WP Photo Album Plus - Version 7.1.09.001

Version Description

= 7.1.09 =

  • This version addresses various bug fixes and feature requests.

= 7.1.08 =

  • This version addresses various bug fixes and feature requests.

= 7.1.07 =

  • This version addresses various bug fixes and feature requests.

= 7.1.06 =

  • This version addresses various bug fixes and feature requests.

= 7.1.05 =

  • This version addresses various security issues.
  • This version addresses various bug fixes.

= 7.1.04 =

  • This version addresses various bug fixes.

= 7.1.03 =

  • This version addresses various security issues.
  • This version addresses various bug fixes.

= 7.1.02 =

  • This version addresses various security issues.
  • This version addresses various bug fixes and feature requests.

= 7.1.01 =

  • This version addresses various bug fixes and feature requests.

= 7.1.00 =

  • This version addresses various bug fixes and feature requests.
  • The Photo Album -> Upload Photos and Import Photos admin pages have been substantially improved. Read the changelog for details.

= 7.0.11 =

  • This version addresses various bug fixes and feature requests.

= 7.0.11 =

  • This version addresses various bug fixes

= 7.0.10 =

  • This version addresses various bug fixes

= 7.0.09 =

  • This version addresses various security issues.
  • This version addresses various bug fixes and feature requests.

= 7.0.08 =

  • This version addresses various security issues.
  • This version addresses various bug fixes

= 7.0.07 =

  • This version addresses various security issues.
  • This version addresses various bug fixes

= 7.0.06 =

  • This version addresses various bug fixes
  • This version addresses various security issues.

= 7.0.05 =

  • This version addresses various minor bug fixes and feature requests.
  • This version addresses various security issues.

= 7.0.04 =

  • This version addresses various bug fixes
  • This version addresses various security issues.

= 7.0.03 =

  • This version addresses various minor bug fixes and feature requests.

= 7.0.02 =

  • This version addresses various bug fixes
  • This version addresses various security issues.

= 7.0.01 =

  • This version addresses various minor bug fixes and feature requests.

= 7.0.00 =

  • Shortcode generators for Gutenberg added.
  • This version addresses various minor bug fixes and feature requests.
  • This version addresses various security issues.
  • To prevent spamming and give the users the opportunity to decide when they want us to email them, the mailing system has been revised. Configure Table IX-M to enable various mailing lists, and use the WPPA+ Notify widget for full user flexibility.

= 6.9.21 =

  • This version addresses various bug fixes
  • This version addresses various security issues.

= 6.9.20 =

  • This version addresses various bug fixes

= 6.9.19 =

  • This version addresses various minor bug fixes

= 6.9.18 =

  • This version addresses various minor bug fixes

= 6.9.17 =

  • This version addresses various minor bug fixes and feature requests.
  • This version addresses various security issues.

= 6.9.16 =

  • This version addresses various minor bug fixes and feature requests.
  • This version addresses various security issues.

= 6.9.15 =

  • This version addresses various minor bug fixes and feature requests.
  • This version addresses various security issues.

= 6.9.14 =

  • This version addresses various minor bug fixes and feature requests.
  • This version addresses various security issues.

= 6.9.13 =

  • Security release.

= 6.9.12 =

  • This version addresses various minor bug fixes and performance improvements.

= 6.9.11 =

  • This version addresses various minor bug fixes and performance improvements.

= 6.9.10 =

  • This version addresses various minor bug fixes and performance improvements.

= 6.9.09 =

  • Panorama support phase III.

= 6.9.08 =

  • This version addresses various minor bug fixes and feature requests.
  • Panorama support phase II.

= 6.9.07 =

  • This version addresses various minor bug fixes and feature requests.
  • Panorama support phase I.

= 6.9.06 =

  • This version addresses various minor bug fixes and feature requests.

= 6.9.05 =

  • This version addresses various minor bug fixes and feature requests.

= 6.9.04 =

  • This version addresses various minor bug fixes and feature requests.
  • Local CDN functionality has been added.

= 6.9.03 =

  • This version addresses various minor bug fixes and feature requests.

= 6.9.02 =

  • This version addresses various minor bug fixes and feature requests.

= 6.9.01 =

  • This version addresses various minor bug fixes and feature requests.

= 6.9.00 =

  • This version includes the code for the privacy policy requirements.

= 6.8.09

  • This version addresses various bug fixes and code edits.

= 6.8.08 =

  • This version addresses various minor bug fixes and feature requests.
  • This version offers substantial performance improvements when the box in Table IV-A13: Defer Javascript is ticked. This setting is now recommended and set ticked as the default.
  • For more info on performance improvements and compatibility with optimizers: see the changelog.txt

= 6.8.07 =

  • This version addresses various minor bug fixes and enhancements, and a new widget: Statistics.

= 6.8.06 =

  • This version addresses various minor bug fixes and improved cache handling.

= 6.8.05 =

  • This version addresses various minor bug fixes and feture requests.

= 6.8.04 =

  • This version addresses various display issues and a few fixes of bugs that seldom affected the plugins behaviour.
Download this release

Release Info

Developer opajaap
Plugin Icon wp plugin WP Photo Album Plus
Version 7.1.09.001
Comparing to
See all releases

Code changes from version 7.1.08.004 to 7.1.09.001

changelog.txt CHANGED
@@ -1,9 +1,15 @@
1
WP Photo Album Plus Changelog
2
3
= 7.1.08 =
4
5
* Fixed a bug that caused a fatal error when deleting a local cdn folder.
6
- * When creating a sibling album, the following items are copied from the originating album: cover_type, cover_linktype, coverphoto if it is a method rather than an individual photo,
7
* Maintenance proc Table VIII-B21 added: Covert png to jpg.
8
* Max execution time (Table IX-A5) can not be lower than 25.
9
* Thumbnail files of multimedia items could not be remade. Fixed.
1
WP Photo Album Plus Changelog
2
3
+ = 7.1.09 =
4
+
5
+ * Dropped te use of WP_Filesystem() due to problems like installations where $wp_filesystem->is_dir() always returns false without a valid reason.
6
+ * Added Table IX-D20 to remove accents in filenames (prior to possible fully sanitizing), to fix the problem that wp sanitize_filename() simply removes the accented chars.
7
+ * Filenames are now changed to utf8 if they are not utf8 encoded.
8
+
9
= 7.1.08 =
10
11
* Fixed a bug that caused a fatal error when deleting a local cdn folder.
12
+ * When creating a sibling album, the following items are copied from the originating album: cover_type, cover_linktype, coverphoto if it is a method rather than an individual photo.
13
* Maintenance proc Table VIII-B21 added: Covert png to jpg.
14
* Max execution time (Table IX-A5) can not be lower than 25.
15
* Thumbnail files of multimedia items could not be remade. Fixed.
readme.txt CHANGED
@@ -2,8 +2,8 @@
2
Contributors: opajaap
3
Donate link: https://www.paypal.com/cgi-bin/webscr?cmd=_donations&business=OpaJaap@OpaJaap.nl&item_name=WP-Photo-Album-Plus&item_number=Support-Open-Source&currency_code=USD&lc=US
4
Tags: photo, album, slideshow, video, audio, lightbox, iptc, exif, cloudinary, fotomoto, imagemagick, pdf
5
- Version: 7.1.08
6
- Stable tag: 7.1.07.004
7
Author: J.N. Breetvelt
8
Author URI: http://www.opajaap.nl/
9
Requires at least: 3.9
@@ -137,6 +137,10 @@ See for the full changelog: <a href="http://www.wppa.nl/changelog/" >The documen
137
138
== Upgrade Notice ==
139
140
= 7.1.08 =
141
142
* This version addresses various bug fixes and feature requests.
2
Contributors: opajaap
3
Donate link: https://www.paypal.com/cgi-bin/webscr?cmd=_donations&business=OpaJaap@OpaJaap.nl&item_name=WP-Photo-Album-Plus&item_number=Support-Open-Source&currency_code=USD&lc=US
4
Tags: photo, album, slideshow, video, audio, lightbox, iptc, exif, cloudinary, fotomoto, imagemagick, pdf
5
+ Version: 7.1.09.001
6
+ Stable tag: 7.1.08.004
7
Author: J.N. Breetvelt
8
Author URI: http://www.opajaap.nl/
9
Requires at least: 3.9
137
138
== Upgrade Notice ==
139
140
+ = 7.1.09 =
141
+
142
+ * This version addresses various bug fixes and feature requests.
143
+
144
= 7.1.08 =
145
146
* This version addresses various bug fixes and feature requests.
wppa-ajax.php CHANGED
@@ -2,7 +2,7 @@
2
/* wppa-ajax.php
3
*
4
* Functions used in ajax requests
5
- * Version 7.1.08
6
*
7
*/
8
@@ -14,7 +14,7 @@ add_action( 'wp_ajax_nopriv_wppa', 'wppa_ajax_callback' );
14
function wppa_ajax_callback() {
15
global $wpdb;
16
global $wppa_session;
17
- global $wppa_log_file_new;
18
19
wppa( 'ajax', true );
20
wppa( 'error', '0' );
@@ -3331,8 +3331,8 @@ global $wppa_log_file_new;
3331
break;
3332
3333
case 'wppa_errorlog_purge':
3334
- if ( wppa_is_file( $wppa_log_file_new ) ) {
3335
- wppa_unlink( $wppa_log_file_new );
3336
}
3337
delete_option( 'wppa_recursive_log' );
3338
break;
2
/* wppa-ajax.php
3
*
4
* Functions used in ajax requests
5
+ * Version 7.1.09
6
*
7
*/
8
14
function wppa_ajax_callback() {
15
global $wpdb;
16
global $wppa_session;
17
+ global $wppa_log_file;
18
19
wppa( 'ajax', true );
20
wppa( 'error', '0' );
3331
break;
3332
3333
case 'wppa_errorlog_purge':
3334
+ if ( wppa_is_file( $wppa_log_file ) ) {
3335
+ wppa_unlink( $wppa_log_file );
3336
}
3337
delete_option( 'wppa_recursive_log' );
3338
break;
wppa-cron.php CHANGED
@@ -3,7 +3,7 @@
3
* Package: wp-photo-album-plus
4
*
5
* Contains all cron functions
6
- * Version 7.1.05
7
*
8
*
9
*/
@@ -154,7 +154,6 @@ function wppa_schedule_cleanup( $now = false ) {
154
function wppa_do_cleanup() {
155
global $wpdb;
156
global $wppa_endtime;
157
- global $wp_filesystem;
158
159
// Are we temp disbled?
160
if ( wppa_switch( 'maint_ignore_cron' ) ) {
@@ -318,7 +317,6 @@ global $wp_filesystem;
318
wppa_log( 'Cron', 'Phase 12, time left = '.($wppa_endtime-time()) );
319
320
// Cleanup unused depot dirs
321
- wppa_init_fs();
322
$root = is_user_logged_in() ? dirname( WPPA_DEPOT_PATH ) : WPPA_DEPOT_PATH;
323
$depot = dir( $root );
324
if ( substr( $root, -10 ) != 'wppa-depot' ) $depot = false; // Just to be sure we are in the right dir
@@ -327,8 +325,8 @@ global $wp_filesystem;
327
if ( $entry != '.' && $entry != '..' && is_dir( $root . '/' . $entry ) ) {
328
$user = get_user_by( 'login', $entry );
329
if ( ! $user || ! user_can( $user, 'wppa_import' ) ) {
330
- $wp_filesystem->delete( $root . '/' . $entry, true );
331
- wppa_log( 'fso', 'Removed unused depot dir for' . ( $user ? '': ' non existent' ) . ' user {b}' . $entry . '{/b}' );
332
}
333
}
334
}
@@ -337,9 +335,17 @@ global $wp_filesystem;
337
wppa_log( 'err', 'No depot found ' . $root );
338
}
339
340
- // Done?
341
wppa_log( 'Cron', 'Phase 13, time left = '.($wppa_endtime-time()) );
342
343
wppa_log( 'Cron', '{b}wppa_cleanup{/b} completed.' );
344
345
$outbuf = ob_get_clean();
3
* Package: wp-photo-album-plus
4
*
5
* Contains all cron functions
6
+ * Version 7.1.09
7
*
8
*
9
*/
154
function wppa_do_cleanup() {
155
global $wpdb;
156
global $wppa_endtime;
157
158
// Are we temp disbled?
159
if ( wppa_switch( 'maint_ignore_cron' ) ) {
317
wppa_log( 'Cron', 'Phase 12, time left = '.($wppa_endtime-time()) );
318
319
// Cleanup unused depot dirs
320
$root = is_user_logged_in() ? dirname( WPPA_DEPOT_PATH ) : WPPA_DEPOT_PATH;
321
$depot = dir( $root );
322
if ( substr( $root, -10 ) != 'wppa-depot' ) $depot = false; // Just to be sure we are in the right dir
325
if ( $entry != '.' && $entry != '..' && is_dir( $root . '/' . $entry ) ) {
326
$user = get_user_by( 'login', $entry );
327
if ( ! $user || ! user_can( $user, 'wppa_import' ) ) {
328
+ wppa_rmdir( $root . '/' . $entry );
329
+ wppa_log( 'Fso', 'Removed unused depot dir for' . ( $user ? '': ' non existent' ) . ' user {b}' . $entry . '{/b}' );
330
}
331
}
332
}
335
wppa_log( 'err', 'No depot found ' . $root );
336
}
337
338
wppa_log( 'Cron', 'Phase 13, time left = '.($wppa_endtime-time()) );
339
340
+ // Cleanup empty source dirs
341
+ $dirs = wppa_glob( wppa_opt( 'source_dir' ) . '/*', WPPA_ONLYDIRS );
342
+ if ( $dirs ) foreach( $dirs as $dir ) {
343
+ wppa_rmdir( $dir, true ); // when empty
344
+ }
345
+
346
+ // Done?
347
+ wppa_log( 'Cron', 'Phase 14, time left = '.($wppa_endtime-time()) );
348
+
349
wppa_log( 'Cron', '{b}wppa_cleanup{/b} completed.' );
350
351
$outbuf = ob_get_clean();
wppa-import.php CHANGED
@@ -3,7 +3,7 @@
3
* Package: wp-photo-album-plus
4
*
5
* Contains all the import pages and functions
6
- * Version 7.1.07
7
*
8
*/
9
@@ -812,8 +812,8 @@ global $wppa_session;
812
$meta = false;
813
}
814
if ( in_array( strtolower($ext), $wppa_supported_photo_extensions ) ) {
815
- echo
816
- '<td id="td-file-' . $idx . '" >' .
817
'<input' .
818
' type="checkbox"' .
819
' id="file-' . $idx . '"' .
@@ -821,7 +821,7 @@ global $wppa_session;
821
' title="' . esc_attr( $file ) . '"' .
822
' class="wppa-pho"' .
823
( $is_sub_depot ? 'checked="checked"' : '' ) .
824
- '/ >' .
825
'<span' .
826
' id="name-file-' . $idx . '"' .
827
' >' .
3
* Package: wp-photo-album-plus
4
*
5
* Contains all the import pages and functions
6
+ * Version 7.1.09
7
*
8
*/
9
812
$meta = false;
813
}
814
if ( in_array( strtolower($ext), $wppa_supported_photo_extensions ) ) {
815
+ echo '
816
+ <td id="td-file-' . $idx . '" >' .
817
'<input' .
818
' type="checkbox"' .
819
' id="file-' . $idx . '"' .
821
' title="' . esc_attr( $file ) . '"' .
822
' class="wppa-pho"' .
823
( $is_sub_depot ? 'checked="checked"' : '' ) .
824
+ ' />' .
825
'<span' .
826
' id="name-file-' . $idx . '"' .
827
' >' .
wppa-init.php CHANGED
@@ -4,7 +4,7 @@
4
*
5
* This file loads required php files and contains all functions used in init actions.
6
*
7
- * Version 7.1.04
8
*/
9
10
/* LOAD SIDEBAR WIDGETS */
@@ -201,8 +201,8 @@ global $blog_id;
201
// wppa_mktree( WPPA_UPLOAD_PATH . '/thumbs' ); // Just to make sure the chmod is right ( 755 )
202
// wppa_mktree( WPPA_DEPOT_PATH ); // created and not prevent plugin to activate or function
203
204
- global $wppa_log_file_new;
205
- $wppa_log_file_new = WPPA_UPLOAD_PATH . '/wppa-log.txt';
206
}
207
208
function wppa_verify_multisite_config() {
4
*
5
* This file loads required php files and contains all functions used in init actions.
6
*
7
+ * Version 7.1.09
8
*/
9
10
/* LOAD SIDEBAR WIDGETS */
201
// wppa_mktree( WPPA_UPLOAD_PATH . '/thumbs' ); // Just to make sure the chmod is right ( 755 )
202
// wppa_mktree( WPPA_DEPOT_PATH ); // created and not prevent plugin to activate or function
203
204
+ global $wppa_log_file;
205
+ $wppa_log_file = WPPA_UPLOAD_PATH . '/wppa-log.txt';
206
}
207
208
function wppa_verify_multisite_config() {
wppa-maintenance.php CHANGED
@@ -3,7 +3,7 @@
3
* Package: wp-photo-album-plus
4
*
5
* Contains (not yet, but in the future maybe) all the maintenance routines
6
- * Version 7.1.08
7
*
8
*/
9
@@ -834,7 +834,7 @@ global $wppa_endtime;
834
wppa_update_photo( array( 'id' => $id, 'name' => $newname ) );
835
}
836
break;
837
-
838
case 'wppa_png_to_jpg':
839
wppa_convert_png_to_jpg( $id );
840
break;
@@ -1147,7 +1147,7 @@ global $wppa_endtime;
1147
1148
function wppa_do_maintenance_popup( $slug ) {
1149
global $wpdb;
1150
- global $wppa_log_file_new;
1151
1152
// Open wrapper with dedicated styles
1153
$result =
@@ -1241,11 +1241,11 @@ global $wppa_log_file_new;
1241
$rec . '<br /><br />';
1242
}
1243
1244
- if ( ! wppa_is_file( $wppa_log_file_new ) ) {
1245
$result .= __( 'There are no log messages', 'wp-photo-album-plus' );
1246
}
1247
else {
1248
- $data = wppa_get_contents_array( $wppa_log_file_new );
1249
$data = implode( '', array_reverse( $data ) );
1250
$data = str_replace( array( '{b}', '{/b}', '{i}', '{/i}', "\n", '{span', '{/span}', '" }', '{}' ), array( '<b>', '</b>', '<i>', '</i>', '<br />', '<span', '</span>', '" >', '<>' ), $data );
1251
$result .= $data;
3
* Package: wp-photo-album-plus
4
*
5
* Contains (not yet, but in the future maybe) all the maintenance routines
6
+ * Version 7.1.09
7
*
8
*/
9
834
wppa_update_photo( array( 'id' => $id, 'name' => $newname ) );
835
}
836
break;
837
+
838
case 'wppa_png_to_jpg':
839
wppa_convert_png_to_jpg( $id );
840
break;
1147
1148
function wppa_do_maintenance_popup( $slug ) {
1149
global $wpdb;
1150
+ global $wppa_log_file;
1151
1152
// Open wrapper with dedicated styles
1153
$result =
1241
$rec . '<br /><br />';
1242
}
1243
1244
+ if ( ! wppa_is_file( $wppa_log_file ) ) {
1245
$result .= __( 'There are no log messages', 'wp-photo-album-plus' );
1246
}
1247
else {
1248
+ $data = wppa_get_contents_array( $wppa_log_file );
1249
$data = implode( '', array_reverse( $data ) );
1250
$data = str_replace( array( '{b}', '{/b}', '{i}', '{/i}', "\n", '{span', '{/span}', '" }', '{}' ), array( '<b>', '</b>', '<i>', '</i>', '<br />', '<span', '</span>', '" >', '<>' ), $data );
1251
$result .= $data;
wppa-settings-autosave.php CHANGED
@@ -3,7 +3,7 @@
3
* Package: wp-photo-album-plus
4
*
5
* manage all options
6
- * Version 7.1.08
7
*
8
*/
9
@@ -9398,6 +9398,15 @@ global $wppa_supported_camara_brands;
9398
$tags = 'system,import,upload';
9399
wppa_setting($slug, '19', $name, $desc, $html, $help, $clas, $tags);
9400
9401
}
9402
wppa_setting_subheader( 'E', '1', __( 'Search Albums and Photos related settings' , 'wp-photo-album-plus') );
9403
{
3
* Package: wp-photo-album-plus
4
*
5
* manage all options
6
+ * Version 7.1.09
7
*
8
*/
9
9398
$tags = 'system,import,upload';
9399
wppa_setting($slug, '19', $name, $desc, $html, $help, $clas, $tags);
9400
9401
+ $name = __('Remove accents', 'wp-photo-album-plus');
9402
+ $desc = __('Remove accents from filenames during import/uploas', 'wp-photo-album-plus');
9403
+ $help = sprintf( __('See %s for details', 'wp-photo-album-plus'), make_clickable('https://developer.wordpress.org/reference/functions/remove_accents/') );
9404
+ $slug = 'wppa_remove_accents';
9405
+ $html = wppa_checkbox($slug);
9406
+ $clas = '';
9407
+ $tags = 'system,import,upload';
9408
+ wppa_setting($slug, '20', $name, $desc, $html, $help, $clas, $tags);
9409
+
9410
}
9411
wppa_setting_subheader( 'E', '1', __( 'Search Albums and Photos related settings' , 'wp-photo-album-plus') );
9412
{
wppa-setup.php CHANGED
@@ -3,7 +3,7 @@
3
* Package: wp-photo-album-plus
4
*
5
* Contains all the setup stuff
6
- * Version 7.1.08
7
*
8
*/
9
@@ -1787,6 +1787,7 @@ cursorborder:'2px solid transparent',";
1787
'wppa_optimize_new' => 'no',
1788
'wppa_default_album_linktype' => 'content',
1789
'wppa_sanitize_import' => 'yes',
1790
1791
// E Search
1792
'wppa_search_linkpage' => '0', // 1
3
* Package: wp-photo-album-plus
4
*
5
* Contains all the setup stuff
6
+ * Version 7.1.09
7
*
8
*/
9
1787
'wppa_optimize_new' => 'no',
1788
'wppa_default_album_linktype' => 'content',
1789
'wppa_sanitize_import' => 'yes',
1790
+ 'wppa_remove_accents' => 'no',
1791
1792
// E Search
1793
'wppa_search_linkpage' => '0', // 1
wppa-utils.php CHANGED
@@ -3,7 +3,7 @@
3
* Package: wp-photo-album-plus
4
*
5
* Contains low-level utility routines
6
- * Version 7.1.08
7
*
8
*/
9
@@ -1495,7 +1495,7 @@ function wppa_is_enum( $var ) {
1495
// Also, we do not use the wppa filesystem function wrappers, to prevent recursive error logging
1496
function wppa_log( $xtype, $msg, $trace = false, $listuri = false ) {
1497
global $wppa_session;
1498
- global $wppa_log_file_new;
1499
static $busy;
1500
1501
// Do not log during plugin activation or update
@@ -1595,9 +1595,9 @@ static $busy;
1595
}
1596
1597
// Get existing log if it exists
1598
- if ( wppa_is_file( $wppa_log_file_new, false ) ) {
1599
1600
- $contents = wppa_get_contents_array( $wppa_log_file_new, false ); // Do not log error on read
1601
1602
if ( is_array( $contents ) ) {
1603
@@ -1653,7 +1653,7 @@ static $busy;
1653
}
1654
1655
// Done
1656
- wppa_put_contents( $wppa_log_file_new, implode( '', $contents ), false );
1657
$busy = false;
1658
}
1659
@@ -2484,7 +2484,17 @@ function wppa_force_numeric_else( $value, $default ) {
2484
// If a pathname: only the basename of the path is sanitized.
2485
function wppa_sanitize_file_name( $file, $check_length = true ) {
2486
2487
- // Have we been disabled?
2488
if ( ! wppa_switch( 'sanitize_import' ) ) {
2489
return $file;
2490
}
@@ -4764,12 +4774,7 @@ function wppa_remote_file_exists( $url ) {
4764
// Rename all files inside a tree to their sanitized name (recursive)
4765
function wppa_rename_files_sanitized( $root ) {
4766
4767
- // Have we been disabled?
4768
- if ( ! wppa_switch( 'sanitize_import' ) ) {
4769
- return;
4770
- }
4771
-
4772
- // Get the files
4773
$my_import_files = wppa_glob( $root . '/*' );
4774
4775
// If files
@@ -4777,43 +4782,41 @@ function wppa_rename_files_sanitized( $root ) {
4777
4778
foreach( $my_import_files as $path ) {
4779
4780
- // Sanitize path
4781
- $new_path = dirname( $path ) . '/' . wppa_down_ext( sanitize_file_name( basename( $path ) ) );
4782
4783
// Process files
4784
if ( wppa_is_file( $path ) ) {
4785
4786
if ( $new_path != $path ) {
4787
wppa_rename( $path, $new_path );
4788
- wppa_log( 'fso', 'Sanitized import filename ' . $path . ' to ' . $new_path );
4789
}
4790
}
4791
4792
// Process directories
4793
elseif ( wppa_is_dir( $path ) ) {
4794
4795
- $file = basename( $path );
4796
-
4797
- // Only process real subfolders
4798
- if ( $file != '.' && $file != '..' ) {
4799
-
4800
- if ( $new_path != $path ) {
4801
- wppa_rename( $path, $new_path );
4802
- wppa_log( 'fso', 'Sanitized import folder ' . $path . ' to ' . $new_path );
4803
- }
4804
-
4805
- // Recursively one level deeper
4806
- wppa_rename_files_sanitized( $path );
4807
}
4808
- }
4809
4810
- // File system object found with weird characters
4811
- else {
4812
- if ( substr( $new_path, -1 ) == '/' ) {
4813
- wppa_log( 'fso', 'Removed illegal filename that could not be sanitized or renamed: ' . $path );
4814
- wppa_error_message( 'Removed illegal filename that could not be sanitized or renamed: ' . $path );
4815
- unlink( $path );
4816
- }
4817
}
4818
}
4819
}
@@ -4822,8 +4825,11 @@ function wppa_rename_files_sanitized( $root ) {
4822
function wppa_sanitize_album_photo_name( $xname ) {
4823
4824
$special_chars = array("?", "[", "]", "/", "\\", "=", "<", ">", ":", ";", ",", "'", "\"", "&", "quot;, "#", "*", "(", ")", "|", "~", "`", "!", "{", "}", "%", "+", chr(0));
4825
-
4826
$name = str_replace( $special_chars, '', $xname );
4827
$name = sanitize_file_name( $name );
4828
4829
return $name;
3
* Package: wp-photo-album-plus
4
*
5
* Contains low-level utility routines
6
+ * Version 7.1.09
7
*
8
*/
9
1495
// Also, we do not use the wppa filesystem function wrappers, to prevent recursive error logging
1496
function wppa_log( $xtype, $msg, $trace = false, $listuri = false ) {
1497
global $wppa_session;
1498
+ global $wppa_log_file;
1499
static $busy;
1500
1501
// Do not log during plugin activation or update
1595
}
1596
1597
// Get existing log if it exists
1598
+ if ( wppa_is_file( $wppa_log_file, false ) ) {
1599
1600
+ $contents = wppa_get_contents_array( $wppa_log_file, false ); // Do not log error on read
1601
1602
if ( is_array( $contents ) ) {
1603
1653
}
1654
1655
// Done
1656
+ wppa_put_contents( $wppa_log_file, implode( '', $contents ), false );
1657
$busy = false;
1658
}
1659
2484
// If a pathname: only the basename of the path is sanitized.
2485
function wppa_sanitize_file_name( $file, $check_length = true ) {
2486
2487
+ // Make sure its utf8
2488
+ if ( ! seems_utf8( $file ) ) {
2489
+ $file = utf8_encode( $file );
2490
+ }
2491
+
2492
+ // Only accemts?
2493
+ if ( wppa_switch( 'remove_accents' ) ) {
2494
+ $file = remove_accents( $file );
2495
+ }
2496
+
2497
+ // No furher sanitize?
2498
if ( ! wppa_switch( 'sanitize_import' ) ) {
2499
return $file;
2500
}
4774
// Rename all files inside a tree to their sanitized name (recursive)
4775
function wppa_rename_files_sanitized( $root ) {
4776
4777
+ // Get the filesystem objects
4778
$my_import_files = wppa_glob( $root . '/*' );
4779
4780
// If files
4782
4783
foreach( $my_import_files as $path ) {
4784
4785
+ // See if entryname is utf8 encoded
4786
+ $file = basename( $path );
4787
+ if ( ! seems_utf8( $file ) ) {
4788
+ $file = utf8_encode( $file );
4789
+ }
4790
+
4791
+ // Remove really impossible chars
4792
+ $file = str_replace( '%', 'pct', $file );
4793
+
4794
+ // Sanitize path, at least utf8 converted and extension downcased
4795
+ if ( wppa_switch( 'sanitize_import' ) ) {
4796
+ $new_path = dirname( $path ) . '/' . wppa_down_ext( sanitize_file_name( $file ) );
4797
+ }
4798
+ else {
4799
+ $new_path = dirname( $path ) . '/' . wppa_down_ext( $file );
4800
+ }
4801
4802
// Process files
4803
if ( wppa_is_file( $path ) ) {
4804
4805
if ( $new_path != $path ) {
4806
wppa_rename( $path, $new_path );
4807
}
4808
}
4809
4810
// Process directories
4811
elseif ( wppa_is_dir( $path ) ) {
4812
4813
+ if ( $new_path != $path ) {
4814
+ wppa_rename( $path, $new_path );
4815
+ wppa_log( 'fso', 'Sanitized import folder ' . $path . ' to ' . $new_path );
4816
}
4817
4818
+ // Recursively one level deeper
4819
+ wppa_rename_files_sanitized( $path );
4820
}
4821
}
4822
}
4825
function wppa_sanitize_album_photo_name( $xname ) {
4826
4827
$special_chars = array("?", "[", "]", "/", "\\", "=", "<", ">", ":", ";", ",", "'", "\"", "&", "quot;, "#", "*", "(", ")", "|", "~", "`", "!", "{", "}", "%", "+", chr(0));
4828
$name = str_replace( $special_chars, '', $xname );
4829
+
4830
+ if ( wppa_switch( 'remove_accents' ) ) {
4831
+ $name = remove_accents( $name );
4832
+ }
4833
$name = sanitize_file_name( $name );
4834
4835
return $name;
wppa-wpdb-insert.php CHANGED
@@ -3,7 +3,7 @@
3
* Package: wp-photo-album-plus
4
*
5
* Contains low-level wpdb routines that add new records
6
- * Version 7.0.01
7
*
8
*/
9
@@ -285,6 +285,15 @@ global $wpdb;
285
286
if ( $args['scheduledtm'] ) $args['status'] = 'scheduled';
287
288
if ( ! wppa_is_id_free( WPPA_PHOTOS, $args['id'] ) ) $args['id'] = wppa_nextkey( WPPA_PHOTOS );
289
290
$query = $wpdb->prepare( "INSERT INTO $wpdb->wppa_photos ( id,
3
* Package: wp-photo-album-plus
4
*
5
* Contains low-level wpdb routines that add new records
6
+ * Version 7.1.09
7
*
8
*/
9
285
286
if ( $args['scheduledtm'] ) $args['status'] = 'scheduled';
287
288
+ if ( $args['filename'] ) {
289
+ if ( ! seems_utf8( $args['filename'] ) ) {
290
+ $args['filename'] = utf8_encode( $args['filename'] );
291
+ }
292
+ if ( wppa_switch( 'remove_accents' ) ) {
293
+ $args['filename'] = remove_accents( $args['filename'] );
294
+ }
295
+ }
296
+
297
if ( ! wppa_is_id_free( WPPA_PHOTOS, $args['id'] ) ) $args['id'] = wppa_nextkey( WPPA_PHOTOS );
298
299
$query = $wpdb->prepare( "INSERT INTO $wpdb->wppa_photos ( id,
wppa-wrappers.php CHANGED
@@ -5,48 +5,23 @@
5
* Contains wrappers for standard php functions
6
* For security and bug reasons
7
*
8
- * Version 7.1.08
9
*
10
*/
11
12
- require_once ABSPATH . 'wp-admin/includes/file.php';
13
-
14
- function wppa_init_fs() {
15
- global $wp_filesystem;
16
-
17
- if ( empty( $wp_filesystem ) ) {
18
-
19
- $creds = request_filesystem_credentials(
20
- site_url() . '/wp-admin/',
21
- 'direct', // Force direct
22
- false, // error
23
- false, // context
24
- array(), // extra fileds
25
- true // allow_relaxed_file_ownership
26
- );
27
-
28
- if ( ! WP_Filesystem( $creds, false, true ) ) {
29
-
30
- wppa_log( 'Err', 'WP_Filesystem initialisation error' );
31
- return false;
32
- }
33
- }
34
- return true;
35
- }
36
-
37
// To fix a bug in PHP as that photos made with the selfie camera of an android smartphone
38
// erroneously cause the PHP warning 'is not a valid JPEG file' and cause imagecreatefromjpag crash.
39
function wppa_imagecreatefromjpeg( $file ) {
40
41
if ( ! wppa_is_path_safe( $file ) && ! $_FILES ) {
42
- wppa_log( 'Err', 'Unsafe from path detected in wppa_imagecreatefromjpeg(): ' . sanitize_text_field( str_replace( WPPA_CONTENT_PATH, '...', $file ) ) );
43
return false;
44
}
45
ini_set( 'gd.jpeg_ignore_warning', true );
46
47
$img = imagecreatefromjpeg( $file );
48
if ( ! $img ) {
49
- wppa_log( 'Err', 'Could not create memoryimage from file ' . sanitize_text_field( str_replace( WPPA_CONTENT_PATH, '...', $file ) ) );
50
}
51
return $img;
52
}
@@ -55,13 +30,13 @@ function wppa_imagecreatefromjpeg( $file ) {
55
function wppa_imagecreatefromgif( $file ) {
56
57
if ( ! wppa_is_path_safe( $file ) && ! $_FILES ) {
58
- wppa_log( 'Err', 'Unsafe from path detected in wppa_imagecreatefromgif(): ' . sanitize_text_field( str_replace( WPPA_CONTENT_PATH, '...', $file ) ) );
59
return false;
60
}
61
62
$img = imagecreatefromgif( $file );
63
if ( ! $img ) {
64
- wppa_log( 'Err', 'Could not create memoryimage from file ' . sanitize_text_field( str_replace( WPPA_CONTENT_PATH, '...', $file ) ) );
65
}
66
return $img;
67
}
@@ -70,13 +45,13 @@ function wppa_imagecreatefromgif( $file ) {
70
function wppa_imagecreatefrompng( $file ) {
71
72
if ( ! wppa_is_path_safe( $file ) && ! $_FILES ) {
73
- wppa_log( 'Err', 'Unsafe from path detected in wppa_imagecreatefrompng(): ' . sanitize_text_field( str_replace( WPPA_CONTENT_PATH, '...', $file ) ) );
74
return false;
75
}
76
77
$img = imagecreatefrompng( $file );
78
if ( ! $img ) {
79
- wppa_log( 'Err', 'Could not create memoryimage from file ' . sanitize_text_field( str_replace( WPPA_CONTENT_PATH, '...', $file ) ) );
80
}
81
return $img;
82
}
@@ -85,13 +60,13 @@ function wppa_imagecreatefrompng( $file ) {
85
function wppa_getimagesize( $file ) {
86
87
if ( ! wppa_is_path_safe( $file ) ) {
88
- wppa_log( 'Err', 'Unsafe from path detected in wppa_getimagesize(): ' . sanitize_text_field( str_replace( WPPA_CONTENT_PATH, '...', $file ) ) );
89
return false;
90
}
91
92
$result = getimagesize( $file );
93
if ( ! $result ) {
94
- wppa_log( 'Err', 'Could not read image size from ' . sanitize_text_field( str_replace( WPPA_CONTENT_PATH, '...', $file ) ) );
95
}
96
return $result;
97
}
@@ -128,90 +103,92 @@ function wppa_imagepng( $image, $file, $prec = 0 ) {
128
// Wrapper for copy( $from, $to ) that verifies that the pathnames are safe for our application
129
// In case of unexpected operation: Generates a warning in the wppa log, and does not perform the copy.
130
function wppa_copy( $from, $to ) {
131
- global $wp_filesystem;
132
133
// First test if we are uploading
134
if ( ! wppa_is_path_safe( $from ) && $_FILES ) {
135
if ( ! wppa_is_path_safe( $to ) ) {
136
- wppa_log( 'Err', '1 Unsafe to path detected in wppa_copy(): ' . sanitize_text_field( $to ), true );
137
return false;
138
}
139
- return wppa_move_uploaded_file( $from, $to );
140
}
141
142
if ( ! wppa_is_path_safe( $from ) ) {
143
- wppa_log( 'Err', '2 Unsafe from path detected in wppa_copy(): ' . sanitize_text_field( $from ), true );
144
return false; // For diagnostic purposes, no return here yet
145
}
146
if ( ! wppa_is_path_safe( $to ) ) {
147
- wppa_log( 'Err', '3 Unsafe to path detected in wppa_copy(): ' . sanitize_text_field( $to ), true );
148
return false; // For diagnostic purposes, no return here yet
149
}
150
151
- wppa_init_fs();
152
- $bret = @ $wp_filesystem->copy( $from, $to, true, 0644 );
153
return $bret;
154
}
155
156
function wppa_filesize( $file ) {
157
- global $wp_filesystem;
158
159
if ( ! wppa_is_path_safe( $file ) ) {
160
- wppa_log( 'Err', 'Unsafe path detected in wppa_filesize(): ' . sanitize_text_field( $file ), true );
161
return false; // For diagnostic purposes, no return here yet
162
}
163
164
- wppa_init_fs();
165
- return $wp_filesystem->size( $file );
166
}
167
168
// Wrapper for move_uploaded_file( $from, $to ) that verifies that the pathnames are safe for our application
169
function wppa_move_uploaded_file( $from, $to ) {
170
- global $wp_filesystem;
171
172
if ( ! wppa_is_path_safe( $to ) ) {
173
- wppa_log( 'Err', 'Unsafe to path detected in wppa_move_uploaded_file(): ' . sanitize_text_field( $to ), true );
174
- return false; // For diagnostic purposes, no return here yet
175
}
176
if ( strpos( $from, '../' ) !== false ) {
177
$bret = false;
178
}
179
else {
180
- wppa_init_fs();
181
- $bret = $wp_filesystem->copy( $from, $to, 0644 );
182
if ( $bret ) {
183
- $wp_filesystem->delete( $from, false, 'f' );
184
}
185
}
186
- if ( ! $bret ) {
187
- wppa_log( 'Err', 'Could not move uploaded file ' . sanitize_text_field( $from ) . ' to ' . sanitize_text_field( $to ), true );
188
}
189
return $bret;
190
}
191
192
// Wrapper for rename
193
function wppa_rename( $from, $to ) {
194
- global $wp_filesystem;
195
196
- $bret = false;
197
if ( ! wppa_is_path_safe( $from ) ) {
198
- wppa_log( 'Err', 'Unsafe from path detected in wppa_rename(): ' . sanitize_text_field( $from ), true );
199
return false;
200
}
201
if ( ! wppa_is_path_safe( $to ) ) {
202
- wppa_log( 'Err', 'Unsafe to path detected in wppa_rename(): ' . sanitize_text_field( $to ), true );
203
return false;
204
}
205
206
- wppa_init_fs();
207
- if ( $wp_filesystem->exists( $from ) ) {
208
- $bret = $wp_filesystem->move( $from, $to );
209
- if ( ! $bret ) {
210
- wppa_log( 'Fso', 'Could not rename file ' . sanitize_text_field( $from ) . ' to ' . sanitize_text_field( $to ), true );
211
}
212
}
213
else {
214
- wppa_log( 'Fso', 'Could not rename non existent file ' . sanitize_text_field( $from ) . ' to ' . sanitize_text_field( $to ), true );
215
}
216
217
return $bret;
@@ -222,7 +199,7 @@ function wppa_fopen( $file, $mode ) {
222
223
// Is path safe?
224
if ( ! wppa_is_path_safe( $file ) ) {
225
- wppa_log( 'Err', 'Unsafe to path detected in wppa_fopen(): ' . sanitize_text_field( $file ), true );
226
return false; // For diagnostic purposes, no return here yet
227
}
228
@@ -239,24 +216,17 @@ function wppa_fopen( $file, $mode ) {
239
// Additional flags: WPPA_ONLYDIRS === GLOB_ONLYDIR, WPPA_ONLYFILES
240
define( 'WPPA_ONLYDIRS', GLOB_ONLYDIR );
241
define( 'WPPA_ONLYFILES', 1024 );
242
- function wppa_glob( $pattern, $flags = null, $wp_content = false ) {
243
- global $wp_filesystem;
244
245
// Is path safe?
246
$dir = dirname( $pattern );
247
if ( ! wppa_is_path_safe( $dir, $wp_content ) ) {
248
- wppa_log( 'Err', 'Unsafe path detected in wppa_glob(): ' . sanitize_text_field( $dir ), true );
249
return array();
250
}
251
252
// Get dirlist
253
- wppa_init_fs();
254
- $dirlist = $wp_filesystem->dirlist( dirname( $pattern ) );
255
-
256
- // Convert glob pattern to preg_match pattern
257
- $pregpat = str_replace( '.', '\.', basename( $pattern ) ); // Dot (.) to ecaped dot (\.)
258
- $pregpat = str_replace( '*', '.*', $pregpat ); // Any chars (*) to any number of any chars (*.)
259
- $pregpat = '/' . $pregpat . '/';
260
261
// Init result;
262
$result = array();
@@ -264,257 +234,283 @@ global $wp_filesystem;
264
// Process dirlist
265
if ( ! empty( $dirlist ) ) foreach( $dirlist as $item ) {
266
267
- if ( ! $flags || // if never mnd
268
- ( ( $flags & WPPA_ONLYDIRS ) && $item['type'] == 'd' ) || // or must be dir and is dir
269
- ( ( $flags & WPPA_ONLYFILES ) && $item['type'] == 'f' ) ) { // or must be file and is file
270
271
- if ( preg_match( $pregpat, $item['name'] ) ) { // and pattern matches
272
- $result[] = $dir . '/' . $item['name'];
273
}
274
}
275
}
276
277
- // wppa_log('obs', 'New = '.serialize($result));
278
- // $result = glob( $pattern, $flags | GLOB_NOSORT );
279
- // wppa_log('obs', 'Old = '.serialize($result));
280
-
281
return $result;
282
}
283
284
// Wrapper for unlink
285
function wppa_unlink( $file ) {
286
- global $wp_filesystem;
287
288
if ( ! wppa_is_path_safe( $file ) ) {
289
- wppa_log( 'Err', 'Unsafe path detected in wppa_unlink(): ' . sanitize_text_field( $file ), true );
290
return false;
291
}
292
293
- wppa_init_fs();
294
- $wp_filesystem->delete( $file, false, 'f' );
295
return true;
296
}
297
298
function wppa_mktree( $path ) {
299
300
if ( wppa_is_dir( $path ) ) {
301
- wppa_chmod( $path );
302
return true;
303
}
304
$bret = wppa_mktree( dirname( $path ) );
305
- if ( $bret ) wppa_mkdir( $path );
306
307
- return ( wppa_is_dir( $path ) );
308
}
309
310
// Wrapper for mkdir
311
function wppa_mkdir( $dir ) {
312
- global $wp_filesystem;
313
-
314
- wppa_init_fs();
315
316
// Path safe?
317
if ( ! wppa_is_path_safe( $dir ) ) {
318
- wppa_log( 'Err', 'Unsafe path detected in wppa_mkdir(): ' . sanitize_text_field( $dir ), true );
319
return false;
320
}
321
322
// Already exists?
323
- elseif ( wppa_is_dir( $dir ) ) {
324
- wppa_chmod( $path );
325
return true;
326
}
327
328
// Create dir
329
else {
330
- $wp_filesystem->mkdir( $dir, 0755 );
331
332
- if ( wppa_is_dir( $dir ) ) {
333
- wppa_log( 'Fso', 'Created path: ' . $dir );
334
return true;
335
}
336
else {
337
- wppa_log( 'Err', 'Could not create: ' . $dir );
338
return false;
339
}
340
}
341
}
342
343
function wppa_rmdir( $dir, $when_empty = false ) {
344
- global $wp_filesystem;
345
346
if ( ! wppa_is_dir( $dir ) ) return;
347
348
- wppa_init_fs();
349
350
// If $when_empty, do not remove when not empty
351
- if ( $when_empty ) {
352
- $files = wppa_glob( $dir . '/*' );
353
- if ( ! empty( $files ) ) {
354
- return;
355
}
356
- else {
357
- $wp_filesystem->rmdir( $dir );
358
- return;
359
}
360
}
361
362
- $wp_filesystem->rmdir( $dir, true );
363
- if ( wppa_is_dir( $dir ) ) {
364
- wppa_log( 'Err', 'Could not remove dir ' . sanitize_text_field( str_replace( WPPA_CONTENT_PATH, '...', $dir ) ) );
365
}
366
else {
367
- wppa_log( 'Fso', 'Successfully removed dir ' . sanitize_text_field( str_replace( WPPA_CONTENT_PATH, '...', $dir ) ) );
368
}
369
}
370
371
function wppa_chmod( $fso, $recursive = false ) {
372
- global $wp_filesystem;
373
374
$fso = rtrim( $fso, '/' );
375
376
if ( ! wppa_is_path_safe( $fso ) ) {
377
- wppa_log( 'Err', 'Unsafe path detected in wppa_chmod() ' . sanitize_text_field( $fso ), true );
378
return;
379
}
380
381
- wppa_init_fs();
382
-
383
- $perms = fileperms( $fso ) & 0777;
384
-
385
- if ( wppa_is_dir( $fso ) ) {
386
-
387
- // Check file permissions
388
- if ( 0755 !== ( $perms & 0755 ) ) {
389
-
390
- // If not sufficient, try to change
391
- @ $wp_filesystem->chmod( $fso, 0755, $recursive );
392
- clearstatcache();
393
-
394
- // If still no luck
395
- if ( 0755 !== ( fileperms( $fso ) & 0755 ) ) {
396
- wppa_log( 'Fso', sprintf( 'Unable to set filepermissions on %s from %o to 0755', $fso, $perms ) );
397
- }
398
- else {
399
- wppa_log( 'Fso', sprintf( 'Successfully set filepermissions on %s from %o to 0755', $fso, $perms ) );
400
- }
401
- }
402
- }
403
-
404
if ( is_file( $fso ) ) {
405
406
- // Check file permissions
407
- if ( 0644 !== ( fileperms( $fso ) & 0644 ) ) {
408
-
409
- // If not sufficient, try to change
410
- @ $wp_filesystem->chmod( $fso, 0644 );
411
- clearstatcache();
412
-
413
- // If still no luck
414
- if ( 0644 !== ( fileperms( $fso ) & 0644 ) ) {
415
- wppa_log( 'Fso', sprintf( 'Unable to set filepermissions on %s from %o to 0644', $fso, $perms ) );
416
- }
417
- else {
418
- wppa_log( 'Fso', sprintf( 'Successfully set filepermissions on %s from %o to 0644', $fso, $perms ) );
419
}
420
}
421
}
422
}
423
424
// Wrapper for is_dir
425
function wppa_is_dir( $dir ) {
426
- global $wp_filesystem;
427
428
if ( ! wppa_is_path_safe( $dir ) ) {
429
- wppa_log( 'Err', 'Unsafe path detected in wppa_is_dir(): ' . sanitize_text_field( $dir ), true );
430
return false;
431
}
432
433
- wppa_init_fs();
434
- if ( ! $wp_filesystem->exists( $dir ) ) {
435
- return false;
436
- }
437
- return $wp_filesystem->is_dir( $dir );
438
}
439
440
// Wrapper for is_file
441
function wppa_is_file( $path, $log = true ) {
442
- global $wp_filesystem;
443
444
if ( ! wppa_is_path_safe( $path ) ) {
445
- if ( $log ) wppa_log( 'Err', 'Unsafe path detected in wppa_is_file(): ' . sanitize_text_field( $path ), true );
446
return false;
447
}
448
449
- wppa_init_fs();
450
- if ( ! $wp_filesystem->exists( $path ) ) {
451
- return false;
452
- }
453
- return $wp_filesystem->is_file( $path );
454
}
455
456
- // Wrie an entire file
457
function wppa_put_contents( $path, $contents, $log = true ) {
458
- global $wp_filesystem;
459
460
if ( ! wppa_is_path_safe( $path ) ) {
461
- if ( $log ) wppa_log( 'Err', 'Unsafe path detected in wppa_put_contents(): ' . sanitize_text_field( $path ), true );
462
return false;
463
}
464
465
- wppa_init_fs();
466
- return $wp_filesystem->put_contents( $path, $contents, 0644 );
467
}
468
469
// Read an entire file
470
- function wppa_get_contents( $path ) {
471
- global $wp_filesystem;
472
473
- if ( ! wppa_is_path_safe( $path ) ) {
474
- wppa_log( 'Err', 'Unsafe path detected in wppa_get_contents(): ' . sanitize_text_field( $path ), true );
475
return false;
476
}
477
478
- wppa_init_fs();
479
- return $wp_filesystem->get_contents( $path );
480
}
481
482
// Read entire file into array
483
function wppa_get_contents_array( $path, $log = true ) {
484
- global $wp_filesystem;
485
486
if ( ! wppa_is_path_safe( $path ) ) {
487
- if ( $log ) wppa_log( 'Err', 'Unsafe path detected in wppa_get_contents_array(): ' . sanitize_text_field( $path ), true );
488
return false;
489
}
490
-
491
- wppa_init_fs();
492
- return $wp_filesystem->get_contents_array( $path );
493
}
494
495
// Utility to check if a given full filepath is safe to manipulate upon
496
function wppa_is_path_safe( $path, $wp_content = false ) {
497
global $wppa_lang;
498
global $wppa_log_file;
499
- global $wppa_log_file_new;
500
501
- // Check against phar deserialisation
502
if ( stripos( $path, 'phar://' ) !== false ) {
503
return false;
504
}
505
506
- if ( ! defined( 'WPPA_UPLOAD_PATH' ) ) return true; // During activation/setup
507
508
// The following files are safe to read or write to
509
$safe_files = array( WPPA_PATH . '/index.php',
510
WPPA_PATH . '/wppa-dump.txt',
511
WPPA_CONTENT_PATH . '/uploads/index.php',
512
$wppa_log_file,
513
- $wppa_log_file_new,
514
WPPA_CONTENT_PATH . '/plugins/wp-photo-album-plus/img/audiostub.jpg',
515
WPPA_CONTENT_PATH . '/plugins/wp-photo-album-plus/img/documentstub.png',
516
);
517
518
// The following root dirs are safe, including all their subdirs, to read/write into
519
$safe_roots = array( WPPA_CONTENT_PATH . '/uploads',
520
WPPA_CONTENT_PATH . '/wppa-depot',
@@ -535,24 +531,6 @@ global $wppa_log_file_new;
535
WPPA_UPLOAD_PATH . '/icons',
536
);
537
538
- // wp-content is only safe if explixitely asked for (glob in import proc)
539
- if ( $wp_content ) {
540
- $safe_roots[] = WPPA_CONTENT_PATH;
541
- }
542
-
543
- // Verify specific files
544
- foreach( array_keys( $safe_files ) as $key ) {
545
-
546
- if ( $path == $safe_files[$key] ) {
547
- return true;
548
- }
549
- }
550
-
551
- // It is ok to import a remote file
552
- if ( strpos( strtolower( $path ), 'http://' ) === 0 || strpos( strtolower( $path ), 'https://' ) === 0 ) {
553
- return true;
554
- }
555
-
556
// Verify roots
557
foreach( array_keys( $safe_roots ) as $key ) {
558
@@ -563,11 +541,6 @@ global $wppa_log_file_new;
563
// Starts the path with a safe root?
564
if ( strpos( $path, $safe_roots[$key] ) === 0 ) {
565
566
- // Funny chars in path?
567
- if ( $path != sanitize_text_field( $path ) ) {
568
- return false;
569
- }
570
-
571
// Path traversal attempt?
572
if ( strpos( $path, '../' ) !== false || strpos( $path, '/..' ) !== false ) {
573
return false;
@@ -699,3 +672,8 @@ function wppa_unserialize( $xstring, $is_session = false ) {
699
}
700
}
701
5
* Contains wrappers for standard php functions
6
* For security and bug reasons
7
*
8
+ * Version 7.1.09
9
*
10
*/
11
12
// To fix a bug in PHP as that photos made with the selfie camera of an android smartphone
13
// erroneously cause the PHP warning 'is not a valid JPEG file' and cause imagecreatefromjpag crash.
14
function wppa_imagecreatefromjpeg( $file ) {
15
16
if ( ! wppa_is_path_safe( $file ) && ! $_FILES ) {
17
+ wppa_log( 'Err', 'Unsafe from path detected in wppa_imagecreatefromjpeg(): ' . wppa_shortpath( $file ) );
18
return false;
19
}
20
ini_set( 'gd.jpeg_ignore_warning', true );
21
22
$img = imagecreatefromjpeg( $file );
23
if ( ! $img ) {
24
+ wppa_log( 'Err', 'Could not create memoryimage from file ' . wppa_shortpath( $file ) );
25
}
26
return $img;
27
}
30
function wppa_imagecreatefromgif( $file ) {
31
32
if ( ! wppa_is_path_safe( $file ) && ! $_FILES ) {
33
+ wppa_log( 'Err', 'Unsafe from path detected in wppa_imagecreatefromgif(): ' . wppa_shortpath( $file ) );
34
return false;
35
}
36
37
$img = imagecreatefromgif( $file );
38
if ( ! $img ) {
39
+ wppa_log( 'Err', 'Could not create memoryimage from file ' . wppa_shortpath( $file ) );
40
}
41
return $img;
42
}
45
function wppa_imagecreatefrompng( $file ) {
46
47
if ( ! wppa_is_path_safe( $file ) && ! $_FILES ) {
48
+ wppa_log( 'Err', 'Unsafe from path detected in wppa_imagecreatefrompng(): ' . wppa_shortpath( $file ) );
49
return false;
50
}
51
52
$img = imagecreatefrompng( $file );
53
if ( ! $img ) {
54
+ wppa_log( 'Err', 'Could not create memoryimage from file ' . wppa_shortpath( $file ) );
55
}
56
return $img;
57
}
60
function wppa_getimagesize( $file ) {
61
62
if ( ! wppa_is_path_safe( $file ) ) {
63
+ wppa_log( 'Err', 'Unsafe from path detected in wppa_getimagesize(): ' . wppa_shortpath( $file ) );
64
return false;
65
}
66
67
$result = getimagesize( $file );
68
if ( ! $result ) {
69
+ wppa_log( 'Err', 'Could not read image size from ' . wppa_shortpath( $file ) );
70
}
71
return $result;
72
}
103
// Wrapper for copy( $from, $to ) that verifies that the pathnames are safe for our application
104
// In case of unexpected operation: Generates a warning in the wppa log, and does not perform the copy.
105
function wppa_copy( $from, $to ) {
106
107
// First test if we are uploading
108
if ( ! wppa_is_path_safe( $from ) && $_FILES ) {
109
if ( ! wppa_is_path_safe( $to ) ) {
110
+ wppa_log( 'Err', '1 Unsafe to path detected in wppa_copy(): ' . wppa_shortpath( $to ), true );
111
return false;
112
}
113
+ $bret = wppa_move_uploaded_file( $from, $to );
114
+ return $bret;
115
}
116
117
if ( ! wppa_is_path_safe( $from ) ) {
118
+ wppa_log( 'Err', '2 Unsafe from path detected in wppa_copy(): ' . wppa_shortpath( $from ), true );
119
return false; // For diagnostic purposes, no return here yet
120
}
121
if ( ! wppa_is_path_safe( $to ) ) {
122
+ wppa_log( 'Err', '3 Unsafe to path detected in wppa_copy(): ' . wppa_shortpath( $to ), true );
123
return false; // For diagnostic purposes, no return here yet
124
}
125
126
+ $bret = copy( $from, $to );
127
+ wppa_log( 'Fso', wppa_shortpath( $from ) . ' copied to ' . wppa_shortpath( $to ) );
128
+ chmod( $to, 0644 );
129
return $bret;
130
}
131
132
function wppa_filesize( $file ) {
133
134
if ( ! wppa_is_path_safe( $file ) ) {
135
+ wppa_log( 'Err', 'Unsafe path detected in wppa_filesize(): ' . wppa_shortpath( $file ), true );
136
return false; // For diagnostic purposes, no return here yet
137
}
138
139
+ return filesize( $file );
140
}
141
142
// Wrapper for move_uploaded_file( $from, $to ) that verifies that the pathnames are safe for our application
143
function wppa_move_uploaded_file( $from, $to ) {
144
145
if ( ! wppa_is_path_safe( $to ) ) {
146
+ wppa_log( 'Err', 'Unsafe to path detected in wppa_move_uploaded_file(): ' . wppa_shortpath( $to ), true );
147
+ return false;
148
}
149
if ( strpos( $from, '../' ) !== false ) {
150
$bret = false;
151
}
152
else {
153
+
154
+ $bret = copy( $from, $to ); // Do NOT use wppa_copy here to prevent inf recursion from wppa_copy and wppa_move_uploaded_file
155
if ( $bret ) {
156
+ unlink( $from );
157
}
158
}
159
+ if ( $bret ) {
160
+ wppa_log( 'Fso', 'Uploaded file ' . wppa_shortpath( $from ) . ' moved to ' . wppa_shortpath( $to ) );
161
+ }
162
+ else {
163
+ wppa_log( 'Err', 'Could not move uploaded file ' . wppa_shortpath( $from ) . ' to ' . wppa_shortpath( $to ), true );
164
}
165
return $bret;
166
}
167
168
// Wrapper for rename
169
function wppa_rename( $from, $to ) {
170
171
if ( ! wppa_is_path_safe( $from ) ) {
172
+ wppa_log( 'Err', 'Unsafe from path detected in wppa_rename(): ' . wppa_shortpath( $from ), true );
173
return false;
174
}
175
if ( ! wppa_is_path_safe( $to ) ) {
176
+ wppa_log( 'Err', 'Unsafe to path detected in wppa_rename(): ' . wppa_shortpath( $to ), true );
177
return false;
178
}
179
180
+ $bret = false;
181
+ if ( file_exists( $from ) ) {
182
+ $bret = rename( $from, $to );
183
+ if ( $bret ) {
184
+ wppa_log( 'Fso', wppa_shortpath( $from ) . ' renamed to ' . wppa_shortpath( $to ) );
185
+ }
186
+ else {
187
+ wppa_log( 'Fso', 'Could not rename file ' . wppa_shortpath( $from ) . ' to ' . wppa_shortpath( $to ), true );
188
}
189
}
190
else {
191
+ wppa_log( 'Fso', 'Could not rename non existent file ' . wppa_shortpath( $from ) . ' to ' . wppa_shortpath( $to ), true );
192
}
193
194
return $bret;
199
200
// Is path safe?
201
if ( ! wppa_is_path_safe( $file ) ) {
202
+ wppa_log( 'Err', 'Unsafe to path detected in wppa_fopen(): ' . wppa_shortpath( $file ), true );
203
return false; // For diagnostic purposes, no return here yet
204
}
205
216
// Additional flags: WPPA_ONLYDIRS === GLOB_ONLYDIR, WPPA_ONLYFILES
217
define( 'WPPA_ONLYDIRS', GLOB_ONLYDIR );
218
define( 'WPPA_ONLYFILES', 1024 );
219
+ function wppa_glob( $pattern, $flags = 0, $wp_content = false ) {
220
221
// Is path safe?
222
$dir = dirname( $pattern );
223
if ( ! wppa_is_path_safe( $dir, $wp_content ) ) {
224
+ wppa_log( 'Err', 'Unsafe path detected in wppa_glob(): ' . wppa_shortpath( $dir ), true );
225
return array();
226
}
227
228
// Get dirlist
229
+ $dirlist = glob( $pattern, $flags );
230
231
// Init result;
232
$result = array();
234
// Process dirlist
235
if ( ! empty( $dirlist ) ) foreach( $dirlist as $item ) {
236
237
+ if ( ! $flags || // if don't care
238
+ ( ( $flags & WPPA_ONLYDIRS ) && is_dir( $item ) ) || // or must be dir and is dir
239
+ ( ( $flags & WPPA_ONLYFILES ) && is_file( $item ) ) ) { // or must be file and is file
240
241
+ if ( basename( $item ) != '.' && basename( $item ) != '..' ) { // if its not a virtual dir
242
+ $result[] = $item; // Add to result
243
}
244
}
245
}
246
247
return $result;
248
}
249
250
// Wrapper for unlink
251
function wppa_unlink( $file ) {
252
253
if ( ! wppa_is_path_safe( $file ) ) {
254
+ wppa_log( 'Err', 'Unsafe path detected in wppa_unlink(): ' . wppa_shortpath( $file ), true );
255
return false;
256
}
257
258
+ if ( is_file( $file ) ) {
259
+ unlink( $file );
260
+ clearstatcache();
261
+ if ( ! is_file ( $file ) ) {
262
+ wppa_log( 'Fso', wppa_shortpath( $file ) . ' removed' );
263
+ }
264
+ }
265
return true;
266
}
267
268
+ // Make directory tree recursively
269
function wppa_mktree( $path ) {
270
271
if ( wppa_is_dir( $path ) ) {
272
+ chmod( $path, 0755 );
273
return true;
274
}
275
$bret = wppa_mktree( dirname( $path ) );
276
+ if ( $bret ) {
277
+ wppa_mkdir( $path );
278
+ }
279
280
+ return ( is_dir( $path ) );
281
}
282
283
// Wrapper for mkdir
284
function wppa_mkdir( $dir ) {
285
286
// Path safe?
287
if ( ! wppa_is_path_safe( $dir ) ) {
288
+ wppa_log( 'Err', 'Unsafe path detected in wppa_mkdir(): ' . wppa_shortpath( $dir ), true );
289
return false;
290
}
291
292
// Already exists?
293
+ elseif ( is_dir( $dir ) ) {
294
+ chmod( $dir, 0755 );
295
return true;
296
}
297
298
// Create dir
299
else {
300
+ mkdir( $dir );
301
302
+ if ( is_dir( $dir ) ) {
303
+ chmod( $dir, 0755 );
304
+ wppa_log( 'Fso', 'Created path ' . wppa_shortpath( $dir ) );
305
return true;
306
}
307
else {
308
+ wppa_log( 'Err', 'Could not create ' . wppa_shortpath( $dir ) );
309
return false;
310
}
311
}
312
}
313
314
function wppa_rmdir( $dir, $when_empty = false ) {
315
316
+ // If not exists, we're done
317
if ( ! wppa_is_dir( $dir ) ) return;
318
319
+ // Get content of the dir
320
+ $files = wppa_glob( $dir . '/*' );
321
322
// If $when_empty, do not remove when not empty
323
+ if ( $when_empty && ! empty( $files ) ) {
324
+ return;
325
+ }
326
+
327
+ // Remove all files
328
+ foreach( $files as $file ) {
329
+ if ( is_file( $file ) ) {
330
+ unlink( $file );
331
}
332
+ }
333
+
334
+ // Empty all dirs
335
+ foreach( $files as $file ) {
336
+ if ( is_dir( $file ) ) {
337
+ wppa_rmdir( $file );
338
}
339
}
340
341
+ // Remove dir
342
+ $files = glob( $dir . '/*' );
343
+ if ( empty( $files ) ) {
344
+ rmdir( $dir );
345
+ }
346
+ if ( is_dir( $dir ) ) {
347
+ wppa_log( 'Err', 'Could not remove dir ' . wppa_shortpath( $dir ) );
348
}
349
else {
350
+ wppa_log( 'Fso', 'Successfully removed dir ' . wppa_shortpath( $dir ) );
351
}
352
+ return;
353
}
354
355
function wppa_chmod( $fso, $recursive = false ) {
356
357
$fso = rtrim( $fso, '/' );
358
359
+ // Check for valid path
360
if ( ! wppa_is_path_safe( $fso ) ) {
361
+ wppa_log( 'Err', 'Unsafe path detected in wppa_chmod() ' . wppa_shortpath( $fso ), true );
362
return;
363
}
364
365
+ // Process file
366
if ( is_file( $fso ) ) {
367
+ chmod( $fso, 0644 );
368
+ }
369
370
+ // Process dir
371
+ else {
372
+ chmod( $fso, 0755 );
373
+ if ( $recursive ) {
374
+ $files = wppa_glob( $fso . '/*' );
375
+ foreach( $files as $file ) {
376
+ wppa_chmod( $file, true );
377
}
378
}
379
}
380
+
381
+ return;
382
}
383
384
// Wrapper for is_dir
385
function wppa_is_dir( $dir ) {
386
387
if ( ! wppa_is_path_safe( $dir ) ) {
388
+ wppa_log( 'Err', 'Unsafe path detected in wppa_is_dir(): ' . wppa_shortpath( $dir ), true );
389
return false;
390
}
391
392
+ $bret = is_dir( $dir );
393
+ return $bret;
394
}
395
396
// Wrapper for is_file
397
function wppa_is_file( $path, $log = true ) {
398
399
if ( ! wppa_is_path_safe( $path ) ) {
400
+ if ( $log ) wppa_log( 'Err', 'Unsafe path detected in wppa_is_file(): ' . wppa_shortpath( $path ), true );
401
return false;
402
}
403
404
+ $bret = is_file( $path );
405
+ return $bret;
406
}
407
408
+ // Write an entire file
409
function wppa_put_contents( $path, $contents, $log = true ) {
410
411
if ( ! wppa_is_path_safe( $path ) ) {
412
+ if ( $log ) wppa_log( 'Err', 'Unsafe path detected in wppa_put_contents(): ' . wppa_shortpath( $path ), true );
413
return false;
414
}
415
416
+ $fp = @fopen( $path, 'wb' );
417
+ if ( ! $fp )
418
+ return false;
419
+
420
+ mbstring_binary_safe_encoding();
421
+
422
+ $data_length = strlen( $contents );
423
+
424
+ $bytes_written = fwrite( $fp, $contents );
425
+
426
+ reset_mbstring_encoding();
427
+
428
+ fclose( $fp );
429
+
430
+ if ( $data_length !== $bytes_written ) {
431
+ return false;
432
+ }
433
+
434
+ chmod( $path, 0644 );
435
+
436
+ return true;
437
}
438
439
// Read an entire file
440
+ function wppa_get_contents( $file ) {
441
442
+ if ( ! wppa_is_path_safe( $file ) ) {
443
+ wppa_log( 'Err', 'Unsafe path detected in wppa_get_contents(): ' . wppa_shortpath( $path ), true );
444
return false;
445
}
446
447
+ if ( is_file( $file ) ) {
448
+ $result = file_get_contents( $file );
449
+ }
450
+ else {
451
+ $result = false;
452
+ }
453
+ return $result;
454
}
455
456
// Read entire file into array
457
function wppa_get_contents_array( $path, $log = true ) {
458
459
if ( ! wppa_is_path_safe( $path ) ) {
460
+ if ( $log ) wppa_log( 'Err', 'Unsafe path detected in wppa_get_contents_array(): ' . wppa_shortpath( $path ), true );
461
return false;
462
}
463
+ if ( is_file( $path ) ) {
464
+ $result = file( $path );
465
+ }
466
+ else {
467
+ $result = false;
468
+ }
469
+ return $result;
470
}
471
472
// Utility to check if a given full filepath is safe to manipulate upon
473
function wppa_is_path_safe( $path, $wp_content = false ) {
474
global $wppa_lang;
475
global $wppa_log_file;
476
477
+ // Unsafe protocols
478
if ( stripos( $path, 'phar://' ) !== false ) {
479
return false;
480
}
481
482
+ // Safe protocols
483
+ if ( strpos( strtolower( $path ), 'http://' ) === 0 ) {
484
+ return true;
485
+ }
486
+ if ( strpos( strtolower( $path ), 'https://' ) === 0 ) {
487
+ return true;
488
+ }
489
+
490
+ // During activation/setup
491
+ if ( ! defined( 'WPPA_UPLOAD_PATH' ) ) return true;
492
493
// The following files are safe to read or write to
494
$safe_files = array( WPPA_PATH . '/index.php',
495
WPPA_PATH . '/wppa-dump.txt',
496
WPPA_CONTENT_PATH . '/uploads/index.php',
497
$wppa_log_file,
498
WPPA_CONTENT_PATH . '/plugins/wp-photo-album-plus/img/audiostub.jpg',
499
WPPA_CONTENT_PATH . '/plugins/wp-photo-album-plus/img/documentstub.png',
500
);
501
502
+ // Verify specific files
503
+ if ( in_array( $path, $safe_files ) ) {
504
+ return true;
505
+ }
506
+
507
+ // wp-content is only safe if explixitely asked for (glob in import proc)
508
+ if ( $wp_content ) {
509
+ if ( strpos( $path, WPPA_CONTENT_PATH ) === 0 ) {
510
+ return true;
511
+ }
512
+ }
513
+
514
// The following root dirs are safe, including all their subdirs, to read/write into
515
$safe_roots = array( WPPA_CONTENT_PATH . '/uploads',
516
WPPA_CONTENT_PATH . '/wppa-depot',
531
WPPA_UPLOAD_PATH . '/icons',
532
);
533
534
// Verify roots
535
foreach( array_keys( $safe_roots ) as $key ) {
536
541
// Starts the path with a safe root?
542
if ( strpos( $path, $safe_roots[$key] ) === 0 ) {
543
544
// Path traversal attempt?
545
if ( strpos( $path, '../' ) !== false || strpos( $path, '/..' ) !== false ) {
546
return false;
672
}
673
}
674
675
+ function wppa_shortpath( $path ) {
676
+
677
+ $result = str_replace( WPPA_ABSPATH, '.../', $path );
678
+ return $result;
679
+ }
wppa.php CHANGED
@@ -2,7 +2,7 @@
2
/*
3
* Plugin Name: WP Photo Album Plus
4
* Description: Easily manage and display your photo albums and slideshows within your WordPress site.
5
- * Version: 7.1.08.004
6
* Author: J.N. Breetvelt a.k.a. OpaJaap
7
* Author URI: http://wppa.opajaap.nl/
8
* Plugin URI: http://wordpress.org/extend/plugins/wp-photo-album-plus/
@@ -22,8 +22,8 @@ global $wpdb;
22
global $wp_version;
23
24
/* WPPA GLOBALS */
25
- global $wppa_revno; $wppa_revno = '7108'; // WPPA db version
26
- global $wppa_api_version; $wppa_api_version = '7.1.08.004'; // WPPA software version
27
28
/* Init page js data */
29
global $wppa_js_page_data; $wppa_js_page_data = '';
@@ -127,8 +127,6 @@ define( 'WPPA_CONTENT_URL', content_url() );
127
// $path = str_replace( WPPA_CONTENT_URL, SWPPA_CONTENT_PATH, $url );
128
// $url = str_replace( WPPA_CONTENT_PATH, SWPPA_CONTENT_URL, $path );
129
130
- global $wppa_log_file; $wppa_log_file = WPPA_CONTENT_PATH . '/wppa-log.txt';
131
-
132
define( 'WPPA_NONCE' , 'wppa-update-check' );
133
134
// set WPPA_DEBUG to true to produces success/fale messages during setup and sets debug switch on.
2
/*
3
* Plugin Name: WP Photo Album Plus
4
* Description: Easily manage and display your photo albums and slideshows within your WordPress site.
5
+ * Version: 7.1.09
6
* Author: J.N. Breetvelt a.k.a. OpaJaap
7
* Author URI: http://wppa.opajaap.nl/
8
* Plugin URI: http://wordpress.org/extend/plugins/wp-photo-album-plus/
22
global $wp_version;
23
24
/* WPPA GLOBALS */
25
+ global $wppa_revno; $wppa_revno = '7109'; // WPPA db version
26
+ global $wppa_api_version; $wppa_api_version = '7.1.09.001'; // WPPA software version
27
28
/* Init page js data */
29
global $wppa_js_page_data; $wppa_js_page_data = '';
127
// $path = str_replace( WPPA_CONTENT_URL, SWPPA_CONTENT_PATH, $url );
128
// $url = str_replace( WPPA_CONTENT_PATH, SWPPA_CONTENT_URL, $path );
129
130
define( 'WPPA_NONCE' , 'wppa-update-check' );
131
132
// set WPPA_DEBUG to true to produces success/fale messages during setup and sets debug switch on.