequence order here when you set the album order to "Order #" or "Order # desc" in Table IV-D1.' );
wppa-album-covers.php CHANGED
@@ -3,7 +3,7 @@
3
  * Package: wp-photo-album-plus
4
  *
5
  * Functions for album covers
6
- * Version 6.9.14
7
  *
8
  */
9
 
@@ -77,12 +77,7 @@ global $wpdb;
77
 
78
  // Find album details
79
  $coverphoto = wppa_get_coverphoto_id( $albumid );
80
- // $query = $wpdb->prepare( "SELECT * " .
81
- // "FROM $wpdb->wppa_photos " .
82
- // "WHERE `id` = %s",
83
- // $coverphoto
84
- // );
85
- $image = wppa_cache_thumb( $coverphoto ); //$wpdb->get_row( $query, ARRAY_A );
86
  $photocount = wppa_get_photo_count( $albumid );
87
  $albumcount = wppa_get_album_count( $albumid, 'use_treecounts' );
88
  $mincount = wppa_get_mincount();
@@ -430,12 +425,8 @@ global $wpdb;
430
 
431
  // Find the coverphotos details
432
  foreach ( $coverphotos as $coverphoto ) {
433
- // $query = $wpdb->prepare( "SELECT * " .
434
- // "FROM $wpdb->wppa_photos " .
435
- // "WHERE `id` = %s",
436
- // $coverphoto
437
- // );
438
- $images[] = wppa_cache_thumb( $coverphoto ); //$wpdb->get_row( $query, ARRAY_A );
439
  $path = wppa_get_thumb_path( $coverphoto );
440
  $paths[] = $path;
441
  $cpsize = count( $coverphotos ) == '1' ?
@@ -615,9 +606,7 @@ global $wpdb;
615
  if ( $multicolresp ) $mcr = 'mcr-'; else $mcr = '';
616
 
617
  $coverphoto = wppa_get_coverphoto_id( $albumid );
618
- $image = wppa_cache_thumb( $coverphoto ); //$wpdb->get_row( $wpdb->prepare(
619
- // "SELECT * FROM $wpdb->wppa_photos WHERE `id` = %s", $coverphoto
620
- // ), ARRAY_A );
621
  $photocount = wppa_get_photo_count( $albumid );
622
  $albumcount = wppa_get_album_count( $albumid, true );
623
  $mincount = wppa_get_mincount();
@@ -1287,42 +1276,47 @@ static $cached_cover_photo_ids;
1287
 
1288
  // main_photo is 0? Random
1289
  if ( '0' == $id ) {
 
1290
  if ( current_user_can( 'wppa_moderate' ) ) {
1291
- $temp = $wpdb->get_results( $wpdb->prepare(
1292
- "SELECT * FROM $wpdb->wppa_photos WHERE `album` = %s ORDER BY RAND( %d ) LIMIT %d",
1293
- $alb, wppa_get_randseed( 'page' ), $count ), ARRAY_A );
 
1294
  }
1295
  else {
1296
- $temp = $wpdb->get_results( $wpdb->prepare(
1297
- "SELECT * FROM $wpdb->wppa_photos WHERE `album` = %s AND ( ( `status` <> 'pending' AND `status` <> 'scheduled' ) OR `owner` = %s ) ORDER BY RAND( %d ) LIMIT %d",
1298
- $alb, wppa_get_randseed( 'page' ), wppa_get_user(), $count ), ARRAY_A );
 
 
1299
  }
1300
  }
1301
 
1302
  // main_photo is -2? Last upload
1303
  if ( '-2' == $id ) {
1304
  if ( current_user_can( 'wppa_moderate' ) ) {
1305
- $temp = $wpdb->get_results( $wpdb->prepare(
1306
- "SELECT * FROM `" . WPPA_PHOTOS .
1307
- "` WHERE `album` = %s ORDER BY `timestamp` DESC LIMIT %d", $alb, $count
1308
- ), ARRAY_A );
1309
  }
1310
  else {
1311
- $temp = $wpdb->get_results( $wpdb->prepare(
1312
- "SELECT * FROM `" . WPPA_PHOTOS .
1313
- "` WHERE `album` = %s AND ( ( `status` <> 'pending' AND `status` <> 'scheduled' ) OR `owner` = %s ) ORDER BY `timestamp` DESC LIMIT %d",
1314
- $alb, wppa_get_user(), $count ), ARRAY_A );
 
1315
  }
1316
  }
1317
 
1318
  // main_phtot is -1? Random featured
1319
  if ( '-1' == $id ) {
1320
- $temp = $wpdb->get_results( $wpdb->prepare(
1321
- "SELECT * FROM `" . WPPA_PHOTOS .
1322
- "` WHERE `album` = %s AND `status` = 'featured' ORDER BY RAND( " . wppa_get_randseed( 'page' ) . " ) LIMIT %d",
1323
- $alb, $count ), ARRAY_A );
1324
  }
1325
-
1326
  // Random from children
1327
  if ( '-3' == $id ) {
1328
  $allalb = wppa_expand_enum( wppa_alb_to_enum_children( $alb ) );
@@ -1686,7 +1680,63 @@ global $wpdb;
1686
  $first = true;
1687
 
1688
  // Get the children
1689
- $subs = $wpdb->get_results( "SELECT * FROM $wpdb->wppa_albums WHERE `a_parent` = " . $id . " " . wppa_get_album_order( $id ), ARRAY_A );
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
1690
 
1691
  // Only if there are sub-albums
1692
  if ( ! empty( $subs ) ) {
3
  * Package: wp-photo-album-plus
4
  *
5
  * Functions for album covers
6
+ * Version 6.9.16
7
  *
8
  */
9
 
77
 
78
  // Find album details
79
  $coverphoto = wppa_get_coverphoto_id( $albumid );
80
+ $image = wppa_cache_thumb( $coverphoto );
 
 
 
 
 
81
  $photocount = wppa_get_photo_count( $albumid );
82
  $albumcount = wppa_get_album_count( $albumid, 'use_treecounts' );
83
  $mincount = wppa_get_mincount();
425
 
426
  // Find the coverphotos details
427
  foreach ( $coverphotos as $coverphoto ) {
428
+
429
+ $images[] = wppa_cache_thumb( $coverphoto );
 
 
 
 
430
  $path = wppa_get_thumb_path( $coverphoto );
431
  $paths[] = $path;
432
  $cpsize = count( $coverphotos ) == '1' ?
606
  if ( $multicolresp ) $mcr = 'mcr-'; else $mcr = '';
607
 
608
  $coverphoto = wppa_get_coverphoto_id( $albumid );
609
+ $image = wppa_cache_thumb( $coverphoto );
 
 
610
  $photocount = wppa_get_photo_count( $albumid );
611
  $albumcount = wppa_get_album_count( $albumid, true );
612
  $mincount = wppa_get_mincount();
1276
 
1277
  // main_photo is 0? Random
1278
  if ( '0' == $id ) {
1279
+ $rs = wppa_get_randseed( 'page' );
1280
  if ( current_user_can( 'wppa_moderate' ) ) {
1281
+ $temp = $wpdb->get_results( $wpdb->prepare( "SELECT * FROM {$wpdb->prefix}wppa_photos
1282
+ WHERE album = %s
1283
+ ORDER BY RAND(%d)
1284
+ LIMIT %d", $alb, $rs, $count ), ARRAY_A );
1285
  }
1286
  else {
1287
+ $temp = $wpdb->get_results( $wpdb->prepare( "SELECT * FROM {$wpdb->prefix}wppa_photos
1288
+ WHERE album = %s
1289
+ AND ( ( status <> 'pending' AND `status` <> 'scheduled' ) OR owner = %s )
1290
+ ORDER BY RAND(%d)
1291
+ LIMIT %d", $alb, $rs, wppa_get_user(), $count ), ARRAY_A );
1292
  }
1293
  }
1294
 
1295
  // main_photo is -2? Last upload
1296
  if ( '-2' == $id ) {
1297
  if ( current_user_can( 'wppa_moderate' ) ) {
1298
+ $temp = $wpdb->get_results( $wpdb->prepare( "SELECT * FROM {$wpdb->prefix}wppa_photos
1299
+ WHERE album = %s
1300
+ ORDER BY timestamp DESC
1301
+ LIMIT %d", $alb, $count ), ARRAY_A );
1302
  }
1303
  else {
1304
+ $temp = $wpdb->get_results( $wpdb->prepare( "SELECT * FROM {$wpdb->prefix}wppa_photos
1305
+ WHERE album = %s
1306
+ AND ( ( status <> 'pending' AND `status` <> 'scheduled' ) OR owner = %s )
1307
+ ORDER BY timestamp DESC
1308
+ LIMIT %d", $alb, wppa_get_user(), $count ), ARRAY_A );
1309
  }
1310
  }
1311
 
1312
  // main_phtot is -1? Random featured
1313
  if ( '-1' == $id ) {
1314
+ $rs = wppa_get_randseed( 'page' );
1315
+ $temp = $wpdb->get_results( $wpdb->prepare( "SELECT * FROM {$wpdb->prefix}wppa_photos
1316
+ WHERE album = %s AND status = 'featured'
1317
+ ORDER BY RAND(%d) LIMIT %d",$alb, $rs, $count ), ARRAY_A );
1318
  }
1319
+ /*hbi*/
1320
  // Random from children
1321
  if ( '-3' == $id ) {
1322
  $allalb = wppa_expand_enum( wppa_alb_to_enum_children( $alb ) );
1680
  $first = true;
1681
 
1682
  // Get the children
1683
+ // $subs = $wpdb->get_results( "SELECT * FROM $wpdb->wppa_albums WHERE `a_parent` = " . $id . " " . wppa_get_album_order( $id ), ARRAY_A );
1684
+ // Rewritten to:
1685
+ /**/
1686
+ // Get the albums sort order column
1687
+ $albumorder_col = wppa_get_album_order_column( $id );
1688
+
1689
+ // If random...
1690
+ if ( $albumorder_col == 'random' ) {
1691
+
1692
+ $query = "SELECT * FROM {$wpdb->prefix}wppa_albums WHERE a_parent = %d ORDER BY RAND(%d)";
1693
+
1694
+ $subs = $wpdb->get_results( $wpdb->prepare( $query, $parent, wppa_get_randseed() ), ARRAY_A );
1695
+ }
1696
+
1697
+ // Not random, Decending?
1698
+ else if ( wppa_is_album_order_desc( $id ) ) {
1699
+
1700
+ switch ( $albumorder_col ) {
1701
+
1702
+ case 'a_order':
1703
+ $query = "SELECT * FROM {$wpdb->prefix}wppa_albums WHERE a_parent = %d ORDER BY a_order DESC";
1704
+ break;
1705
+ case 'name':
1706
+ $query = "SELECT * FROM {$wpdb->prefix}wppa_albums WHERE a_parent = %d ORDER BY name DESC";
1707
+ break;
1708
+ case 'timestamp':
1709
+ $query = "SELECT * FROM {$wpdb->prefix}wppa_albums WHERE a_parent = %d ORDER BY timestamp DESC";
1710
+ break;
1711
+ default:
1712
+ $query = "SELECT * FROM {$wpdb->prefix}wppa_albums WHERE a_parent = %d ORDER BY id DESC";
1713
+
1714
+ }
1715
+ }
1716
+
1717
+ // Not descending
1718
+ else {
1719
+
1720
+ switch ( $albumorder_col ) {
1721
+
1722
+ case 'a_order':
1723
+ $query = "SELECT * FROM {$wpdb->prefix}wppa_albums WHERE a_parent = %d ORDER BY a_order";
1724
+ break;
1725
+ case 'name':
1726
+ $query = "SELECT * FROM {$wpdb->prefix}wppa_albums WHERE a_parent = %d ORDER BY name";
1727
+ break;
1728
+ case 'timestamp':
1729
+ $query = "SELECT * FROM {$wpdb->prefix}wppa_albums WHERE a_parent = %d ORDER BY timestamp";
1730
+ break;
1731
+ default:
1732
+ $query = "SELECT * FROM {$wpdb->prefix}wppa_albums WHERE a_parent = %d ORDER BY id";
1733
+
1734
+ }
1735
+ }
1736
+
1737
+ $subs = $wpdb->get_results( $wpdb->prepare( $query, $id ), ARRAY_A );
1738
+
1739
+ /**/
1740
 
1741
  // Only if there are sub-albums
1742
  if ( ! empty( $subs ) ) {
wppa-audio.php CHANGED
@@ -3,7 +3,7 @@
3
  * Package: wp-photo-album-plus
4
  *
5
  * Contains all audio routines
6
- * Version 6.6.20
7
  *
8
  */
9
 
@@ -202,7 +202,7 @@ global $wppa_supported_audio_extensions;
202
  foreach ( $wppa_supported_audio_extensions as $ext ) {
203
  $file = $raw_from_path . '.' . $ext;
204
  if ( is_file( $file ) ) {
205
- if ( ! copy( $file, $raw_to_path . '.' . $ext ) ) return false;
206
  }
207
  }
208
 
3
  * Package: wp-photo-album-plus
4
  *
5
  * Contains all audio routines
6
+ * Version 6.9.16
7
  *
8
  */
9
 
202
  foreach ( $wppa_supported_audio_extensions as $ext ) {
203
  $file = $raw_from_path . '.' . $ext;
204
  if ( is_file( $file ) ) {
205
+ if ( ! wppa_copy( $file, $raw_to_path . '.' . $ext ) ) return false;
206
  }
207
  }
208
 
wppa-common-functions.php CHANGED
@@ -2,7 +2,7 @@
2
  /* wppa-common-functions.php
3
  *
4
  * Functions used in admin and in themes
5
- * Version 6.9.14
6
  *
7
  */
8
 
@@ -316,7 +316,7 @@ function wppa_errorlog() {
316
  if ( ! is_file( $filename ) ) return;
317
 
318
  // Open file
319
- $file = @ fopen( $filename, 'r' );
320
 
321
  // If unable to open, quit
322
  if ( ! $file ) return;
@@ -440,6 +440,58 @@ global $wppa;
440
  return $result;
441
  }
442
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
443
  // get photo order
444
  function wppa_get_photo_order( $id = '0', $no_random = false ) {
445
  global $wpdb;
@@ -525,6 +577,88 @@ global $wppa;
525
  return $result;
526
  }
527
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
528
 
529
  // See if an album is another albums ancestor
530
  function wppa_is_ancestor( $anc, $xchild ) {
@@ -1860,7 +1994,7 @@ global $wppa;
1860
  }
1861
 
1862
  if ( $wppa_js_page_data_file && ! $wppa['ajax'] ) {
1863
- $handle = fopen( $wppa_js_page_data_file, 'ab' );
1864
  }
1865
  else {
1866
  $handle = false;
2
  /* wppa-common-functions.php
3
  *
4
  * Functions used in admin and in themes
5
+ * Version 6.9.16
6
  *
7
  */
8
 
316
  if ( ! is_file( $filename ) ) return;
317
 
318
  // Open file
319
+ $file = wppa_fopen( $filename, 'r' );
320
 
321
  // If unable to open, quit
322
  if ( ! $file ) return;
440
  return $result;
441
  }
442
 
443
+ function wppa_get_album_order_column( $parent = '0' ) {
444
+
445
+ // Album given ?
446
+ if ( $parent > '0' ) {
447
+ $order = wppa_get_album_item( $parent, 'suba_order_by' );
448
+ }
449
+ else {
450
+ $order = '0';
451
+ }
452
+ if ( ! $order ) {
453
+ $order = wppa_opt( 'list_albums_by' );
454
+ }
455
+
456
+ switch ( $order ) {
457
+ case '1':
458
+ case '-1':
459
+ $result = 'a_order';
460
+ break;
461
+ case '2':
462
+ case '-2':
463
+ $result = 'name';
464
+ break;
465
+ case '3':
466
+ $result = 'random';
467
+ break;
468
+ case '5':
469
+ case '-5':
470
+ $result = 'timestamp';
471
+ break;
472
+ default:
473
+ $result = 'id';
474
+ }
475
+
476
+ return $result;
477
+ }
478
+
479
+ function wppa_is_album_order_desc( $parent = '0' ) {
480
+
481
+ // Album given ?
482
+ if ( $parent > '0' ) {
483
+ $order = wppa_get_album_item( $parent, 'suba_order_by' );
484
+ }
485
+ else {
486
+ $order = '0';
487
+ }
488
+ if ( ! $order ) {
489
+ $order = wppa_opt( 'list_albums_by' );
490
+ }
491
+
492
+ return ( $order < '0' );
493
+ }
494
+
495
  // get photo order
496
  function wppa_get_photo_order( $id = '0', $no_random = false ) {
497
  global $wpdb;
577
  return $result;
578
  }
579
 
580
+ function wppa_is_photo_order_desc( $id = '0' ) {
581
+
582
+ // Album specified?
583
+ if ( wppa_is_int( $id ) && $id > '0' ) {
584
+ $order = wppa_get_album_item( $id, 'p_order_by' );
585
+ }
586
+
587
+ // No album specified
588
+ else {
589
+ $order = '0';
590
+ }
591
+
592
+ // No order yet? Use default
593
+ if ( ! $order ) {
594
+ $order = wppa_opt( 'list_photos_by' );
595
+ }
596
+
597
+ return ( $order < '0' );
598
+ }
599
+
600
+ function wppa_get_photo_order_column( $id = '0', $no_random = false ) {
601
+ global $wpdb;
602
+ global $wppa;
603
+
604
+ // Random overrule?
605
+ if ( wppa( 'is_random' ) ) {
606
+ $result = 'random';
607
+ return $result;
608
+ }
609
+
610
+ // Album specified?
611
+ if ( wppa_is_int( $id ) && $id > '0' ) {
612
+ $order = wppa_get_album_item( $id, 'p_order_by' );
613
+ }
614
+
615
+ // No album specified
616
+ else {
617
+ $order = '0';
618
+ }
619
+
620
+ // No order yet? Use default
621
+ if ( ! $order ) {
622
+ $order = wppa_opt( 'list_photos_by' );
623
+ }
624
+
625
+ switch ( $order ) {
626
+
627
+ case '1':
628
+ case '-1':
629
+ $result = 'p_order';
630
+ break;
631
+ case '2':
632
+ case '-2':
633
+ $result = 'name';
634
+ break;
635
+ case '3':
636
+ case '-3':
637
+ $result = 'random';
638
+ break;
639
+ case '4':
640
+ case '-4':
641
+ $result = 'mean_rating';
642
+ break;
643
+ case '5':
644
+ case '-5':
645
+ $result = 'timestamp';
646
+ break;
647
+ case '6':
648
+ case '-6':
649
+ $result = 'rating_count';
650
+ break;
651
+ case '7':
652
+ case '-7':
653
+ $result = 'exifdtm';
654
+ break;
655
+
656
+ default:
657
+ $result = 'id';
658
+ }
659
+
660
+ return $result;
661
+ }
662
 
663
  // See if an album is another albums ancestor
664
  function wppa_is_ancestor( $anc, $xchild ) {
1994
  }
1995
 
1996
  if ( $wppa_js_page_data_file && ! $wppa['ajax'] ) {
1997
+ $handle = wppa_fopen( $wppa_js_page_data_file, 'ab' );
1998
  }
1999
  else {
2000
  $handle = false;
wppa-cron.php CHANGED
@@ -3,7 +3,7 @@
3
  * Package: wp-photo-album-plus
4
  *
5
  * Contains all cron functions
6
- * Version 6.9.14
7
  *
8
  *
9
  */
@@ -332,7 +332,7 @@ function _wppa_do_clear_cache( $dir ) {
332
  _wppa_do_clear_cache( $fso );
333
  }
334
  else {
335
- $file = fopen( $fso, 'rb' );
336
  if ( $file ) {
337
  $size = filesize( $fso );
338
  if ( $size ) {
3
  * Package: wp-photo-album-plus
4
  *
5
  * Contains all cron functions
6
+ * Version 6.9.16
7
  *
8
  *
9
  */
332
  _wppa_do_clear_cache( $fso );
333
  }
334
  else {
335
+ $file = wppa_fopen( $fso, 'rb' );
336
  if ( $file ) {
337
  $size = filesize( $fso );
338
  if ( $size ) {
wppa-exif-iptc-common.php CHANGED
@@ -3,7 +3,7 @@
3
  * Package: wp-photo-album-plus
4
  *
5
  * exif and iptc common functions
6
- * version 6.9.15
7
  *
8
  *
9
  */
@@ -2905,10 +2905,15 @@ function wppa_simplify_rational( $data, $divide = false, $dec = 0 ) {
2905
  $y = $t[1];
2906
 
2907
  // Divide result?
2908
- if ( $divide ) {
2909
- $result = $x / $y;
2910
- if ( $dec ) {
2911
- $result = sprintf( '%4.' . $dec . 'f', $result );
 
 
 
 
 
2912
  }
2913
  return $result;
2914
  }
3
  * Package: wp-photo-album-plus
4
  *
5
  * exif and iptc common functions
6
+ * version 6.9.16
7
  *
8
  *
9
  */
2905
  $y = $t[1];
2906
 
2907
  // Divide result?
2908
+ if ( $divide ) {
2909
+ if ( $y ) {
2910
+ $result = $x / $y;
2911
+ if ( $dec ) {
2912
+ $result = sprintf( '%4.' . $dec . 'f', $result );
2913
+ }
2914
+ }
2915
+ else {
2916
+ $result = $data;
2917
  }
2918
  return $result;
2919
  }
wppa-export.php CHANGED
@@ -3,7 +3,7 @@
3
  * Package: wp-photo-album-plus
4
  *
5
  * Contains all the export functions
6
- * Version 6.9.14
7
  *
8
  */
9
 
@@ -101,10 +101,10 @@ global $wppa_temp_idx;
101
 
102
  if (isset($_POST['high'])) $high = $_POST['high']; else $high = 0;
103
 
104
- if ($high) {
105
  $id = 0;
106
  $cnt = 0;
107
- while ($id <= $high) {
108
  if (isset($_POST['album-'.$id])) {
109
  _e('<br/>Processing album', 'wp-photo-album-plus'); echo(' '.$id.'....');
110
  wppa_write_album_file_by_id($id);
@@ -113,8 +113,9 @@ global $wppa_temp_idx;
113
  foreach ( $photos as $photo ) {
114
 
115
  // Copy the photo
116
- $from = wppa_get_photo_path( $photo['id'] );
117
- $to = WPPA_DEPOT_PATH.'/'.$photo['id'].'.'.$photo['ext'];
 
118
 
119
  if ( $wppa_zip ) {
120
  $wppa_zip->addFile ( $from, basename ( $to ) );
@@ -159,7 +160,7 @@ global $wppa_temp_idx;
159
  $album = $wpdb->get_row($wpdb->prepare( 'SELECT * FROM '.WPPA_ALBUMS.' WHERE id = %s LIMIT 0,1', $id ), 'ARRAY_A');
160
  if ($album) {
161
  $fname = WPPA_DEPOT_PATH.'/'.$id.'.amf';
162
- $file = fopen($fname, 'wb');
163
  $err = false;
164
  if ($file) {
165
  if (fwrite($file, "name=".$album['name']."\n") !== FALSE) {
@@ -225,7 +226,7 @@ global $wppa_temp;
225
  global $wppa_temp_idx;
226
  if ($photo) {
227
  $fname = WPPA_DEPOT_PATH.'/'.$photo['id'].'.pmf';
228
- $file = fopen($fname, 'wb');
229
  $err = false;
230
  if ($file) {
231
  if (fwrite($file, "name=".$photo['name']."\n") !== FALSE) {
3
  * Package: wp-photo-album-plus
4
  *
5
  * Contains all the export functions
6
+ * Version 6.9.16
7
  *
8
  */
9
 
101
 
102
  if (isset($_POST['high'])) $high = $_POST['high']; else $high = 0;
103
 
104
+ if ( $high ) {
105
  $id = 0;
106
  $cnt = 0;
107
+ while ( $id <= $high ) {
108
  if (isset($_POST['album-'.$id])) {
109
  _e('<br/>Processing album', 'wp-photo-album-plus'); echo(' '.$id.'....');
110
  wppa_write_album_file_by_id($id);
113
  foreach ( $photos as $photo ) {
114
 
115
  // Copy the photo
116
+ $photo_id = strval( intval( $photo['id'] ) );
117
+ $from = wppa_get_photo_path( $photo_id );
118
+ $to = WPPA_DEPOT_PATH . '/' . $photo_id . '.' . $photo['ext'];
119
 
120
  if ( $wppa_zip ) {
121
  $wppa_zip->addFile ( $from, basename ( $to ) );
160
  $album = $wpdb->get_row($wpdb->prepare( 'SELECT * FROM '.WPPA_ALBUMS.' WHERE id = %s LIMIT 0,1', $id ), 'ARRAY_A');
161
  if ($album) {
162
  $fname = WPPA_DEPOT_PATH.'/'.$id.'.amf';
163
+ $file = wppa_fopen($fname, 'wb');
164
  $err = false;
165
  if ($file) {
166
  if (fwrite($file, "name=".$album['name']."\n") !== FALSE) {
226
  global $wppa_temp_idx;
227
  if ($photo) {
228
  $fname = WPPA_DEPOT_PATH.'/'.$photo['id'].'.pmf';
229
+ $file = wppa_fopen($fname, 'wb');
230
  $err = false;
231
  if ($file) {
232
  if (fwrite($file, "name=".$photo['name']."\n") !== FALSE) {
wppa-functions.php CHANGED
@@ -3,7 +3,7 @@
3
  * Package: wp-photo-album-plus
4
  *
5
  * Various functions
6
- * Version 6.9.15
7
  *
8
  */
9
 
@@ -1003,7 +1003,9 @@ global $wppa_session;
1003
 
1004
  // If Catbox specifies a category to limit, remove all albums that do not have the desired cat.
1005
  if ( wppa( 'catbox' ) ) {
1006
- $catalbs = $wpdb->get_col( "SELECT `id` FROM $wpdb->wppa_albums WHERE `cats` LIKE '%" . wppa( 'catbox' ) . "%' " );
 
 
1007
  $final_array = array_intersect( $final_array, $catalbs );
1008
  }
1009
 
@@ -1014,7 +1016,8 @@ global $wppa_session;
1014
  }
1015
 
1016
  // Get them
1017
- $albums = $wpdb->get_results( "SELECT * FROM $wpdb->wppa_albums WHERE " . $selection . " " . wppa_get_album_order( '0' ), ARRAY_A );
 
1018
 
1019
  // Exclusive separate albums?
1020
  if ( wppa_switch( 'excl_sep' ) ) {
@@ -2793,11 +2796,21 @@ global $wpdb;
2793
 
2794
  if ( $x > $y ) {
2795
  $w = wppa_opt( 'popupsize' );
2796
- $h = round( $w * $y / $x );
 
 
 
 
 
2797
  }
2798
  else {
2799
  $h = wppa_opt( 'popupsize' );
2800
- $w = round( $h * $x / $y );
 
 
 
 
 
2801
  }
2802
 
2803
  if ( wppa_is_video( $id ) ) {
@@ -3280,7 +3293,6 @@ global $blog_id;
3280
  $ok = wp_verify_nonce( $nonce, 'wppa-check' );
3281
  if ( $ok ) {
3282
  wppa_dbg_msg( 'Rating nonce ok' );
3283
- if ( ! is_user_logged_in() ) sleep( 2 );
3284
  }
3285
  else die( '<b>' . __( 'ERROR: Illegal attempt to enter a rating.' , 'wp-photo-album-plus') . '</b>' );
3286
  }
@@ -3293,7 +3305,6 @@ global $blog_id;
3293
  $ok = wp_verify_nonce( $nonce, 'wppa-check' );
3294
  if ( $ok ) {
3295
  wppa_dbg_msg( 'Comment nonce ok' );
3296
- if ( ! is_user_logged_in() ) sleep( 2 );
3297
  }
3298
  else die( '<b>' . __( 'ERROR: Illegal attempt to enter a comment.' , 'wp-photo-album-plus') . '</b>' );
3299
  }
@@ -4399,7 +4410,7 @@ global $wppa_upload_succes_id;
4399
  $fail = '0';
4400
  foreach ( $_FILES as $file ) {
4401
  if ( ! is_array( $file['error'] ) ) {
4402
- wppa( 'unsanitized_filename', $file['name'] );
4403
  $iret = wppa_do_frontend_file_upload( $file, $alb ); // this should no longer happen since the name is incl []
4404
  if ( $iret ) {
4405
  $uploaded_ids[] = $iret;
@@ -4417,10 +4428,10 @@ global $wppa_upload_succes_id;
4417
  if ( $iret ) {
4418
  $f['error'] = $file['error'][$i];
4419
  $f['tmp_name'] = $file['tmp_name'][$i];
4420
- $f['name'] = $file['name'][$i];
4421
  $f['type'] = $file['type'][$i];
4422
  $f['size'] = $file['size'][$i];
4423
- wppa( 'unsanitized_filename', $file['name'][$i] );
4424
  $iret = wppa_do_frontend_file_upload( $f, $alb );
4425
 
4426
  // Report phto id if from tinymce photo shortcode generator upload
@@ -4628,7 +4639,7 @@ global $wppa_alert;
4628
  }
4629
 
4630
  // Find the filename
4631
- $filename = wppa_sanitize_file_name( $file['name'] );
4632
  $filename = wppa_strip_ext( $filename );
4633
 
4634
  // See if this filename with any extension already exists in this album
@@ -4694,11 +4705,11 @@ global $wppa_alert;
4694
  $ext = strtolower( wppa_get_ext( $file['name'] ) );
4695
  $newpath = wppa_strip_ext( wppa_get_photo_path( $id, false ) ).'.'.$ext;
4696
 
4697
- copy( $file['tmp_name'], $newpath );
4698
 
4699
  // Repair name if not standard
4700
  if ( ! wppa_get_post( 'user-name' ) ) {
4701
- wppa_log('obs', 'in functions 4700:'.$file['name']);
4702
  wppa( 'unsanitized_filename', $file['name'] );
4703
  wppa_set_default_name( $id, $file['name'] );
4704
  }
@@ -4731,7 +4742,7 @@ global $wppa_alert;
4731
 
4732
  // Is it a supported image filetype?
4733
  if ( $imgsize[2] != IMAGETYPE_GIF && $imgsize[2] != IMAGETYPE_JPEG && $imgsize[2] != IMAGETYPE_PNG ) {
4734
- $wppa_alert .= esc_js( sprintf( __( 'Only gif, jpg and png image files are supported. Returned info = %s.' , 'wp-photo-album-plus'), wppa_serialize( $imgsize ) ), false, false );
4735
  return false;
4736
  }
4737
 
3
  * Package: wp-photo-album-plus
4
  *
5
  * Various functions
6
+ * Version 6.9.16
7
  *
8
  */
9
 
1003
 
1004
  // If Catbox specifies a category to limit, remove all albums that do not have the desired cat.
1005
  if ( wppa( 'catbox' ) ) {
1006
+ $likecats = '%' . esc_like( wppa( 'catbox' ) ) . '%';
1007
+ $catalbs = $wpdb->get_col( $wpdb->prepare( "SELECT id FROM {$wpdb->prefix}wppa_albums
1008
+ WHERE cats LIKE %s", $likecats ) );
1009
  $final_array = array_intersect( $final_array, $catalbs );
1010
  }
1011
 
1016
  }
1017
 
1018
  // Get them
1019
+ $albums = $wpdb->get_results( "SELECT * FROM {$wpdb->prefix}wppa_albums
1020
+ WHERE " . $selection . " " . wppa_get_album_order( '0' ), ARRAY_A );
1021
 
1022
  // Exclusive separate albums?
1023
  if ( wppa_switch( 'excl_sep' ) ) {
2796
 
2797
  if ( $x > $y ) {
2798
  $w = wppa_opt( 'popupsize' );
2799
+ if ( $x ) {
2800
+ $h = round( $w * $y / $x );
2801
+ }
2802
+ else {
2803
+ $h = $w;
2804
+ }
2805
  }
2806
  else {
2807
  $h = wppa_opt( 'popupsize' );
2808
+ if ( $y ) {
2809
+ $w = round( $h * $x / $y );
2810
+ }
2811
+ else {
2812
+ $w = $h;
2813
+ }
2814
  }
2815
 
2816
  if ( wppa_is_video( $id ) ) {
3293
  $ok = wp_verify_nonce( $nonce, 'wppa-check' );
3294
  if ( $ok ) {
3295
  wppa_dbg_msg( 'Rating nonce ok' );
 
3296
  }
3297
  else die( '<b>' . __( 'ERROR: Illegal attempt to enter a rating.' , 'wp-photo-album-plus') . '</b>' );
3298
  }
3305
  $ok = wp_verify_nonce( $nonce, 'wppa-check' );
3306
  if ( $ok ) {
3307
  wppa_dbg_msg( 'Comment nonce ok' );
 
3308
  }
3309
  else die( '<b>' . __( 'ERROR: Illegal attempt to enter a comment.' , 'wp-photo-album-plus') . '</b>' );
3310
  }
4410
  $fail = '0';
4411
  foreach ( $_FILES as $file ) {
4412
  if ( ! is_array( $file['error'] ) ) {
4413
+ wppa( 'unsanitized_filename', basename( $file['name'] ) );
4414
  $iret = wppa_do_frontend_file_upload( $file, $alb ); // this should no longer happen since the name is incl []
4415
  if ( $iret ) {
4416
  $uploaded_ids[] = $iret;
4428
  if ( $iret ) {
4429
  $f['error'] = $file['error'][$i];
4430
  $f['tmp_name'] = $file['tmp_name'][$i];
4431
+ $f['name'] = basename( $file['name'][$i] );
4432
  $f['type'] = $file['type'][$i];
4433
  $f['size'] = $file['size'][$i];
4434
+ wppa( 'unsanitized_filename', basename( $file['name'][$i] ) );
4435
  $iret = wppa_do_frontend_file_upload( $f, $alb );
4436
 
4437
  // Report phto id if from tinymce photo shortcode generator upload
4639
  }
4640
 
4641
  // Find the filename
4642
+ $filename = wppa_sanitize_file_name( basename( $file['name'] ) );
4643
  $filename = wppa_strip_ext( $filename );
4644
 
4645
  // See if this filename with any extension already exists in this album
4705
  $ext = strtolower( wppa_get_ext( $file['name'] ) );
4706
  $newpath = wppa_strip_ext( wppa_get_photo_path( $id, false ) ).'.'.$ext;
4707
 
4708
+ wppa_move_uploaded_file( $file['tmp_name'], $newpath );
4709
 
4710
  // Repair name if not standard
4711
  if ( ! wppa_get_post( 'user-name' ) ) {
4712
+ // wppa_log('obs', 'in functions 4700:'.$file['name']);
4713
  wppa( 'unsanitized_filename', $file['name'] );
4714
  wppa_set_default_name( $id, $file['name'] );
4715
  }
4742
 
4743
  // Is it a supported image filetype?
4744
  if ( $imgsize[2] != IMAGETYPE_GIF && $imgsize[2] != IMAGETYPE_JPEG && $imgsize[2] != IMAGETYPE_PNG ) {
4745
+ $wppa_alert .= esc_js( sprintf( __( 'Only gif, jpg and png image files are supported. Returned info = %s.' , 'wp-photo-album-plus'), serialize( $imgsize ) ), false, false );
4746
  return false;
4747
  }
4748
 
wppa-htaccess.php CHANGED
@@ -3,7 +3,7 @@
3
  * Package: wp-photo-album-plus
4
  *
5
  * Various funcions
6
- * Version 6.9.14
7
  *
8
  */
9
 
@@ -24,7 +24,7 @@ function wppa_create_wppa_htaccess_( $filename ) {
24
 
25
  // Grant access
26
  case 'grant':
27
- $file = fopen( $filename, 'wb' );
28
  if ( $file ) {
29
  fwrite( $file, '<IfModule mod_rewrite.c>' );
30
  fwrite( $file, "\n" . 'RewriteEngine Off' );
@@ -53,7 +53,7 @@ function wppa_create_wppa_htaccess_( $filename ) {
53
  if ( $i ) {
54
  $domain = substr( $domain, 0, $i );
55
  }
56
- $file = fopen( $filename, 'wb' );
57
  if ( $file ) {
58
  /*
59
  <IfModule mod_rewrite.c>
@@ -141,14 +141,14 @@ global $wpdb;
141
  }
142
 
143
  // Create pl root directory
144
- $pl_root = WPPA_CONTENT_PATH . '/' . $pl_dirname;
145
  if ( ! wppa_mktree( $pl_root ) ) {
146
  wppa_log( 'Error', 'Can not create '.$pl_root );
147
  return false;
148
  }
149
 
150
  // Create .htaccess file
151
- $file = fopen( $pl_root . '/.htaccess', 'wb' );
152
  if ( ! $file ) {
153
  wppa_log( 'Error', 'Can not create '.$pl_root . '/.htaccess' );
154
  return false;
3
  * Package: wp-photo-album-plus
4
  *
5
  * Various funcions
6
+ * Version 6.9.16
7
  *
8
  */
9
 
24
 
25
  // Grant access
26
  case 'grant':
27
+ $file = wppa_fopen( $filename, 'wb' );
28
  if ( $file ) {
29
  fwrite( $file, '<IfModule mod_rewrite.c>' );
30
  fwrite( $file, "\n" . 'RewriteEngine Off' );
53
  if ( $i ) {
54
  $domain = substr( $domain, 0, $i );
55
  }
56
+ $file = wppa_fopen( $filename, 'wb' );
57
  if ( $file ) {
58
  /*
59
  <IfModule mod_rewrite.c>
141
  }
142
 
143
  // Create pl root directory
144
+ $pl_root = WPPA_CONTENT_PATH . '/' . sanitize_file_name( basename( $pl_dirname ) );
145
  if ( ! wppa_mktree( $pl_root ) ) {
146
  wppa_log( 'Error', 'Can not create '.$pl_root );
147
  return false;
148
  }
149
 
150
  // Create .htaccess file
151
+ $file = wppa_fopen( $pl_root . '/.htaccess', 'wb' );
152
  if ( ! $file ) {
153
  wppa_log( 'Error', 'Can not create '.$pl_root . '/.htaccess' );
154
  return false;
wppa-import.php CHANGED
@@ -3,7 +3,7 @@
3
  * Package: wp-photo-album-plus
4
  *
5
  * Contains all the import pages and functions
6
- * Version 6.9.15
7
  *
8
  */
9
 
@@ -1432,13 +1432,13 @@ global $wppa_session;
1432
  echo '<br />';
1433
  _e( 'Compressed file types: .zip', 'wp-photo-album-plus' );
1434
  }
1435
- if ( true ) {
1436
- echo '<br />';
1437
- _e( 'Photo file types:', 'wp-photo-album-plus' );
1438
- foreach ( $wppa_supported_photo_extensions as $ext ) {
1439
- echo ' .'.$ext;
1440
- }
1441
  }
 
1442
  if ( wppa_switch( 'enable_video' ) ) {
1443
  echo '<br />';
1444
  _e( 'Video file types:', 'wp-photo-album-plus' );
@@ -1697,7 +1697,7 @@ global $wppa_supported_audio_extensions;
1697
  $parent = '0';
1698
  $porder = '0';
1699
  $owner = '';
1700
- $handle = fopen( str_replace( '../', '', $album ), "r" );
1701
  if ( $handle ) {
1702
  $buffer = fgets( $handle, 4096 );
1703
  while ( !feof( $handle ) ) {
@@ -1797,7 +1797,7 @@ global $wppa_supported_audio_extensions;
1797
  }
1798
  }
1799
  elseif ( isset( $_POST['wppa-photo-album'] ) ) {
1800
- $album = $_POST['wppa-photo-album'];
1801
  }
1802
  else $album = '0';
1803
 
@@ -1938,7 +1938,8 @@ global $wppa_supported_audio_extensions;
1938
  else {
1939
  $id = substr( $id, 0, strpos( $id, '.' ) );
1940
  if ( ! is_numeric( $id ) || ! wppa_is_id_free( WPPA_PHOTOS, $id ) ) $id = 0;
1941
- if ( wppa_insert_photo( $unsanitized_path_name, $alb, stripslashes( $name ), stripslashes( $desc ), $porder, $id, stripslashes( $linkurl ), stripslashes( $linktitle ) ) ) {
 
1942
  if ( wppa( 'ajax' ) ) {
1943
  wppa( 'ajax_import_files_done', true );
1944
  }
@@ -1947,6 +1948,7 @@ global $wppa_supported_audio_extensions;
1947
  unlink( $unsanitized_path_name );
1948
  if ( is_file( $meta ) ) unlink( $meta );
1949
  }
 
1950
 
1951
  // If ajax and remote and not a page, update url to successfully imported photo
1952
  if ( wppa( 'ajax' ) && wppa( 'is_remote' ) ) {
@@ -2056,7 +2058,7 @@ global $wppa_supported_audio_extensions;
2056
  rename( $file, $newpath );
2057
  }
2058
  else {
2059
- copy( $file, $newpath );
2060
  }
2061
 
2062
  if ( wppa( 'ajax' ) ) {
@@ -2118,7 +2120,7 @@ global $wppa_supported_audio_extensions;
2118
 
2119
  // Add audio filetype
2120
  $newpath = wppa_strip_ext( wppa_get_photo_path( $id, false ) ).'.'.$ext;
2121
- copy( $file, $newpath );
2122
  if ( $delu ) unlink( $file );
2123
  if ( wppa( 'ajax' ) ) {
2124
  wppa( 'ajax_import_files_done', true );
@@ -2237,12 +2239,12 @@ global $wppa_supported_audio_extensions;
2237
  copy ( $file, $tempfile );
2238
 
2239
  // Open file
2240
- $handle = fopen( str_replace( '../', '', $tempfile ), "rt" );
2241
  if ( ! $handle ) {
2242
  wppa_error_message( __( 'Can not open file. Can not continue. (1)', 'wp-photo-album-plus') );
2243
  return;
2244
  }
2245
- $write_handle = fopen( str_replace( '../', '', $file ), "wt" );
2246
  if ( ! $write_handle ) {
2247
  wppa_error_message( __( 'Can not open file. Can not continue. (2)', 'wp-photo-album-plus') );
2248
  return;
@@ -2787,7 +2789,7 @@ function wppa_get_meta_data( $file, $item, $opt ) {
2787
  if ( $opt == '{' ) $opt2 = '}';
2788
  if ( $opt == '[' ) $opt2 = ']';
2789
  if ( is_file( $file ) ) {
2790
- $handle = fopen( str_replace( '../', '', $file ), "r" );
2791
  if ( $handle ) {
2792
  while ( ( $buffer = fgets( $handle, 4096 ) ) !== false ) {
2793
  if ( substr( $buffer, 0, 5 ) == $item.'=' ) {
@@ -2834,7 +2836,7 @@ function wppa_extract( $xpath, $delz ) {
2834
  $ext = strtolower( wppa_get_ext( $xpath ) );
2835
  if ( $ext == 'zip' ) {
2836
  $zip = new ZipArchive;
2837
- if ( $zip->open( str_replace( '../', '', $xpath ) ) === true ) {
2838
 
2839
  $supported_file_ext = array( 'jpg', 'png', 'gif', 'JPG', 'PNG', 'GIF', 'amf', 'pmf', 'zip', 'csv' );
2840
  $done = '0';
@@ -2946,7 +2948,7 @@ global $wppa_session;
2946
 
2947
  // If we find a .csv file, move it to our depot and give a warning message
2948
  if ( wppa_get_ext( $photofile ) == 'csv' ) {
2949
- copy( $photofile, WPPA_DEPOT_PATH . '/' . basename( $photofile ) );
2950
  @ unlink( $photofile );
2951
  wppa_warning_message( sprintf( __( '.csv file %s has been moved to your depot.', 'wp-photo-album-plus' ), basename( $photofile ) ) );
2952
  }
@@ -2956,8 +2958,11 @@ global $wppa_session;
2956
  }
2957
  }
2958
  else {
2959
- $bret = wppa_insert_photo( $photofile, $alb, basename( $photofile ) );
2960
- $photocount++;
 
 
 
2961
  }
2962
  if ( ! wppa_switch( 'keep_import_files' ) ) {
2963
  @ unlink( $photofile );
3
  * Package: wp-photo-album-plus
4
  *
5
  * Contains all the import pages and functions
6
+ * Version 6.9.16
7
  *
8
  */
9
 
1432
  echo '<br />';
1433
  _e( 'Compressed file types: .zip', 'wp-photo-album-plus' );
1434
  }
1435
+
1436
+ echo '<br />';
1437
+ _e( 'Photo file types:', 'wp-photo-album-plus' );
1438
+ foreach ( $wppa_supported_photo_extensions as $ext ) {
1439
+ echo ' .'.$ext;
 
1440
  }
1441
+
1442
  if ( wppa_switch( 'enable_video' ) ) {
1443
  echo '<br />';
1444
  _e( 'Video file types:', 'wp-photo-album-plus' );
1697
  $parent = '0';
1698
  $porder = '0';
1699
  $owner = '';
1700
+ $handle = wppa_fopen( WPPA_DEPOT_PATH . '/' . basename( $album ), "r" );
1701
  if ( $handle ) {
1702
  $buffer = fgets( $handle, 4096 );
1703
  while ( !feof( $handle ) ) {
1797
  }
1798
  }
1799
  elseif ( isset( $_POST['wppa-photo-album'] ) ) {
1800
+ $album = strval( intval( $_POST['wppa-photo-album'] ) );
1801
  }
1802
  else $album = '0';
1803
 
1938
  else {
1939
  $id = substr( $id, 0, strpos( $id, '.' ) );
1940
  if ( ! is_numeric( $id ) || ! wppa_is_id_free( WPPA_PHOTOS, $id ) ) $id = 0;
1941
+ $id = wppa_insert_photo( $unsanitized_path_name, $alb, stripslashes( $name ), stripslashes( $desc ), $porder, $id, stripslashes( $linkurl ), stripslashes( $linktitle ) );
1942
+ if ( $id ) {
1943
  if ( wppa( 'ajax' ) ) {
1944
  wppa( 'ajax_import_files_done', true );
1945
  }
1948
  unlink( $unsanitized_path_name );
1949
  if ( is_file( $meta ) ) unlink( $meta );
1950
  }
1951
+ wppa_set_default_name( $id, stripslashes( $name ) );
1952
 
1953
  // If ajax and remote and not a page, update url to successfully imported photo
1954
  if ( wppa( 'ajax' ) && wppa( 'is_remote' ) ) {
2058
  rename( $file, $newpath );
2059
  }
2060
  else {
2061
+ wppa_copy( $file, $newpath );
2062
  }
2063
 
2064
  if ( wppa( 'ajax' ) ) {
2120
 
2121
  // Add audio filetype
2122
  $newpath = wppa_strip_ext( wppa_get_photo_path( $id, false ) ).'.'.$ext;
2123
+ wppa_copy( $file, $newpath );
2124
  if ( $delu ) unlink( $file );
2125
  if ( wppa( 'ajax' ) ) {
2126
  wppa( 'ajax_import_files_done', true );
2239
  copy ( $file, $tempfile );
2240
 
2241
  // Open file
2242
+ $handle = wppa_fopen( $tempfile, "rt" );
2243
  if ( ! $handle ) {
2244
  wppa_error_message( __( 'Can not open file. Can not continue. (1)', 'wp-photo-album-plus') );
2245
  return;
2246
  }
2247
+ $write_handle = wppa_fopen( $file, "wt" );
2248
  if ( ! $write_handle ) {
2249
  wppa_error_message( __( 'Can not open file. Can not continue. (2)', 'wp-photo-album-plus') );
2250
  return;
2789
  if ( $opt == '{' ) $opt2 = '}';
2790
  if ( $opt == '[' ) $opt2 = ']';
2791
  if ( is_file( $file ) ) {
2792
+ $handle = wppa_fopen( WPPA_DEPOT_PATH . '/' . basename( $file ), "r" );
2793
  if ( $handle ) {
2794
  while ( ( $buffer = fgets( $handle, 4096 ) ) !== false ) {
2795
  if ( substr( $buffer, 0, 5 ) == $item.'=' ) {
2836
  $ext = strtolower( wppa_get_ext( $xpath ) );
2837
  if ( $ext == 'zip' ) {
2838
  $zip = new ZipArchive;
2839
+ if ( $zip->open( WPPA_DEPOT_PATH . '/' . basename( $xpath ) ) === true ) {
2840
 
2841
  $supported_file_ext = array( 'jpg', 'png', 'gif', 'JPG', 'PNG', 'GIF', 'amf', 'pmf', 'zip', 'csv' );
2842
  $done = '0';
2948
 
2949
  // If we find a .csv file, move it to our depot and give a warning message
2950
  if ( wppa_get_ext( $photofile ) == 'csv' ) {
2951
+ wppa_copy( $photofile, WPPA_DEPOT_PATH . '/' . basename( $photofile ) );
2952
  @ unlink( $photofile );
2953
  wppa_warning_message( sprintf( __( '.csv file %s has been moved to your depot.', 'wp-photo-album-plus' ), basename( $photofile ) ) );
2954
  }
2958
  }
2959
  }
2960
  else {
2961
+ $id = wppa_insert_photo( $photofile, $alb );
2962
+ if ( $id ) {
2963
+ /*hier*/ wppa_set_default_name( $id );
2964
+ $photocount++;
2965
+ }
2966
  }
2967
  if ( ! wppa_switch( 'keep_import_files' ) ) {
2968
  @ unlink( $photofile );
wppa-init.php CHANGED
@@ -4,7 +4,7 @@
4
  *
5
  * This file loads required php files and contains all functions used in init actions.
6
  *
7
- * Version 6.9.14
8
  */
9
 
10
  /* LOAD SIDEBAR WIDGETS */
@@ -56,6 +56,7 @@ require_once 'wppa-cron.php';
56
  require_once 'wppa-maintenance.php';
57
  require_once 'wppa-tinymce-common.php';
58
  require_once 'wppa-local-cdn.php';
 
59
 
60
  /* Required for widget displays at back-end */
61
  require_once 'wppa-links.php';
4
  *
5
  * This file loads required php files and contains all functions used in init actions.
6
  *
7
+ * Version 6.9.16
8
  */
9
 
10
  /* LOAD SIDEBAR WIDGETS */
56
  require_once 'wppa-maintenance.php';
57
  require_once 'wppa-tinymce-common.php';
58
  require_once 'wppa-local-cdn.php';
59
+ require_once 'wppa-wrappers.php';
60
 
61
  /* Required for widget displays at back-end */
62
  require_once 'wppa-links.php';
wppa-items.php CHANGED
@@ -3,7 +3,7 @@
3
  * Package: wp-photo-album-plus
4
  *
5
  * Contains functions to retrieve album and photo items
6
- * Version 6.9.15
7
  *
8
  */
9
 
@@ -792,9 +792,12 @@ function wppa_get_thumbx( $id, $force = false ) {
792
  if ( $x > $y ) { // Landscape
793
  $result = wppa_opt( 'thumbsize' );
794
  }
795
- else {
796
  $result = wppa_opt( 'thumbsize' ) * $x / $y;
797
  }
 
 
 
798
  }
799
  else {
800
  $result = wppa_get_thumbphotoxy( $id, 'thumbx', $force );
3
  * Package: wp-photo-album-plus
4
  *
5
  * Contains functions to retrieve album and photo items
6
+ * Version 6.9.16
7
  *
8
  */
9
 
792
  if ( $x > $y ) { // Landscape
793
  $result = wppa_opt( 'thumbsize' );
794
  }
795
+ elseif ( $y ) {
796
  $result = wppa_opt( 'thumbsize' ) * $x / $y;
797
  }
798
+ else {
799
+ $result = '';
800
+ }
801
  }
802
  else {
803
  $result = wppa_get_thumbphotoxy( $id, 'thumbx', $force );
wppa-maintenance.php CHANGED
@@ -3,7 +3,7 @@
3
  * Package: wp-photo-album-plus
4
  *
5
  * Contains (not yet, but in the future maybe) all the maintenance routines
6
- * Version 6.9.15
7
  *
8
  */
9
 
@@ -57,6 +57,7 @@ $wppa_all_maintenance_slugs = array( 'wppa_remake_index_albums',
57
  'wppa_owner_to_name_proc',
58
  'wppa_move_all_photos',
59
  'wppa_cleanup_index',
 
60
  );
61
 
62
  global $wppa_cron_maintenance_slugs;
@@ -74,6 +75,7 @@ $wppa_cron_maintenance_slugs = array( 'wppa_remake_index_albums',
74
  'wppa_add_hd_tag',
75
  'wppa_crypt_photos',
76
  'wppa_crypt_albums',
 
77
 
78
  );
79
 
@@ -397,6 +399,7 @@ global $wppa_timestamp_start;
397
  case 'wppa_create_o1_files':
398
  case 'wppa_owner_to_name_proc':
399
  case 'wppa_move_all_photos':
 
400
 
401
  // Process photos
402
  $table = WPPA_PHOTOS;
@@ -839,6 +842,14 @@ global $wppa_timestamp_start;
839
  }
840
  break;
841
 
 
 
 
 
 
 
 
 
842
  case 'wppa_custom_photo_proc':
843
  $file = WPPA_UPLOAD_PATH . '/procs/wppa_custom_photo_proc.php';
844
  include $file;
@@ -1226,7 +1237,7 @@ global $wppa_log_file;
1226
  '</h2>' .
1227
  '<div style="float:left; clear:both; width:100%; overflow:auto; word-wrap:none;" >';
1228
 
1229
- if ( ! $file = @ fopen( $wppa_log_file, 'r' ) ) {
1230
  $result .= __( 'There are no log messages', 'wp-photo-album-plus' );
1231
  }
1232
  else {
3
  * Package: wp-photo-album-plus
4
  *
5
  * Contains (not yet, but in the future maybe) all the maintenance routines
6
+ * Version 6.9.16
7
  *
8
  */
9
 
57
  'wppa_owner_to_name_proc',
58
  'wppa_move_all_photos',
59
  'wppa_cleanup_index',
60
+ 'wppa_photos_hyphens_to_spaces',
61
  );
62
 
63
  global $wppa_cron_maintenance_slugs;
75
  'wppa_add_hd_tag',
76
  'wppa_crypt_photos',
77
  'wppa_crypt_albums',
78
+ 'wppa_photos_hyphens_to_spaces',
79
 
80
  );
81
 
399
  case 'wppa_create_o1_files':
400
  case 'wppa_owner_to_name_proc':
401
  case 'wppa_move_all_photos':
402
+ case 'wppa_photos_hyphens_to_spaces':
403
 
404
  // Process photos
405
  $table = WPPA_PHOTOS;
842
  }
843
  break;
844
 
845
+ case 'wppa_photos_hyphens_to_spaces':
846
+ $name = wppa_get_photo_item( $id, 'name' );
847
+ $newname = str_replace( '-', ' ', $name );
848
+ if ( $name != $newname ) {
849
+ wppa_update_photo( array( 'id' => $id, 'name' => $newname ) );
850
+ }
851
+ break;
852
+
853
  case 'wppa_custom_photo_proc':
854
  $file = WPPA_UPLOAD_PATH . '/procs/wppa_custom_photo_proc.php';
855
  include $file;
1237
  '</h2>' .
1238
  '<div style="float:left; clear:both; width:100%; overflow:auto; word-wrap:none;" >';
1239
 
1240
+ if ( ! $file = wppa_fopen( $wppa_log_file, 'r' ) ) {
1241
  $result .= __( 'There are no log messages', 'wp-photo-album-plus' );
1242
  }
1243
  else {
wppa-non-admin.php CHANGED
@@ -3,7 +3,7 @@
3
  * Package: wp-photo-album-plus
4
  *
5
  * Contains all the non admin stuff
6
- * Version 6.9.14
7
  *
8
  */
9
 
@@ -291,11 +291,11 @@ global $wppa_js_page_data_file;
291
  $tempdir = WPPA_UPLOAD_PATH.'/temp';
292
  if ( ! is_dir( $tempdir ) ) @ wppa_mktree( $tempdir );
293
 
294
- $handle = fopen ( $wppa_js_page_data_file, 'wb' );
295
 
296
  if ( $handle ) {
297
  fwrite( $handle, '/* WPPA+ Generated Page dependant javascript */'."\n" );
298
- fclose ( $handle );
299
  }
300
  else {
301
  $wppa_js_page_data_file = '';
@@ -789,7 +789,7 @@ wppaAudioHeight = '.wppa_get_audio_control_height().';';
789
  $result = wppa_make_relative( $result );
790
 
791
  if ( $wppa_js_page_data_file ) {
792
- $handle = @ fopen( $wppa_js_page_data_file, 'ab' );
793
  if ( $handle ) {
794
  fwrite( $handle, "\n/* START Page specific urls and browser dependant data */" . $result . "\n/* END Page specific urls and browser dependant data */\n" );
795
  fclose( $handle );
@@ -1062,7 +1062,7 @@ global $wppa_init_js_data;
1062
  ';
1063
 
1064
  // Open file
1065
- $file = @ fopen ( WPPA_PATH.'/wppa-init.'.$wppa_lang.'.js', 'wb' );
1066
  if ( $file ) {
1067
  // Write file
1068
  fwrite ( $file, $content );
3
  * Package: wp-photo-album-plus
4
  *
5
  * Contains all the non admin stuff
6
+ * Version 6.9.16
7
  *
8
  */
9
 
291
  $tempdir = WPPA_UPLOAD_PATH.'/temp';
292
  if ( ! is_dir( $tempdir ) ) @ wppa_mktree( $tempdir );
293
 
294
+ $handle = wppa_fopen( $wppa_js_page_data_file, 'wb' );
295
 
296
  if ( $handle ) {
297
  fwrite( $handle, '/* WPPA+ Generated Page dependant javascript */'."\n" );
298
+ fclose( $handle );
299
  }
300
  else {
301
  $wppa_js_page_data_file = '';
789
  $result = wppa_make_relative( $result );
790
 
791
  if ( $wppa_js_page_data_file ) {
792
+ $handle = wppa_fopen( $wppa_js_page_data_file, 'ab' );
793
  if ( $handle ) {
794
  fwrite( $handle, "\n/* START Page specific urls and browser dependant data */" . $result . "\n/* END Page specific urls and browser dependant data */\n" );
795
  fclose( $handle );
1062
  ';
1063
 
1064
  // Open file
1065
+ $file = wppa_fopen( WPPA_PATH.'/wppa-init.'.$wppa_lang.'.js', 'wb' );
1066
  if ( $file ) {
1067
  // Write file
1068
  fwrite ( $file, $content );
wppa-photo-admin-autosave.php CHANGED
@@ -3,7 +3,7 @@
3
  * Package: wp-photo-album-plus
4
  *
5
  * edit and delete photos
6
- * Version 6.9.15
7
  *
8
  */
9
 
@@ -625,10 +625,10 @@ function wppaToggleExif( id, count ) {
625
  ' >' .
626
  '<img' .
627
  ' id="tnp-' . $id . '"' .
628
- ' ' . ( wppa_switch( 'lazy' ) ? 'data-' : '' ) . 'src="' . $src . '"' .
629
  ' alt="' . esc_attr( $name ) . '"' .
630
  ' style="max-width: 160px; vertical-align:middle;"' .
631
- ( wppa_switch( 'lazy' ) ? ' class="wppa-lazy"' : '' ) .
632
  ' />' .
633
  '</a>';
634
  if ( $has_audio ) {
@@ -1635,9 +1635,9 @@ function wppaToggleExif( id, count ) {
1635
  '<td>' .
1636
  '<img' .
1637
  ' id="fs-img-' . $id . '"' .
1638
- ' ' . ( wppa_switch( 'lazy' ) ? 'data-' : '' ) . 'src="' . wppa_get_photo_url( $id ) . '"' .
1639
  ' style="float:left;max-width:90%;" ' .
1640
- ( wppa_switch( 'lazy' ) ? ' class="wppa-lazy"' : '' ) .
1641
  ' />' .
1642
  '<div' .
1643
  ' style="display:inline-block;vertical-align:middle;margin-left:4px;margin-top:' . ( min( 600, wppa_get_photoy( $id ) ) / 2 - 30 ) . 'px;"' .
@@ -3115,14 +3115,9 @@ global $wppa_search_stats;
3115
  else {
3116
  $pword = $wpdb->esc_like( $word ) . '%';
3117
  }
3118
-
3119
- // According to the doc ( https://codex.wordpress.org/Class_Reference/wpdb/esc_like ) this should work,
3120
- // but it generates an error saying: Too few arguments to function wpdb::prepare(), 1 passed in /... and exactly 2 expected
3121
- // $pidxs = $wpdb->get_results( $wpdb->prepare( "SELECT slug, photos FROM {$wpdb->prefix}wppa_index
3122
- // WHERE slug LIKE %s" ), $pword, ARRAY_A );
3123
- // So we must do it without prepare:
3124
- $pidxs = $wpdb->get_results( "SELECT slug, photos FROM {$wpdb->prefix}wppa_index
3125
- WHERE slug LIKE '" . $pword . "'", ARRAY_A );
3126
  $photos = array();
3127
 
3128
  // Accumulate photo ids
3
  * Package: wp-photo-album-plus
4
  *
5
  * edit and delete photos
6
+ * Version 6.9.16
7
  *
8
  */
9
 
625
  ' >' .
626
  '<img' .
627
  ' id="tnp-' . $id . '"' .
628
+ ' ' . ( wppa_switch( 'lazy' ) && $count > '1' ? 'data-' : '' ) . 'src="' . $src . '"' .
629
  ' alt="' . esc_attr( $name ) . '"' .
630
  ' style="max-width: 160px; vertical-align:middle;"' .
631
+ ( wppa_switch( 'lazy' ) && $count > '1' ? ' class="wppa-lazy"' : '' ) .
632
  ' />' .
633
  '</a>';
634
  if ( $has_audio ) {
1635
  '<td>' .
1636
  '<img' .
1637
  ' id="fs-img-' . $id . '"' .
1638
+ ' ' . ( wppa_switch( 'lazy' ) && $count > '1' ? 'data-' : '' ) . 'src="' . wppa_get_photo_url( $id ) . '"' .
1639
  ' style="float:left;max-width:90%;" ' .
1640
+ ( wppa_switch( 'lazy' ) && $count > '1' ? ' class="wppa-lazy"' : '' ) .
1641
  ' />' .
1642
  '<div' .
1643
  ' style="display:inline-block;vertical-align:middle;margin-left:4px;margin-top:' . ( min( 600, wppa_get_photoy( $id ) ) / 2 - 30 ) . 'px;"' .
3115
  else {
3116
  $pword = $wpdb->esc_like( $word ) . '%';
3117
  }
3118
+ $pidxs = $wpdb->get_results( $wpdb->prepare( "SELECT slug, photos
3119
+ FROM {$wpdb->prefix}wppa_index
3120
+ WHERE slug LIKE %s", $pword ), ARRAY_A );
 
 
 
 
 
3121
  $photos = array();
3122
 
3123
  // Accumulate photo ids
wppa-photo-files.php CHANGED
@@ -2,7 +2,7 @@
2
  /* wppa-photo-files.php
3
  *
4
  * Functions used to create/manipulate photofiles
5
- * Version 6.9.14
6
  *
7
  */
8
 
@@ -43,7 +43,7 @@ function wppa_make_o1_source( $id ) {
43
  else {
44
 
45
  // Copy source to destination
46
- copy( $src_path, $dst_path );
47
 
48
  // Correct orientation
49
  if ( ! wppa_orientate_image_file( $dst_path, $orient ) ) {
@@ -319,7 +319,7 @@ global $wpdb;
319
 
320
  }
321
  else { // No downsize needed, picture is small enough
322
- copy( $file, $newimage );
323
  }
324
  }
325
  wppa_log('dbg', 'Max memory used: ' . sprintf( '%6.2f MB', memory_get_peak_usage( true ) / ( 1024 * 1024 ) ) );
@@ -327,7 +327,7 @@ global $wpdb;
327
 
328
  // No resize on upload checked
329
  else {
330
- copy( $file, $newimage );
331
  }
332
 
333
  // File successfully created ?
@@ -627,7 +627,7 @@ function wppa_create_thumbnail( $id, $use_source = true ) {
627
 
628
  // Too litlle memory
629
  else {
630
- copy( $file, $thumbpath );
631
  }
632
 
633
  // Make sure file is accessible
@@ -642,15 +642,6 @@ function wppa_create_thumbnail( $id, $use_source = true ) {
642
  return true;
643
  }
644
 
645
- // To fix a bug in PHP as that photos made with the selfie camera of an android smartphone
646
- // irroneously cause the PHP warning 'is not a valid JPEG file' and cause imagecreatefromjpag crash.
647
- function wppa_imagecreatefromjpeg( $file ) {
648
-
649
- ini_set( 'gd.jpeg_ignore_warning', true );
650
- $img = imagecreatefromjpeg( $file );
651
- return $img;
652
- }
653
-
654
  // See if ImageMagick command exists
655
  function wppa_is_magick( $command ) {
656
  if ( ! $command ) {
2
  /* wppa-photo-files.php
3
  *
4
  * Functions used to create/manipulate photofiles
5
+ * Version 6.9.16
6
  *
7
  */
8
 
43
  else {
44
 
45
  // Copy source to destination
46
+ wppa_copy( $src_path, $dst_path );
47
 
48
  // Correct orientation
49
  if ( ! wppa_orientate_image_file( $dst_path, $orient ) ) {
319
 
320
  }
321
  else { // No downsize needed, picture is small enough
322
+ wppa_copy( $file, $newimage );
323
  }
324
  }
325
  wppa_log('dbg', 'Max memory used: ' . sprintf( '%6.2f MB', memory_get_peak_usage( true ) / ( 1024 * 1024 ) ) );
327
 
328
  // No resize on upload checked
329
  else {
330
+ wppa_copy( $file, $newimage );
331
  }
332
 
333
  // File successfully created ?
627
 
628
  // Too litlle memory
629
  else {
630
+ wppa_copy( $file, $thumbpath );
631
  }
632
 
633
  // Make sure file is accessible
642
  return true;
643
  }
644
 
 
 
 
 
 
 
 
 
 
645
  // See if ImageMagick command exists
646
  function wppa_is_magick( $command ) {
647
  if ( ! $command ) {
wppa-session.php CHANGED
@@ -3,7 +3,7 @@
3
  * Package: wp-photo-album-plus
4
  *
5
  * Contains all session routines
6
- * Version 6.9.15
7
  *
8
  * Firefox modifies data in the superglobal $_SESSION.
9
  * See https://bugzilla.mozilla.org/show_bug.cgi?id=991019
@@ -37,20 +37,25 @@ global $wppa_session;
37
  $expire = time() - $lifetime;
38
 
39
  // Is session already started?
40
- $session = $wpdb->get_row( $wpdb->prepare( "SELECT * FROM $wpdb->wppa_session WHERE `session` = %s AND `status` = 'valid' LIMIT 1", wppa_get_session_id() ), ARRAY_A );
 
 
 
41
 
42
  // Started but expired?
43
  if ( $session ) {
44
  if ( $session['timestamp'] < $expire ) {
45
 
46
- $wpdb->query( $wpdb->prepare( "UPDATE $wpdb->wppa_session SET `status` = 'expired' WHERE `id` = %s", $session['id'] ) );
 
 
47
  $session = false;
48
 
49
  // Anonimize all expired sessions, except robots (for the statistics widget)
50
- $wpdb->query( "UPDATE $wpdb->wppa_session " .
51
- "SET `ip` = '', `user` = '', `data` = '' " .
52
- "WHERE `status` = 'expired' " .
53
- "AND `data` NOT LIKE '%\"isrobot\";b:1;%'" );
54
  }
55
  }
56
 
@@ -92,9 +97,10 @@ global $wppa_session;
92
 
93
  // Session exists, Update counter
94
  else {
95
- $wppa_session = wppa_unserialize( $data );
96
 
97
- $wpdb->query( $wpdb->prepare( "UPDATE $wpdb->wppa_session SET `count` = %s WHERE `id` = %s", $session['count'] + '1', $session['id'] ) );
 
98
  }
99
 
100
  // Get info for root and sub search
@@ -189,7 +195,9 @@ static $last_query;
189
  }
190
 
191
  // Compose the query
192
- $query = $wpdb->prepare( "UPDATE $wpdb->wppa_session SET `data` = %s WHERE `id` = %s", serialize( $wppa_session ), $wppa_session['id'] );
 
 
193
 
194
  // Only update if data differs from previous update
195
  if ( $query != $last_query ) {
@@ -224,5 +232,7 @@ function wppa_extend_session() {
224
  global $wpdb;
225
 
226
  $sessionid = wppa_get_session_id();
227
- $wpdb->query( $wpdb->prepare( "UPDATE $wpdb->wppa_session SET `timestamp` = %d WHERE `session` = %s", time(), $sessionid ) );
 
 
228
  }
3
  * Package: wp-photo-album-plus
4
  *
5
  * Contains all session routines
6
+ * Version 6.9.16
7
  *
8
  * Firefox modifies data in the superglobal $_SESSION.
9
  * See https://bugzilla.mozilla.org/show_bug.cgi?id=991019
37
  $expire = time() - $lifetime;
38
 
39
  // Is session already started?
40
+ $session = $wpdb->get_row( $wpdb->prepare( "SELECT * FROM {$wpdb->prefix}wppa_session
41
+ WHERE session = %s
42
+ AND status = 'valid'
43
+ LIMIT 1", wppa_get_session_id() ), ARRAY_A );
44
 
45
  // Started but expired?
46
  if ( $session ) {
47
  if ( $session['timestamp'] < $expire ) {
48
 
49
+ $wpdb->query( $wpdb->prepare( "UPDATE {$wpdb->prefix}wppa_session
50
+ SET status = 'expired'
51
+ WHERE id = %d", $session['id'] ) );
52
  $session = false;
53
 
54
  // Anonimize all expired sessions, except robots (for the statistics widget)
55
+ $wpdb->query( "UPDATE {$wpdb->prefix}wppa_session
56
+ SET ip = '', user = '', data = ''
57
+ WHERE status = 'expired'
58
+ AND data NOT LIKE '%\"isrobot\";b:1;%'" );
59
  }
60
  }
61
 
97
 
98
  // Session exists, Update counter
99
  else {
100
+ $wppa_session = wppa_unserialize( $data, true );
101
 
102
+ $wpdb->query( $wpdb->prepare( "UPDATE {$wpdb->prefix}wppa_session
103
+ SET count = %d WHERE id = %d", $session['count'] + '1', $session['id'] ) );
104
  }
105
 
106
  // Get info for root and sub search
195
  }
196
 
197
  // Compose the query
198
+ $query = $wpdb->prepare( "UPDATE {$wpdb->prefix}wppa_session
199
+ SET data = %s
200
+ WHERE id = %d", serialize( $wppa_session ), $wppa_session['id'] );
201
 
202
  // Only update if data differs from previous update
203
  if ( $query != $last_query ) {
232
  global $wpdb;
233
 
234
  $sessionid = wppa_get_session_id();
235
+ $wpdb->query( $wpdb->prepare( "UPDATE {$wpdb->prefix}wppa_session
236
+ SET timestamp = %d
237
+ WHERE session = %s", time(), $sessionid ) );
238
  }
wppa-settings-autosave.php CHANGED
@@ -3,7 +3,7 @@
3
  * Package: wp-photo-album-plus
4
  *
5
  * manage all options
6
- * Version 6.9.15
7
  *
8
  */
9
 
@@ -36,7 +36,10 @@ var_dump ( unserialize($session['data']));
36
  echo '<br /><br />';
37
  var_dump ( wppa_unserialize($session['data']));
38
  echo '<br /><br />';
 
39
  */
 
 
40
  // End test area
41
 
42
  // Initialize
@@ -143,11 +146,11 @@ echo '<br /><br />';
143
  else {
144
  $imgsize = getimagesize($file['tmp_name']);
145
  if ( !is_array($imgsize) || !isset($imgsize[2]) || $imgsize[2] != 3 ) {
146
- wppa_error_message(sprintf(__('Uploaded file %s is not a .png file', 'wp-photo-album-plus'), wppa_sima( $file['name'] ) ) . ' (Type='.$file['type'].').');
147
  }
148
  else {
149
- copy($file['tmp_name'], WPPA_UPLOAD_PATH . '/watermarks/' . wppa_sima(basename($file['name'])));
150
- wppa_alert(sprintf(__('Upload of %s done', 'wp-photo-album-plus'), wppa_sima(basename($file['name']))));
151
  }
152
  }
153
  }
@@ -163,12 +166,12 @@ echo '<br /><br />';
163
  wppa_error_message(sprintf(__('Upload error %s', 'wp-photo-album-plus'), $file['error']));
164
  }
165
  else {
166
- if ( substr(wppa_sima($file['name']), -4) != '.ttf' ) {
167
- wppa_error_message(sprintf(__('Uploaded file %s is not a .ttf file', 'wp-photo-album-plus'), wppa_sima($file['name']) ).' (Type='.$file['type'].').');
168
  }
169
  else {
170
- copy($file['tmp_name'], WPPA_UPLOAD_PATH . '/fonts/' . wppa_sima(basename($file['name'])));
171
- wppa_alert(sprintf(__('Upload of %s done', 'wp-photo-album-plus'), wppa_sima(basename($file['name']))));
172
  }
173
  }
174
  }
@@ -186,7 +189,7 @@ echo '<br /><br />';
186
  else {
187
  $imgsize = getimagesize($file['tmp_name']);
188
  if ( ! is_array( $imgsize ) || ! isset( $imgsize[2] ) || $imgsize[2] < 1 || $imgsize[2] > 3 ) {
189
- wppa_error_message(sprintf(__('Uploaded file %s is not a valid image file', 'wp-photo-album-plus'), wppa_sima($file['name'])).' (Type='.$file['type'].').');
190
  }
191
  else {
192
  switch ( $imgsize[2] ) {
@@ -200,12 +203,12 @@ echo '<br /><br />';
200
  $ext = '.png';
201
  break;
202
  }
203
- copy( $file['tmp_name'], WPPA_UPLOAD_PATH . '/audiostub' . $ext );
204
  wppa_update_option( 'wppa_audiostub', 'audiostub'. $ext );
205
 
206
  // Thumbx, thumby, phtox and photoy must be cleared for the new stub
207
  $wpdb->query( "UPDATE $wpdb->wppa_photos SET `thumbx` = 0, `thumby` = 0, `photox` = 0, `photoy` = 0 WHERE `ext` = 'xxx'" );
208
- wppa_alert( sprintf( __( 'Upload of %s done', 'wp-photo-album-plus'), basename( wppa_sima( $file['name'] ) ) ) );
209
  }
210
  }
211
  }
@@ -220,7 +223,6 @@ echo '<br /><br />';
220
  wppa_ok_message('Done! wppa_delete_all_from_cloudinary');
221
  }
222
  else {
223
- sleep(5);
224
  wppa_ok_message('Not yet Done! wppa_delete_all_from_cloudinary' .
225
  '<br />Trying to continue...');
226
  echo
@@ -241,7 +243,6 @@ echo '<br /><br />';
241
  wppa_ok_message('Done! wppa_delete_derived_from_cloudinary');
242
  }
243
  else {
244
- sleep(5);
245
  wppa_ok_message('Not yet Done! wppa_delete_derived_from_cloudinary' .
246
  '<br />Trying to continue...');
247
  echo
@@ -272,8 +273,10 @@ echo '<br /><br />';
272
  wppa_fix_source_path();
273
 
274
  // Cleanup obsolete settings
275
- if ( $wpdb->get_var( "SELECT COUNT(*) FROM `".$wpdb->prefix.'options'."` WHERE `option_name` LIKE 'wppa_last_album_used-%'" ) > 100 ) {
276
- $iret = $wpdb->query( "DELETE FROM `".$wpdb->prefix.'options'."` WHERE `option_name` LIKE 'wppa_last_album_used-%'" );
 
 
277
  wppa_update_message( sprintf( __( '%s last album used settings removed.', 'wp-photo-album-plus'), $iret ) );
278
  }
279
 
@@ -8207,6 +8210,20 @@ echo '<br /><br />';
8207
 
8208
  }
8209
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
8210
  if ( current_user_can( 'administrator' ) ) {
8211
  $name = __('Custom album proc', 'wp-photo-album-plus');
8212
  $desc = __('The php code to execute on all albums', 'wp-photo-album-plus');
@@ -8610,8 +8627,8 @@ echo '<br /><br />';
8610
  $desc = __('The number of albums per page on the Edit Album admin page.', 'wp-photo-album-plus');
8611
  $help = '';
8612
  $slug = 'wppa_album_admin_pagesize';
8613
- $opts = array( '10', '20', '50', '100', '200' );
8614
- $vals = array( '10', '20', '50', '100', '200' );
8615
  $html = wppa_select($slug, $opts, $vals);
8616
  $clas = '';
8617
  $tags = 'system,page';
@@ -8621,8 +8638,8 @@ echo '<br /><br />';
8621
  $desc = __('The number of photos per page on the <br/>Edit Album -> Manage photos and Edit Photos admin pages.', 'wp-photo-album-plus');
8622
  $help = '';
8623
  $slug = 'wppa_photo_admin_pagesize';
8624
- $opts = array( '10', '20', '50', '100', '200' );
8625
- $vals = array( '10', '20', '50', '100', '200' );
8626
  $html = wppa_select($slug, $opts, $vals);
8627
  $clas = '';
8628
  $tags = 'system,page';
@@ -9176,12 +9193,20 @@ echo '<br /><br />';
9176
  $slug = 'wppa_newphoto_name_method';
9177
  $opts = array( __('Filename', 'wp-photo-album-plus'),
9178
  __('Filename without extension', 'wp-photo-album-plus'),
 
9179
  __('IPTC Tag 2#005 (Graphic name)', 'wp-photo-album-plus'),
9180
  __('IPTC Tag 2#120 (Caption)', 'wp-photo-album-plus'),
9181
  __('No name at all', 'wp-photo-album-plus'),
9182
  __('Photo w#id (literally)', 'wp-photo-album-plus'),
9183
  );
9184
- $vals = array( 'filename', 'noext', '2#005', '2#120', 'none', 'Photo w#id' );
 
 
 
 
 
 
 
9185
  $html = wppa_select($slug, $opts, $vals);
9186
  $clas = '';
9187
  $tags = 'system,meta,album';
3
  * Package: wp-photo-album-plus
4
  *
5
  * manage all options
6
+ * Version 6.9.16
7
  *
8
  */
9
 
36
  echo '<br /><br />';
37
  var_dump ( wppa_unserialize($session['data']));
38
  echo '<br /><br />';
39
+ var_dump ( json_decode( json_encode( unserialize( $session['data'] ) )));
40
  */
41
+ //global $wppa_session;
42
+ //var_dump($wppa_session['wfcart']);
43
  // End test area
44
 
45
  // Initialize
146
  else {
147
  $imgsize = getimagesize($file['tmp_name']);
148
  if ( !is_array($imgsize) || !isset($imgsize[2]) || $imgsize[2] != 3 ) {
149
+ wppa_error_message(sprintf(__('Uploaded file %s is not a .png file', 'wp-photo-album-plus'), sanitize_file_name( $file['name'] ) ) . ' (Type='.$file['type'].').');
150
  }
151
  else {
152
+ wppa_move_uploaded_file( $file['tmp_name'], WPPA_UPLOAD_PATH . '/watermarks/' . sanitize_file_name(basename($file['name'])));
153
+ wppa_alert(sprintf(__('Upload of %s done', 'wp-photo-album-plus'), sanitize_file_name(basename($file['name']))));
154
  }
155
  }
156
  }
166
  wppa_error_message(sprintf(__('Upload error %s', 'wp-photo-album-plus'), $file['error']));
167
  }
168
  else {
169
+ if ( substr(sanitize_file_name($file['name']), -4) != '.ttf' ) {
170
+ wppa_error_message(sprintf(__('Uploaded file %s is not a .ttf file', 'wp-photo-album-plus'), sanitize_file_name($file['name']) ).' (Type='.$file['type'].').');
171
  }
172
  else {
173
+ wppa_move_uploaded_file($file['tmp_name'], WPPA_UPLOAD_PATH . '/fonts/' . sanitize_file_name(basename($file['name'])));
174
+ wppa_alert(sprintf(__('Upload of %s done', 'wp-photo-album-plus'), sanitize_file_name(basename($file['name']))));
175
  }
176
  }
177
  }
189
  else {
190
  $imgsize = getimagesize($file['tmp_name']);
191
  if ( ! is_array( $imgsize ) || ! isset( $imgsize[2] ) || $imgsize[2] < 1 || $imgsize[2] > 3 ) {
192
+ wppa_error_message(sprintf(__('Uploaded file %s is not a valid image file', 'wp-photo-album-plus'), sanitize_file_name($file['name'])).' (Type='.$file['type'].').');
193
  }
194
  else {
195
  switch ( $imgsize[2] ) {
203
  $ext = '.png';
204
  break;
205
  }
206
+ wppa_move_uploaded_file( $file['tmp_name'], WPPA_UPLOAD_PATH . '/audiostub' . $ext );
207
  wppa_update_option( 'wppa_audiostub', 'audiostub'. $ext );
208
 
209
  // Thumbx, thumby, phtox and photoy must be cleared for the new stub
210
  $wpdb->query( "UPDATE $wpdb->wppa_photos SET `thumbx` = 0, `thumby` = 0, `photox` = 0, `photoy` = 0 WHERE `ext` = 'xxx'" );
211
+ wppa_alert( sprintf( __( 'Upload of %s done', 'wp-photo-album-plus'), basename( sanitize_file_name( $file['name'] ) ) ) );
212
  }
213
  }
214
  }
223
  wppa_ok_message('Done! wppa_delete_all_from_cloudinary');
224
  }
225
  else {
 
226
  wppa_ok_message('Not yet Done! wppa_delete_all_from_cloudinary' .
227
  '<br />Trying to continue...');
228
  echo
243
  wppa_ok_message('Done! wppa_delete_derived_from_cloudinary');
244
  }
245
  else {
 
246
  wppa_ok_message('Not yet Done! wppa_delete_derived_from_cloudinary' .
247
  '<br />Trying to continue...');
248
  echo
273
  wppa_fix_source_path();
274
 
275
  // Cleanup obsolete settings
276
+ if ( $wpdb->get_var( "SELECT COUNT(*) FROM {$wpdb->prefix}options
277
+ WHERE option_name LIKE 'wppa_last_album_used-%'" ) > 100 ) {
278
+ $iret = $wpdb->query( "DELETE FROM {$wpdb->prefix}options
279
+ WHERE option_name LIKE 'wppa_last_album_used-%'" );
280
  wppa_update_message( sprintf( __( '%s last album used settings removed.', 'wp-photo-album-plus'), $iret ) );
281
  }
282
 
8210
 
8211
  }
8212
 
8213
+ $name = __('Remove hypens from photonames', 'wp-photo-album-plus');
8214
+ $desc = __('Remove all hyphens from all photo names and replace them by spaces', 'wp-photo-album-plus');
8215
+ $help = '';
8216
+ $slug2 = 'wppa_photos_hyphens_to_spaces';
8217
+ $html1 = wppa_cronjob_button( $slug2 );
8218
+ $html2 = wppa_maintenance_button( $slug2 );
8219
+ $html3 = wppa_status_field( $slug2 );
8220
+ $html4 = wppa_togo_field( $slug2 );
8221
+ $html = array($html1, $html2, $html3, $html4);
8222
+ $clas = '';
8223
+ $tags = 'system';
8224
+ wppa_setting(false, '20', $name, $desc, $html, $help, $clas, $tags);
8225
+
8226
+
8227
  if ( current_user_can( 'administrator' ) ) {
8228
  $name = __('Custom album proc', 'wp-photo-album-plus');
8229
  $desc = __('The php code to execute on all albums', 'wp-photo-album-plus');
8627
  $desc = __('The number of albums per page on the Edit Album admin page.', 'wp-photo-album-plus');
8628
  $help = '';
8629
  $slug = 'wppa_album_admin_pagesize';
8630
+ $opts = array( '10', '20', '50', '100', '200', '500', '700', '1000' );
8631
+ $vals = array( '10', '20', '50', '100', '200', '500', '700', '1000' );
8632
  $html = wppa_select($slug, $opts, $vals);
8633
  $clas = '';
8634
  $tags = 'system,page';
8638
  $desc = __('The number of photos per page on the <br/>Edit Album -> Manage photos and Edit Photos admin pages.', 'wp-photo-album-plus');
8639
  $help = '';
8640
  $slug = 'wppa_photo_admin_pagesize';
8641
+ $opts = array( '10', '20', '50', '100', '200', '500', '700', '1000' );
8642
+ $vals = array( '10', '20', '50', '100', '200', '500', '700', '1000' );
8643
  $html = wppa_select($slug, $opts, $vals);
8644
  $clas = '';
8645
  $tags = 'system,page';
9193
  $slug = 'wppa_newphoto_name_method';
9194
  $opts = array( __('Filename', 'wp-photo-album-plus'),
9195
  __('Filename without extension', 'wp-photo-album-plus'),
9196
+ __('Filename without extension, spaces for hyphens', 'wp-photo-album-plus'),
9197
  __('IPTC Tag 2#005 (Graphic name)', 'wp-photo-album-plus'),
9198
  __('IPTC Tag 2#120 (Caption)', 'wp-photo-album-plus'),
9199
  __('No name at all', 'wp-photo-album-plus'),
9200
  __('Photo w#id (literally)', 'wp-photo-album-plus'),
9201
  );
9202
+ $vals = array( 'filename',
9203
+ 'noext',
9204
+ 'noextspace',
9205
+ '2#005',
9206
+ '2#120',
9207
+ 'none',
9208
+ 'Photo w#id'
9209
+ );
9210
  $html = wppa_select($slug, $opts, $vals);
9211
  $clas = '';
9212
  $tags = 'system,meta,album';
wppa-setup.php CHANGED
@@ -3,7 +3,7 @@
3
  * Package: wp-photo-album-plus
4
  *
5
  * Contains all the setup stuff
6
- * Version 6.9.15
7
  *
8
  */
9
 
@@ -601,7 +601,7 @@ global $silent;
601
  if ( is_array($watermarks) ) {
602
  foreach ($watermarks as $fromfile) {
603
  $tofile = WPPA_UPLOAD_PATH . '/watermarks/' . basename($fromfile);
604
- @ copy($fromfile, $tofile);
605
  }
606
  }
607
 
@@ -612,7 +612,7 @@ global $silent;
612
  foreach ($fonts as $fromfile) {
613
  if ( is_file ( $fromfile ) ) {
614
  $tofile = WPPA_UPLOAD_PATH . '/fonts/' . basename($fromfile);
615
- @ copy($fromfile, $tofile);
616
  }
617
  }
618
  }
@@ -621,7 +621,7 @@ global $silent;
621
  $fromfile = WPPA_PATH . '/img/audiostub.jpg';
622
  $tofile = WPPA_UPLOAD_PATH . '/audiostub';
623
  if ( ! is_file( $tofile . '.jpg' ) && ! is_file( $tofile . '.gif' ) && ! is_file( $tofile . '.png' ) ) {
624
- @ copy( $fromfile, $tofile . '.jpg' );
625
  wppa_update_option( 'wppa_audiostub', 'audiostub.jpg' );
626
  }
627
 
@@ -1612,6 +1612,7 @@ cursorborder:'2px solid transparent',";
1612
  'wppa_move_all_photos' => '',
1613
  'wppa_move_all_photos_from' => '',
1614
  'wppa_move_all_photos_to' => '',
 
1615
 
1616
  'wppa_logfile_on_menu' => 'no',
1617
 
3
  * Package: wp-photo-album-plus
4
  *
5
  * Contains all the setup stuff
6
+ * Version 6.9.16
7
  *
8
  */
9
 
601
  if ( is_array($watermarks) ) {
602
  foreach ($watermarks as $fromfile) {
603
  $tofile = WPPA_UPLOAD_PATH . '/watermarks/' . basename($fromfile);
604
+ wppa_copy( $fromfile, $tofile );
605
  }
606
  }
607
 
612
  foreach ($fonts as $fromfile) {
613
  if ( is_file ( $fromfile ) ) {
614
  $tofile = WPPA_UPLOAD_PATH . '/fonts/' . basename($fromfile);
615
+ wppa_copy( $fromfile, $tofile );
616
  }
617
  }
618
  }
621
  $fromfile = WPPA_PATH . '/img/audiostub.jpg';
622
  $tofile = WPPA_UPLOAD_PATH . '/audiostub';
623
  if ( ! is_file( $tofile . '.jpg' ) && ! is_file( $tofile . '.gif' ) && ! is_file( $tofile . '.png' ) ) {
624
+ @ wppa_copy( $fromfile, $tofile . '.jpg' );
625
  wppa_update_option( 'wppa_audiostub', 'audiostub.jpg' );
626
  }
627
 
1612
  'wppa_move_all_photos' => '',
1613
  'wppa_move_all_photos_from' => '',
1614
  'wppa_move_all_photos_to' => '',
1615
+ 'wppa_photos_hyphens_to_spaces' => '',
1616
 
1617
  'wppa_logfile_on_menu' => 'no',
1618
 
wppa-source.php CHANGED
@@ -3,7 +3,7 @@
3
  * Package: wp-photo-album-plus
4
  *
5
  * Contains photo source file management routines
6
- * Version 6.9.15
7
  *
8
  */
9
 
@@ -42,7 +42,17 @@ function wppa_save_source( $file, $name, $alb ) {
42
  wppa_log( 'Err', 'Could not create source directory ' . $albdir );
43
  }
44
  $dest = $albdir . '/' . wppa_sanitize_file_name( $name );
45
- if ( $file != $dest ) @ copy( str_replace( '../', '', $file ), str_replace( '../', '', $dest ) ); // Do not copy to self, and do not bother on failure
 
 
 
 
 
 
 
 
 
 
46
  if ( is_file( $dest ) ) {
47
  wppa_chmod( $dest );
48
  }
@@ -124,7 +134,7 @@ function wppa_rename( $from, $to ) {
124
 
125
  if ( is_file( $from ) ) {
126
  if ( is_file( $to ) ) {
127
- copy( $from, $to );
128
  unlink( $from );
129
  }
130
  else {
@@ -151,10 +161,10 @@ global $wppa_supported_photo_extensions;
151
 
152
  foreach( $supext as $ext ) {
153
  if ( is_file( $frompath.'.'.$ext ) ) {
154
- @ copy( str_replace( '../', '', $frompath.'.'.$ext ), str_replace( '../', '', $topath.'.'.$ext ) );
155
  }
156
  if ( is_file( $frompath.'-o1.'.$ext ) ) {
157
- @ copy( str_replace( '../', '', $frompath.'-o1.'.$ext ), str_replace( '../', '', $topath.'-o1.'.$ext ) );
158
  }
159
  }
160
  }
3
  * Package: wp-photo-album-plus
4
  *
5
  * Contains photo source file management routines
6
+ * Version 6.9.16
7
  *
8
  */
9
 
42
  wppa_log( 'Err', 'Could not create source directory ' . $albdir );
43
  }
44
  $dest = $albdir . '/' . wppa_sanitize_file_name( $name );
45
+ if ( $file != $dest ) {
46
+
47
+ // Are we uploading ?
48
+ if ( isset( $_FILES['name'] ) ) {
49
+ wppa_move_uploaded_file( $file, $dest );
50
+ }
51
+ // Or importing
52
+ else {
53
+ wppa_copy( $file, $dest );
54
+ }
55
+ }
56
  if ( is_file( $dest ) ) {
57
  wppa_chmod( $dest );
58
  }
134
 
135
  if ( is_file( $from ) ) {
136
  if ( is_file( $to ) ) {
137
+ wppa_copy( $from, $to );
138
  unlink( $from );
139
  }
140
  else {
161
 
162
  foreach( $supext as $ext ) {
163
  if ( is_file( $frompath.'.'.$ext ) ) {
164
+ wppa_copy( $frompath.'.'.$ext, $topath.'.'.$ext );
165
  }
166
  if ( is_file( $frompath.'-o1.'.$ext ) ) {
167
+ wppa_copy( $frompath.'-o1.'.$ext, $topath.'-o1.'.$ext );
168
  }
169
  }
170
  }
wppa-statistics.php CHANGED
@@ -350,17 +350,21 @@ global $wpdb;
350
  if ( $alb ) {
351
  $alb = strval( intval( $alb ) );
352
  }
353
-
354
  // Album id given
355
  if ( $alb ) {
356
 
 
 
 
 
357
  // Flush this albums treecounts
358
  wppa_mark_treecounts( $alb );
359
  }
360
 
361
  // No album id, flush them all
362
  else {
363
- $iret = $wpdb->query( "UPDATE $wpdb->wppa_albums SET `treecounts` = ''" );
364
  if ( ! $iret ) {
365
  wppa_log( 'Dbg', 'Unable to clear all treecounts' );
366
  }
@@ -509,6 +513,10 @@ function wppa_mark_treecounts( $alb ) {
509
  $alb = strval( intval( $alb ) );
510
  }
511
 
 
 
 
 
512
  // Do it
513
  if ( $alb ) {
514
  $treecounts = wppa_get_treecounts_a( $alb );
350
  if ( $alb ) {
351
  $alb = strval( intval( $alb ) );
352
  }
353
+
354
  // Album id given
355
  if ( $alb ) {
356
 
357
+ if ( ! wppa_album_exists( $alb ) ) {
358
+ return;
359
+ }
360
+
361
  // Flush this albums treecounts
362
  wppa_mark_treecounts( $alb );
363
  }
364
 
365
  // No album id, flush them all
366
  else {
367
+ $iret = $wpdb->query( "UPDATE {$wpdb->prefix}wppa_albums SET treecounts = ''" );
368
  if ( ! $iret ) {
369
  wppa_log( 'Dbg', 'Unable to clear all treecounts' );
370
  }
513
  $alb = strval( intval( $alb ) );
514
  }
515
 
516
+ if ( ! wppa_album_exists( $alb ) ) {
517
+ return;
518
+ }
519
+
520
  // Do it
521
  if ( $alb ) {
522
  $treecounts = wppa_get_treecounts_a( $alb );
wppa-styles.php CHANGED
@@ -3,7 +3,7 @@
3
  /* Package: wp-photo-album-plus
4
  /*
5
  /* Various style computation routines
6
- /* Version 6.8.09
7
  /*
8
  */
9
 
@@ -262,7 +262,7 @@ global $wppa_dynamic_css_data;
262
  $content .= wppa_opt( 'custom_style' );
263
 
264
  // Open file
265
- $file = @ fopen ( WPPA_PATH . '/wppa-dynamic.css', 'wb' );
266
  if ( $file ) {
267
  // Minify
268
  $old_len = strlen( $content );
3
  /* Package: wp-photo-album-plus
4
  /*
5
  /* Various style computation routines
6
+ /* Version 6.9.16
7
  /*
8
  */
9
 
262
  $content .= wppa_opt( 'custom_style' );
263
 
264
  // Open file
265
+ $file = wppa_fopen ( WPPA_PATH . '/wppa-dynamic.css', 'wb' );
266
  if ( $file ) {
267
  // Minify
268
  $old_len = strlen( $content );
wppa-tinymce-photo-front.php CHANGED
@@ -2,7 +2,7 @@
2
  /* wppa-tinymce-photo-front.php
3
  * Pachkage: wp-photo-album-plus
4
  *
5
- * Version 6.9.12
6
  *
7
  */
8
 
@@ -71,7 +71,7 @@ wppaShortcodeTemplateId = "' . $id . '.' . wppa_get_photo_item( $id, 'ext' ) . '
71
  ';
72
 
73
  if ( $wppa_js_page_data_file ) {
74
- $handle = @ fopen( $wppa_js_page_data_file, 'ab' );
75
  if ( $handle ) {
76
  fwrite( $handle, "\n/* START PHOTO sc and TynyMce fe vars */" . $body . "/* END PHOTO and TynMce */\n" );
77
  fclose( $handle );
2
  /* wppa-tinymce-photo-front.php
3
  * Pachkage: wp-photo-album-plus
4
  *
5
+ * Version 6.9.16
6
  *
7
  */
8
 
71
  ';
72
 
73
  if ( $wppa_js_page_data_file ) {
74
+ $handle = wppa_fopen( $wppa_js_page_data_file, 'ab' );
75
  if ( $handle ) {
76
  fwrite( $handle, "\n/* START PHOTO sc and TynyMce fe vars */" . $body . "/* END PHOTO and TynMce */\n" );
77
  fclose( $handle );
wppa-upload.php CHANGED
@@ -3,7 +3,7 @@
3
  * Package: wp-photo-album-plus
4
  *
5
  * Contains all the upload pages and functions
6
- * Version 6.8.13
7
  *
8
  */
9
 
@@ -654,7 +654,7 @@ global $target;
654
  $temp = $file['tmp_name'];
655
  $target = WPPA_DEPOT_PATH.'/'.$name;
656
 
657
- copy( $temp, $target );
658
 
659
  if ( $error == '0' ) wppa_ok_message( __( 'Zipfile' , 'wp-photo-album-plus').' '.$name.' '.__( 'sucessfully uploaded.' , 'wp-photo-album-plus') );
660
  else wppa_error_message( __( 'Error' , 'wp-photo-album-plus').' '.$error.' '.__( 'during upload.' , 'wp-photo-album-plus') );
3
  * Package: wp-photo-album-plus
4
  *
5
  * Contains all the upload pages and functions
6
+ * Version 6.9.16
7
  *
8
  */
9
 
654
  $temp = $file['tmp_name'];
655
  $target = WPPA_DEPOT_PATH.'/'.$name;
656
 
657
+ wppa_copy( $temp, $target );
658
 
659
  if ( $error == '0' ) wppa_ok_message( __( 'Zipfile' , 'wp-photo-album-plus').' '.$name.' '.__( 'sucessfully uploaded.' , 'wp-photo-album-plus') );
660
  else wppa_error_message( __( 'Error' , 'wp-photo-album-plus').' '.$error.' '.__( 'during upload.' , 'wp-photo-album-plus') );
wppa-utils.php CHANGED
@@ -3,7 +3,7 @@
3
  * Package: wp-photo-album-plus
4
  *
5
  * Contains low-level utility routines
6
- * Version 6.9.15
7
  *
8
  */
9
 
@@ -1713,12 +1713,12 @@ global $wppa_log_file;
1713
  if ( $filesize > 1024000 ) {
1714
 
1715
  // File > 1000kB, shorten it
1716
- $file = fopen( $wppa_log_file, 'rb' );
1717
  if ( $file ) {
1718
  $buffer = @ fread( $file, $filesize );
1719
  $buffer = substr( $buffer, $filesize - 900*1024 ); // Take ending 900 kB
1720
  fclose( $file );
1721
- $file = fopen( $wppa_log_file, 'wb' );
1722
  @ fwrite( $file, $buffer );
1723
  @ fclose( $file );
1724
  }
@@ -1726,7 +1726,7 @@ global $wppa_log_file;
1726
  }
1727
 
1728
  // Open for append
1729
- if ( ! $file = fopen( $wppa_log_file, 'ab' ) ) return; // Unable to open log file
1730
 
1731
  // Write log message
1732
  $msg = strip_tags( $msg );
@@ -1739,7 +1739,7 @@ global $wppa_log_file;
1739
  }
1740
  if ( $trace ) {
1741
  ob_start();
1742
- debug_print_backtrace( 0, 12 );//DEBUG_BACKTRACE_IGNORE_ARGS, 12 );
1743
  $trace = ob_get_contents();
1744
  ob_end_clean();
1745
  @ fwrite( $file, $trace."\n" );
@@ -2116,7 +2116,12 @@ global $blog_id;
2116
  function wppa_set_default_name( $id, $filename_raw = '' ) {
2117
  global $wpdb;
2118
 
2119
- if ( ! wppa_is_int( $id ) ) return;
 
 
 
 
 
2120
  $thumb = wppa_cache_thumb( $id );
2121
 
2122
  $method = wppa_opt( 'newphoto_name_method' );
@@ -2126,6 +2131,9 @@ global $wpdb;
2126
  if ( ! $filename_raw ) {
2127
  $filename_raw = wppa( 'unsanitized_filename' );
2128
  }
 
 
 
2129
 
2130
  switch ( $method ) {
2131
  case 'none':
@@ -2142,24 +2150,39 @@ global $wpdb;
2142
  }
2143
  $name = preg_replace('/\.[^.]*$/', '', $name);
2144
  break;
 
 
 
 
 
 
 
2145
  case '2#005':
2146
  $tag = '2#005';
2147
- $name = $wpdb->get_var( $wpdb->prepare( "SELECT `description` FROM `".WPPA_IPTC."` WHERE `photo` = %s AND `tag` = %s", $id, $tag ) );
 
 
2148
  break;
2149
  case '2#120':
2150
  $tag = '2#120';
2151
- $name = $wpdb->get_var( $wpdb->prepare( "SELECT `description` FROM `".WPPA_IPTC."` WHERE `photo` = %s AND `tag` = %s", $id, $tag ) );
 
 
2152
  break;
2153
  case 'Photo w#id':
2154
  $name = __( 'Photo w#id', 'wp-photo-album-plus' );
2155
  break;
2156
  }
2157
- if ( ( $name && $name != $filename ) || $method == 'none' ) { // Update name
2158
- $wpdb->query( $wpdb->prepare( "UPDATE {$wpdb->prefix}wppa_photos SET `name` = %s WHERE `id` = %s", $name, $id ) );
 
 
 
2159
  wppa_cache_thumb( 'invalidate', $id ); // Invalidate cache
2160
  }
2161
  if ( ! wppa_switch( 'save_iptc') ) { // He doesn't want to keep the iptc data, so...
2162
- $wpdb->query($wpdb->prepare( "DELETE FROM {$wpdb->prefix}wppa_iptc WHERE `photo` = %s", $id ) );
 
2163
  }
2164
 
2165
  // In case owner must be set to name.
@@ -2189,10 +2212,9 @@ global $wpdb;
2189
  if ( wppa_opt( 'medal_bronze_when' ) || wppa_opt( 'medal_silver_when' ) || wppa_opt( 'medal_gold_when' ) ) {
2190
  $max_score = wppa_opt( 'rating_max' );
2191
 
2192
- $max_ratings = $wpdb->get_var( $wpdb->prepare( "SELECT COUNT(*) FROM `".WPPA_RATING."` " .
2193
- "WHERE `photo` = %s AND `value` = %s AND `status` = %s", $id, $max_score, 'publish'
2194
- )
2195
- );
2196
 
2197
  if ( $max_ratings >= wppa_opt( 'medal_gold_when' ) ) $status = 'gold';
2198
  elseif ( $max_ratings >= wppa_opt( 'medal_silver_when' ) ) $status = 'silver';
@@ -2371,6 +2393,7 @@ static $childcounts;
2371
  // Get an enumeration of all the (grand)children of some album spec.
2372
  // Album spec may be a number or an enumeration
2373
  function wppa_alb_to_enum_children( $xalb ) {
 
2374
  if ( strpos( $xalb, '.' ) !== false ) {
2375
  $albums = explode( '.', $xalb );
2376
  }
@@ -2383,7 +2406,7 @@ function wppa_alb_to_enum_children( $xalb ) {
2383
  $result = trim( $result, '.' ).'.';
2384
  }
2385
  $result = trim( $result, '.' );
2386
- // $result = wppa_compress_enum( $result );
2387
  return $result;
2388
  }
2389
 
@@ -2398,7 +2421,8 @@ static $child_cache;
2398
 
2399
  // Get the data
2400
  $result = $alb;
2401
- $children = $wpdb->get_results( $wpdb->prepare( "SELECT `id` FROM $wpdb->wppa_albums WHERE `a_parent` = %s " . wppa_get_album_order( $alb ), $alb ), ARRAY_A );
 
2402
  if ( $children ) foreach ( $children as $child ) {
2403
  $result .= '.' . _wppa_alb_to_enum_children( $child['id'] );
2404
  $result = trim( $result, '.' );
@@ -2470,10 +2494,14 @@ global $wpdb;
2470
  if ( wppa_opt( 'rating_display_type' ) == 'likes' ) {
2471
 
2472
  // Get rating(like)count
2473
- $count = $wpdb->get_var( $wpdb->prepare( "SELECT COUNT(*) FROM $wpdb->wppa_rating WHERE `photo` = %d", $id ) );
 
 
2474
 
2475
  // Update photo
2476
- $wpdb->query( "UPDATE $wpdb->wppa_photos SET `rating_count` = '$count', `mean_rating` = '0' WHERE `id` = $id" );
 
 
2477
 
2478
  // Invalidate cache
2479
  wppa_cache_photo( 'invalidate', $id );
@@ -2481,24 +2509,38 @@ global $wpdb;
2481
  else {
2482
 
2483
  // Get all ratings for this photo
2484
- $ratings = $wpdb->get_results( $wpdb->prepare( "SELECT `value` FROM `".WPPA_RATING."` WHERE `photo` = %s AND `status` = %s", $id, 'publish' ), ARRAY_A );
 
 
 
2485
 
2486
  // Init
2487
  $the_value = '0';
2488
  $the_count = '0';
2489
 
2490
  // Compute mean value and count
2491
- if ( $ratings ) foreach ( $ratings as $rating ) {
2492
- if ( $rating['value'] == '-1' ) $the_value += wppa_opt( 'dislike_value' );
2493
- else $the_value += $rating['value'];
2494
- $the_count++;
 
 
 
 
 
 
 
 
 
2495
  }
2496
  if ( $the_count ) $the_value /= $the_count;
2497
  if ( wppa_opt( 'rating_max' ) == '1' ) $the_value = '0';
2498
  if ( $the_value == '10' ) $the_value = '9.9999999'; // mean_rating is a text field. for sort order reasons we make 10 into 9.99999
2499
 
2500
  // Update photo
2501
- $wpdb->query( $wpdb->prepare( "UPDATE $wpdb->wppa_photos SET `mean_rating` = %s, `rating_count` = %s WHERE `id` = $id", $the_value, $the_count ) );
 
 
2502
 
2503
  // Invalidate cache
2504
  wppa_cache_photo( 'invalidate', $id );
@@ -3670,7 +3712,7 @@ function wppa_chmod( $fso ) {
3670
 
3671
  // Verify existance of index.php
3672
  if ( ! is_file( $fso . '/index.php' ) ) {
3673
- @ copy( WPPA_PATH . '/index.php', $fso . '/index.php' );
3674
  if ( is_file( $fso . '/index.php' ) ) {
3675
  wppa_log( 'fso', 'Added: ' . $fso . '/index.php' );
3676
  }
@@ -3753,22 +3795,6 @@ global $wppa_supported_photo_extensions;
3753
  return $result;
3754
  }
3755
 
3756
- // Convert array into readable text
3757
- function wppa_serialize( $array ) {
3758
-
3759
- if ( ! is_array( $array ) ) {
3760
- return 'Arg is not an array (wppa_serialize)';
3761
- }
3762
- $result = '';
3763
- foreach( $array as $item ) {
3764
- $result .= $item . ' | ';
3765
- }
3766
- $result = trim( $result, ' |' );
3767
- $result = html_entity_decode( $result, ENT_QUOTES );
3768
-
3769
- return $result;
3770
- }
3771
-
3772
  function wppa_get_like_title_a( $id ) {
3773
  global $wpdb;
3774
 
@@ -3886,9 +3912,10 @@ function wppa_memry_limit() {
3886
  // Create qr code cache and return its url
3887
  function wppa_create_qrcode_cache( $qrsrc ) {
3888
 
 
3889
  // Make sure the data portion is url encoded
3890
- $temp = explode( 'data=', $qrsrc );
3891
- $qrsrc = $temp[0] . 'data=' . urlencode( urldecode( $temp[1] ) );
3892
 
3893
  // Anything to do here?
3894
  if ( ! wppa_switch( 'qr_cache' ) ) {
@@ -3915,13 +3942,13 @@ function wppa_create_qrcode_cache( $qrsrc ) {
3915
  // Catch the qr image
3916
  $curl = curl_init();
3917
  curl_setopt( $curl, CURLOPT_RETURNTRANSFER, 1 );
3918
- curl_setopt( $curl, CURLOPT_URL, $qrsrc );
3919
  $contents = curl_exec( $curl );
3920
  curl_close( $curl );
3921
 
3922
  // Save the image
3923
  if ( strlen( $contents ) > 1000 ) {
3924
- $file = fopen( WPPA_UPLOAD_PATH . '/qr/' . $key . '.svg', 'w' );
3925
  if ( $file ) {
3926
  fwrite( $file, $contents, strlen( $contents ) );
3927
  fclose( $file );
@@ -4675,18 +4702,18 @@ function wppa_pdf_preprocess( &$file, $alb, $i = false ) {
4675
  $src .= '/';
4676
 
4677
  if ( $single ) {
4678
- copy( $file['tmp_name'], $src . sanitize_file_name( $file['name'] ) );
4679
  }
4680
  else {
4681
- copy( $file['tmp_name'][$i], $src . sanitize_file_name( $file['name'][$i] ) );
4682
  }
4683
 
4684
  // Make it a jpg in the source dir,
4685
  if ( $single ) {
4686
- $pdf = sanitize_file_name( $file['name'] );
4687
  }
4688
  else {
4689
- $pdf = sanitize_file_name( $file['name'][$i] );
4690
  }
4691
  $jpg = wppa_strip_ext( $pdf ) . '.jpg';
4692
 
@@ -4703,11 +4730,11 @@ function wppa_pdf_preprocess( &$file, $alb, $i = false ) {
4703
  // Copy the jpg image back to $file['name'] and $file['tmp_name']
4704
  if ( $single ) {
4705
  $file['name'] = $jpg;
4706
- copy( $src . $jpg, $file['tmp_name'] );
4707
  }
4708
  else {
4709
  $file['name'][$i] = $jpg;
4710
- copy( $src . $jpg, $file['tmp_name'][$i] );
4711
  }
4712
 
4713
  // and continue as if it was a jpg, but remember its a .pdf
@@ -4828,7 +4855,7 @@ function wppa_dump( $txt = '' ) {
4828
  else {
4829
  $mode = 'wb';
4830
  }
4831
- $handle = fopen( $file, $mode );
4832
 
4833
  // Write
4834
  if ( $handle ) {
@@ -4889,7 +4916,7 @@ function wppa_is_panorama( $id ) {
4889
  function wppa_remote_file_exists( $url ) {
4890
  $ch = curl_init( $url );
4891
  curl_setopt( $ch, CURLOPT_NOBODY, true );
4892
- curl_setopt( $ch, CURLOPT_SSL_VERIFYPEER, false );
4893
  curl_exec( $ch );
4894
  $httpCode = curl_getinfo( $ch, CURLINFO_HTTP_CODE );
4895
  curl_close( $ch );
@@ -4944,117 +4971,3 @@ function wppa_rename_files_sanitized( $root ) {
4944
  }
4945
  }
4946
 
4947
- // PHP unserialize() is unsafe because it can produce dangerous objects
4948
- // This function unserializes arrays only
4949
- // In case of error or dangerous data, returns an empty array
4950
- function wppa_unserialize( $xstring ) {
4951
-
4952
- $string = $xstring;
4953
-
4954
- $result = array();
4955
-
4956
- // Assume its an array, else return the input string
4957
- $type = substr( $string, 0, 2 );
4958
- $string = substr( $string, 2 );
4959
-
4960
- $cpos = strpos( $string, ':' );
4961
- $count = substr( $string, 0, $cpos );
4962
- $string = substr( $string, $cpos + 1 );
4963
- $string = trim( $string, '{}' );
4964
-
4965
- if ( $type != 'a:' ) {
4966
- // echo 'Exit 1';
4967
- wppa_log( 'Err', 'Not serialized arraydata encountered in wppa_unserialize()' );
4968
- return array();
4969
- }
4970
-
4971
- // Process data items
4972
- while ( strlen( $string ) ) {
4973
-
4974
- // Decode the key
4975
- $keytype = substr( $string, 0, 2 );
4976
- $string = substr( $string, 2 );
4977
- switch ( $keytype ) {
4978
-
4979
- // Integer key
4980
- case 'i:':
4981
- $cpos = strpos( $string, ';' );
4982
- $key = intval( substr( $string, 0, $cpos ) );
4983
- $string = substr( $string, $cpos + 1 );
4984
- //echo 'Keytype=' . $keytype . ', keyvalue=' . $key . ', string=' . $string . '<br />';
4985
- break;
4986
-
4987
- // String key
4988
- case 's:':
4989
- $cpos = strpos( $string, ':' );
4990
- $keylen = intval( substr( $string, 0, $cpos ) );
4991
- $string = substr( $string, $cpos + 1 );
4992
- $cpos = strpos( $string, ';' );
4993
- $key = substr( $string, 1, $keylen );
4994
- $string = substr( $string, $cpos + 1 );
4995
- //echo 'Keytype='. $keytype . ', keylen=' . $keylen . ', keyvalue=' . $key . ', string='. $string.'<br />';;
4996
-
4997
- break;
4998
-
4999
- // Unimplemented key type
5000
- default:
5001
- // echo 'Exit 2' . $type;
5002
- wppa_log( 'Err', 'Unimplemented keytype ' . $keytype . ' encountered in wppa_unserialize()' );
5003
- return array();
5004
- }
5005
-
5006
- // Decode the data
5007
- $datatype = substr( $string, 0, 2 );
5008
- $string = substr( $string, 2 );
5009
-
5010
- switch ( $datatype ) {
5011
-
5012
- // Integer data
5013
- case 'i:':
5014
- $cpos = strpos( $string, ';' );
5015
- $data = intval( substr( $string, 0, $cpos ) );
5016
- $string = substr( $string, $cpos + 1 );
5017
- //echo 'Datatype='. $datatype . ', datavalue=' . $data . ', string='. $string.'<br />';;
5018
- break;
5019
-
5020
- // String data
5021
- case 's:':
5022
- $cpos = strpos( $string, ':' );
5023
- $datalen = intval( substr( $string, 0, $cpos ) );
5024
- $string = substr( $string, $cpos + 1 );
5025
- $data = substr( $string, 1, $datalen );
5026
- $string = substr( $string, $datalen + 3 );
5027
- //echo 'Datatype='. $datatype . ', datalen=' . $datalen . ', datavalue=' . $data . ', string='. $string.'<br />';;
5028
- break;
5029
-
5030
- // Boolean
5031
- case 'b:':
5032
- $data = substr( $string, 0, 1 ) == '1';
5033
- $string = substr( $string, 2 );
5034
- break;
5035
-
5036
- // NULL
5037
- case 'N;':
5038
- $data = NULL;
5039
- break;
5040
-
5041
- // Array data
5042
- case 'a:':
5043
- $cbpos = strpos( $string, '}' );
5044
- $data = wppa_unserialize( 'a:' . substr( $string, 0, $cbpos + 1 ) );
5045
- $string = substr( $string, $cbpos + 1 );
5046
- break;
5047
-
5048
- // Unimplemented data type
5049
- default:
5050
- // echo 'Exit 3 '.$datatype;
5051
- wppa_log( 'Err', 'Unimplemented data type ' . $datatype . ' encountered in wppa_unserialize()' );
5052
- return array();
5053
- }
5054
-
5055
- // Add to result array
5056
- $result[$key] = $data;
5057
- }
5058
-
5059
- return $result;
5060
- }
3
  * Package: wp-photo-album-plus
4
  *
5
  * Contains low-level utility routines
6
+ * Version 6.9.16
7
  *
8
  */
9
 
1713
  if ( $filesize > 1024000 ) {
1714
 
1715
  // File > 1000kB, shorten it
1716
+ $file = wppa_fopen( $wppa_log_file, 'rb' );
1717
  if ( $file ) {
1718
  $buffer = @ fread( $file, $filesize );
1719
  $buffer = substr( $buffer, $filesize - 900*1024 ); // Take ending 900 kB
1720
  fclose( $file );
1721
+ $file = wppa_fopen( $wppa_log_file, 'wb' );
1722
  @ fwrite( $file, $buffer );
1723
  @ fclose( $file );
1724
  }
1726
  }
1727
 
1728
  // Open for append
1729
+ if ( ! $file = wppa_fopen( $wppa_log_file, 'ab' ) ) return; // Unable to open log file
1730
 
1731
  // Write log message
1732
  $msg = strip_tags( $msg );
1739
  }
1740
  if ( $trace ) {
1741
  ob_start();
1742
+ debug_print_backtrace( 0, 5 );//DEBUG_BACKTRACE_IGNORE_ARGS, 12 );
1743
  $trace = ob_get_contents();
1744
  ob_end_clean();
1745
  @ fwrite( $file, $trace."\n" );
2116
  function wppa_set_default_name( $id, $filename_raw = '' ) {
2117
  global $wpdb;
2118
 
2119
+ if ( ! $id || ! wppa_is_int( $id ) ) {
2120
+ wppa_log( 'Err', 'Missing id in wppa_set_default_name()', true );
2121
+ return;
2122
+ }
2123
+
2124
+ wppa_cache_thumb( 'invalidate', $id );
2125
  $thumb = wppa_cache_thumb( $id );
2126
 
2127
  $method = wppa_opt( 'newphoto_name_method' );
2131
  if ( ! $filename_raw ) {
2132
  $filename_raw = wppa( 'unsanitized_filename' );
2133
  }
2134
+ if ( ! $filename_raw ) {
2135
+ $filename_raw = $filename;
2136
+ }
2137
 
2138
  switch ( $method ) {
2139
  case 'none':
2150
  }
2151
  $name = preg_replace('/\.[^.]*$/', '', $name);
2152
  break;
2153
+ case 'noextspace':
2154
+ if ( $filename_raw ) {
2155
+ $name = wppa_sanitize_photo_name( $filename_raw );
2156
+ }
2157
+ $name = preg_replace('/\.[^.]*$/', '', $name);
2158
+ $name = str_replace( '-', ' ', $name );
2159
+ break;
2160
  case '2#005':
2161
  $tag = '2#005';
2162
+ $name = $wpdb->get_var( $wpdb->prepare( "SELECT description FROM {$wpdb->prefix}wppa_iptc
2163
+ WHERE photo = %d
2164
+ AND tag = %s", $id, $tag ) );
2165
  break;
2166
  case '2#120':
2167
  $tag = '2#120';
2168
+ $name = $wpdb->get_var( $wpdb->prepare( "SELECT description FROM {$wpdb->prefix}wppa_iptc
2169
+ WHERE photo = %d
2170
+ AND tag = %s", $id, $tag ) );
2171
  break;
2172
  case 'Photo w#id':
2173
  $name = __( 'Photo w#id', 'wp-photo-album-plus' );
2174
  break;
2175
  }
2176
+ if ( ( $name ) || $method == 'none' ) { // Update name
2177
+ $wpdb->query( $wpdb->prepare( "UPDATE {$wpdb->prefix}wppa_photos
2178
+ SET name = %s
2179
+ WHERE id = %d", $name, $id ) );
2180
+
2181
  wppa_cache_thumb( 'invalidate', $id ); // Invalidate cache
2182
  }
2183
  if ( ! wppa_switch( 'save_iptc') ) { // He doesn't want to keep the iptc data, so...
2184
+ $wpdb->query($wpdb->prepare( "DELETE FROM {$wpdb->prefix}wppa_iptc
2185
+ WHERE photo = %d", $id ) );
2186
  }
2187
 
2188
  // In case owner must be set to name.
2212
  if ( wppa_opt( 'medal_bronze_when' ) || wppa_opt( 'medal_silver_when' ) || wppa_opt( 'medal_gold_when' ) ) {
2213
  $max_score = wppa_opt( 'rating_max' );
2214
 
2215
+ $max_ratings = $wpdb->get_var( $wpdb->prepare( "SELECT COUNT(*) FROM {$wpdb->prefix}wppa_rating
2216
+ WHERE photo = %d AND value = %s
2217
+ AND status = %s", $id, $max_score, 'publish' ) );
 
2218
 
2219
  if ( $max_ratings >= wppa_opt( 'medal_gold_when' ) ) $status = 'gold';
2220
  elseif ( $max_ratings >= wppa_opt( 'medal_silver_when' ) ) $status = 'silver';
2393
  // Get an enumeration of all the (grand)children of some album spec.
2394
  // Album spec may be a number or an enumeration
2395
  function wppa_alb_to_enum_children( $xalb ) {
2396
+
2397
  if ( strpos( $xalb, '.' ) !== false ) {
2398
  $albums = explode( '.', $xalb );
2399
  }
2406
  $result = trim( $result, '.' ).'.';
2407
  }
2408
  $result = trim( $result, '.' );
2409
+
2410
  return $result;
2411
  }
2412
 
2421
 
2422
  // Get the data
2423
  $result = $alb;
2424
+ $children = $wpdb->get_results( $wpdb->prepare( "SELECT id FROM {$wpdb->prefix}wppa_albums
2425
+ WHERE a_parent = %s", $alb ), ARRAY_A );
2426
  if ( $children ) foreach ( $children as $child ) {
2427
  $result .= '.' . _wppa_alb_to_enum_children( $child['id'] );
2428
  $result = trim( $result, '.' );
2494
  if ( wppa_opt( 'rating_display_type' ) == 'likes' ) {
2495
 
2496
  // Get rating(like)count
2497
+ $count = $wpdb->get_var( $wpdb->prepare( "SELECT COUNT(*)
2498
+ FROM {$wpdb->prefix}wppa_rating
2499
+ WHERE photo = %d", $id ) );
2500
 
2501
  // Update photo
2502
+ $wpdb->query( $wpdb->prepare( "UPDATE {$wpdb->prefix}wppa_photos
2503
+ SET rating_count = %d, mean_rating = 0
2504
+ WHERE id = %d". $count, $id ) );
2505
 
2506
  // Invalidate cache
2507
  wppa_cache_photo( 'invalidate', $id );
2509
  else {
2510
 
2511
  // Get all ratings for this photo
2512
+ $ratings = $wpdb->get_results( $wpdb->prepare( "SELECT value
2513
+ FROM {$wpdb->prefix}wppa_rating
2514
+ WHERE photo = %d
2515
+ AND status = %s", $id, 'publish' ), ARRAY_A );
2516
 
2517
  // Init
2518
  $the_value = '0';
2519
  $the_count = '0';
2520
 
2521
  // Compute mean value and count
2522
+ if ( $ratings ) {
2523
+
2524
+ foreach ( $ratings as $rating ) {
2525
+
2526
+ if ( $rating['value'] == '-1' ) {
2527
+ $the_value += wppa_opt( 'dislike_value' );
2528
+ }
2529
+ else {
2530
+ $the_value += $rating['value'];
2531
+ }
2532
+
2533
+ $the_count++;
2534
+ }
2535
  }
2536
  if ( $the_count ) $the_value /= $the_count;
2537
  if ( wppa_opt( 'rating_max' ) == '1' ) $the_value = '0';
2538
  if ( $the_value == '10' ) $the_value = '9.9999999'; // mean_rating is a text field. for sort order reasons we make 10 into 9.99999
2539
 
2540
  // Update photo
2541
+ $wpdb->query( $wpdb->prepare( "UPDATE {$wpdb->prefix}wppa_photos
2542
+ SET mean_rating = %s, rating_count = %d
2543
+ WHERE id = %d", $the_value, $the_count, $id ) );
2544
 
2545
  // Invalidate cache
2546
  wppa_cache_photo( 'invalidate', $id );
3712
 
3713
  // Verify existance of index.php
3714
  if ( ! is_file( $fso . '/index.php' ) ) {
3715
+ @ wppa_copy( WPPA_PATH . '/index.php', $fso . '/index.php' );
3716
  if ( is_file( $fso . '/index.php' ) ) {
3717
  wppa_log( 'fso', 'Added: ' . $fso . '/index.php' );
3718
  }
3795
  return $result;
3796
  }
3797
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
3798
  function wppa_get_like_title_a( $id ) {
3799
  global $wpdb;
3800
 
3912
  // Create qr code cache and return its url
3913
  function wppa_create_qrcode_cache( $qrsrc ) {
3914
 
3915
+ /* hbi */
3916
  // Make sure the data portion is url encoded
3917
+ // $temp = explode( 'data=', $qrsrc );
3918
+ // $qrsrc = $temp[0] . 'data=' . urlencode( urldecode( $temp[1] ) );
3919
 
3920
  // Anything to do here?
3921
  if ( ! wppa_switch( 'qr_cache' ) ) {
3942
  // Catch the qr image
3943
  $curl = curl_init();
3944
  curl_setopt( $curl, CURLOPT_RETURNTRANSFER, 1 );
3945
+ curl_setopt( $curl, CURLOPT_URL, urlencode( $qrsrc ) ); // urlencode here is a security fix, does it still work?, see above /* hbi */
3946
  $contents = curl_exec( $curl );
3947
  curl_close( $curl );
3948
 
3949
  // Save the image
3950
  if ( strlen( $contents ) > 1000 ) {
3951
+ $file = wppa_fopen( WPPA_UPLOAD_PATH . '/qr/' . $key . '.svg', 'w' );
3952
  if ( $file ) {
3953
  fwrite( $file, $contents, strlen( $contents ) );
3954
  fclose( $file );
4702
  $src .= '/';
4703
 
4704
  if ( $single ) {
4705
+ wppa_move_uploaded_file( $file['tmp_name'], $src . sanitize_file_name( basename( $file['name'] ) ) );
4706
  }
4707
  else {
4708
+ wppa_move_uploaded_file( $file['tmp_name'][$i], $src . sanitize_file_name( basename( $file['name'][$i] ) ) );
4709
  }
4710
 
4711
  // Make it a jpg in the source dir,
4712
  if ( $single ) {
4713
+ $pdf = sanitize_file_name( basename( $file['name'] ) );
4714
  }
4715
  else {
4716
+ $pdf = sanitize_file_name( basename( $file['name'][$i] ) );
4717
  }
4718
  $jpg = wppa_strip_ext( $pdf ) . '.jpg';
4719
 
4730
  // Copy the jpg image back to $file['name'] and $file['tmp_name']
4731
  if ( $single ) {
4732
  $file['name'] = $jpg;
4733
+ wppa_copy( $src . $jpg, $file['tmp_name'] );
4734
  }
4735
  else {
4736
  $file['name'][$i] = $jpg;
4737
+ wppa_copy( $src . $jpg, $file['tmp_name'][$i] );
4738
  }
4739
 
4740
  // and continue as if it was a jpg, but remember its a .pdf
4855
  else {
4856
  $mode = 'wb';
4857
  }
4858
+ $handle = wppa_fopen( $file, $mode );
4859
 
4860
  // Write
4861
  if ( $handle ) {
4916
  function wppa_remote_file_exists( $url ) {
4917
  $ch = curl_init( $url );
4918
  curl_setopt( $ch, CURLOPT_NOBODY, true );
4919
+ curl_setopt( $ch, CURLOPT_SSL_VERIFYPEER, true );
4920
  curl_exec( $ch );
4921
  $httpCode = curl_getinfo( $ch, CURLINFO_HTTP_CODE );
4922
  curl_close( $ch );
4971
  }
4972
  }
4973
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
wppa-video.php CHANGED
@@ -3,7 +3,7 @@
3
  * Package: wp-photo-album-plus
4
  *
5
  * Contains all video routines
6
- * Version 6.6.20
7
  *
8
  */
9
 
@@ -214,7 +214,7 @@ global $wppa_supported_video_extensions;
214
  foreach ( $wppa_supported_video_extensions as $ext ) {
215
  $file = $raw_from_path . '.' . $ext;
216
  if ( is_file( $file ) ) {
217
- if ( ! copy( $file, $raw_to_path . '.' . $ext ) ) return false;
218
  }
219
  }
220
 
3
  * Package: wp-photo-album-plus
4
  *
5
  * Contains all video routines
6
+ * Version 6.9.16
7
  *
8
  */
9
 
214
  foreach ( $wppa_supported_video_extensions as $ext ) {
215
  $file = $raw_from_path . '.' . $ext;
216
  if ( is_file( $file ) ) {
217
+ if ( ! wppa_copy( $file, $raw_to_path . '.' . $ext ) ) return false;
218
  }
219
  }
220
 
wppa-wrappers.php ADDED
@@ -0,0 +1,142 @@
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
1
+ <?php
2
+ /* wppa-wrappers.php
3
+ * Package: wp-photo-album-plus
4
+ *
5
+ * Contains wrappers for standard php functions
6
+ * For security and bug reasons
7
+ *
8
+ * Version 6.9.16
9
+ *
10
+ */
11
+
12
+ // To fix a bug in PHP as that photos made with the selfie camera of an android smartphone
13
+ // erroneously cause the PHP warning 'is not a valid JPEG file' and cause imagecreatefromjpag crash.
14
+ function wppa_imagecreatefromjpeg( $file ) {
15
+
16
+ ini_set( 'gd.jpeg_ignore_warning', true );
17
+ $img = imagecreatefromjpeg( $file );
18
+ return $img;
19
+ }
20
+
21
+ // Wrapper for copy( $from, $to ) that verifies that the pathnames are safe for our application
22
+ // In case of unexpected operation: Generates a warning in the wppa log, and does not perform the copy.
23
+ function wppa_copy( $from, $to ) {
24
+
25
+ if ( ! wppa_is_path_safe( $from ) ) {
26
+ wppa_log( 'War', 'Unsafe from path detected in wppa_copy(): ' . sanitize_text_field( $from ), true );
27
+ return false; // For diagnostic purposes, no return here yet
28
+ }
29
+ if ( ! wppa_is_path_safe( $to ) ) {
30
+ wppa_log( 'War', 'Unsafe to path detected in wppa_copy(): ' . sanitize_text_field( $to ), true );
31
+ return false; // For diagnostic purposes, no return here yet
32
+ }
33
+ return copy( $from, $to );
34
+ }
35
+
36
+ // Wrapper for move_uploaded_file( $from, $to ) that verifies that the pathnames are safe for our application
37
+ function wppa_move_uploaded_file( $from, $to ) {
38
+
39
+ if ( ! wppa_is_path_safe( $to ) ) {
40
+ wppa_log( 'War', 'Unsafe to path detected in move_uploaded_file(): ' . sanitize_text_field( $to ), true );
41
+ return false; // For diagnostic purposes, no return here yet
42
+ }
43
+ return move_uploaded_file( $from, $to );
44
+ }
45
+
46
+ // Wrapper for fopen
47
+ function wppa_fopen( $file, $mode ) {
48
+
49
+ // Is path safe?
50
+ if ( ! wppa_is_path_safe( $file ) ) {
51
+ wppa_log( 'War', 'Unsafe to path detected in wppa_fopen(): ' . sanitize_text_field( $file ), true );
52
+ return false; // For diagnostic purposes, no return here yet
53
+ }
54
+
55
+ // When opening for reading, the file must exist
56
+ if ( strpos( $mode, 'r' ) !== false && ! is_file( $file ) ) {
57
+ return false;
58
+ }
59
+ return fopen( $file, $mode );
60
+ }
61
+
62
+ // Utility to check if a given full filepath is safe to manipulate upon
63
+ function wppa_is_path_safe( $path ) {
64
+ static $safe_roots;
65
+ static $safe_files;
66
+ global $wppa_lang;
67
+ global $wppa_log_file;
68
+
69
+ if ( empty( $safe_files ) ) {
70
+
71
+ // The following files are safe to read or write to
72
+ $safe_files = array( WPPA_PATH . '/wppa-init.' . $wppa_lang . '.js',
73
+ WPPA_PATH . '/wppa-dynamic.css',
74
+ $wppa_log_file,
75
+ );
76
+ }
77
+
78
+ if ( empty( $safe_roots ) ) {
79
+
80
+ // The following root dirs are safe, including all their subdirs, to read/write into
81
+ $safe_roots = array( WPPA_CONTENT_PATH . '/uploads/wppa',
82
+ WPPA_CONTENT_PATH . '/uploads/wppa-source',
83
+ WPPA_CONTENT_PATH . '/uploads/wppa-cdn',
84
+ WPPA_CONTENT_PATH . '/wppa-depot',
85
+ WPPA_CONTENT_PATH . '/' . wppa_opt( 'pl_dirname' ),
86
+ WPPA_CONTENT_PATH . '/' . wppa_opt( 'cache_root' ),
87
+ WPPA_PATH . '/fonts',
88
+ WPPA_PATH . '/watermarks',
89
+ );
90
+
91
+ }
92
+
93
+ // Verify specific files
94
+ foreach( array_keys( $safe_files ) as $key ) {
95
+
96
+ if ( $path == $safe_files[$key] ) {
97
+ return true;
98
+ }
99
+ }
100
+
101
+ // It is ok to import a remote file
102
+ if ( strpos( strtolower( $path ), 'http://' ) === 0 || strpos( strtolower( $path ), 'https://' ) === 0 ) {
103
+ return true;
104
+ }
105
+
106
+ // Verify roots
107
+ foreach( array_keys( $safe_roots ) as $key ) {
108
+
109
+ // Starts the path with a safe root?
110
+ if ( strpos( $path, $safe_roots[$key] ) === 0 ) {
111
+
112
+ // Funny chars in path?
113
+ if ( $path != sanitize_text_field( $path ) ) {
114
+ return false;
115
+ }
116
+
117
+ // Path traversal attempt?
118
+ if ( strpos( $path, '../' ) !== false ) {
119
+ return false;
120
+ }
121
+
122
+ // Passed tests
123
+ return true;
124
+ }
125
+ }
126
+
127
+ // No safe root
128
+ return false;
129
+ }
130
+
131
+ // PHP unserialize() is unsafe because it can produce dangerous objects
132
+ // This function unserializes arrays only
133
+ // In case of error or dangerous data, returns an empty array
134
+ function wppa_unserialize( $xstring, $is_session = false ) {
135
+
136
+ if ( $is_session && get_option( 'wppa_use_scabn' ) == 'yes' ) {
137
+ return unserialize( $xstring, array( 'allowed_classes' => array( 'wfCart' ) ) );
138
+ }
139
+ else {
140
+ return unserialize( $xstring, array( 'allowed_classes' => false ) );
141
+ }
142
+ }
wppa.php CHANGED
@@ -2,7 +2,7 @@
2
  /*
3
  * Plugin Name: WP Photo Album Plus
4
  * Description: Easily manage and display your photo albums and slideshows within your WordPress site.
5
- * Version: 6.9.15.004
6
  * Author: J.N. Breetvelt a.k.a. OpaJaap
7
  * Author URI: http://wppa.opajaap.nl/
8
  * Plugin URI: http://wordpress.org/extend/plugins/wp-photo-album-plus/
@@ -22,8 +22,8 @@ global $wpdb;
22
  global $wp_version;
23
 
24
  /* WPPA GLOBALS */
25
- global $wppa_revno; $wppa_revno = '6915'; // WPPA db version
26
- global $wppa_api_version; $wppa_api_version = '6-9-15-004'; // WPPA software version
27
 
28
  /* start timers */
29
  global $wppa_starttime; $wppa_starttime = microtime( true );
2
  /*
3
  * Plugin Name: WP Photo Album Plus
4
  * Description: Easily manage and display your photo albums and slideshows within your WordPress site.
5
+ * Version: 6.9.16.009
6
  * Author: J.N. Breetvelt a.k.a. OpaJaap
7
  * Author URI: http://wppa.opajaap.nl/
8
  * Plugin URI: http://wordpress.org/extend/plugins/wp-photo-album-plus/
22
  global $wp_version;
23
 
24
  /* WPPA GLOBALS */
25
+ global $wppa_revno; $wppa_revno = '6916'; // WPPA db version
26
+ global $wppa_api_version; $wppa_api_version = '6-9-16-009'; // WPPA software version
27
 
28
  /* start timers */
29
  global $wppa_starttime; $wppa_starttime = microtime( true );