WP Photo Album Plus - Version 6.9.19

Version Description

This version addresses various minor bug fixes

Release Info

Developer	opajaap
Plugin	WP Photo Album Plus
Version	6.9.19
Comparing to
See all releases

Code changes from version 6.9.18 to 6.9.19

Files changed (9) hide show

changelog.txt +6 -0
readme.txt +6 -2
wppa-common-functions.php +1 -2
wppa-functions.php +2 -2
wppa-settings-autosave.php +4 -4
wppa-source.php +3 -9
wppa-utils.php +3 -3
wppa-wrappers.php +16 -2
wppa.php +3 -3

changelog.txt CHANGED Viewed

	@@ -1,5 +1,11 @@
1	WP Photo Album Plus Changelog
2






3	= 6.9.18 =
4
5	= Bug Fixes =


1	WP Photo Album Plus Changelog
2
3	+ = 6.9.19 =
4	+
5	+ = Bug Fixes =
6	+
7	+ * Fixed erroneously reported unsafe filepaths found and hence inability to upload/import in certain configurations.
8	+
9	= 6.9.18 =
10
11	= Bug Fixes =

readme.txt CHANGED Viewed

	@@ -2,8 +2,8 @@
2	Contributors: opajaap
3	Donate link: https://www.paypal.com/cgi-bin/webscr?cmd=_donations&business=OpaJaap@OpaJaap.nl&item_name=WP-Photo-Album-Plus&item_number=Support-Open-Source&currency_code=USD&lc=US
4	Tags: photo, album, slideshow, video, audio, lightbox, iptc, exif, cloudinary, fotomoto, imagemagick, pdf
5	- Version: 6.9.18
6	- Stable tag: 6.9.17
7	Author: J.N. Breetvelt
8	Author URI: http://www.opajaap.nl/
9	Requires at least: 3.9
	@@ -137,6 +137,10 @@ See for the full changelog: <a href="http://www.wppa.nl/changelog/" >The documen
137
138	== Upgrade Notice ==
139




140	= 6.9.18 =
141
142	* This version addresses various minor bug fixes


2	Contributors: opajaap
3	Donate link: https://www.paypal.com/cgi-bin/webscr?cmd=_donations&business=OpaJaap@OpaJaap.nl&item_name=WP-Photo-Album-Plus&item_number=Support-Open-Source&currency_code=USD&lc=US
4	Tags: photo, album, slideshow, video, audio, lightbox, iptc, exif, cloudinary, fotomoto, imagemagick, pdf
5	+ Version: 6.9.19
6	+ Stable tag: 6.9.18
7	Author: J.N. Breetvelt
8	Author URI: http://www.opajaap.nl/
9	Requires at least: 3.9

137
138	== Upgrade Notice ==
139
140	+ = 6.9.19 =
141	+
142	+ * This version addresses various minor bug fixes
143	+
144	= 6.9.18 =
145
146	* This version addresses various minor bug fixes

wppa-common-functions.php CHANGED Viewed

	@@ -2,7 +2,7 @@
2	/* wppa-common-functions.php
3	*
4	* Functions used in admin and in themes
5	- * Version 6.9.16
6	*
7	*/
8
	@@ -1228,7 +1228,6 @@ global $wpdb;
1228	$timnow = time();
1229	$timthen = $timnow - $limit_time;
1230	$curcount = $wpdb->get_var( $wpdb->prepare( "SELECT COUNT(*) FROM $wpdb->wppa_photos WHERE `owner` = %s AND `timestamp` > %s" . $album_clause, $user, $timthen ) );
1231	- wppa_log('obs', $wpdb->prepare( "SELECT COUNT(*) FROM $wpdb->wppa_photos WHERE `owner` = %s AND `timestamp` > %s", $user, $timthen ) . ' returns:' . $curcount );
1232	}
1233
1234	// Compute the allowed number of photos


2	/* wppa-common-functions.php
3	*
4	* Functions used in admin and in themes
5	+ * Version 6.9.19
6	*
7	*/
8

1228	$timnow = time();
1229	$timthen = $timnow - $limit_time;
1230	$curcount = $wpdb->get_var( $wpdb->prepare( "SELECT COUNT(*) FROM $wpdb->wppa_photos WHERE `owner` = %s AND `timestamp` > %s" . $album_clause, $user, $timthen ) );

1231	}
1232
1233	// Compute the allowed number of photos

wppa-functions.php CHANGED Viewed

	@@ -3,7 +3,7 @@
3	* Package: wp-photo-album-plus
4	*
5	* Various functions
6	- * Version 6.9.16
7	*
8	*/
9
	@@ -4705,7 +4705,7 @@ global $wppa_alert;
4705	$ext = strtolower( wppa_get_ext( $file['name'] ) );
4706	$newpath = wppa_strip_ext( wppa_get_photo_path( $id, false ) ).'.'.$ext;
4707
4708	- ~~wppa_move_uploaded_file~~( $file['tmp_name'], $newpath );
4709
4710	// Repair name if not standard
4711	if ( ! wppa_get_post( 'user-name' ) ) {


3	* Package: wp-photo-album-plus
4	*
5	* Various functions
6	+ * Version 6.9.19
7	*
8	*/
9

4705	$ext = strtolower( wppa_get_ext( $file['name'] ) );
4706	$newpath = wppa_strip_ext( wppa_get_photo_path( $id, false ) ).'.'.$ext;
4707
4708	+ wppa_copy( $file['tmp_name'], $newpath );
4709
4710	// Repair name if not standard
4711	if ( ! wppa_get_post( 'user-name' ) ) {

wppa-settings-autosave.php CHANGED Viewed

	@@ -3,7 +3,7 @@
3	* Package: wp-photo-album-plus
4	*
5	* manage all options
6	- * Version 6.9.16
7	*
8	*/
9
	@@ -149,7 +149,7 @@ var_dump ( json_decode( json_encode( unserialize( $session['data'] ) )));
149	wppa_error_message(sprintf(__('Uploaded file %s is not a .png file', 'wp-photo-album-plus'), sanitize_file_name( $file['name'] ) ) . ' (Type='.$file['type'].').');
150	}
151	else {
152	- ~~wppa_move_uploaded_file~~( $file['tmp_name'], WPPA_UPLOAD_PATH . '/watermarks/' . sanitize_file_name(basename($file['name'])));
153	wppa_alert(sprintf(__('Upload of %s done', 'wp-photo-album-plus'), sanitize_file_name(basename($file['name']))));
154	}
155	}
	@@ -170,7 +170,7 @@ var_dump ( json_decode( json_encode( unserialize( $session['data'] ) )));
170	wppa_error_message(sprintf(__('Uploaded file %s is not a .ttf file', 'wp-photo-album-plus'), sanitize_file_name($file['name']) ).' (Type='.$file['type'].').');
171	}
172	else {
173	- ~~wppa_move_uploaded_file~~($file['tmp_name'], WPPA_UPLOAD_PATH . '/fonts/' . sanitize_file_name(basename($file['name'])));
174	wppa_alert(sprintf(__('Upload of %s done', 'wp-photo-album-plus'), sanitize_file_name(basename($file['name']))));
175	}
176	}
	@@ -203,7 +203,7 @@ var_dump ( json_decode( json_encode( unserialize( $session['data'] ) )));
203	$ext = '.png';
204	break;
205	}
206	- ~~wppa_move_uploaded_file~~( $file['tmp_name'], WPPA_UPLOAD_PATH . '/audiostub' . $ext );
207	wppa_update_option( 'wppa_audiostub', 'audiostub'. $ext );
208
209	// Thumbx, thumby, phtox and photoy must be cleared for the new stub


3	* Package: wp-photo-album-plus
4	*
5	* manage all options
6	+ * Version 6.9.19
7	*
8	*/
9

149	wppa_error_message(sprintf(__('Uploaded file %s is not a .png file', 'wp-photo-album-plus'), sanitize_file_name( $file['name'] ) ) . ' (Type='.$file['type'].').');
150	}
151	else {
152	+ wppa_copy( $file['tmp_name'], WPPA_UPLOAD_PATH . '/watermarks/' . sanitize_file_name(basename($file['name'])));
153	wppa_alert(sprintf(__('Upload of %s done', 'wp-photo-album-plus'), sanitize_file_name(basename($file['name']))));
154	}
155	}

170	wppa_error_message(sprintf(__('Uploaded file %s is not a .ttf file', 'wp-photo-album-plus'), sanitize_file_name($file['name']) ).' (Type='.$file['type'].').');
171	}
172	else {
173	+ wppa_copy($file['tmp_name'], WPPA_UPLOAD_PATH . '/fonts/' . sanitize_file_name(basename($file['name'])));
174	wppa_alert(sprintf(__('Upload of %s done', 'wp-photo-album-plus'), sanitize_file_name(basename($file['name']))));
175	}
176	}

203	$ext = '.png';
204	break;
205	}
206	+ wppa_copy( $file['tmp_name'], WPPA_UPLOAD_PATH . '/audiostub' . $ext );
207	wppa_update_option( 'wppa_audiostub', 'audiostub'. $ext );
208
209	// Thumbx, thumby, phtox and photoy must be cleared for the new stub

wppa-source.php CHANGED Viewed

	@@ -3,7 +3,7 @@
3	* Package: wp-photo-album-plus
4	*
5	* Contains photo source file management routines
6	- * Version 6.9.18
7	*
8	*/
9
	@@ -44,14 +44,8 @@ function wppa_save_source( $file, $name, $alb ) {
44	$dest = $albdir . '/' . wppa_sanitize_file_name( $name );
45	if ( $file != $dest ) {
46
47	- // ~~Are~~ we ~~uploading ?~~
48	- ~~if ( $_FILES ) {~~
49	- wppa_move_uploaded_file( $file, $dest );
50	- }
51	- // Or importing
52	- else {
53	- wppa_copy( $file, $dest );
54	- }
55	}
56	if ( is_file( $dest ) ) {
57	wppa_chmod( $dest );


3	* Package: wp-photo-album-plus
4	*
5	* Contains photo source file management routines
6	+ * Version 6.9.19
7	*
8	*/
9

44	$dest = $albdir . '/' . wppa_sanitize_file_name( $name );
45	if ( $file != $dest ) {
46
47	+ wppa_copy( $file, $dest );
48	+






49	}
50	if ( is_file( $dest ) ) {
51	wppa_chmod( $dest );

wppa-utils.php CHANGED Viewed

	@@ -3,7 +3,7 @@
3	* Package: wp-photo-album-plus
4	*
5	* Contains low-level utility routines
6	- * Version 6.9.16
7	*
8	*/
9
	@@ -4702,10 +4702,10 @@ function wppa_pdf_preprocess( &$file, $alb, $i = false ) {
4702	$src .= '/';
4703
4704	if ( $single ) {
4705	- ~~wppa_move_uploaded_file~~( $file['tmp_name'], $src . sanitize_file_name( basename( $file['name'] ) ) );
4706	}
4707	else {
4708	- ~~wppa_move_uploaded_file~~( $file['tmp_name'][$i], $src . sanitize_file_name( basename( $file['name'][$i] ) ) );
4709	}
4710
4711	// Make it a jpg in the source dir,


3	* Package: wp-photo-album-plus
4	*
5	* Contains low-level utility routines
6	+ * Version 6.9.19
7	*
8	*/
9

4702	$src .= '/';
4703
4704	if ( $single ) {
4705	+ wppa_copy( $file['tmp_name'], $src . sanitize_file_name( basename( $file['name'] ) ) );
4706	}
4707	else {
4708	+ wppa_copy( $file['tmp_name'][$i], $src . sanitize_file_name( basename( $file['name'][$i] ) ) );
4709	}
4710
4711	// Make it a jpg in the source dir,

wppa-wrappers.php CHANGED Viewed

	@@ -5,7 +5,7 @@
5	* Contains wrappers for standard php functions
6	* For security and bug reasons
7	*
8	- * Version 6.9.18
9	*
10	*/
11
	@@ -22,6 +22,15 @@ function wppa_imagecreatefromjpeg( $file ) {
22	// In case of unexpected operation: Generates a warning in the wppa log, and does not perform the copy.
23	function wppa_copy( $from, $to ) {
24









25	if ( ! wppa_is_path_safe( $from ) ) {
26	wppa_log( 'War', 'Unsafe from path detected in wppa_copy(): ' . sanitize_text_field( $from ), true );
27	return false; // For diagnostic purposes, no return here yet
	@@ -40,7 +49,11 @@ function wppa_move_uploaded_file( $from, $to ) {
40	wppa_log( 'War', 'Unsafe to path detected in move_uploaded_file(): ' . sanitize_text_field( $to ), true );
41	return false; // For diagnostic purposes, no return here yet
42	}
43	- ~~return~~ move_uploaded_file( $from, $to );




44	}
45
46	// Wrapper for fopen
	@@ -74,6 +87,7 @@ global $wppa_log_file;
74	WPPA_PATH . '/index.php',
75	WPPA_CONTENT_PATH . '/uploads/index.php',
76	$wppa_log_file,

77	);
78	}
79


5	* Contains wrappers for standard php functions
6	* For security and bug reasons
7	*
8	+ * Version 6.9.19
9	*
10	*/
11

22	// In case of unexpected operation: Generates a warning in the wppa log, and does not perform the copy.
23	function wppa_copy( $from, $to ) {
24
25	+ // First test if we are uploading
26	+ if ( ! wppa_is_path_safe( $from ) && $_FILES ) {
27	+ if ( ! wppa_is_path_safe( $to ) ) {
28	+ wppa_log( 'War', 'Unsafe to path detected in wppa_copy(): ' . sanitize_text_field( $to ), true );
29	+ return false;
30	+ }
31	+ return wppa_move_uploaded_file( $from, $to );
32	+ }
33	+
34	if ( ! wppa_is_path_safe( $from ) ) {
35	wppa_log( 'War', 'Unsafe from path detected in wppa_copy(): ' . sanitize_text_field( $from ), true );
36	return false; // For diagnostic purposes, no return here yet

49	wppa_log( 'War', 'Unsafe to path detected in move_uploaded_file(): ' . sanitize_text_field( $to ), true );
50	return false; // For diagnostic purposes, no return here yet
51	}
52	+ $bret = move_uploaded_file( $from, $to );
53	+ if ( ! $bret ) {
54	+ wppa_log( 'War', 'Could not move uploaded file ' . sanitize_text_field( $from ) . ' to ' . sanitize_text_field( $to ), true );
55	+ }
56	+ return $bret;
57	}
58
59	// Wrapper for fopen

87	WPPA_PATH . '/index.php',
88	WPPA_CONTENT_PATH . '/uploads/index.php',
89	$wppa_log_file,
90	+ WPPA_CONTENT_PATH . '/plugins/wp-photo-album-plus/img/audiostub.jpg',
91	);
92	}
93

wppa.php CHANGED Viewed

	@@ -2,7 +2,7 @@
2	/*
3	* Plugin Name: WP Photo Album Plus
4	* Description: Easily manage and display your photo albums and slideshows within your WordPress site.
5	- * Version: 6.9.18.001
6	* Author: J.N. Breetvelt a.k.a. OpaJaap
7	* Author URI: http://wppa.opajaap.nl/
8	* Plugin URI: http://wordpress.org/extend/plugins/wp-photo-album-plus/
	@@ -22,8 +22,8 @@ global $wpdb;
22	global $wp_version;
23
24	/* WPPA GLOBALS */
25	- global $wppa_revno; $wppa_revno = '~~6918~~'; // WPPA db version
26	- global $wppa_api_version; $wppa_api_version = '6-9-18-001'; // WPPA software version
27
28	/* start timers */
29	global $wppa_starttime; $wppa_starttime = microtime( true );


2	/*
3	* Plugin Name: WP Photo Album Plus
4	* Description: Easily manage and display your photo albums and slideshows within your WordPress site.
5	+ * Version: 6.9.19.001
6	* Author: J.N. Breetvelt a.k.a. OpaJaap
7	* Author URI: http://wppa.opajaap.nl/
8	* Plugin URI: http://wordpress.org/extend/plugins/wp-photo-album-plus/

22	global $wp_version;
23
24	/* WPPA GLOBALS */
25	+ global $wppa_revno; $wppa_revno = '6919'; // WPPA db version
26	+ global $wppa_api_version; $wppa_api_version = '6-9-19-001'; // WPPA software version
27
28	/* start timers */
29	global $wppa_starttime; $wppa_starttime = microtime( true );