WP Photo Album Plus - Version 6.9.17

Version Description

  • This version addresses various minor bug fixes and feature requests.
  • This version addresses various security issues.
Download this release

Release Info

Developer opajaap
Plugin Icon wp plugin WP Photo Album Plus
Version 6.9.17
Comparing to
See all releases

Code changes from version 6.9.16 to 6.9.17

Files changed (10) hide show
  1. changelog.txt +7 -0
  2. readme.txt +6 -1
  3. wppa-ajax.php +144 -84
  4. wppa-album-admin-autosave.php +56 -46
  5. wppa-common-functions.php +2 -2
  6. wppa-encrypt.php +3 -3
  7. wppa-photo-admin-autosave.php +2 -2
  8. wppa-topten-widget.php +85 -80
  9. wppa-wrappers.php +127 -20
  10. wppa.php +2 -2
changelog.txt CHANGED
@@ -1,5 +1,12 @@
1
  WP Photo Album Plus Changelog
2
 
 
 
 
 
 
 
 
3
  = 6.9.16 =
4
 
5
  = Other Changes =
1
  WP Photo Album Plus Changelog
2
 
3
+ = 6.9.17 =
4
+
5
+ = Bug Fixes =
6
+
7
+ * Fixed a layout issue of the album description field on the album admin edit album information screen.
8
+ * Custom data fields disappeared in 6.9.16 when php version < 7.0. Fixed.
9
+
10
  = 6.9.16 =
11
 
12
  = Other Changes =
readme.txt CHANGED
@@ -2,7 +2,7 @@
2
  Contributors: opajaap
3
  Donate link: https://www.paypal.com/cgi-bin/webscr?cmd=_donations&business=OpaJaap@OpaJaap.nl&item_name=WP-Photo-Album-Plus&item_number=Support-Open-Source&currency_code=USD&lc=US
4
  Tags: photo, album, slideshow, video, audio, lightbox, iptc, exif, cloudinary, fotomoto, imagemagick, pdf
5
- Version: 6.9.16
6
  Stable tag: 6.9.15
7
  Author: J.N. Breetvelt
8
  Author URI: http://www.opajaap.nl/
@@ -137,6 +137,11 @@ See for the full changelog: <a href="http://www.wppa.nl/changelog/" >The documen
137
 
138
  == Upgrade Notice ==
139
 
 
 
 
 
 
140
  = 6.9.16 =
141
 
142
  * This version addresses various minor bug fixes and feature requests.
2
  Contributors: opajaap
3
  Donate link: https://www.paypal.com/cgi-bin/webscr?cmd=_donations&business=OpaJaap@OpaJaap.nl&item_name=WP-Photo-Album-Plus&item_number=Support-Open-Source&currency_code=USD&lc=US
4
  Tags: photo, album, slideshow, video, audio, lightbox, iptc, exif, cloudinary, fotomoto, imagemagick, pdf
5
+ Version: 6.9.17
6
  Stable tag: 6.9.15
7
  Author: J.N. Breetvelt
8
  Author URI: http://www.opajaap.nl/
137
 
138
  == Upgrade Notice ==
139
 
140
+ = 6.9.17 =
141
+
142
+ * This version addresses various minor bug fixes and feature requests.
143
+ * This version addresses various security issues.
144
+
145
  = 6.9.16 =
146
 
147
  * This version addresses various minor bug fixes and feature requests.
wppa-ajax.php CHANGED
@@ -2,7 +2,7 @@
2
  /* wppa-ajax.php
3
  *
4
  * Functions used in ajax requests
5
- * Version 6.9.16
6
  *
7
  */
8
 
@@ -98,7 +98,10 @@ global $wppa_log_file;
98
  }
99
  }
100
  }
101
- $iptcdata = $wpdb->get_results( $wpdb->prepare( "SELECT DISTINCT `description` FROM `" . WPPA_IPTC ."` WHERE `photo` > '0' AND `tag` = %s ORDER BY `description`", $tag ), ARRAY_A );
 
 
 
102
  $last = '';
103
  $any = false;
104
  if ( is_array( $iptcdata ) ) foreach( $iptcdata as $item ) {
@@ -121,7 +124,9 @@ global $wppa_log_file;
121
  }
122
  }
123
  if ( ! $any ) {
124
- $query = $wpdb->prepare( "UPDATE $wpdb->wppa_iptc SET `status` = 'hide' WHERE `photo` = '0' AND `tag` = %s", $tag );
 
 
125
  $wpdb->query( $query );
126
  }
127
  wppa_exit();
@@ -156,23 +161,23 @@ global $wppa_log_file;
156
  }
157
 
158
  if ( $brand ) {
159
- $exifdata = $wpdb->get_results( $wpdb->prepare( "SELECT DISTINCT `f_description` " .
160
- "FROM `" . WPPA_EXIF ."` " .
161
- "WHERE `photo` > '0' " .
162
- "AND `tag` = %s " .
163
- "AND `brand` = %s " .
164
- "AND `f_description` <> %s " .
165
- "AND `f_description` <> '' " .
166
- "ORDER BY `f_description`", $tag, $brand, __( 'n.a.', 'wp-photo-album-plus' ) ), ARRAY_A );
167
  }
168
  else {
169
- $exifdata = $wpdb->get_results( $wpdb->prepare( "SELECT DISTINCT `f_description` " .
170
- "FROM `" . WPPA_EXIF ."` " .
171
- "WHERE `photo` > '0' " .
172
- "AND `tag` = %s " .
173
- "AND `f_description` <> %s " .
174
- "AND `f_description` <> '' " .
175
- "ORDER BY `f_description`", $tag, __( 'n.a.', 'wp-photo-album-plus' ) ), ARRAY_A );
176
  }
177
 
178
  // Make the data sortable.
@@ -235,7 +240,10 @@ global $wppa_log_file;
235
 
236
  // Cleanup possible unused label
237
  if ( ! $any ) {
238
- $query = $wpdb->prepare( "UPDATE $wpdb->wppa_exif SET `status` = 'hide' WHERE `photo` = '0' AND `tag` = %s", $tag );
 
 
 
239
  $wpdb->query( $query );
240
  }
241
  wppa_exit();
@@ -395,125 +403,150 @@ global $wppa_log_file;
395
  break;
396
 
397
  case 'approve':
398
- $iret = '0';
 
 
399
 
400
  if ( ! current_user_can( 'wppa_moderate' ) && ! current_user_can( 'wppa_comments' ) ) {
401
  _e( 'You do not have the rights to moderate photos this way' , 'wp-photo-album-plus');
402
  wppa_exit();
403
  }
404
 
405
- if ( isset( $_REQUEST['photo-id'] ) && current_user_can( 'wppa_moderate' ) ) {
406
- $iret = $wpdb->query( $wpdb->prepare( "UPDATE $wpdb->wppa_photos SET `status` = 'publish' WHERE `id` = %s", $_REQUEST['photo-id'] ) );
407
- wppa_flush_upldr_cache( 'photoid', $_REQUEST['photo-id'] );
408
- $alb = $wpdb->get_var( $wpdb->prepare( "SELECT `album` FROM $wpdb->wppa_photos WHERE `id` = %s", $_REQUEST['photo-id'] ) );
 
 
 
409
  wppa_clear_taglist();
410
  wppa_invalidate_treecounts( $alb );
411
  }
412
- if ( isset( $_REQUEST['comment-id'] ) ) {
413
- $iret = $wpdb->query( $wpdb->prepare( "UPDATE `".WPPA_COMMENTS."` SET `status` = 'approved' WHERE `id` = %s", $_REQUEST['comment-id'] ) );
 
 
 
414
  if ( $iret ) {
415
- wppa_send_comment_approved_email( $_REQUEST['comment-id'] );
416
- wppa_add_credit_points( wppa_opt( 'cp_points_comment_appr' ),
417
- __( 'Photo comment approved' , 'wp-photo-album-plus'),
418
- $_REQUEST['photo-id'],
419
- '',
420
- wppa_get_photo_item( $_REQUEST['photo-id'], 'owner' )
421
  );
422
  }
423
  }
424
  if ( $iret ) {
425
  if ( wppa_opt( 'search_comments' ) ) {
426
- wppa_update_photo( $_REQUEST['photo-id'] );
427
  }
428
  echo 'OK';
429
  }
430
  else {
431
- if ( isset( $_REQUEST['photo-id'] ) ) {
432
  if ( current_user_can( 'wppa_moderate' ) ) {
433
- echo sprintf( __( 'Failed to update stutus of photo %s' , 'wp-photo-album-plus'), $_REQUEST['photo-id'] )."\n".__( 'Please refresh the page' , 'wp-photo-album-plus');
434
  }
435
  else {
436
  _e( 'Security check failure' , 'wp-photo-album-plus');
437
  }
438
  }
439
- if ( isset( $_REQUEST['comment-id'] ) ) {
440
- echo sprintf( __( 'Failed to update stutus of comment %s' , 'wp-photo-album-plus'), $_REQUEST['comment-id'] )."\n".__( 'Please refresh the page' , 'wp-photo-album-plus');
441
  }
442
  }
443
  wppa_exit();
444
 
445
  case 'remove':
446
 
 
 
 
447
  // Remove photo
448
- if ( isset( $_REQUEST['photo-id'] ) ) {
449
- if ( strlen( $_REQUEST['photo-id'] ) == 12 ) {
450
- $photo = wppa_decrypt_photo( $_REQUEST['photo-id'] );
451
- }
452
- else {
453
- $photo = $_REQUEST['photo-id'];
454
- }
455
- if ( wppa_may_user_fe_delete( $photo ) ) {
456
- wppa_delete_photo( $photo );
457
- echo 'OK||'.__( 'Photo removed' , 'wp-photo-album-plus');
458
  wppa_exit();
459
  }
460
  }
461
 
462
  // Remove comment
463
- elseif ( isset( $_REQUEST['comment-id'] ) ) {
464
 
465
  // Am i allowed to do this?
466
  if ( ! current_user_can( 'wppa_moderate' ) && ! current_user_can( 'wppa_comments' ) ) {
467
- _e( 'You do not have the rights to moderate photos this way' , 'wp-photo-album-plus');
468
  wppa_exit();
469
  }
470
 
471
- $photo = $wpdb->get_var( $wpdb->prepare( "SELECT `photo` FROM $wpdb->wppa_comments WHERE `id` = %s", $_REQUEST['comment-id'] ) );
472
- $iret = $wpdb->query( $wpdb->prepare( "DELETE FROM `".WPPA_COMMENTS."` WHERE `id`= %s", $_REQUEST['comment-id'] ) );
 
 
 
 
473
  if ( $iret ) {
474
  if ( wppa_opt( 'search_comments' ) ) {
475
- wppa_update_photo( $photo );
476
  }
477
- echo 'OK||'.__( 'Comment removed' , 'wp-photo-album-plus');
 
 
 
478
  }
479
- else _e( 'Could not remove comment' , 'wp-photo-album-plus');
480
  wppa_exit();
481
  }
482
 
483
  // Remove request issued, but it is not a photo and not a comment
484
- _e( 'Unexpected error' , 'wp-photo-album-plus');
485
  wppa_exit();
486
 
487
  case 'downloadalbum':
 
488
  // Feature enabled?
489
  if ( ! wppa_switch( 'allow_download_album' ) ) {
490
- echo '||ER||'.__( 'This feature is not enabled on this website' , 'wp-photo-album-plus');
491
  wppa_exit();
492
  }
493
 
494
  // Validate args
495
  $alb = wppa_decrypt_album( $_REQUEST['album-id'] );
496
 
497
- $status = "`status` <> 'pending' AND `status` <> 'scheduled'";
498
- if ( ! is_user_logged_in() ) $status .= " AND `status` <> 'private'";
 
 
 
 
 
 
 
 
 
 
 
 
 
 
499
 
500
- $photos = $wpdb->get_results( $wpdb->prepare( "SELECT * FROM $wpdb->wppa_photos WHERE `album` = %s AND ( ( ".$status." ) OR owner = %s ) ".wppa_get_photo_order( $alb ), $alb, wppa_get_user() ), ARRAY_A );
501
  if ( ! $photos ) {
502
- echo '||ER||'.__( 'The album is empty' , 'wp-photo-album-plus');
503
  wppa_exit();
504
  }
505
 
506
  // Open zipfile
507
  if ( ! class_exists( 'ZipArchive' ) ) {
508
- echo '||ER||'.__( 'Unable to create zip archive' , 'wp-photo-album-plus');
509
  wppa_exit();
510
  }
511
  $zipfilename = wppa_get_album_name( $alb );
512
- $zipfilename = wppa_sanitize_file_name( $zipfilename.'.zip' ); // Remove illegal chars
513
- $zipfilepath = WPPA_UPLOAD_PATH.'/temp/'.$zipfilename;
514
- if ( is_file( $zipfilepath ) ) {
515
- // unlink( $zipfilepath ); // Debug
516
- }
517
  $wppa_zip = new ZipArchive;
518
  $iret = $wppa_zip->open( $zipfilepath, 1 );
519
  if ( $iret !== true ) {
@@ -561,9 +594,9 @@ global $wppa_log_file;
561
  case 'getalbumzipurl':
562
  $alb = $_REQUEST['album-id'];
563
  $zipfilename = wppa_get_album_name( $alb );
564
- $zipfilename = wppa_sanitize_file_name( $zipfilename.'.zip' ); // Remove illegal chars
565
- $zipfilepath = WPPA_UPLOAD_PATH.'/temp/'.$zipfilename;
566
- $zipfileurl = WPPA_UPLOAD_URL.'/temp/'.$zipfilename;
567
  if ( is_file( $zipfilepath ) ) {
568
  echo $zipfileurl;
569
  }
@@ -600,7 +633,8 @@ global $wppa_log_file;
600
  $zipfile = $zipsdir.wppa_get_user().'.zip';
601
 
602
  // Find the photo data
603
- $data = $wpdb->get_row( $wpdb->prepare( "SELECT * FROM $wpdb->wppa_photos WHERE `id` = %s", $photo ), ARRAY_A );
 
604
 
605
  // Find the photo file
606
  if ( is_file ( wppa_get_source_path( $photo ) ) ) {
@@ -621,8 +655,9 @@ global $wppa_log_file;
621
  break;
622
 
623
  case 'delmyzip':
 
624
  // Verify existance of zips dir
625
- $zipsdir = WPPA_UPLOAD_PATH.'/zips/';
626
  if ( is_dir( $zipsdir ) ) {
627
 
628
  // Compose the users zip filename
@@ -848,23 +883,31 @@ global $wppa_log_file;
848
 
849
  // Rate own photo?
850
  if ( wppa_get_photo_item( $photo, 'owner' ) == $user && ! wppa_switch( 'allow_owner_votes' ) ) {
851
- echo '0||900||'.__( 'Sorry, you can not rate your own photos' , 'wp-photo-album-plus');
852
  wppa_exit();
853
  }
854
 
855
  // Already a pending one?
856
- $pending = $wpdb->get_var( $wpdb->prepare( "SELECT COUNT(*) FROM `".WPPA_RATING."` WHERE `photo` = %s AND `user` = %s AND `status` = %s", $photo, $user, 'pending' ) );
 
 
 
857
 
858
  // Has user motivated his vote?
859
- $hascommented = $wpdb->get_var( $wpdb->prepare( "SELECT COUNT(*) FROM `".WPPA_COMMENTS."` WHERE `photo` = %s AND `user` = %s", $photo, wppa_get_user( 'display' ) ) );
 
 
860
 
861
  if ( $pending ) {
862
  if ( ! $hascommented ) {
863
- echo '0||900||'.__( 'Please enter a comment.' , 'wp-photo-album-plus');
864
  wppa_exit();
865
  }
866
  else {
867
- $wpdb->query( $wpdb->prepare( "UPDATE `".WPPA_RATING."` SET `status` = 'publish' WHERE `photo` = %s AND `user` = %s", $photo, $user ) );
 
 
 
868
  }
869
  }
870
 
@@ -887,7 +930,9 @@ global $wppa_log_file;
887
  if ( $mylast ) {
888
 
889
  // Remove my like
890
- $wpdb->query( $wpdb->prepare( "DELETE FROM $wpdb->wppa_rating WHERE `photo` = %s AND `user` = %s", $photo, $user ) );
 
 
891
  $myavgrat = '0';
892
  }
893
  else {
@@ -970,9 +1015,14 @@ global $wppa_log_file;
970
 
971
  // Case 3: I will change my previously given vote
972
  elseif ( wppa_switch( 'rating_change' ) ) { // Votechanging is allowed
973
- $iret = $wpdb->query( $wpdb->prepare( 'UPDATE `'.WPPA_RATING.'` SET `value` = %s WHERE `photo` = %s AND `user` = %s LIMIT 1', $rating, $photo, $user ) );
 
 
 
 
 
974
  if ( $iret === false ) {
975
- echo '0||103||'.$errtxt;
976
  wppa_exit(); // Fail on update
977
  }
978
  }
@@ -992,7 +1042,11 @@ global $wppa_log_file;
992
  }
993
 
994
  // Compute my avg rating
995
- $myrats = $wpdb->get_results( $wpdb->prepare( 'SELECT * FROM `'.WPPA_RATING.'` WHERE `photo` = %s AND `user` = %s AND `status` = %s ', $photo, $user, 'publish' ), ARRAY_A );
 
 
 
 
996
  if ( $myrats ) {
997
  $sum = 0;
998
  $cnt = 0;
@@ -1013,7 +1067,7 @@ global $wppa_log_file;
1013
  else {
1014
  $myavgrat = '0';
1015
  }
1016
-
1017
  // Compute new allavgrat
1018
  $ratings = $wpdb->get_results( $wpdb->prepare( 'SELECT * FROM '.WPPA_RATING.' WHERE `photo` = %s AND `status` = %s', $photo, 'publish' ), ARRAY_A );
1019
  if ( $ratings ) {
@@ -1355,7 +1409,9 @@ global $wppa_log_file;
1355
  case 'hour':
1356
  case 'min':
1357
  $itemname = __( 'Schedule date/time' , 'wp-photo-album-plus');
1358
- $scheduledtm = $wpdb->get_var( $wpdb->prepare( "SELECT `scheduledtm` FROM$wpdb->wppa_albums WHERE `id` = %s", $album ) );
 
 
1359
  if ( ! $scheduledtm ) {
1360
  $scheduledtm = wppa_get_default_scheduledtm();
1361
  }
@@ -1372,9 +1428,13 @@ global $wppa_log_file;
1372
  break;
1373
 
1374
  case 'setallscheduled':
1375
- $scheduledtm = $wpdb->get_var( $wpdb->prepare( "SELECT `scheduledtm` FROM $wpdb->wppa_albums WHERE `id` = %s", $album ) );
 
 
1376
  if ( $scheduledtm ) {
1377
- $iret = $wpdb->query( $wpdb->prepare( "UPDATE $wpdb->wppa_photos SET `status` = 'scheduled', `scheduledtm` = %s WHERE `album` = %s", $scheduledtm, $album ) );
 
 
1378
  echo '||0||'.__( 'All photos set to scheduled per date', 'wp-photo-album-plus' ) . ' ' . wppa_format_scheduledtm( $scheduledtm );
1379
  }
1380
  wppa_exit();
2
  /* wppa-ajax.php
3
  *
4
  * Functions used in ajax requests
5
+ * Version 6.9.17
6
  *
7
  */
8
 
98
  }
99
  }
100
  }
101
+ $iptcdata = $wpdb->get_results( $wpdb->prepare( "SELECT DISTINCT description
102
+ FROM {$wpdb->prefix}wppa_iptc
103
+ WHERE photo > 0 AND tag = %s
104
+ ORDER BY description", $tag ), ARRAY_A );
105
  $last = '';
106
  $any = false;
107
  if ( is_array( $iptcdata ) ) foreach( $iptcdata as $item ) {
124
  }
125
  }
126
  if ( ! $any ) {
127
+ $query = $wpdb->prepare( "UPDATE {$wpdb->prefix}wppa_iptc
128
+ SET status = 'hide'
129
+ WHERE photo = 0 AND tag = %s", $tag );
130
  $wpdb->query( $query );
131
  }
132
  wppa_exit();
161
  }
162
 
163
  if ( $brand ) {
164
+ $exifdata = $wpdb->get_results( $wpdb->prepare( "SELECT DISTINCT f_description
165
+ FROM {$wpdb->prefix}wppa_exif
166
+ WHERE photo > 0
167
+ AND tag = %s
168
+ AND brand = %s
169
+ AND f_description <> %s
170
+ AND f_description <> ''
171
+ ORDER BY f_description", $tag, $brand, __( 'n.a.', 'wp-photo-album-plus' ) ), ARRAY_A );
172
  }
173
  else {
174
+ $exifdata = $wpdb->get_results( $wpdb->prepare( "SELECT DISTINCT f_description
175
+ FROM {$wpdb->prefix}wppa_exif
176
+ WHERE photo > 0
177
+ AND tag = %s
178
+ AND f_description <> %s
179
+ AND f_description <> ''
180
+ ORDER BY f_description", $tag, __( 'n.a.', 'wp-photo-album-plus' ) ), ARRAY_A );
181
  }
182
 
183
  // Make the data sortable.
240
 
241
  // Cleanup possible unused label
242
  if ( ! $any ) {
243
+ $query = $wpdb->prepare( "UPDATE {$wpdb->prefix}wppa_exif
244
+ SET status = 'hide'
245
+ WHERE photo = 0
246
+ AND tag = %s", $tag );
247
  $wpdb->query( $query );
248
  }
249
  wppa_exit();
403
  break;
404
 
405
  case 'approve':
406
+ $iret = 0;
407
+ $pid = isset( $_REQUEST['photo-id'] ) ? intval( $_REQUEST['photo-id'] ) : 0;
408
+ $cid = isset( $_REQUEST['comment-id'] ) ? intval( $_REQUEST['comment-id'] ) : 0;
409
 
410
  if ( ! current_user_can( 'wppa_moderate' ) && ! current_user_can( 'wppa_comments' ) ) {
411
  _e( 'You do not have the rights to moderate photos this way' , 'wp-photo-album-plus');
412
  wppa_exit();
413
  }
414
 
415
+ if ( $pid && current_user_can( 'wppa_moderate' ) ) {
416
+ $iret = $wpdb->query( $wpdb->prepare( "UPDATE {$wpdb->prefix}wppa_photos
417
+ SET status = 'publish'
418
+ WHERE id = %d", $pid ) );
419
+ wppa_flush_upldr_cache( 'photoid', $pid );
420
+ $alb = $wpdb->get_var( $wpdb->prepare( "SELECT album FROM {$wpdb->prefix}wppa_photos
421
+ WHERE id = %d", $pid ) );
422
  wppa_clear_taglist();
423
  wppa_invalidate_treecounts( $alb );
424
  }
425
+
426
+ if ( $cid && current_user_can( 'wppa_moderate' ) ) {
427
+ $iret = $wpdb->query( $wpdb->prepare( "UPDATE {$wpdb->prefix}wppa_comments
428
+ SET status = 'approved'
429
+ WHERE id = %d", $cid ) );
430
  if ( $iret ) {
431
+ wppa_send_comment_approved_email( $cid );
432
+ wppa_add_credit_points( wppa_opt( 'cp_points_comment_appr' ),
433
+ __( 'Photo comment approved' , 'wp-photo-album-plus'),
434
+ $pid,
435
+ '',
436
+ wppa_get_photo_item( $pid, 'owner' )
437
  );
438
  }
439
  }
440
  if ( $iret ) {
441
  if ( wppa_opt( 'search_comments' ) ) {
442
+ wppa_update_photo( $id );
443
  }
444
  echo 'OK';
445
  }
446
  else {
447
+ if ( $pid ) {
448
  if ( current_user_can( 'wppa_moderate' ) ) {
449
+ echo sprintf( __( 'Failed to update stutus of photo %s' , 'wp-photo-album-plus'), $pid )."\n".__( 'Please refresh the page', 'wp-photo-album-plus' );
450
  }
451
  else {
452
  _e( 'Security check failure' , 'wp-photo-album-plus');
453
  }
454
  }
455
+ if ( $cid ) {
456
+ echo sprintf( __( 'Failed to update stutus of comment %s' , 'wp-photo-album-plus'), $cid )."\n".__( 'Please refresh the page', 'wp-photo-album-plus' );
457
  }
458
  }
459
  wppa_exit();
460
 
461
  case 'remove':
462
 
463
+ $pid = wppa_decrypt_photo( $_REQUEST['photo-id'] );
464
+ $cid = isset( $_REQUEST['comment-id'] ) ? intval( $_REQUEST['comment-id'] ) : 0;
465
+
466
  // Remove photo
467
+ if ( $pid ) {
468
+ if ( wppa_may_user_fe_delete( $pid ) ) {
469
+ wppa_delete_photo( $pid );
470
+ echo 'OK||' . __( 'Photo removed', 'wp-photo-album-plus' );
 
 
 
 
 
 
471
  wppa_exit();
472
  }
473
  }
474
 
475
  // Remove comment
476
+ elseif ( $cid ) {
477
 
478
  // Am i allowed to do this?
479
  if ( ! current_user_can( 'wppa_moderate' ) && ! current_user_can( 'wppa_comments' ) ) {
480
+ _e( 'You do not have the rights to moderate photos this way', 'wp-photo-album-plus' );
481
  wppa_exit();
482
  }
483
 
484
+ $photo = $wpdb->get_var( $wpdb->prepare( "SELECT photo FROM {$wpdb->prefix}wppa_comments
485
+ WHERE id = %d", $cid ) );
486
+
487
+ $iret = $wpdb->query( $wpdb->prepare( "DELETE FROM {$wpdb->prefix}wppa_comments
488
+ WHERE id = %d", $cid ) );
489
+
490
  if ( $iret ) {
491
  if ( wppa_opt( 'search_comments' ) ) {
492
+ wppa_update_photo( $pid );
493
  }
494
+ echo 'OK||' . __( 'Comment removed', 'wp-photo-album-plus' );
495
+ }
496
+ else {
497
+ _e( 'Could not remove comment', 'wp-photo-album-plus' );
498
  }
 
499
  wppa_exit();
500
  }
501
 
502
  // Remove request issued, but it is not a photo and not a comment
503
+ _e( 'Unexpected error', 'wp-photo-album-plus' );
504
  wppa_exit();
505
 
506
  case 'downloadalbum':
507
+
508
  // Feature enabled?
509
  if ( ! wppa_switch( 'allow_download_album' ) ) {
510
+ echo '||ER||' . __( 'This feature is not enabled on this website', 'wp-photo-album-plus' );
511
  wppa_exit();
512
  }
513
 
514
  // Validate args
515
  $alb = wppa_decrypt_album( $_REQUEST['album-id'] );
516
 
517
+ if ( is_user_logged_in() ) {
518
+ $query = "SELECT * FROM {$wpdb->prefix}wppa_photos
519
+ WHERE album = %d
520
+ AND ( ( status <> 'pending'
521
+ AND status <> 'scheduled' )
522
+ OR owner = %s )";
523
+ }
524
+ else {
525
+ $query = "SELECT * FROM {$wpdb->prefix}wppa_photos
526
+ WHERE album = %d
527
+ AND ( ( status <> 'pending'
528
+ AND status <> 'scheduled'
529
+ AND status <> 'private' )
530
+ OR owner = %s )";
531
+ }
532
+ $photos = $wpdb->get_results( $wpdb->prepare( $query, $alb, wppa_get_user() ), ARRAY_A );
533
 
 
534
  if ( ! $photos ) {
535
+ echo '||ER||' . __( 'The album is empty', 'wp-photo-album-plus' );
536
  wppa_exit();
537
  }
538
 
539
  // Open zipfile
540
  if ( ! class_exists( 'ZipArchive' ) ) {
541
+ echo '||ER||' . __( 'Unable to create zip archive', 'wp-photo-album-plus' );
542
  wppa_exit();
543
  }
544
  $zipfilename = wppa_get_album_name( $alb );
545
+ $zipfilename = wppa_sanitize_file_name( $zipfilename . '.zip' ); // Remove illegal chars
546
+ $zipfilepath = WPPA_UPLOAD_PATH . '/temp/' . $zipfilename;
547
+ // if ( is_file( $zipfilepath ) ) {
548
+ // unlink( $zipfilepath ); // Debug
549
+ // }
550
  $wppa_zip = new ZipArchive;
551
  $iret = $wppa_zip->open( $zipfilepath, 1 );
552
  if ( $iret !== true ) {
594
  case 'getalbumzipurl':
595
  $alb = $_REQUEST['album-id'];
596
  $zipfilename = wppa_get_album_name( $alb );
597
+ $zipfilename = wppa_sanitize_file_name( $zipfilename . '.zip' ); // Remove illegal chars
598
+ $zipfilepath = WPPA_UPLOAD_PATH . '/temp/' . $zipfilename;
599
+ $zipfileurl = WPPA_UPLOAD_URL . '/temp/' . $zipfilename;
600
  if ( is_file( $zipfilepath ) ) {
601
  echo $zipfileurl;
602
  }
633
  $zipfile = $zipsdir.wppa_get_user().'.zip';
634
 
635
  // Find the photo data
636
+ $data = $wpdb->get_row( $wpdb->prepare( "SELECT * FROM {$wpdb->prefix}wppa_photos
637
+ WHERE id = %d", $photo ), ARRAY_A );
638
 
639
  // Find the photo file
640
  if ( is_file ( wppa_get_source_path( $photo ) ) ) {
655
  break;
656
 
657
  case 'delmyzip':
658
+
659
  // Verify existance of zips dir
660
+ $zipsdir = WPPA_UPLOAD_PATH . '/zips/';
661
  if ( is_dir( $zipsdir ) ) {
662
 
663
  // Compose the users zip filename
883
 
884
  // Rate own photo?
885
  if ( wppa_get_photo_item( $photo, 'owner' ) == $user && ! wppa_switch( 'allow_owner_votes' ) ) {
886
+ echo '0||900||' . __( 'Sorry, you can not rate your own photos', 'wp-photo-album-plus' );
887
  wppa_exit();
888
  }
889
 
890
  // Already a pending one?
891
+ $pending = $wpdb->get_var( $wpdb->prepare( "SELECT COUNT(*) FROM {$wpdb->prefix}wppa_rating
892
+ WHERE photo = %d
893
+ AND user = %s
894
+ AND status = 'pending'", $photo, $user ) );
895
 
896
  // Has user motivated his vote?
897
+ $hascommented = $wpdb->get_var( $wpdb->prepare( "SELECT COUNT(*) FROM {$wpdb->prefix}wppa_comments
898
+ WHERE photo = %d
899
+ AND user = %s", $photo, wppa_get_user( 'display' ) ) );
900
 
901
  if ( $pending ) {
902
  if ( ! $hascommented ) {
903
+ echo '0||900||' . __( 'Please enter a comment.', 'wp-photo-album-plus' );
904
  wppa_exit();
905
  }
906
  else {
907
+ $wpdb->query( $wpdb->prepare( "UPDATE {$wpdb->prefix}wppa_rating
908
+ SET status = 'publish'
909
+ WHERE photo = %d
910
+ AND user = %s", $photo, $user ) );
911
  }
912
  }
913
 
930
  if ( $mylast ) {
931
 
932
  // Remove my like
933
+ $wpdb->query( $wpdb->prepare( "DELETE FROM {$wpdb->prefix}wppa_rating
934
+ WHERE photo = %d
935
+ AND user = %s", $photo, $user ) );
936
  $myavgrat = '0';
937
  }
938
  else {
1015
 
1016
  // Case 3: I will change my previously given vote
1017
  elseif ( wppa_switch( 'rating_change' ) ) { // Votechanging is allowed
1018
+ $iret = $wpdb->query( $wpdb->prepare( "UPDATE {$wpdb->prefix}wppa_rating
1019
+ SET value = %s
1020
+ WHERE photo = %d
1021
+ AND user = %s
1022
+ LIMIT 1", $rating, $photo, $user ) );
1023
+
1024
  if ( $iret === false ) {
1025
+ echo '0||103||' . $errtxt;
1026
  wppa_exit(); // Fail on update
1027
  }
1028
  }
1042
  }
1043
 
1044
  // Compute my avg rating
1045
+ $myrats = $wpdb->get_results( $wpdb->prepare( "SELECT * FROM {$wpdb->prefix}wppa_rating
1046
+ WHERE photo = %d
1047
+ AND user = %s
1048
+ AND status = 'publish'", $photo, $user ), ARRAY_A );
1049
+
1050
  if ( $myrats ) {
1051
  $sum = 0;
1052
  $cnt = 0;
1067
  else {
1068
  $myavgrat = '0';
1069
  }
1070
+ /*hbi*/
1071
  // Compute new allavgrat
1072
  $ratings = $wpdb->get_results( $wpdb->prepare( 'SELECT * FROM '.WPPA_RATING.' WHERE `photo` = %s AND `status` = %s', $photo, 'publish' ), ARRAY_A );
1073
  if ( $ratings ) {
1409
  case 'hour':
1410
  case 'min':
1411
  $itemname = __( 'Schedule date/time' , 'wp-photo-album-plus');
1412
+ $scheduledtm = $wpdb->get_var( $wpdb->prepare( "SELECT scheduledtm
1413
+ FROM {$wpdb->prefix}wppa_albums
1414
+ WHERE id = %d", $album ) );
1415
  if ( ! $scheduledtm ) {
1416
  $scheduledtm = wppa_get_default_scheduledtm();
1417
  }
1428
  break;
1429
 
1430
  case 'setallscheduled':
1431
+ $scheduledtm = $wpdb->get_var( $wpdb->prepare( "SELECT scheduledtm
1432
+ FROM {$wpdb->prefix}wppa_albums
1433
+ WHERE id = %d", $album ) );
1434
  if ( $scheduledtm ) {
1435
+ $iret = $wpdb->query( $wpdb->prepare( "UPDATE {$wpdb->prefix}wppa_photos
1436
+ SET status = 'scheduled', scheduledtm = %s
1437
+ WHERE album = %d", $scheduledtm, $album ) );
1438
  echo '||0||'.__( 'All photos set to scheduled per date', 'wp-photo-album-plus' ) . ' ' . wppa_format_scheduledtm( $scheduledtm );
1439
  }
1440
  wppa_exit();
wppa-album-admin-autosave.php CHANGED
@@ -3,7 +3,7 @@
3
  * Package: wp-photo-album-plus
4
  *
5
  * create, edit and delete albums
6
- * Version 6.9.16
7
  *
8
  */
9
 
@@ -786,9 +786,9 @@ global $wppa_revno;
786
  style="width:100%;height:60px;"
787
  onkeyup="wppaAjaxUpdateAlbum( ' . $id . ', \'description\', this )"
788
  onchange="wppaAjaxUpdateAlbum( ' . $id . ', \'description\', this )"
789
- >
790
- ' . $description . '
791
- </textarea>
792
  </td>';
793
  }
794
  echo '
@@ -955,61 +955,71 @@ global $wppa_revno;
955
  if ( ! is_numeric( $linkpage ) ) {
956
  $linkpage = '0';
957
  }
958
- /*hbi*/
959
  echo '
960
- <select' .
961
- ' onchange="wppaAjaxUpdateAlbum( '. $id . ' , \'cover_linkpage\', this )"' .
962
- ' style="max-width:100%;"' .
963
- '>' .
964
- '<option value="0"' . ( $linkpage == '0' ? $sel : '' ) . ' >' . __( '--- the same page or post ---', 'wp-photo-album-plus' ) . '</option>';
 
 
965
  foreach ( $pages as $page ) {
966
- echo
967
- '<option value="' . $page['ID'] . '"' . ( $linkpage == $page['ID'] ? $sel : '' ) . ' >' . __( $page['post_title'] ) . '</option>';
 
 
 
 
 
968
  }
969
- echo
970
- '</select>' .
971
- '<br />' .
972
- '<span class="description" >' .
973
  __( 'If you want, you can link the title to a WP page instead of the album\'s content. If so, select the page the title links to.', 'wp-photo-album-plus' ) .
974
  '</span>';
975
  }
976
- echo
977
- '</td>' .
978
- '<td>' .
979
- '</td>' .
980
- '</tr>';
981
  }
982
 
983
  // Schedule
984
- echo
985
- '<tr>' .
986
- '<td>' .
987
  __( 'Schedule:', 'wp-photo-album-plus' ) . ' ' .
988
- '<input' .
989
- ' type="checkbox"' .
990
- ' id="schedule-box"' .
991
- ( $albuminfo['scheduledtm'] ? ' checked="checked"' : '' ) .
992
- ' onchange="wppaChangeScheduleAlbum(' . $id . ', this );"' .
993
- ' />' .
994
- '</td>' .
995
- '<td>' .
996
- '<input type="hidden" value="" id="wppa-dummy" />' .
997
- '<span class="wppa-datetime-' . $id . '"' . ( $albuminfo['scheduledtm'] ? '' : ' style="display:none;"' ) . ' >' .
 
 
 
998
  wppa_get_date_time_select_html( 'album', $id, true ) .
999
- '</span>' .
1000
- '<br />' .
1001
- '<span class="description" >' .
1002
  __( 'If enabled, new photos will have their status set scheduled for publication on the date/time specified here.', 'wp-photo-album-plus' ) .
1003
- '</span>' .
1004
- '</td>' .
1005
- '<td>' .
1006
- '</td>' .
1007
- '</tr>';
1008
 
1009
- echo
1010
- '</tbody>' .
1011
- '</table>';
1012
- }
1013
  {
1014
  // Section 3, Actions
1015
  echo
3
  * Package: wp-photo-album-plus
4
  *
5
  * create, edit and delete albums
6
+ * Version 6.9.17
7
  *
8
  */
9
 
786
  style="width:100%;height:60px;"
787
  onkeyup="wppaAjaxUpdateAlbum( ' . $id . ', \'description\', this )"
788
  onchange="wppaAjaxUpdateAlbum( ' . $id . ', \'description\', this )"
789
+ >' .
790
+ $description .
791
+ '</textarea>
792
  </td>';
793
  }
794
  echo '
955
  if ( ! is_numeric( $linkpage ) ) {
956
  $linkpage = '0';
957
  }
958
+
959
  echo '
960
+ <select
961
+ onchange="wppaAjaxUpdateAlbum( '. $id . ' , \'cover_linkpage\', this )"
962
+ style="max-width:100%;"
963
+ >
964
+ <option value="0"' . ( $linkpage == '0' ? $sel : '' ) . ' >' .
965
+ __( '--- the same page or post ---', 'wp-photo-album-plus' ) .
966
+ '</option>';
967
  foreach ( $pages as $page ) {
968
+ echo '
969
+ <option
970
+ value="' . $page['ID'] . '"' .
971
+ ( $linkpage == $page['ID'] ? ' selected="selected"' : '' ) .
972
+ ' >' .
973
+ __( $page['post_title'] ) .
974
+ '</option>';
975
  }
976
+ echo '
977
+ </select>
978
+ <br />
979
+ <span class="description" >' .
980
  __( 'If you want, you can link the title to a WP page instead of the album\'s content. If so, select the page the title links to.', 'wp-photo-album-plus' ) .
981
  '</span>';
982
  }
983
+ echo '
984
+ </td>
985
+ <td>
986
+ </td>
987
+ </tr>';
988
  }
989
 
990
  // Schedule
991
+ echo '
992
+ <tr>
993
+ <td>' .
994
  __( 'Schedule:', 'wp-photo-album-plus' ) . ' ' .
995
+ '<input
996
+ type="checkbox"
997
+ id="schedule-box"' .
998
+ ( $albuminfo['scheduledtm'] ? ' checked="checked"' : '' ) . '
999
+ onchange="wppaChangeScheduleAlbum(' . $id . ', this );"
1000
+ />
1001
+ </td>
1002
+ <td>
1003
+ <input type="hidden" value="" id="wppa-dummy" />
1004
+ <span
1005
+ class="wppa-datetime-' . $id . '"' .
1006
+ ( $albuminfo['scheduledtm'] ? '' : ' style="display:none;"' ) .
1007
+ ' >' .
1008
  wppa_get_date_time_select_html( 'album', $id, true ) .
1009
+ '</span>
1010
+ <br />
1011
+ <span class="description" >' .
1012
  __( 'If enabled, new photos will have their status set scheduled for publication on the date/time specified here.', 'wp-photo-album-plus' ) .
1013
+ '</span>
1014
+ </td>
1015
+ <td>
1016
+ </td>
1017
+ </tr>';
1018
 
1019
+ echo '
1020
+ </tbody>
1021
+ </table>';
1022
+ } /*hbi*/
1023
  {
1024
  // Section 3, Actions
1025
  echo
wppa-common-functions.php CHANGED
@@ -489,7 +489,7 @@ function wppa_is_album_order_desc( $parent = '0' ) {
489
  $order = wppa_opt( 'list_albums_by' );
490
  }
491
 
492
- return ( $order < '0' );
493
  }
494
 
495
  // get photo order
@@ -594,7 +594,7 @@ function wppa_is_photo_order_desc( $id = '0' ) {
594
  $order = wppa_opt( 'list_photos_by' );
595
  }
596
 
597
- return ( $order < '0' );
598
  }
599
 
600
  function wppa_get_photo_order_column( $id = '0', $no_random = false ) {
489
  $order = wppa_opt( 'list_albums_by' );
490
  }
491
 
492
+ return ( $order < '0' ) ? "DESC" : "";
493
  }
494
 
495
  // get photo order
594
  $order = wppa_opt( 'list_photos_by' );
595
  }
596
 
597
+ return ( $order < '0' ) ? "DESC" : "";
598
  }
599
 
600
  function wppa_get_photo_order_column( $id = '0', $no_random = false ) {
wppa-encrypt.php CHANGED
@@ -3,7 +3,7 @@
3
  * Package: wp-photo-album-plus
4
  *
5
  * Contains all ecryption/decryption logic
6
- * Version 6.9.14
7
  *
8
  */
9
 
@@ -140,7 +140,7 @@ global $wpdb;
140
 
141
  // Feature enabled?
142
  if ( ! wppa_switch( 'use_encrypted_links' ) ) {
143
- return $photo;
144
  }
145
 
146
  // Already decrypted?
@@ -149,7 +149,7 @@ global $wpdb;
149
  wppa_dbg_msg( __( 'Invalid photo identifier:', 'wp-photo-album-plus' ) . ' ' . $photo, 'red', 'force' );
150
  return false;
151
  }
152
- return $photo;
153
  }
154
 
155
  // Just do it
3
  * Package: wp-photo-album-plus
4
  *
5
  * Contains all ecryption/decryption logic
6
+ * Version 6.9.17
7
  *
8
  */
9
 
140
 
141
  // Feature enabled?
142
  if ( ! wppa_switch( 'use_encrypted_links' ) ) {
143
+ return intval( $photo );
144
  }
145
 
146
  // Already decrypted?
149
  wppa_dbg_msg( __( 'Invalid photo identifier:', 'wp-photo-album-plus' ) . ' ' . $photo, 'red', 'force' );
150
  return false;
151
  }
152
+ return intval( $photo );
153
  }
154
 
155
  // Just do it
wppa-photo-admin-autosave.php CHANGED
@@ -3,7 +3,7 @@
3
  * Package: wp-photo-album-plus
4
  *
5
  * edit and delete photos
6
- * Version 6.9.16
7
  *
8
  */
9
 
@@ -234,7 +234,7 @@ global $wpdb;
234
  ORDER BY `timestamp` DESC
235
  LIMIT %d, %d", $skip, $pagesize ), ARRAY_A );
236
 
237
- $count = is_array( $photos ) ? count( $phots ) : 0;
238
  $link = wppa_dbg_url( get_admin_url() . 'admin.php' . '?page=wppa_moderate_photos' . '&wppa_nonce=' . wp_create_nonce('wppa_nonce') );
239
  }
240
 
3
  * Package: wp-photo-album-plus
4
  *
5
  * edit and delete photos
6
+ * Version 6.9.17
7
  *
8
  */
9
 
234
  ORDER BY `timestamp` DESC
235
  LIMIT %d, %d", $skip, $pagesize ), ARRAY_A );
236
 
237
+ $count = is_array( $photos ) ? count( $photos ) : 0;
238
  $link = wppa_dbg_url( get_admin_url() . 'admin.php' . '?page=wppa_moderate_photos' . '&wppa_nonce=' . wp_create_nonce('wppa_nonce') );
239
  }
240
 
wppa-topten-widget.php CHANGED
@@ -3,7 +3,7 @@
3
  * Package: wp-photo-album-plus
4
  *
5
  * display the top rated photos
6
- * Version 6.9.14
7
  */
8
 
9
  class TopTenWidget extends WP_Widget {
@@ -51,6 +51,7 @@ class TopTenWidget extends WP_Widget {
51
  $albumlinkpage = wppa_get_the_landing_page('topten_widget_album_linkpage', __('Top Ten Photo album', 'wp-photo-album-plus'));
52
  $max = wppa_opt( 'topten_count' );
53
  $album = $instance['album'];
 
54
  switch ( $instance['sortby'] ) {
55
  case 'mean_rating':
56
  $sortby = '`mean_rating` DESC, `rating_count` DESC, `views` DESC';
@@ -62,6 +63,7 @@ class TopTenWidget extends WP_Widget {
62
  $sortby = '`views` DESC, `mean_rating` DESC, `rating_count` DESC';
63
  break;
64
  }
 
65
  $display = $instance['display'];
66
  $meanrat = wppa_checked( $instance['meanrat'] ) ? 'yes' : false;
67
  $ratcount = wppa_checked( $instance['ratcount'] ) ? 'yes' : false;
@@ -91,7 +93,10 @@ class TopTenWidget extends WP_Widget {
91
 
92
  // Albums of owner is current logged in user or public?
93
  if ( $album == '-3' ) {
94
- $temp = $wpdb->get_results( "SELECT `id` FROM $wpdb->wppa_albums WHERE `owner` = '--- public ---' OR `owner` = '" . wppa_get_user() . "' ORDER BY `id`", ARRAY_A );
 
 
 
95
  $album = '';
96
  if ( $temp ) {
97
  foreach( $temp as $t ) {
@@ -112,62 +117,62 @@ class TopTenWidget extends WP_Widget {
112
  if ( $medalsonly ) {
113
  switch ( $instance['sortby'] ) {
114
 
115
- case 'mean_rating':
116
- $thumbs = $wpdb->get_results( $wpdb->prepare(
117
- "SELECT * FROM $wpdb->wppa_photos " .
118
- "WHERE `album` IN (" . $album . ") " .
119
- "AND `status` IN ( 'gold', 'silver', 'bronze' ) " .
120
- "ORDER BY `mean_rating` DESC, `rating_count` DESC, `views` DESC " .
121
- "LIMIT %d", $max ), ARRAY_A );
122
- break;
123
-
124
  case 'rating_count':
125
- $thumbs = $wpdb->get_results( $wpdb->prepare(
126
- "SELECT * FROM $wpdb->wppa_photos " .
127
- "WHERE `album` IN (" . $album . ") " .
128
- "AND `status` IN ( 'gold', 'silver', 'bronze' ) " .
129
- "ORDER BY `rating_count` DESC, `mean_rating` DESC, `views` DESC " .
130
- "LIMIT %d", $max ), ARRAY_A );
131
  break;
132
 
133
  case 'views':
134
- $thumbs = $wpdb->get_results( $wpdb->prepare(
135
- "SELECT * FROM $wpdb->wppa_photos " .
136
- "WHERE `album` IN (" . $album . ") " .
137
- "AND `status` IN ( 'gold', 'silver', 'bronze' ) " .
138
- "ORDER BY `views` DESC, `mean_rating` DESC, `rating_count` DESC " .
139
- "LIMIT %d", $max ), ARRAY_A );
140
  break;
 
 
 
 
 
 
 
 
 
 
141
  }
 
142
  }
143
 
144
  else {
145
  switch ( $instance['sortby'] ) {
146
 
147
- case 'mean_rating':
148
- $thumbs = $wpdb->get_results( $wpdb->prepare(
149
- "SELECT * FROM $wpdb->wppa_photos " .
150
- "WHERE `album` IN (" . $album . ") " .
151
- "ORDER BY `mean_rating` DESC, `rating_count` DESC, `views` DESC " .
152
- "LIMIT %d", $max ), ARRAY_A );
153
- break;
154
-
155
  case 'rating_count':
156
- $thumbs = $wpdb->get_results( $wpdb->prepare(
157
- "SELECT * FROM $wpdb->wppa_photos " .
158
- "WHERE `album` IN (" . $album . ") " .
159
- "ORDER BY `rating_count` DESC, `mean_rating` DESC, `views` DESC " .
160
- "LIMIT %d", $max ), ARRAY_A );
161
  break;
162
 
163
  case 'views':
164
- $thumbs = $wpdb->get_results( $wpdb->prepare(
165
- "SELECT * FROM $wpdb->wppa_photos " .
166
- "WHERE `album` IN (" . $album . ") " .
167
- "ORDER BY `views` DESC, `mean_rating` DESC, `rating_count` DESC " .
168
- "LIMIT %d", $max ), ARRAY_A );
169
  break;
 
 
 
 
 
 
 
 
 
170
  }
 
171
  }
172
  }
173
 
@@ -176,62 +181,62 @@ class TopTenWidget extends WP_Widget {
176
  if ( $medalsonly ) {
177
  switch ( $instance['sortby'] ) {
178
 
179
- case 'mean_rating':
180
- $thumbs = $wpdb->get_results( $wpdb->prepare(
181
- "SELECT * FROM $wpdb->wppa_photos " .
182
- "WHERE `album` > 0 " .
183
- "AND `status` IN ( 'gold', 'silver', 'bronze' ) " .
184
- "ORDER BY `mean_rating` DESC, `rating_count` DESC, `views` DESC " .
185
- "LIMIT %d", $max ), ARRAY_A );
186
- break;
187
-
188
  case 'rating_count':
189
- $thumbs = $wpdb->get_results( $wpdb->prepare(
190
- "SELECT * FROM $wpdb->wppa_photos " .
191
- "WHERE `album` > 0 " .
192
- "AND `status` IN ( 'gold', 'silver', 'bronze' ) " .
193
- "ORDER BY `rating_count` DESC, `mean_rating` DESC, `views` DESC " .
194
- "LIMIT %d", $max ), ARRAY_A );
195
  break;
196
 
197
  case 'views':
198
- $thumbs = $wpdb->get_results( $wpdb->prepare(
199
- "SELECT * FROM $wpdb->wppa_photos " .
200
- "WHERE `album` > 0 " .
201
- "AND `status` IN ( 'gold', 'silver', 'bronze' ) " .
202
- "ORDER BY `views` DESC, `mean_rating` DESC, `rating_count` DESC " .
203
- "LIMIT %d", $max ), ARRAY_A );
204
  break;
 
 
 
 
 
 
 
 
 
 
205
  }
 
206
  }
207
 
208
  else {
209
  switch ( $instance['sortby'] ) {
210
 
211
- case 'mean_rating':
212
- $thumbs = $wpdb->get_results( $wpdb->prepare(
213
- "SELECT * FROM $wpdb->wppa_photos " .
214
- "WHERE `album` > 0 " .
215
- "ORDER BY `mean_rating` DESC, `rating_count` DESC, `views` DESC " .
216
- "LIMIT %d", $max ), ARRAY_A );
217
- break;
218
-
219
  case 'rating_count':
220
- $thumbs = $wpdb->get_results( $wpdb->prepare(
221
- "SELECT * FROM $wpdb->wppa_photos " .
222
- "WHERE `album` > 0 " .
223
- "ORDER BY `rating_count` DESC, `mean_rating` DESC, `views` DESC " .
224
- "LIMIT %d", $max ), ARRAY_A );
225
  break;
226
 
227
  case 'views':
228
- $thumbs = $wpdb->get_results( $wpdb->prepare(
229
- "SELECT * FROM $wpdb->wppa_photos " .
230
- "WHERE `album` > 0 " .
231
- "ORDER BY `views` DESC, `mean_rating` DESC, `rating_count` DESC " .
232
- "LIMIT %d", $max ), ARRAY_A );
233
  break;
 
 
 
 
 
 
 
 
 
234
  }
 
235
  }
236
  }
237
 
3
  * Package: wp-photo-album-plus
4
  *
5
  * display the top rated photos
6
+ * Version 6.9.17
7
  */
8
 
9
  class TopTenWidget extends WP_Widget {
51
  $albumlinkpage = wppa_get_the_landing_page('topten_widget_album_linkpage', __('Top Ten Photo album', 'wp-photo-album-plus'));
52
  $max = wppa_opt( 'topten_count' );
53
  $album = $instance['album'];
54
+ /*
55
  switch ( $instance['sortby'] ) {
56
  case 'mean_rating':
57
  $sortby = '`mean_rating` DESC, `rating_count` DESC, `views` DESC';
63
  $sortby = '`views` DESC, `mean_rating` DESC, `rating_count` DESC';
64
  break;
65
  }
66
+ */
67
  $display = $instance['display'];
68
  $meanrat = wppa_checked( $instance['meanrat'] ) ? 'yes' : false;
69
  $ratcount = wppa_checked( $instance['ratcount'] ) ? 'yes' : false;
93
 
94
  // Albums of owner is current logged in user or public?
95
  if ( $album == '-3' ) {
96
+ $temp = $wpdb->get_results( $wpdb->prepare( "SELECT id FROM {$wpdb->prefix}wppa_albums
97
+ WHERE owner = '--- public ---'
98
+ OR owner = %s
99
+ ORDER BY id", wppa_get_user() ), ARRAY_A );
100
  $album = '';
101
  if ( $temp ) {
102
  foreach( $temp as $t ) {
117
  if ( $medalsonly ) {
118
  switch ( $instance['sortby'] ) {
119
 
 
 
 
 
 
 
 
 
 
120
  case 'rating_count':
121
+ $query = "SELECT * FROM {$wpdb->prefix}wppa_photos
122
+ WHERE album IN ( aaaa )
123
+ AND status IN ( 'gold', 'silver', 'bronze' )
124
+ ORDER BY rating_count DESC, mean_rating DESC, views DESC DESC
125
+ LIMIT %d";
 
126
  break;
127
 
128
  case 'views':
129
+ $query = "SELECT * FROM {$wpdb->prefix}wppa_photos
130
+ WHERE album IN ( aaaa )
131
+ AND status IN ( 'gold', 'silver', 'bronze' )
132
+ ORDER BY views DESC, mean_rating DESC, rating_count DESC
133
+ LIMIT %d";
 
134
  break;
135
+
136
+ // case 'mean_rating':
137
+ default:
138
+ $query = "SELECT * FROM {$wpdb->prefix}wppa_photos
139
+ WHERE album IN ( aaaa )
140
+ AND status IN ( 'gold', 'silver', 'bronze' )
141
+ ORDER BY mean_rating DESC, rating_count DESC, views DESC
142
+ LIMIT %d";
143
+ break;
144
+
145
  }
146
+ $thumbs = $wpdb->get_results( $wpdb->prepare( str_replace( 'aaaa', $album, $query ), $max ), ARRAY_A );
147
  }
148
 
149
  else {
150
  switch ( $instance['sortby'] ) {
151
 
 
 
 
 
 
 
 
 
152
  case 'rating_count':
153
+ $query = "SELECT * FROM {$wpdb->prefix}wppa_photos
154
+ WHERE album IN ( aaaa )
155
+ ORDER BY rating_count DESC, mean_rating DESC, views DESC DESC
156
+ LIMIT %d";
 
157
  break;
158
 
159
  case 'views':
160
+ $query = "SELECT * FROM {$wpdb->prefix}wppa_photos
161
+ WHERE album IN ( aaaa )
162
+ ORDER BY views DESC, mean_rating DESC, rating_count DESC
163
+ LIMIT %d";
 
164
  break;
165
+
166
+ // case 'mean_rating':
167
+ default:
168
+ $query = "SELECT * FROM {$wpdb->prefix}wppa_photos
169
+ WHERE album IN ( aaaa )
170
+ ORDER BY mean_rating DESC, rating_count DESC, views DESC
171
+ LIMIT %d";
172
+ break;
173
+
174
  }
175
+ $thumbs = $wpdb->get_results( $wpdb->prepare( str_replace( 'aaaa', $album, $query ), $max ), ARRAY_A );
176
  }
177
  }
178
 
181
  if ( $medalsonly ) {
182
  switch ( $instance['sortby'] ) {
183
 
 
 
 
 
 
 
 
 
 
184
  case 'rating_count':
185
+ $query = "SELECT * FROM {$wpdb->prefix}wppa_photos
186
+ WHERE album > 0
187
+ AND status IN ( 'gold', 'silver', 'bronze' )
188
+ ORDER BY rating_count DESC, mean_rating DESC, views DESC DESC
189
+ LIMIT %d";
 
190
  break;
191
 
192
  case 'views':
193
+ $query = "SELECT * FROM {$wpdb->prefix}wppa_photos
194
+ WHERE album > 0
195
+ AND status IN ( 'gold', 'silver', 'bronze' )
196
+ ORDER BY views DESC, mean_rating DESC, rating_count DESC
197
+ LIMIT %d";
 
198
  break;
199
+
200
+ // case 'mean_rating':
201
+ default:
202
+ $query = "SELECT * FROM {$wpdb->prefix}wppa_photos
203
+ WHERE album > 0
204
+ AND status IN ( 'gold', 'silver', 'bronze' )
205
+ ORDER BY mean_rating DESC, rating_count DESC, views DESC
206
+ LIMIT %d";
207
+ break;
208
+
209
  }
210
+ $thumbs = $wpdb->get_results( $wpdb->prepare( $query, $max ), ARRAY_A );
211
  }
212
 
213
  else {
214
  switch ( $instance['sortby'] ) {
215
 
 
 
 
 
 
 
 
 
216
  case 'rating_count':
217
+ $query = "SELECT * FROM {$wpdb->prefix}wppa_photos
218
+ WHERE album > 0
219
+ ORDER BY rating_count DESC, mean_rating DESC, views DESC DESC
220
+ LIMIT %d";
 
221
  break;
222
 
223
  case 'views':
224
+ $query = "SELECT * FROM {$wpdb->prefix}wppa_photos
225
+ WHERE album > 0
226
+ ORDER BY views DESC, mean_rating DESC, rating_count DESC
227
+ LIMIT %d";
 
228
  break;
229
+
230
+ // case 'mean_rating':
231
+ default:
232
+ $query = "SELECT * FROM {$wpdb->prefix}wppa_photos
233
+ WHERE album > 0
234
+ ORDER BY mean_rating DESC, rating_count DESC, views DESC
235
+ LIMIT %d";
236
+ break;
237
+
238
  }
239
+ $thumbs = $wpdb->get_results( $wpdb->prepare( $query, $max ), ARRAY_A );
240
  }
241
  }
242
 
wppa-wrappers.php CHANGED
@@ -5,7 +5,7 @@
5
  * Contains wrappers for standard php functions
6
  * For security and bug reasons
7
  *
8
- * Version 6.9.16
9
  *
10
  */
11
 
@@ -35,7 +35,7 @@ function wppa_copy( $from, $to ) {
35
 
36
  // Wrapper for move_uploaded_file( $from, $to ) that verifies that the pathnames are safe for our application
37
  function wppa_move_uploaded_file( $from, $to ) {
38
-
39
  if ( ! wppa_is_path_safe( $to ) ) {
40
  wppa_log( 'War', 'Unsafe to path detected in move_uploaded_file(): ' . sanitize_text_field( $to ), true );
41
  return false; // For diagnostic purposes, no return here yet
@@ -45,13 +45,13 @@ function wppa_move_uploaded_file( $from, $to ) {
45
 
46
  // Wrapper for fopen
47
  function wppa_fopen( $file, $mode ) {
48
-
49
  // Is path safe?
50
  if ( ! wppa_is_path_safe( $file ) ) {
51
  wppa_log( 'War', 'Unsafe to path detected in wppa_fopen(): ' . sanitize_text_field( $file ), true );
52
  return false; // For diagnostic purposes, no return here yet
53
  }
54
-
55
  // When opening for reading, the file must exist
56
  if ( strpos( $mode, 'r' ) !== false && ! is_file( $file ) ) {
57
  return false;
@@ -65,9 +65,9 @@ static $safe_roots;
65
  static $safe_files;
66
  global $wppa_lang;
67
  global $wppa_log_file;
68
-
69
  if ( empty( $safe_files ) ) {
70
-
71
  // The following files are safe to read or write to
72
  $safe_files = array( WPPA_PATH . '/wppa-init.' . $wppa_lang . '.js',
73
  WPPA_PATH . '/wppa-dynamic.css',
@@ -76,7 +76,7 @@ global $wppa_log_file;
76
  }
77
 
78
  if ( empty( $safe_roots ) ) {
79
-
80
  // The following root dirs are safe, including all their subdirs, to read/write into
81
  $safe_roots = array( WPPA_CONTENT_PATH . '/uploads/wppa',
82
  WPPA_CONTENT_PATH . '/uploads/wppa-source',
@@ -86,57 +86,164 @@ global $wppa_log_file;
86
  WPPA_CONTENT_PATH . '/' . wppa_opt( 'cache_root' ),
87
  WPPA_PATH . '/fonts',
88
  WPPA_PATH . '/watermarks',
 
 
 
89
  );
90
 
91
  }
92
-
93
  // Verify specific files
94
  foreach( array_keys( $safe_files ) as $key ) {
95
-
96
  if ( $path == $safe_files[$key] ) {
97
  return true;
98
  }
99
  }
100
-
101
  // It is ok to import a remote file
102
  if ( strpos( strtolower( $path ), 'http://' ) === 0 || strpos( strtolower( $path ), 'https://' ) === 0 ) {
103
  return true;
104
  }
105
-
106
  // Verify roots
107
  foreach( array_keys( $safe_roots ) as $key ) {
108
-
109
  // Starts the path with a safe root?
110
  if ( strpos( $path, $safe_roots[$key] ) === 0 ) {
111
-
112
  // Funny chars in path?
113
  if ( $path != sanitize_text_field( $path ) ) {
114
  return false;
115
  }
116
-
117
  // Path traversal attempt?
118
  if ( strpos( $path, '../' ) !== false ) {
119
  return false;
120
  }
121
-
122
  // Passed tests
123
  return true;
124
  }
125
  }
126
-
127
  // No safe root
128
  return false;
129
  }
130
 
131
  // PHP unserialize() is unsafe because it can produce dangerous objects
132
- // This function unserializes arrays only
133
  // In case of error or dangerous data, returns an empty array
134
  function wppa_unserialize( $xstring, $is_session = false ) {
135
 
136
- if ( $is_session && get_option( 'wppa_use_scabn' ) == 'yes' ) {
137
- return unserialize( $xstring, array( 'allowed_classes' => array( 'wfCart' ) ) );
 
 
 
 
 
138
  }
139
  else {
140
- return unserialize( $xstring, array( 'allowed_classes' => false ) );
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
141
  }
142
  }
5
  * Contains wrappers for standard php functions
6
  * For security and bug reasons
7
  *
8
+ * Version 6.9.17
9
  *
10
  */
11
 
35
 
36
  // Wrapper for move_uploaded_file( $from, $to ) that verifies that the pathnames are safe for our application
37
  function wppa_move_uploaded_file( $from, $to ) {
38
+
39
  if ( ! wppa_is_path_safe( $to ) ) {
40
  wppa_log( 'War', 'Unsafe to path detected in move_uploaded_file(): ' . sanitize_text_field( $to ), true );
41
  return false; // For diagnostic purposes, no return here yet
45
 
46
  // Wrapper for fopen
47
  function wppa_fopen( $file, $mode ) {
48
+
49
  // Is path safe?
50
  if ( ! wppa_is_path_safe( $file ) ) {
51
  wppa_log( 'War', 'Unsafe to path detected in wppa_fopen(): ' . sanitize_text_field( $file ), true );
52
  return false; // For diagnostic purposes, no return here yet
53
  }
54
+
55
  // When opening for reading, the file must exist
56
  if ( strpos( $mode, 'r' ) !== false && ! is_file( $file ) ) {
57
  return false;
65
  static $safe_files;
66
  global $wppa_lang;
67
  global $wppa_log_file;
68
+
69
  if ( empty( $safe_files ) ) {
70
+
71
  // The following files are safe to read or write to
72
  $safe_files = array( WPPA_PATH . '/wppa-init.' . $wppa_lang . '.js',
73
  WPPA_PATH . '/wppa-dynamic.css',
76
  }
77
 
78
  if ( empty( $safe_roots ) ) {
79
+
80
  // The following root dirs are safe, including all their subdirs, to read/write into
81
  $safe_roots = array( WPPA_CONTENT_PATH . '/uploads/wppa',
82
  WPPA_CONTENT_PATH . '/uploads/wppa-source',
86
  WPPA_CONTENT_PATH . '/' . wppa_opt( 'cache_root' ),
87
  WPPA_PATH . '/fonts',
88
  WPPA_PATH . '/watermarks',
89
+ WPPA_PATH . '/wppa-dump.txt',
90
+ WPPA_UPLOAD_PATH . '/temp/',
91
+ WPPA_UPLOAD_PATH . '/zips/',
92
  );
93
 
94
  }
95
+
96
  // Verify specific files
97
  foreach( array_keys( $safe_files ) as $key ) {
98
+
99
  if ( $path == $safe_files[$key] ) {
100
  return true;
101
  }
102
  }
103
+
104
  // It is ok to import a remote file
105
  if ( strpos( strtolower( $path ), 'http://' ) === 0 || strpos( strtolower( $path ), 'https://' ) === 0 ) {
106
  return true;
107
  }
108
+
109
  // Verify roots
110
  foreach( array_keys( $safe_roots ) as $key ) {
111
+
112
  // Starts the path with a safe root?
113
  if ( strpos( $path, $safe_roots[$key] ) === 0 ) {
114
+
115
  // Funny chars in path?
116
  if ( $path != sanitize_text_field( $path ) ) {
117
  return false;
118
  }
119
+
120
  // Path traversal attempt?
121
  if ( strpos( $path, '../' ) !== false ) {
122
  return false;
123
  }
124
+
125
  // Passed tests
126
  return true;
127
  }
128
  }
129
+
130
  // No safe root
131
  return false;
132
  }
133
 
134
  // PHP unserialize() is unsafe because it can produce dangerous objects
135
+ // This function unserializes arrays only, except when scabn is on board
136
  // In case of error or dangerous data, returns an empty array
137
  function wppa_unserialize( $xstring, $is_session = false ) {
138
 
139
+ if ( version_compare( PHP_VERSION, '7.0.0') >= 0 ) {
140
+ if ( $is_session && get_option( 'wppa_use_scabn' ) == 'yes' ) {
141
+ return unserialize( $xstring, array( 'allowed_classes' => array( 'wfCart' ) ) );
142
+ }
143
+ else {
144
+ return unserialize( $xstring, array( 'allowed_classes' => false ) );
145
+ }
146
  }
147
  else {
148
+
149
+ $string = $xstring;
150
+ $result = array();
151
+
152
+ // Assume its an array, else return the input string
153
+ $type = substr( $string, 0, 2 );
154
+ $string = substr( $string, 2 );
155
+
156
+ $cpos = strpos( $string, ':' );
157
+ $count = substr( $string, 0, $cpos );
158
+ $string = substr( $string, $cpos + 1 );
159
+ $string = trim( $string, '{}' );
160
+
161
+ if ( $type != 'a:' ) {
162
+ // wppa_log( 'Err', 'Not serialized arraydata encountered in wppa_unserialize()' );
163
+ return array();
164
+ }
165
+
166
+ // Process data items
167
+ while ( strlen( $string ) ) {
168
+
169
+ // Decode the key
170
+ $keytype = substr( $string, 0, 2 );
171
+ $string = substr( $string, 2 );
172
+ switch ( $keytype ) {
173
+
174
+ // Integer key
175
+ case 'i:':
176
+ $cpos = strpos( $string, ';' );
177
+ $key = intval( substr( $string, 0, $cpos ) );
178
+ $string = substr( $string, $cpos + 1 );
179
+ break;
180
+
181
+ // String key
182
+ case 's:':
183
+ $cpos = strpos( $string, ':' );
184
+ $keylen = intval( substr( $string, 0, $cpos ) );
185
+ $string = substr( $string, $cpos + 1 );
186
+ $cpos = strpos( $string, ';' );
187
+ $key = substr( $string, 1, $keylen );
188
+ $string = substr( $string, $cpos + 1 );
189
+ break;
190
+
191
+ // Unimplemented key type
192
+ default:
193
+ // wppa_log( 'Err', 'Unimplemented keytype ' . $keytype . ' encountered in wppa_unserialize(' . $xstring . ')', true );
194
+ return array();
195
+ }
196
+
197
+ // Decode the data
198
+ $datatype = substr( $string, 0, 2 );
199
+ $string = substr( $string, 2 );
200
+
201
+ switch ( $datatype ) {
202
+
203
+ // Integer data
204
+ case 'i:':
205
+ $cpos = strpos( $string, ';' );
206
+ $data = intval( substr( $string, 0, $cpos ) );
207
+ $string = substr( $string, $cpos + 1 );
208
+ break;
209
+
210
+ // String data
211
+ case 's:':
212
+ $cpos = strpos( $string, ':' );
213
+ $datalen = intval( substr( $string, 0, $cpos ) );
214
+ $string = substr( $string, $cpos + 1 );
215
+ $data = substr( $string, 1, $datalen );
216
+ $string = substr( $string, $datalen + 3 );
217
+ break;
218
+
219
+ // Boolean
220
+ case 'b:':
221
+ $data = substr( $string, 0, 1 ) == '1';
222
+ $string = substr( $string, 2 );
223
+ break;
224
+
225
+ // NULL
226
+ case 'N;':
227
+ $data = NULL;
228
+ break;
229
+
230
+ // Array data
231
+ case 'a:':
232
+ $cbpos = strpos( $string, '}' );
233
+ $data = wppa_unserialize( 'a:' . substr( $string, 0, $cbpos + 1 ) );
234
+ $string = substr( $string, $cbpos + 1 );
235
+ break;
236
+
237
+ // Unimplemented data type
238
+ default:
239
+ // wppa_log( 'Err', 'Unimplemented data type ' . $datatype . ' encountered in wppa_unserialize(' . $xstring . ')', true );
240
+ return array();
241
+ }
242
+
243
+ // Add to result array
244
+ $result[$key] = $data;
245
+ }
246
+
247
+ return $result;
248
  }
249
  }
wppa.php CHANGED
@@ -2,7 +2,7 @@
2
  /*
3
  * Plugin Name: WP Photo Album Plus
4
  * Description: Easily manage and display your photo albums and slideshows within your WordPress site.
5
- * Version: 6.9.16.009
6
  * Author: J.N. Breetvelt a.k.a. OpaJaap
7
  * Author URI: http://wppa.opajaap.nl/
8
  * Plugin URI: http://wordpress.org/extend/plugins/wp-photo-album-plus/
@@ -23,7 +23,7 @@ global $wp_version;
23
 
24
  /* WPPA GLOBALS */
25
  global $wppa_revno; $wppa_revno = '6916'; // WPPA db version
26
- global $wppa_api_version; $wppa_api_version = '6-9-16-009'; // WPPA software version
27
 
28
  /* start timers */
29
  global $wppa_starttime; $wppa_starttime = microtime( true );
2
  /*
3
  * Plugin Name: WP Photo Album Plus
4
  * Description: Easily manage and display your photo albums and slideshows within your WordPress site.
5
+ * Version: 6.9.17.005
6
  * Author: J.N. Breetvelt a.k.a. OpaJaap
7
  * Author URI: http://wppa.opajaap.nl/
8
  * Plugin URI: http://wordpress.org/extend/plugins/wp-photo-album-plus/
23
 
24
  /* WPPA GLOBALS */
25
  global $wppa_revno; $wppa_revno = '6916'; // WPPA db version
26
+ global $wppa_api_version; $wppa_api_version = '6-9-17-005'; // WPPA software version
27
 
28
  /* start timers */
29
  global $wppa_starttime; $wppa_starttime = microtime( true );