WP Photo Album Plus - Version 7.0.02.002

Version Description

= 7.0.02 =

This version addresses various bug fixes
This version addresses various security issues.

= 7.0.01 =

This version addresses various minor bug fixes and feature requests.

= 7.0.00 =

Shortcode generators for Gutenberg added.
This version addresses various minor bug fixes and feature requests.
This version addresses various security issues.
To prevent spamming and give the users the opportunity to decide when they want us to email them, the mailing system has been revised. Configure Table IX-M to enable various mailing lists, and use the WPPA+ Notify widget for full user flexibility.

= 6.9.21 =

This version addresses various bug fixes
This version addresses various security issues.

= 6.9.20 =

This version addresses various bug fixes

= 6.9.19 =

This version addresses various minor bug fixes

= 6.9.18 =

This version addresses various minor bug fixes

= 6.9.17 =

This version addresses various minor bug fixes and feature requests.
This version addresses various security issues.

= 6.9.16 =

This version addresses various minor bug fixes and feature requests.
This version addresses various security issues.

= 6.9.15 =

This version addresses various minor bug fixes and feature requests.
This version addresses various security issues.

= 6.9.14 =

This version addresses various minor bug fixes and feature requests.
This version addresses various security issues.

= 6.9.13 =

Security release.

= 6.9.12 =

This version addresses various minor bug fixes and performance improvements.

= 6.9.11 =

This version addresses various minor bug fixes and performance improvements.

= 6.9.10 =

This version addresses various minor bug fixes and performance improvements.

= 6.9.09 =

Panorama support phase III.

= 6.9.08 =

This version addresses various minor bug fixes and feature requests.
Panorama support phase II.

= 6.9.07 =

This version addresses various minor bug fixes and feature requests.
Panorama support phase I.

= 6.9.06 =

This version addresses various minor bug fixes and feature requests.

= 6.9.05 =

This version addresses various minor bug fixes and feature requests.

= 6.9.04 =

This version addresses various minor bug fixes and feature requests.
Local CDN functionality has been added.

= 6.9.03 =

This version addresses various minor bug fixes and feature requests.

= 6.9.02 =

This version addresses various minor bug fixes and feature requests.

= 6.9.01 =

This version addresses various minor bug fixes and feature requests.

= 6.9.00 =

This version includes the code for the privacy policy requirements.

= 6.8.09

This version addresses various bug fixes and code edits.

= 6.8.08 =

This version addresses various minor bug fixes and feature requests.
This version offers substantial performance improvements when the box in Table IV-A13: Defer Javascript is ticked. This setting is now recommended and set ticked as the default.
For more info on performance improvements and compatibility with optimizers: see the changelog.txt

= 6.8.07 =

This version addresses various minor bug fixes and enhancements, and a new widget: Statistics.

= 6.8.06 =

This version addresses various minor bug fixes and improved cache handling.

= 6.8.05 =

This version addresses various minor bug fixes and feture requests.

= 6.8.04 =

This version addresses various display issues and a few fixes of bugs that seldom affected the plugins behaviour.

Download this release

Release Info

Developer	opajaap
Plugin	WP Photo Album Plus
Version	7.0.02.002
Comparing to
See all releases

Code changes from version 7.0.01.006 to 7.0.02.002

Files changed (15) hide show

changelog.txt +10 -0
readme.txt +7 -2
wppa-admin-functions.php +4 -4
wppa-boxes-html.php +8 -3
wppa-comment-widget.php +3 -3
wppa-common-functions.php +2 -2
wppa-filter.php +2 -2
wppa-import.php +9 -7
wppa-maintenance.php +2 -2
wppa-photo-admin-autosave.php +10 -7
wppa-settings-autosave.php +14 -13
wppa-video.php +15 -5
wppa-watermark.php +5 -5
wppa-wrappers.php +29 -18
wppa.php +3 -3

changelog.txt CHANGED Viewed

@@ -1,5 +1,15 @@
             WP Photo Album Plus Changelog
             = 7.0.01 =
             = Bug Fixes =


1	WP Photo Album Plus Changelog
2
3	+ = 7.0.02 =
4	+
5	+ = Bug Fixes =
6	+
7	+ * Fix for WPPA_MULTISITE_BLOGSDIR (WPPA_CONTENT_PATH . '/blogs.dir' is now a safe path)
8	+
9	+ = Other Changes =
10	+
11	+ * Various security fixes
12	+
13	= 7.0.01 =
14
15	= Bug Fixes =

readme.txt CHANGED Viewed

	@@ -2,8 +2,8 @@
2	Contributors: opajaap
3	Donate link: https://www.paypal.com/cgi-bin/webscr?cmd=_donations&business=OpaJaap@OpaJaap.nl&item_name=WP-Photo-Album-Plus&item_number=Support-Open-Source&currency_code=USD&lc=US
4	Tags: photo, album, slideshow, video, audio, lightbox, iptc, exif, cloudinary, fotomoto, imagemagick, pdf
5	- Version: 7.0.01
6	- Stable tag: 7.0.00.~~016~~
7	Author: J.N. Breetvelt
8	Author URI: http://www.opajaap.nl/
9	Requires at least: 3.9
	@@ -137,6 +137,11 @@ See for the full changelog: <a href="http://www.wppa.nl/changelog/" >The documen
137
138	== Upgrade Notice ==
139





140	= 7.0.01 =
141
142	* This version addresses various minor bug fixes and feature requests.


2	Contributors: opajaap
3	Donate link: https://www.paypal.com/cgi-bin/webscr?cmd=_donations&business=OpaJaap@OpaJaap.nl&item_name=WP-Photo-Album-Plus&item_number=Support-Open-Source&currency_code=USD&lc=US
4	Tags: photo, album, slideshow, video, audio, lightbox, iptc, exif, cloudinary, fotomoto, imagemagick, pdf
5	+ Version: 7.0.02
6	+ Stable tag: 7.0.01.006
7	Author: J.N. Breetvelt
8	Author URI: http://www.opajaap.nl/
9	Requires at least: 3.9

137
138	== Upgrade Notice ==
139
140	+ = 7.0.02 =
141	+
142	+ * This version addresses various bug fixes
143	+ * This version addresses various security issues.
144	+
145	= 7.0.01 =
146
147	* This version addresses various minor bug fixes and feature requests.

wppa-admin-functions.php CHANGED Viewed

	@@ -3,7 +3,7 @@
3	* Package: wp-photo-album-plus
4	*
5	* gp admin functions
6	- * Version 7.0.00
7	*
8	*/
9
	@@ -204,7 +204,7 @@ function wppa_error_message( $msg ) {
204	}
205
206	// display warning message
207	- function wppa_warning_message( $msg, ~~$fixed = false, $id = ''~~ ) {
208
209	echo '<div class="notice notice-warning is-dismissible"><p>' . strip_tags( $msg, '<br><input><div><em><strong><b>' ) . '</p></div>';
210	}
	@@ -241,7 +241,7 @@ function wppa_user_select( $select = '' ) {
241	foreach ( $users as $usr ) {
242	if ( $usr['user_login'] == $iam ) $sel = 'selected="selected"';
243	else $sel = '';
244	- $result .= '<option value="' . esc_attr( $usr['user_login'] ) . '" ' . $sel . '>' . $usr['display_name'] . '</option>';
245	}
246	echo ( $result );
247	}
	@@ -396,7 +396,7 @@ global $wpdb;
396	break;
397	case 3: // png
398	$err = '7';
399	- $source = ~~imagecreatefrompng~~( $file );
400	break;
401	default: // unsupported mimetype
402	$err = '10';


3	* Package: wp-photo-album-plus
4	*
5	* gp admin functions
6	+ * Version 7.0.02
7	*
8	*/
9

204	}
205
206	// display warning message
207	+ function wppa_warning_message( $msg ) {
208
209	echo '<div class="notice notice-warning is-dismissible"><p>' . strip_tags( $msg, '<br><input><div><em><strong><b>' ) . '</p></div>';
210	}

241	foreach ( $users as $usr ) {
242	if ( $usr['user_login'] == $iam ) $sel = 'selected="selected"';
243	else $sel = '';
244	+ $result .= '<option value="' . esc_attr( $usr['user_login'] ) . '" ' . $sel . '>' . htmlentities( $usr['display_name'] ) . '</option>';
245	}
246	echo ( $result );
247	}

396	break;
397	case 3: // png
398	$err = '7';
399	+ $source = wppa_imagecreatefrompng( $file );
400	break;
401	default: // unsupported mimetype
402	$err = '10';

wppa-boxes-html.php CHANGED Viewed

	@@ -3,7 +3,7 @@
3	* Package: wp-photo-album-plus
4	*
5	* Various wppa boxes
6	- * Version 7.0.01
7	*
8	*/
9
	@@ -3063,8 +3063,13 @@ static $albums_granted;
3063	// Preview area
3064	if ( wppa_switch( 'up_tag_preview' ) ) {
3065	$head = __( 'Preview tags', 'wp-photo-album-plus' );
3066	- $body = '<span id="wppa-prev-'.$yalb.'-'.$mocc.'"~~></span~~>' .
3067	- ~~'<script type="text/javascript" >jQuery( document ).ready(function() {'.$onc.'})</script>';~~





3068
3069	$result .= wppa_get_dlg_item( $head, $body, $big );
3070	}


3	* Package: wp-photo-album-plus
4	*
5	* Various wppa boxes
6	+ * Version 7.0.02
7	*
8	*/
9

3063	// Preview area
3064	if ( wppa_switch( 'up_tag_preview' ) ) {
3065	$head = __( 'Preview tags', 'wp-photo-album-plus' );
3066	+ $body = '<span id="wppa-prev-'.$yalb.'-'.$mocc.'">' .
3067	+
3068	+ ( $yalb ? htmlentities( trim( wppa_sanitize_tags( wppa_get_album_item( $yalb, 'default_tags' ), false, true ), ',' ) ) : '' ) .
3069	+
3070	+ '</span>' .
3071	+
3072	+ ( $yalb ? '' : '<script type="text/javascript" >jQuery( document ).ready(function() {'.$onc.'})</script>' );
3073
3074	$result .= wppa_get_dlg_item( $head, $body, $big );
3075	}

wppa-comment-widget.php CHANGED Viewed

	@@ -3,7 +3,7 @@
3	* Package: wp-photo-album-plus
4	*
5	* display the recent commets on photos
6	- * Version 7.0.00
7	*/
8
9	if ( ! defined( 'ABSPATH' ) ) die( "Can't load this file directly" );
	@@ -46,7 +46,7 @@ class wppaCommentWidget extends WP_Widget {
46	$widget_title = apply_filters( 'widget_title', $instance['title'] );
47	$photo_ids = wppa_get_comten_ids( $max );
48	$widget_content = "\n".'<!-- WPPA+ Comment Widget start -->';
49	- $maxw = wppa_opt( 'comten_size' );
50	$maxh = $maxw + 18;
51
52	if ( $photo_ids ) foreach( $photo_ids as $id ) {
	@@ -95,7 +95,7 @@ class wppaCommentWidget extends WP_Widget {
95	else {
96	$widget_content .= __( 'Photo not found', 'wp-photo-album-plus' );
97	}
98	- $widget_content .= "\n\t".'<span style="font-size:'.wppa_opt( 'fontsize_widget_thumb' ).'px; cursor:pointer;" title="'.esc_attr($first_comment['comment']).'" >'.$first_comment['user'].'</span>';
99	$widget_content .= "\n".'</div>';
100
101	}


3	* Package: wp-photo-album-plus
4	*
5	* display the recent commets on photos
6	+ * Version 7.0.02
7	*/
8
9	if ( ! defined( 'ABSPATH' ) ) die( "Can't load this file directly" );

46	$widget_title = apply_filters( 'widget_title', $instance['title'] );
47	$photo_ids = wppa_get_comten_ids( $max );
48	$widget_content = "\n".'<!-- WPPA+ Comment Widget start -->';
49	+ $maxw = strval( intval( wppa_opt( 'comten_size' ) ) );
50	$maxh = $maxw + 18;
51
52	if ( $photo_ids ) foreach( $photo_ids as $id ) {

95	else {
96	$widget_content .= __( 'Photo not found', 'wp-photo-album-plus' );
97	}
98	+ $widget_content .= "\n\t".'<span style="font-size:'.wppa_opt( 'fontsize_widget_thumb' ).'px; cursor:pointer;" title="'.esc_attr($first_comment['comment']).'" >'.htmlentities($first_comment['user']).'</span>';
99	$widget_content .= "\n".'</div>';
100
101	}

wppa-common-functions.php CHANGED Viewed

	@@ -2,7 +2,7 @@
2	/* wppa-common-functions.php
3	*
4	* Functions used in admin and in themes
5	- * Version 7.0.00
6	*
7	*/
8
	@@ -1126,7 +1126,7 @@ function wppa_alert( $msg, $reload = false, $escape = true ) {
1126	global $wppa;
1127
1128	if ( $escape ) {
1129	- $msg = ~~esc_js~~( $msg );
1130	}
1131	else {
1132	$msg = htmlentities( strip_tags( $msg ) );


2	/* wppa-common-functions.php
3	*
4	* Functions used in admin and in themes
5	+ * Version 7.0.02
6	*
7	*/
8

1126	global $wppa;
1127
1128	if ( $escape ) {
1129	+ $msg = json_encode( $msg );
1130	}
1131	else {
1132	$msg = htmlentities( strip_tags( $msg ) );

wppa-filter.php CHANGED Viewed

	@@ -3,7 +3,7 @@
3	* Package: wp-photo-album-plus
4	*
5	* get the albums via shortcode handler
6	- * Version 6.9.21
7	*
8	*/
9
	@@ -40,7 +40,7 @@ function wppa_shordcode_div( $xatts, $content = '' ) {
40	'class' => '',
41	), $xatts );
42
43	- $result = '<div style="' . $atts['style'] . '" class="' . $atts['class'] . '" >' .
44	do_shortcode( $content ) .
45	'</div>';
46


3	* Package: wp-photo-album-plus
4	*
5	* get the albums via shortcode handler
6	+ * Version 7.0.02
7	*
8	*/
9

40	'class' => '',
41	), $xatts );
42
43	+ $result = '<div style="' . esc_attr( $atts['style'] ) . '" class="' . esc_attr( $atts['class'] ) . '" >' .
44	do_shortcode( $content ) .
45	'</div>';
46

wppa-import.php CHANGED Viewed

	@@ -3,7 +3,7 @@
3	* Package: wp-photo-album-plus
4	*
5	* Contains all the import pages and functions
6	- * Version 7.0.00
7	*
8	*/
9
	@@ -1494,7 +1494,7 @@ function wppa_get_import_files() {
1494	elseif ( $source_type == 'local' ) {
1495	$source = get_option( 'wppa_import_source_'.$user, WPPA_DEPOT_PATH );
1496	$source_path = $source; // Filesystem
1497	- $files = ~~glob~~( $source_path . '/*' );
1498	}
1499	else { // remote
1500	$max_tries = get_option( 'wppa_import_remote_max_'.$user, '10' );
	@@ -2956,7 +2956,7 @@ global $wppa_session;
2956	// Now import the files
2957	// First escape special regexp chars
2958	$xfile = str_replace( array( '[', ']', '(', ')', '{', '}', '$', '+' ), array( '\[', '\]', '$', '$', '\{', '\}', '\$', '\+' ), $file );
2959	- $photofiles = ~~glob~~( $xfile.'/*' );
2960	if ( $photofiles ) foreach ( $photofiles as $photofile ) {
2961	if ( ! wppa_is_dir( $photofile ) ) {
2962
	@@ -2991,7 +2991,7 @@ global $wppa_session;
2991	}
2992
2993	// Now go deeper, process the subdirs
2994	- $subdirs = ~~glob~~( $xfile.'/*' );
2995	if ( $subdirs ) foreach ( $subdirs as $subdir ) {
2996	if ( wppa_is_dir( $subdir ) ) {
2997	if ( basename( $subdir ) != '.' && basename( $subdir ) != '..' ) {
	@@ -3068,8 +3068,10 @@ static $void_dirs;
3068	$sel = $root == $source ? ' selected="selected"' : '';
3069
3070	// Set disabled if there are no files inside
3071	- $~~n_files~~ = ~~count~~( ~~glob(~~ $root . '/*' ) );
3072	- $~~n_dirs~~ = ~~count(~~ ~~glob~~( $~~root~~ . ~~'/*',~~ ~~GLOB_ONLYDIR~~ ) );


3073	$dis = $n_files == $n_dirs ? ' disabled="disabled"' : '';
3074
3075	// Check for (sub)depot
	@@ -3108,7 +3110,7 @@ static $void_dirs;
3108	}
3109
3110	// See if subdirs exist
3111	- $dirs = ~~glob~~( $root . '/*', GLOB_ONLYDIR );
3112
3113	// Go deeper if not in a list of void disnames
3114	if ( $dirs ) foreach( $dirs as $path ) {


3	* Package: wp-photo-album-plus
4	*
5	* Contains all the import pages and functions
6	+ * Version 7.0.02
7	*
8	*/
9

1494	elseif ( $source_type == 'local' ) {
1495	$source = get_option( 'wppa_import_source_'.$user, WPPA_DEPOT_PATH );
1496	$source_path = $source; // Filesystem
1497	+ $files = wppa_glob( $source_path . '/*' );
1498	}
1499	else { // remote
1500	$max_tries = get_option( 'wppa_import_remote_max_'.$user, '10' );

2956	// Now import the files
2957	// First escape special regexp chars
2958	$xfile = str_replace( array( '[', ']', '(', ')', '{', '}', '$', '+' ), array( '\[', '\]', '$', '$', '\{', '\}', '\$', '\+' ), $file );
2959	+ $photofiles = wppa_glob( $xfile.'/*' );
2960	if ( $photofiles ) foreach ( $photofiles as $photofile ) {
2961	if ( ! wppa_is_dir( $photofile ) ) {
2962

2991	}
2992
2993	// Now go deeper, process the subdirs
2994	+ $subdirs = wppa_glob( $xfile.'/*' );
2995	if ( $subdirs ) foreach ( $subdirs as $subdir ) {
2996	if ( wppa_is_dir( $subdir ) ) {
2997	if ( basename( $subdir ) != '.' && basename( $subdir ) != '..' ) {

3068	$sel = $root == $source ? ' selected="selected"' : '';
3069
3070	// Set disabled if there are no files inside
3071	+ $files = wppa_glob( $root . '/*' );
3072	+ $n_files = ! empty( $files ) ? count( $files ) : 0;
3073	+ $dirs = wppa_glob( $root . '/*', GLOB_ONLYDIR );
3074	+ $n_dirs = ! empty( $dirs ) ? count( $dirs ) : 0;
3075	$dis = $n_files == $n_dirs ? ' disabled="disabled"' : '';
3076
3077	// Check for (sub)depot

3110	}
3111
3112	// See if subdirs exist
3113	+ $dirs = wppa_glob( $root . '/*', GLOB_ONLYDIR );
3114
3115	// Go deeper if not in a list of void disnames
3116	if ( $dirs ) foreach( $dirs as $path ) {

wppa-maintenance.php CHANGED Viewed

	@@ -3,7 +3,7 @@
3	* Package: wp-photo-album-plus
4	*
5	* Contains (not yet, but in the future maybe) all the maintenance routines
6	- * Version 7.0.00
7	*
8	*/
9
	@@ -1572,7 +1572,7 @@ function wppa_log_page() {
1572	wppa_admin_spinner() .
1573	wp_nonce_field( 'wppa-nonce', 'wppa-nonce', true, false ) .
1574	'<img id="icon-album" src="' . esc_url( WPPA_URL . '/img/page_green.png' ) . '" />' .
1575	- '<h1 style="display:inline" >' . __('WP Photo Album Plus Logfile', 'wp-photo-album-plus') .
1576	'<input' .
1577	' class="button-secundary"' .
1578	' style="float:right; border-radius:3px; font-size: 16px; height: 28px; padding: 0 4px;"' .


3	* Package: wp-photo-album-plus
4	*
5	* Contains (not yet, but in the future maybe) all the maintenance routines
6	+ * Version 7.0.02
7	*
8	*/
9

1572	wppa_admin_spinner() .
1573	wp_nonce_field( 'wppa-nonce', 'wppa-nonce', true, false ) .
1574	'<img id="icon-album" src="' . esc_url( WPPA_URL . '/img/page_green.png' ) . '" />' .
1575	+ '<h1 style="display:inline" >' . htmlentities( __('WP Photo Album Plus Logfile', 'wp-photo-album-plus') ) .
1576	'<input' .
1577	' class="button-secundary"' .
1578	' style="float:right; border-radius:3px; font-size: 16px; height: 28px; padding: 0 4px;"' .

wppa-photo-admin-autosave.php CHANGED Viewed

	@@ -3,7 +3,7 @@
3	* Package: wp-photo-album-plus
4	*
5	* edit and delete photos
6	- * Version 7.0.00
7	*
8	*/
9
	@@ -744,7 +744,10 @@ function wppaToggleExif( id, count ) {
744	__( 'Location:' , 'wp-photo-album-plus') . ' ';
745	$loc = $location ? $location : '///';
746	$geo = explode( '/', $loc );
747	- ~~echo $geo['0'].' '.$geo['1'].'. ';~~



748	if ( wppa_switch( 'geo_edit' ) ) {
749	echo
750	__( 'Lat:', 'wp-photo-album-plus' ) .
	@@ -754,7 +757,7 @@ function wppaToggleExif( id, count ) {
754	' id="lat-' . $id . '"' .
755	' onkeyup="wppaAjaxUpdatePhoto( ' . $id . ', \'lat\', this );"' .
756	' onchange="wppaAjaxUpdatePhoto( ' . $id . ', \'lat\', this );"' .
757	- ' value="' . $geo['2'] . '"' .
758	' />' .
759	__( 'Lon:', 'wp-photo-album-plus' ) .
760	'<input type="text"' .
	@@ -762,7 +765,7 @@ function wppaToggleExif( id, count ) {
762	' id="lon-' . $id . '"' .
763	' onkeyup="wppaAjaxUpdatePhoto( ' . $id . ', \'lon\', this );"' .
764	' onchange="wppaAjaxUpdatePhoto( ' . $id . ', \'lon\', this );"' .
765	- ' value="' . $geo['3'] . '"' .
766	' />';
767	}
768	}
	@@ -775,7 +778,7 @@ function wppaToggleExif( id, count ) {
775	'<input' .
776	' type="text"' .
777	' id="porder-' . $id . '"' .
778	- ' value="' . $p_order . '"' .
779	' style="width:30px;"' .
780	' onkeyup="wppaAjaxUpdatePhoto( ' . $id . ', \'p_order\', this )"' .
781	' onchange="wppaAjaxUpdatePhoto( ' . $id . ', \'p_order\', this )"' .
	@@ -784,7 +787,7 @@ function wppaToggleExif( id, count ) {
784	}
785	else {
786	echo
787	- $p_order . '. ';
788	}
789
790	// Rating
	@@ -799,7 +802,7 @@ function wppaToggleExif( id, count ) {
799	else {
800	echo
801	__( 'Rating:', 'wp-photo-album-plus' ) . ' ' .
802	- __( 'Entries:', 'wp-photo-album-plus' ) . ' ' . $entries .
803	', ' .
804	__( 'Mean value:', 'wp-photo-album-plus' ) .
805	' ' .


3	* Package: wp-photo-album-plus
4	*
5	* edit and delete photos
6	+ * Version 7.0.02
7	*
8	*/
9

744	__( 'Location:' , 'wp-photo-album-plus') . ' ';
745	$loc = $location ? $location : '///';
746	$geo = explode( '/', $loc );
747	+
748	+ // To prevent double encoding ( of ° etc ) use esc_html instead of htmlentities
749	+ echo esc_html( $geo['0'].' '.$geo['1'].'. ' );
750	+
751	if ( wppa_switch( 'geo_edit' ) ) {
752	echo
753	__( 'Lat:', 'wp-photo-album-plus' ) .

757	' id="lat-' . $id . '"' .
758	' onkeyup="wppaAjaxUpdatePhoto( ' . $id . ', \'lat\', this );"' .
759	' onchange="wppaAjaxUpdatePhoto( ' . $id . ', \'lat\', this );"' .
760	+ ' value="' . esc_attr( $geo['2'] ) . '"' .
761	' />' .
762	__( 'Lon:', 'wp-photo-album-plus' ) .
763	'<input type="text"' .

765	' id="lon-' . $id . '"' .
766	' onkeyup="wppaAjaxUpdatePhoto( ' . $id . ', \'lon\', this );"' .
767	' onchange="wppaAjaxUpdatePhoto( ' . $id . ', \'lon\', this );"' .
768	+ ' value="' . esc_attr( $geo['3'] ) . '"' .
769	' />';
770	}
771	}

778	'<input' .
779	' type="text"' .
780	' id="porder-' . $id . '"' .
781	+ ' value="' . esc_attr( $p_order ) . '"' .
782	' style="width:30px;"' .
783	' onkeyup="wppaAjaxUpdatePhoto( ' . $id . ', \'p_order\', this )"' .
784	' onchange="wppaAjaxUpdatePhoto( ' . $id . ', \'p_order\', this )"' .

787	}
788	else {
789	echo
790	+ htmlentities( $p_order ) . '. ';
791	}
792
793	// Rating

802	else {
803	echo
804	__( 'Rating:', 'wp-photo-album-plus' ) . ' ' .
805	+ __( 'Entries:', 'wp-photo-album-plus' ) . ' ' . htmlentities( $entries ) .
806	', ' .
807	__( 'Mean value:', 'wp-photo-album-plus' ) .
808	' ' .

wppa-settings-autosave.php CHANGED Viewed

	@@ -3,7 +3,7 @@
3	* Package: wp-photo-album-plus
4	*
5	* manage all options
6	- * Version 7.0.01
7	*
8	*/
9
	@@ -57,7 +57,10 @@ global $wppa_supported_camara_brands;
57	// Someone hit a submit button or the like?
58	if ( isset($_REQUEST['wppa_settings_submit']) ) { // Yep!
59
60	- ~~check_admin_referer~~( 'wppa-nonce', 'wppa-nonce' );



61	$key = $_REQUEST['wppa-key'];
62	$sub = isset( $_REQUEST['wppa-sub'] ) ? $_REQUEST['wppa-sub'] : '';
63
	@@ -137,8 +140,8 @@ global $wppa_supported_camara_brands;
137	wppa_error_message(sprintf(__('Uploaded file %s is not a .png file', 'wp-photo-album-plus'), sanitize_file_name( $file['name'] ) ) . ' (Type='.$file['type'].').');
138	}
139	else {
140	- wppa_copy( $file['tmp_name'], WPPA_UPLOAD_PATH . '/watermarks/' . sanitize_file_name(basename($file['name'])));
141	- wppa_alert(sprintf(__('Upload of %s done', 'wp-photo-album-plus'), sanitize_file_name(basename($file['name']))));
142	}
143	}
144	}
	@@ -218,9 +221,8 @@ global $wppa_supported_camara_brands;
218	'document.location=' .
219	'document.location+"&' .
220	'wppa_settings_submit=Doit&' .
221	- 'wppa-nonce=' . ~~esc_attr~~( ~~$_REQUEST[~~'wppa-nonce'] ) . '&' .
222	- 'wppa-key=' . $key . '&' .
223	- '_wp_http_referer=' . esc_url( $_REQUEST['_wp_http_referer'] ) . '"' .
224	'</script>';
225	}
226	break;
	@@ -238,9 +240,8 @@ global $wppa_supported_camara_brands;
238	'document.location=' .
239	'document.location+"&' .
240	'wppa_settings_submit=Doit&' .
241	- 'wppa-nonce=' . ~~esc_attr~~( ~~$_REQUEST[~~'wppa-nonce'] ) . '&' .
242	- 'wppa-key=' . $key . '&' .
243	- '_wp_http_referer=' . esc_url( $_REQUEST['_wp_http_referer'] ) . '"' .
244	'</script>';
245	}
246	break;
	@@ -10156,7 +10157,7 @@ global $wppa_supported_camara_brands;
10156	wppa_setting($slug, '4.7', $name, $desc, $html, $help, $clas, $tags);
10157
10158	$name = __('Cloudinary usage', 'wp-photo-album-plus');
10159	- if ( function_exists( 'wppa_get_cloudinary_usage' ) ) {
10160	$data = wppa_get_cloudinary_usage();
10161	if ( is_array( $data ) ) {
10162	$desc = '<style type="text/css" scoped>table, tbody, tr, td { margin:0; padding:0; border:none; font-size: 9px; line-height: 11px; } td { height:11px; }</style>';
	@@ -10195,7 +10196,7 @@ global $wppa_supported_camara_brands;
10195	}
10196	}
10197	else {
10198	- $desc = __('Cloudinary ~~routines~~ not ~~installed.~~', 'wp-photo-album-plus');
10199	}
10200	$help = '';
10201	$html = '';
	@@ -11160,7 +11161,7 @@ global $wppa_totcols;
11160	$result .= '
11161	<tr
11162	id="' . esc_attr( $wppa_table . $wppa_subtable . $num . '-help' ) . '"
11163	- class="wppa-setting-help wppa-' . $wppa_table . '-' . $wppa_subtable . '-help "
11164	style="display:none;"
11165	>
11166	<td></td>


3	* Package: wp-photo-album-plus
4	*
5	* manage all options
6	+ * Version 7.0.02
7	*
8	*/
9

57	// Someone hit a submit button or the like?
58	if ( isset($_REQUEST['wppa_settings_submit']) ) { // Yep!
59
60	+ if ( ! wp_verify_nonce( $_REQUEST['wppa-nonce'], 'wppa-nonce' ) ) {
61	+ wp_die( 'Security chekc failuere' );
62	+ }
63	+ // check_admin_referer( 'wppa-nonce', 'wppa-nonce' );
64	$key = $_REQUEST['wppa-key'];
65	$sub = isset( $_REQUEST['wppa-sub'] ) ? $_REQUEST['wppa-sub'] : '';
66

140	wppa_error_message(sprintf(__('Uploaded file %s is not a .png file', 'wp-photo-album-plus'), sanitize_file_name( $file['name'] ) ) . ' (Type='.$file['type'].').');
141	}
142	else {
143	+ wppa_copy( $file['tmp_name'], WPPA_UPLOAD_PATH . '/watermarks/' . strtolower(sanitize_file_name(basename($file['name']))));
144	+ wppa_alert(sprintf(__('Upload of %s done', 'wp-photo-album-plus'), strtolower(sanitize_file_name(basename($file['name'])))));
145	}
146	}
147	}

221	'document.location=' .
222	'document.location+"&' .
223	'wppa_settings_submit=Doit&' .
224	+ 'wppa-nonce=' . wp_create_nonce( 'wppa-nonce' ) . '&' .
225	+ 'wppa-key=' . $key . '"' .

226	'</script>';
227	}
228	break;

240	'document.location=' .
241	'document.location+"&' .
242	'wppa_settings_submit=Doit&' .
243	+ 'wppa-nonce=' . wp_create_nonce( 'wppa-nonce' ) . '&' .
244	+ 'wppa-key=' . $key . '"' .

245	'</script>';
246	}
247	break;

10157	wppa_setting($slug, '4.7', $name, $desc, $html, $help, $clas, $tags);
10158
10159	$name = __('Cloudinary usage', 'wp-photo-album-plus');
10160	+ if ( function_exists( 'wppa_get_cloudinary_usage' ) && wppa_opt( 'cdn_cloud_name' ) ) {
10161	$data = wppa_get_cloudinary_usage();
10162	if ( is_array( $data ) ) {
10163	$desc = '<style type="text/css" scoped>table, tbody, tr, td { margin:0; padding:0; border:none; font-size: 9px; line-height: 11px; } td { height:11px; }</style>';

10196	}
10197	}
10198	else {
10199	+ $desc = __('Cloudinary usage data not available', 'wp-photo-album-plus');
10200	}
10201	$help = '';
10202	$html = '';

11161	$result .= '
11162	<tr
11163	id="' . esc_attr( $wppa_table . $wppa_subtable . $num . '-help' ) . '"
11164	+ class="' . esc_attr( 'wppa-setting-help wppa-' . $wppa_table . '-' . $wppa_subtable . '-help ' ) . '"
11165	style="display:none;"
11166	>
11167	<td></td>

wppa-video.php CHANGED Viewed

	@@ -3,7 +3,7 @@
3	* Package: wp-photo-album-plus
4	*
5	* Contains all video routines
6	- * Version 6.9.16
7	*
8	*/
9
	@@ -227,8 +227,13 @@ function wppa_get_videox( $id ) {
227	if ( ! wppa_is_video( $id ) ) return '0';
228
229	$thumb = wppa_cache_thumb( $id );
230	- if ( $thumb['videox'] ) ~~return $thumb['videox'];~~
231	- ~~return~~ ~~wppa_opt(~~ '~~video_width~~' );





232	}
233
234	function wppa_get_videoy( $id ) {
	@@ -236,7 +241,12 @@ function wppa_get_videoy( $id ) {
236	if ( ! wppa_is_video( $id ) ) return '0';
237
238	$thumb = wppa_cache_thumb( $id );
239	- if ( $thumb['videoy'] ) ~~return $thumb['videoy'];~~
240	- ~~return~~ ~~wppa_opt(~~ '~~video_height~~' );





241	}
242


3	* Package: wp-photo-album-plus
4	*
5	* Contains all video routines
6	+ * Version 7.0.02
7	*
8	*/
9

227	if ( ! wppa_is_video( $id ) ) return '0';
228
229	$thumb = wppa_cache_thumb( $id );
230	+ if ( $thumb['videox'] ) {
231	+ $result = $thumb['videox'];
232	+ }
233	+ else {
234	+ $result = wppa_opt( 'video_width' );
235	+ }
236	+ return strval( intval( $result ) );
237	}
238
239	function wppa_get_videoy( $id ) {

241	if ( ! wppa_is_video( $id ) ) return '0';
242
243	$thumb = wppa_cache_thumb( $id );
244	+ if ( $thumb['videoy'] ) {
245	+ $result = $thumb['videoy'];
246	+ }
247	+ else {
248	+ $result = wppa_opt( 'video_height' );
249	+ }
250	+ return strval( intval( $result ) );
251	}
252

wppa-watermark.php CHANGED Viewed

	@@ -2,7 +2,7 @@
2	/* wppa-watermark.php
3	*
4	* Functions used for the application of watermarks
5	- * Version 7.0.00
6	*
7	*/
8
	@@ -400,16 +400,16 @@ function wppa_add_watermark( $id ) {
400	if ( basename( $waterfile ) == '--- none ---' ) {
401	return false; // No watermark this time
402	}
403	-
404	// Open the watermark file
405	if ( ! wppa_is_path_safe( $waterfile ) ) {
406	wppa_log( 'War', 'Unsafe path found in wppa_add_watermark(): ' . sanitize_text_field( $waterfile ) );
407	return false;
408	}
409
410	- $watersize = ~~@ getimagesize~~( $waterfile );
411	if ( ! is_array( $watersize ) ) return false; // Not a valid picture file
412	- $waterimage = ~~imagecreatefrompng~~( $waterfile );
413	if ( empty( $waterimage ) or ( !$waterimage ) ) {
414	wppa_dbg_msg( 'Watermark file '.$waterfile.' not found or corrupt' );
415	return false; // No image
	@@ -441,7 +441,7 @@ function wppa_add_watermark( $id ) {
441	break;
442	case 2: $photoimage = wppa_imagecreatefromjpeg( $file );
443	break;
444	- case 3: $photoimage = ~~imagecreatefrompng~~( $file );
445	break;
446	}
447	if ( empty( $photoimage ) or ( ! $photoimage ) ) return false; // No image


2	/* wppa-watermark.php
3	*
4	* Functions used for the application of watermarks
5	+ * Version 7.0.02
6	*
7	*/
8

400	if ( basename( $waterfile ) == '--- none ---' ) {
401	return false; // No watermark this time
402	}
403	+
404	// Open the watermark file
405	if ( ! wppa_is_path_safe( $waterfile ) ) {
406	wppa_log( 'War', 'Unsafe path found in wppa_add_watermark(): ' . sanitize_text_field( $waterfile ) );
407	return false;
408	}
409
410	+ $watersize = wppa_getimagesize( $waterfile );
411	if ( ! is_array( $watersize ) ) return false; // Not a valid picture file
412	+ $waterimage = wppa_imagecreatefrompng( $waterfile );
413	if ( empty( $waterimage ) or ( !$waterimage ) ) {
414	wppa_dbg_msg( 'Watermark file '.$waterfile.' not found or corrupt' );
415	return false; // No image

441	break;
442	case 2: $photoimage = wppa_imagecreatefromjpeg( $file );
443	break;
444	+ case 3: $photoimage = wppa_imagecreatefrompng( $file );
445	break;
446	}
447	if ( empty( $photoimage ) or ( ! $photoimage ) ) return false; // No image

wppa-wrappers.php CHANGED Viewed

	@@ -5,7 +5,7 @@
5	* Contains wrappers for standard php functions
6	* For security and bug reasons
7	*
8	- * Version 7.0.01
9	*
10	*/
11
	@@ -18,6 +18,28 @@ function wppa_imagecreatefromjpeg( $file ) {
18	return $img;
19	}
20






















21	// Wrapper for copy( $from, $to ) that verifies that the pathnames are safe for our application
22	// In case of unexpected operation: Generates a warning in the wppa log, and does not perform the copy.
23	function wppa_copy( $from, $to ) {
	@@ -126,21 +148,6 @@ function wppa_unlink( $file ) {
126	return unlink( $file );
127	}
128
129	- /*
130	- function wppa_mkdir( $path ) {
131	- if ( ! is_dir( $path ) ) {
132	- mkdir( $path );
133	- if ( is_dir( $path ) ) {
134	- wppa_log( 'Fso', 'Created path: ' . $path );
135	- }
136	- else {
137	- wppa_log( 'Err', 'Could not create: ' . $path );
138	- }
139	- wppa_chmod( $path );
140	- }
141	- }
142	-
143	- */
144	// Wrapper for mkdir
145	function wppa_mkdir( $dir ) {
146
	@@ -212,7 +219,10 @@ static $safe_files;
212	global $wppa_lang;
213	global $wppa_log_file;
214
215	- if ( ~~substr(~~ ~~strtolower( $path ), 0, 7 ) == '~~phar~~://'~~ ~~) return false;~~



216
217	if ( ! defined( 'WPPA_UPLOAD_PATH' ) ) return true; // During activation/setup
218
	@@ -234,6 +244,7 @@ global $wppa_log_file;
234	WPPA_CONTENT_PATH . '/wppa-depot',
235	WPPA_CONTENT_PATH . '/' . wppa_opt( 'pl_dirname' ),
236	WPPA_CONTENT_PATH . '/' . wppa_opt( 'cache_root' ),

237	WPPA_PATH . '/fonts',
238	WPPA_PATH . '/watermarks',
239	WPPA_PATH . '/wppa-dump.txt',
	@@ -271,7 +282,7 @@ global $wppa_log_file;
271	}
272
273	// Path traversal attempt?
274	- if ( strpos( $path, '../' ) !== false ) {
275	return false;
276	}
277


5	* Contains wrappers for standard php functions
6	* For security and bug reasons
7	*
8	+ * Version 7.0.02
9	*
10	*/
11

18	return $img;
19	}
20
21	+ // Wrapper for getimagesize( $file ), verifies safe pathnames
22	+ function wppa_getimagesize( $file ) {
23	+
24	+ if ( ! wppa_is_path_safe( $file ) ) {
25	+ wppa_log( 'War', 'Unsafe from path detected in wppa_getimagesize(): ' . sanitize_text_field( $file ), true );
26	+ return false;
27	+ }
28	+
29	+ return getimagesize( $file );
30	+ }
31	+
32	+ // Wrapper for imagecreatefrompng( $file ), verifies safe pathnames
33	+ function wppa_imagecreatefrompng( $file ) {
34	+
35	+ if ( ! wppa_is_path_safe( $file ) ) {
36	+ wppa_log( 'War', 'Unsafe from path detected in wppa_imagecreatefrompng(): ' . sanitize_text_field( $file ), true );
37	+ return false;
38	+ }
39	+
40	+ return imagecreatefrompng( $file );
41	+ }
42	+
43	// Wrapper for copy( $from, $to ) that verifies that the pathnames are safe for our application
44	// In case of unexpected operation: Generates a warning in the wppa log, and does not perform the copy.
45	function wppa_copy( $from, $to ) {

148	return unlink( $file );
149	}
150















151	// Wrapper for mkdir
152	function wppa_mkdir( $dir ) {
153

219	global $wppa_lang;
220	global $wppa_log_file;
221
222	+ // Check against phar deserialisation
223	+ if ( stripos( $path, 'phar://' ) !== false ) {
224	+ return false;
225	+ }
226
227	if ( ! defined( 'WPPA_UPLOAD_PATH' ) ) return true; // During activation/setup
228

244	WPPA_CONTENT_PATH . '/wppa-depot',
245	WPPA_CONTENT_PATH . '/' . wppa_opt( 'pl_dirname' ),
246	WPPA_CONTENT_PATH . '/' . wppa_opt( 'cache_root' ),
247	+ WPPA_CONTENT_PATH . '/blogs.dir',
248	WPPA_PATH . '/fonts',
249	WPPA_PATH . '/watermarks',
250	WPPA_PATH . '/wppa-dump.txt',

282	}
283
284	// Path traversal attempt?
285	+ if ( strpos( $path, '../' ) !== false \|\| strpos( $path, '/..' ) !== false ) {
286	return false;
287	}
288

wppa.php CHANGED Viewed

	@@ -2,7 +2,7 @@
2	/*
3	* Plugin Name: WP Photo Album Plus
4	* Description: Easily manage and display your photo albums and slideshows within your WordPress site.
5	- * Version: 7.0.01.~~006~~
6	* Author: J.N. Breetvelt a.k.a. OpaJaap
7	* Author URI: http://wppa.opajaap.nl/
8	* Plugin URI: http://wordpress.org/extend/plugins/wp-photo-album-plus/
	@@ -22,8 +22,8 @@ global $wpdb;
22	global $wp_version;
23
24	/* WPPA GLOBALS */
25	- global $wppa_revno; $wppa_revno = '~~7001~~'; // WPPA db version
26	- global $wppa_api_version; $wppa_api_version = '7-0-01-~~006~~'; // WPPA software version
27
28	/* start timers */
29	global $wppa_starttime; $wppa_starttime = microtime( true );


2	/*
3	* Plugin Name: WP Photo Album Plus
4	* Description: Easily manage and display your photo albums and slideshows within your WordPress site.
5	+ * Version: 7.0.02.002
6	* Author: J.N. Breetvelt a.k.a. OpaJaap
7	* Author URI: http://wppa.opajaap.nl/
8	* Plugin URI: http://wordpress.org/extend/plugins/wp-photo-album-plus/

22	global $wp_version;
23
24	/* WPPA GLOBALS */
25	+ global $wppa_revno; $wppa_revno = '7002'; // WPPA db version
26	+ global $wppa_api_version; $wppa_api_version = '7-0-02-002'; // WPPA software version
27
28	/* start timers */
29	global $wppa_starttime; $wppa_starttime = microtime( true );