WP Photo Album Plus - Version 7.3.13.004

Version Description

= 7.3.12 =

This version addresses various bug fixes and feature requests.

Release Info

Developer	opajaap
Plugin	WP Photo Album Plus
Version	7.3.13.004
Comparing to
See all releases

Code changes from version 7.3.12.008 to 7.3.13.004

Files changed (10) hide show

changelog.txt +5 -0
readme.txt +2 -2
wppa-album-admin-autosave.php +20 -11
wppa-album-covers.php +32 -28
wppa-filter.php +2 -2
wppa-functions.php +4 -4
wppa-import.php +7 -7
wppa-photo-admin-autosave.php +5 -4
wppa-wrappers.php +4 -4
wppa.php +3 -3

changelog.txt CHANGED Viewed

	@@ -1,5 +1,10 @@
1	WP Photo Album Plus Changelog
2





3	= 7.3.12 =
4
5	* The cursor on album cover images where cover type is imagefactory(-mcr) and the link is lightbox,


1	WP Photo Album Plus Changelog
2
3	+ = 7.3.13 =
4	+
5	+ * Various security fixes.
6	+ * The nesting level on the album admin page will now only show up when you use the max level limitation in Table VII-B1.0, i.e. the value <> 99.
7	+
8	= 7.3.12 =
9
10	* The cursor on album cover images where cover type is imagefactory(-mcr) and the link is lightbox,

readme.txt CHANGED Viewed

	@@ -2,8 +2,8 @@
2	Contributors: opajaap
3	Donate link: https://www.paypal.com/cgi-bin/webscr?cmd=_donations&business=OpaJaap@OpaJaap.nl&item_name=WP-Photo-Album-Plus&item_number=Support-Open-Source&currency_code=USD&lc=US
4	Tags: photo, album, slideshow, video, audio, lightbox, iptc, exif, cloudinary, fotomoto, imagemagick, pdf
5	- Version: 7.3.12.~~008~~
6	- Stable tag: 7.3.12.~~007~~
7	Author: J.N. Breetvelt
8	Author URI: http://www.opajaap.nl/
9	Requires at least: 3.9


2	Contributors: opajaap
3	Donate link: https://www.paypal.com/cgi-bin/webscr?cmd=_donations&business=OpaJaap@OpaJaap.nl&item_name=WP-Photo-Album-Plus&item_number=Support-Open-Source&currency_code=USD&lc=US
4	Tags: photo, album, slideshow, video, audio, lightbox, iptc, exif, cloudinary, fotomoto, imagemagick, pdf
5	+ Version: 7.3.13.004
6	+ Stable tag: 7.3.12.008
7	Author: J.N. Breetvelt
8	Author URI: http://www.opajaap.nl/
9	Requires at least: 3.9

wppa-album-admin-autosave.php CHANGED Viewed

	@@ -3,7 +3,7 @@
3	* Package: wp-photo-album-plus
4	*
5	* create, edit and delete albums
6	- * Version 7.3.12
7	*
8	*/
9
	@@ -991,8 +991,8 @@ global $wppa_revno;
991	value="' . $page['ID'] . '"' .
992	( $linkpage == $page['ID'] ? ' selected="selected"' : '' ) .
993	' >' .
994	- __( $page['post_title'] ) .
995	- ( $page['post_type'] == 'post' ? ' (' . $page['post_date'] . ')' : '' ) .
996	'</option>';
997	}
998	echo '
	@@ -1607,6 +1607,7 @@ global $wpdb;
1607
1608	$downimg = '<img src="'.wppa_get_imgdir().'down.png" alt="down" style=" height:12px; position:relative; top:2px; " />';
1609	$upimg = '<img src="'.wppa_get_imgdir().'up.png" alt="up" style=" height:12px; position:relative; top:2px; " />';

1610
1611	wppa_album_table_pagination( $page, $count );
1612
	@@ -1616,9 +1617,11 @@ global $wpdb;
1616	<thead>
1617	<tr>
1618	<?php $url = get_admin_url().'admin.php?page=wppa_admin_menu&order_by='; ?>
1619	- <td style="min-width: 50px;" title="<?php ~~esc_attr(~~ ~~_e(~~ ~~'The album id (the nesting level)', 'wp-photo-album-plus' ) ) ?>" >~~


1620	<a href="<?php echo wppa_dbg_url($url.'id') ?>">
1621	- <?php _e('ID(nl)', 'wp-photo-album-plus');
1622	if ($order == 'id') {
1623	if ( $reverse ) echo $upimg;
1624	else echo $downimg;
	@@ -1712,7 +1715,7 @@ global $wpdb;
1712	// $pendcount = $wpdb->get_var($wpdb->prepare("SELECT COUNT(*) FROM $wpdb->wppa_photos WHERE album=%s AND status=%s", $album['id'], 'pending'));
1713	?>
1714	<tr <?php echo($alt); if ($pendcount) echo 'style="background-color:#ffdddd"' ?>>
1715	- <td><?php echo($album['id'] . '('. wppa_get_nesting_level($album['id']).')') ?></td>
1716	<td><?php echo(esc_attr(__(stripslashes($album['name'])))) ?></td>
1717	<td><small><?php echo(esc_attr(__(stripslashes($album['description'])))) ?></small></td>
1718	<?php if (current_user_can('administrator')) { ?>
	@@ -1781,7 +1784,7 @@ global $wpdb;
1781	<?php $url = get_admin_url().'admin.php?page=wppa_admin_menu&order_by='; ?>
1782	<td >
1783	<a href="<?php echo wppa_dbg_url($url.'id') ?>">
1784	- <?php _e('ID', 'wp-photo-album-plus');
1785	if ($order == 'id') {
1786	if ( $reverse ) echo $upimg;
1787	else echo $downimg;
	@@ -1883,6 +1886,7 @@ global $wpdb;
1883	$page = '1';
1884	$skips = '0';
1885	$pages = '1';

1886
1887	// Find out what page to show
1888	if ( $pagesize ) {
	@@ -2074,9 +2078,11 @@ global $wpdb;
2074	<img src="<?php echo wppa_get_imgdir().'arrow.gif' ?>" style="height:16px;" title="<?php _e('Expand subalbums', 'wp-photo-album-plus') ?>" />
2075	</td>
2076	<?php $url = get_admin_url().'admin.php?page=wppa_admin_menu&order_by='; ?>
2077	- <td ~~colspan="6"~~ style="min-width: 50px;" title="<?php ~~esc_attr(~~ ~~_e(~~ ~~'The album id (the nesting level)', 'wp-photo-album-plus' ) ) ?>" >~~


2078	<a href="<?php echo wppa_dbg_url($url.'id') ?>">
2079	- <?php _e('ID(nl)', 'wp-photo-album-plus');
2080	if ($order == 'id') {
2081	if ( $reverse ) echo $upimg;
2082	else echo $downimg;
	@@ -2185,7 +2191,7 @@ global $wpdb;
2185	<?php $url = get_admin_url().'admin.php?page=wppa_admin_menu&order_by='; ?>
2186	<td colspan="6" >
2187	<a href="<?php echo wppa_dbg_url($url.'id') ?>">
2188	- <?php _e('ID', 'wp-photo-album-plus');
2189	if ($order == 'id') {
2190	if ( $reverse ) echo $upimg;
2191	else echo $downimg;
	@@ -2465,6 +2471,9 @@ global $wpdb;
2465	function wppa_do_albumlist( $parent, $nestinglevel, $albums, $seq ) {
2466	global $wpdb;
2467



2468	$alt = true;
2469
2470	foreach ( array_keys( $seq ) as $s ) { // Obey the global sequence
	@@ -2566,7 +2575,7 @@ global $wpdb;
2566	echo '</td>';
2567
2568	// The album id td element
2569	- echo '<td style="padding:2px;" >' . $id . '('. wppa_get_nesting_level( $album['id'] ) . ')</td>';
2570
2571	// Fillers after the arrow
2572	$i = $indent;


3	* Package: wp-photo-album-plus
4	*
5	* create, edit and delete albums
6	+ * Version 7.3.13
7	*
8	*/
9

991	value="' . $page['ID'] . '"' .
992	( $linkpage == $page['ID'] ? ' selected="selected"' : '' ) .
993	' >' .
994	+ __( htmlspecialchars( $page['post_title'] ) ) .
995	+ ( $page['post_type'] == 'post' ? ' (' . htmlspecialchars( $page['post_date'] ) . ')' : '' ) .
996	'</option>';
997	}
998	echo '

1607
1608	$downimg = '<img src="'.wppa_get_imgdir().'down.png" alt="down" style=" height:12px; position:relative; top:2px; " />';
1609	$upimg = '<img src="'.wppa_get_imgdir().'up.png" alt="up" style=" height:12px; position:relative; top:2px; " />';
1610	+ $show_nl = wppa_opt( 'user_create_max_level' ) != '99';
1611
1612	wppa_album_table_pagination( $page, $count );
1613

1617	<thead>
1618	<tr>
1619	<?php $url = get_admin_url().'admin.php?page=wppa_admin_menu&order_by='; ?>
1620	+ <td style="min-width: 50px;" title="<?php $show_nl ?
1621	+ esc_attr( _e( 'The album id (the nesting level)', 'wp-photo-album-plus' ) ) :
1622	+ esc_attr( _e( 'The album id', 'wp-photo-album-plus' ) ) ?>" >
1623	<a href="<?php echo wppa_dbg_url($url.'id') ?>">
1624	+ <?php $show_nl ? _e( 'ID(nl)', 'wp-photo-album-plus' ) : _e( 'ID', 'wp-photo-album-plus' );
1625	if ($order == 'id') {
1626	if ( $reverse ) echo $upimg;
1627	else echo $downimg;

1715	// $pendcount = $wpdb->get_var($wpdb->prepare("SELECT COUNT(*) FROM $wpdb->wppa_photos WHERE album=%s AND status=%s", $album['id'], 'pending'));
1716	?>
1717	<tr <?php echo($alt); if ($pendcount) echo 'style="background-color:#ffdddd"' ?>>
1718	+ <td><?php echo($album['id'] . ( $show_nl ? '('. wppa_get_nesting_level($album['id']).')' : '' ) ) ?></td>
1719	<td><?php echo(esc_attr(__(stripslashes($album['name'])))) ?></td>
1720	<td><small><?php echo(esc_attr(__(stripslashes($album['description'])))) ?></small></td>
1721	<?php if (current_user_can('administrator')) { ?>

1784	<?php $url = get_admin_url().'admin.php?page=wppa_admin_menu&order_by='; ?>
1785	<td >
1786	<a href="<?php echo wppa_dbg_url($url.'id') ?>">
1787	+ <?php $show_nl ? _e( 'ID(nl)', 'wp-photo-album-plus' ) : _e( 'ID', 'wp-photo-album-plus' );
1788	if ($order == 'id') {
1789	if ( $reverse ) echo $upimg;
1790	else echo $downimg;

1886	$page = '1';
1887	$skips = '0';
1888	$pages = '1';
1889	+ $show_nl = wppa_opt( 'user_create_max_level' ) != '99';
1890
1891	// Find out what page to show
1892	if ( $pagesize ) {

2078	<img src="<?php echo wppa_get_imgdir().'arrow.gif' ?>" style="height:16px;" title="<?php _e('Expand subalbums', 'wp-photo-album-plus') ?>" />
2079	</td>
2080	<?php $url = get_admin_url().'admin.php?page=wppa_admin_menu&order_by='; ?>
2081	+ <td style="min-width: 50px;" title="<?php $show_nl ?
2082	+ esc_attr( _e( 'The album id (the nesting level)', 'wp-photo-album-plus' ) ) :
2083	+ esc_attr( _e( 'The album id', 'wp-photo-album-plus' ) ) ?>" >
2084	<a href="<?php echo wppa_dbg_url($url.'id') ?>">
2085	+ <?php $show_nl ? _e( 'ID(nl)', 'wp-photo-album-plus' ) : _e( 'ID', 'wp-photo-album-plus' );
2086	if ($order == 'id') {
2087	if ( $reverse ) echo $upimg;
2088	else echo $downimg;

2191	<?php $url = get_admin_url().'admin.php?page=wppa_admin_menu&order_by='; ?>
2192	<td colspan="6" >
2193	<a href="<?php echo wppa_dbg_url($url.'id') ?>">
2194	+ <?php $show_nl ? _e( 'ID(nl)', 'wp-photo-album-plus' ) : _e( 'ID', 'wp-photo-album-plus' );
2195	if ($order == 'id') {
2196	if ( $reverse ) echo $upimg;
2197	else echo $downimg;

2471	function wppa_do_albumlist( $parent, $nestinglevel, $albums, $seq ) {
2472	global $wpdb;
2473
2474	+ // IUnit
2475	+ $show_nl = wppa_opt( 'user_create_max_level' ) != '99';
2476	+
2477	$alt = true;
2478
2479	foreach ( array_keys( $seq ) as $s ) { // Obey the global sequence

2575	echo '</td>';
2576
2577	// The album id td element
2578	+ echo '<td style="padding:2px;" >' . $id . ( $show_nl ? '(' . wppa_get_nesting_level( $album['id'] ) . ')' : '' ) . '</td>';
2579
2580	// Fillers after the arrow
2581	$i = $indent;

wppa-album-covers.php CHANGED Viewed

	@@ -3,7 +3,7 @@
3	* Package: wp-photo-album-plus
4	*
5	* Functions for album covers
6	- * Version 7.3.~~012~~
7	*
8	*/
9
	@@ -1459,13 +1459,19 @@ static $cached_cover_photo_ids;
1459	}
1460	}
1461








1462	// main_photo is 0? Default
1463	if ( '0' == $id ) {
1464	$id = wppa_opt( 'main_photo' );
1465	}
1466
1467	- // Make the private clause
1468	- $non_private = is_user_logged_in() ? "" : "AND status <> 'private' ";
1469
1470	// main_photo is -9: Random
1471	if ( '-9' == $id ) {
	@@ -1483,7 +1489,7 @@ static $cached_cover_photo_ids;
1483	$non_private
1484	AND ( ( status <> 'pending' AND status <> 'scheduled' ) OR owner = %s )
1485	ORDER BY RAND(%d)
1486	- LIMIT %d", $alb, $rs, ~~wppa_get_user()~~, $count ), ARRAY_A );
1487	}
1488	}
1489
	@@ -1502,56 +1508,54 @@ static $cached_cover_photo_ids;
1502	$non_private
1503	AND ( ( status <> 'pending' AND status <> 'scheduled' ) OR owner = %s )
1504	ORDER BY timestamp DESC
1505	- LIMIT %d", $alb, ~~wppa_get_user()~~, $count ), ARRAY_A );
1506	}
1507	}
1508
1509	// main_phtot is -1? Random featured
1510	if ( '-1' == $id ) {
1511	- $rs = wppa_get_randseed( 'page' );
1512	$temp = $wpdb->get_results( $wpdb->prepare( "SELECT * FROM $wpdb->wppa_photos
1513	WHERE album = %s AND status = 'featured'
1514	- ORDER BY RAND(%d) LIMIT %d",$alb, $rs, $count ), ARRAY_A );
1515	}
1516	- ~~/hbi/~~
1517	// Random from children
1518	if ( '-3' == $id ) {
1519	- $~~allalb~~ = ~~wppa_expand_enum~~( ~~wppa_alb_to_enum_children~~( ~~$alb~~ ) );
1520	- ~~$temp~~ = ~~$wpdb->get_results~~( $~~wpdb->prepare(~~
1521	- ~~"SELECT * FROM~~ $~~wpdb->wppa_photos " .~~
1522	- ~~"WHERE~~ ~~album~~ IN ( " . ~~str_replace(~~ '.', ',', ~~$allalb~~ ) . " ) " .
1523	- $~~non_private~~ .
1524	- "~~AND~~ ( ( ~~status <> 'pending' AND status <> 'scheduled'~~ ) OR ~~owner = %s~~ ) ~~" .~~
1525	- "ORDER BY RAND( " . wppa_get_randseed( 'page' ) . " ) LIMIT %d", wppa_get_user(), $count ), ARRAY_A );
1526	}
1527
1528	// Most recent from children
1529	if ( '-4' == $id ) {
1530	- ~~$allalb = wppa_expand_enum( wppa_alb_to_enum_children( $alb ) );~~
1531	- $temp = $wpdb->get_results( $wpdb->prepare(
1532	- ~~"SELECT~~ * ~~FROM~~ $~~wpdb->wppa_photos~~ ~~" .~~
1533	- ~~"WHERE album IN ( " . str_replace( '.', ',',~~ $~~allalb ) . " ) " .~~
1534	- ~~$non_private~~ .
1535	- ~~"AND~~ ( ( ~~status~~ <> ~~'pending'~~ ~~AND~~ ~~status~~ ~~<> 'scheduled'~~ ) OR ~~owner = %s~~ ) ~~" .~~
1536	- "ORDER BY timestamp DESC LIMIT %d", wppa_get_user(), $count ), ARRAY_A );
1537	}
1538
1539	// Imagefactory multiple like album photo order
1540	if ( '-5' == $id ) {

1541	if ( current_user_can( 'wppa_moderate' ) ) {
1542	$temp = $wpdb->get_results( $wpdb->prepare( "SELECT * FROM $wpdb->wppa_photos
1543	- WHERE album = %s ~~" .~~
1544	- $non_private .
1545	- ~~wppa_get_photo_order(~~ $~~alb ) . "~~
1546	LIMIT %d", $alb, $count ), ARRAY_A );
1547	}
1548	else {
1549	$temp = $wpdb->get_results( $wpdb->prepare( "SELECT * FROM $wpdb->wppa_photos
1550	WHERE album = %s
1551	$non_private
1552	- AND ( ( status <> 'pending' AND status <> 'scheduled' ) OR owner = %s ) ~~" .~~
1553	- ~~wppa_get_photo_order(~~ $~~alb ) . "~~
1554	- LIMIT %d", $alb, ~~wppa_get_user()~~, $count ), ARRAY_A );
1555	}
1556	}
1557


3	* Package: wp-photo-album-plus
4	*
5	* Functions for album covers
6	+ * Version 7.3.13
7	*
8	*/
9

1459	}
1460	}
1461
1462	+ // Make the private clause
1463	+ $non_private = is_user_logged_in() ? "" : "AND status <> 'private' ";
1464	+
1465	+ // Other inits
1466	+ $user = wppa_get_user();
1467	+ $rand = wppa_get_randseed( 'page' );
1468	+ $allalb = str_replace( '.', ',', wppa_expand_enum( wppa_alb_to_enum_children( $alb ) ) );
1469	+
1470	// main_photo is 0? Default
1471	if ( '0' == $id ) {
1472	$id = wppa_opt( 'main_photo' );
1473	}
1474


1475
1476	// main_photo is -9: Random
1477	if ( '-9' == $id ) {

1489	$non_private
1490	AND ( ( status <> 'pending' AND status <> 'scheduled' ) OR owner = %s )
1491	ORDER BY RAND(%d)
1492	+ LIMIT %d", $alb, $rs, $user, $count ), ARRAY_A );
1493	}
1494	}
1495

1508	$non_private
1509	AND ( ( status <> 'pending' AND status <> 'scheduled' ) OR owner = %s )
1510	ORDER BY timestamp DESC
1511	+ LIMIT %d", $alb, $user, $count ), ARRAY_A );
1512	}
1513	}
1514
1515	// main_phtot is -1? Random featured
1516	if ( '-1' == $id ) {

1517	$temp = $wpdb->get_results( $wpdb->prepare( "SELECT * FROM $wpdb->wppa_photos
1518	WHERE album = %s AND status = 'featured'
1519	+ ORDER BY RAND(%d) LIMIT %d",$alb, $rand, $count ), ARRAY_A );
1520	}
1521	+
1522	// Random from children
1523	if ( '-3' == $id ) {
1524	+ $temp = $wpdb->get_results( $wpdb->prepare( "SELECT * FROM $wpdb->wppa_photos
1525	+ WHERE album IN ( $allalb )
1526	+ $non_private
1527	+ AND ( ( status <> 'pending' AND status <> 'scheduled' ) OR owner = %s )
1528	+ ORDER BY RAND( $rand )
1529	+ LIMIT %d", $user, $count ), ARRAY_A );

1530	}
1531
1532	// Most recent from children
1533	if ( '-4' == $id ) {
1534	+
1535	+ $temp = $wpdb->get_results( $wpdb->prepare( "SELECT * FROM $wpdb->wppa_photos
1536	+ WHERE album IN ( $allalb )
1537	+ $non_private
1538	+ AND ( ( status <> 'pending' AND status <> 'scheduled' ) OR owner = %s )
1539	+ ORDER BY timestamp DESC LIMIT %d", $user, $count ), ARRAY_A );

1540	}
1541
1542	// Imagefactory multiple like album photo order
1543	if ( '-5' == $id ) {
1544	+ $order = wppa_get_photo_order( $alb );
1545	if ( current_user_can( 'wppa_moderate' ) ) {
1546	$temp = $wpdb->get_results( $wpdb->prepare( "SELECT * FROM $wpdb->wppa_photos
1547	+ WHERE album = %s
1548	+ $non_private
1549	+ $order
1550	LIMIT %d", $alb, $count ), ARRAY_A );
1551	}
1552	else {
1553	$temp = $wpdb->get_results( $wpdb->prepare( "SELECT * FROM $wpdb->wppa_photos
1554	WHERE album = %s
1555	$non_private
1556	+ AND ( ( status <> 'pending' AND status <> 'scheduled' ) OR owner = %s )
1557	+ $order
1558	+ LIMIT %d", $alb, $user, $count ), ARRAY_A );
1559	}
1560	}
1561

wppa-filter.php CHANGED Viewed

	@@ -3,7 +3,7 @@
3	* Package: wp-photo-album-plus
4	*
5	* get the albums via shortcode handler
6	- * Version 7.3.06
7	*
8	*/
9
	@@ -468,7 +468,7 @@ global $wppa_revno;
468	else {
469	if ( $atts['alt'] ) {
470	if ( wppa_is_int( $atts['alt'] ) && wppa_photo_exists( $atts['alt'] ) ) {
471	- $result = '<img src="' . wppa_get_photo_url( $atts['alt'] ) . '" alt="Photo ' . $atts['alt'] . '" />';
472	}
473	elseif ( $atts['alt'] == 'none' ) {
474	$result = '';


3	* Package: wp-photo-album-plus
4	*
5	* get the albums via shortcode handler
6	+ * Version 7.3.13
7	*
8	*/
9

468	else {
469	if ( $atts['alt'] ) {
470	if ( wppa_is_int( $atts['alt'] ) && wppa_photo_exists( $atts['alt'] ) ) {
471	+ $result = '<img src="' . wppa_get_photo_url( $atts['alt'] ) . '" alt="Photo ' . esc_attr( $atts['alt'] ) . '" />';
472	}
473	elseif ( $atts['alt'] == 'none' ) {
474	$result = '';

wppa-functions.php CHANGED Viewed

	@@ -3,7 +3,7 @@
3	* Package: wp-photo-album-plus
4	*
5	* Various functions
6	- * Version 7.3.11
7	*
8	*/
9
	@@ -1537,7 +1537,7 @@ global $wppa_session;
1537	$first = false;
1538	}
1539
1540	- /* Looks useless *
1541	// Album spec?
1542	if ( wppa( 'start_album' ) ) {
1543	$fac = ' AND ' . $album_clause . ' ';
	@@ -1545,7 +1545,7 @@ global $wppa_session;
1545	else {
1546	$fac = " AND album > 0";
1547	}
1548	- */
1549	// Prepare the query
1550	if ( current_user_can( 'wppa_moderate' ) ) {
1551	$query = "SELECT * FROM $wpdb->wppa_photos
	@@ -2362,7 +2362,7 @@ global $wpdb;
2362	}
2363	if ( $score >= 4 ) return true;
2364
2365	- wppa_log( '~~war~~', 'Items ' . $it1['id'] . ' and ' . $it2['id'] .
2366	' score only ' .
2367	$score . ' matches' );
2368


3	* Package: wp-photo-album-plus
4	*
5	* Various functions
6	+ * Version 7.3.13
7	*
8	*/
9

1537	$first = false;
1538	}
1539
1540	+ /* Looks useless */
1541	// Album spec?
1542	if ( wppa( 'start_album' ) ) {
1543	$fac = ' AND ' . $album_clause . ' ';

1545	else {
1546	$fac = " AND album > 0";
1547	}
1548	+ /**/
1549	// Prepare the query
1550	if ( current_user_can( 'wppa_moderate' ) ) {
1551	$query = "SELECT * FROM $wpdb->wppa_photos

2362	}
2363	if ( $score >= 4 ) return true;
2364
2365	+ wppa_log( 'dbg', 'Items ' . $it1['id'] . ' and ' . $it2['id'] .
2366	' score only ' .
2367	$score . ' matches' );
2368

wppa-import.php CHANGED Viewed

	@@ -3,7 +3,7 @@
3	* Package: wp-photo-album-plus
4	*
5	* Contains all the import pages and functions
6	- * Version 7.3.12
7	*
8	*/
9
	@@ -836,10 +836,10 @@ global $wppa_session;
836
837	if ( wppa( 'is_wppa_tree' ) ) {
838	$t = explode( 'uploads/wppa/', $file );
839	- echo wppa_sanitize_file_name( basename( str_replace( '/', '', $t[1] ) ) );
840	}
841	else {
842	- echo wppa_sanitize_file_name( basename( $file ) );
843	}
844
845	if ( $meta ) {
	@@ -980,7 +980,7 @@ global $wppa_session;
980	' type="checkbox"' .
981	' id="file-' . $idx . '"' .
982	' name="file-' . $idx . '"' .
983	- ' title="' . esc_attr( $file ) . '"' .
984	' class="wppa-video"' .
985	' checked="checked"' .
986	' />' .
	@@ -988,7 +988,7 @@ global $wppa_session;
988	' id="name-file-' . $idx . '"' .
989	' >' .
990	'  ' .
991	- wppa_sanitize_file_name( basename( $file ) ) .
992	' (' . sprintf( '%3.1f', wppa_filesize( $file ) / 1024 ) . ' kb)' .
993	'</span>' .
994	'</td>';
	@@ -1093,7 +1093,7 @@ global $wppa_session;
1093	' type="checkbox"' .
1094	' id="file-' . $idx . '"' .
1095	' name="file-' . $idx . '"' .
1096	- ' title="' . esc_attr( $file ) . '"' .
1097	' class="wppa-audio"' .
1098	' checked="checked"' .
1099	' />' .
	@@ -1101,7 +1101,7 @@ global $wppa_session;
1101	' id="name-file-' . $idx . '"' .
1102	' >' .
1103	'  ' .
1104	- wppa_sanitize_file_name( basename( $file ) ) .
1105	' (' . sprintf( '%3.1f', wppa_filesize( $file ) / 1024 ) . ' kb)' .
1106	'</span>' .
1107	'</td>';


3	* Package: wp-photo-album-plus
4	*
5	* Contains all the import pages and functions
6	+ * Version 7.3.13
7	*
8	*/
9

836
837	if ( wppa( 'is_wppa_tree' ) ) {
838	$t = explode( 'uploads/wppa/', $file );
839	+ echo htmlspecialchars( wppa_sanitize_file_name( basename( str_replace( '/', '', $t[1] ) ) ) );
840	}
841	else {
842	+ echo htmlspecialchars( wppa_sanitize_file_name( basename( $file ) ) );
843	}
844
845	if ( $meta ) {

980	' type="checkbox"' .
981	' id="file-' . $idx . '"' .
982	' name="file-' . $idx . '"' .
983	+ ' title="' . esc_attr( htmlspecialchars( $file ) ) . '"' .
984	' class="wppa-video"' .
985	' checked="checked"' .
986	' />' .

988	' id="name-file-' . $idx . '"' .
989	' >' .
990	'  ' .
991	+ htmlspecialchars( wppa_sanitize_file_name( basename( $file ) ) ) .
992	' (' . sprintf( '%3.1f', wppa_filesize( $file ) / 1024 ) . ' kb)' .
993	'</span>' .
994	'</td>';

1093	' type="checkbox"' .
1094	' id="file-' . $idx . '"' .
1095	' name="file-' . $idx . '"' .
1096	+ ' title="' . esc_attr( htmlspecialchars( $file ) ) . '"' .
1097	' class="wppa-audio"' .
1098	' checked="checked"' .
1099	' />' .

1101	' id="name-file-' . $idx . '"' .
1102	' >' .
1103	'  ' .
1104	+ htmlspecialchars( wppa_sanitize_file_name( basename( $file ) ) ) .
1105	' (' . sprintf( '%3.1f', wppa_filesize( $file ) / 1024 ) . ' kb)' .
1106	'</span>' .
1107	'</td>';

wppa-photo-admin-autosave.php CHANGED Viewed

	@@ -3,7 +3,7 @@
3	* Package: wp-photo-album-plus
4	*
5	* edit and delete photos
6	- * Version 7.3.08
7	*
8	*/
9
	@@ -1127,6 +1127,7 @@ function wppaToggleExif( id, count ) {
1127	sprintf( __( 'pix, (0=default:%s)', 'wp-photo-album-plus' ), wppa_opt( 'video_height' ) ) .
1128	'. ';
1129	if ( $duration ) {

1130	if ( $duration < 120.0 ) {
1131	echo sprintf( __( 'Duration: %s seconds', 'wp-photo-album-plus' ) ,$duration ) .
1132	'. ';
	@@ -2485,9 +2486,9 @@ function wppa_album_photos_bulk( $album ) {
2485	check_admin_referer( 'wppa-bulk', 'wppa-bulk' );
2486	if ( isset ( $_POST['wppa-bulk-photo'] ) ) {
2487	$ids = $_POST['wppa-bulk-photo'];
2488	- $newalb = isset ( $_POST['wppa-bulk-album'] ) ? $_POST['wppa-bulk-album'] : '0';
2489	- $status = isset ( $_POST['wppa-bulk-status'] ) ? $_POST['wppa-bulk-status'] : '';
2490	- $owner = isset ( $_POST['wppa-bulk-owner'] ) ? $_POST['wppa-bulk-owner'] : '';
2491	$totcount = count( $ids );
2492	if ( ! is_numeric( $newalb ) ) wp_die( 'Security check failure 1' );
2493	if ( is_array( $ids ) ) {


3	* Package: wp-photo-album-plus
4	*
5	* edit and delete photos
6	+ * Version 7.3.13
7	*
8	*/
9

1127	sprintf( __( 'pix, (0=default:%s)', 'wp-photo-album-plus' ), wppa_opt( 'video_height' ) ) .
1128	'. ';
1129	if ( $duration ) {
1130	+ $duration = int( $duration * 100 ) / 100;
1131	if ( $duration < 120.0 ) {
1132	echo sprintf( __( 'Duration: %s seconds', 'wp-photo-album-plus' ) ,$duration ) .
1133	'. ';

2486	check_admin_referer( 'wppa-bulk', 'wppa-bulk' );
2487	if ( isset ( $_POST['wppa-bulk-photo'] ) ) {
2488	$ids = $_POST['wppa-bulk-photo'];
2489	+ $newalb = htmlspecialchars( isset ( $_POST['wppa-bulk-album'] ) ? $_POST['wppa-bulk-album'] : '0' );
2490	+ $status = htmlspecialchars( isset ( $_POST['wppa-bulk-status'] ) ? $_POST['wppa-bulk-status'] : '' );
2491	+ $owner = htmlspecialchars( isset ( $_POST['wppa-bulk-owner'] ) ? $_POST['wppa-bulk-owner'] : '' );
2492	$totcount = count( $ids );
2493	if ( ! is_numeric( $newalb ) ) wp_die( 'Security check failure 1' );
2494	if ( is_array( $ids ) ) {

wppa-wrappers.php CHANGED Viewed

	@@ -102,10 +102,10 @@ function wppa_imagepng( $image, $file, $prec = 0 ) {
102
103	// Wrapper for copy( $from, $to ) that verifies that the pathnames are safe for our application
104	// In case of unexpected operation: Generates a warning in the wppa log, and does not perform the copy.
105	- function wppa_copy( $from, $to ) {
106
107	// First test if we are uploading
108	- if ( ! wppa_is_path_safe( $from ) && $_FILES ) {
109	if ( ! wppa_is_path_safe( $to ) ) {
110	wppa_log( 'Err', '1 Unsafe to path detected in wppa_copy(): ' . wppa_shortpath( $to ), true );
111	return false;
	@@ -114,7 +114,7 @@ function wppa_copy( $from, $to ) {
114	return $bret;
115	}
116
117	- if ( ! wppa_is_path_safe( $from ) ) {
118	wppa_log( 'Err', '2 Unsafe from path detected in wppa_copy(): ' . wppa_shortpath( $from ), true );
119	return false; // For diagnostic purposes, no return here yet
120	}
	@@ -152,7 +152,7 @@ function wppa_move_uploaded_file( $from, $to ) {
152	}
153	else {
154
155	- $bret = ~~copy~~( $from, $to ); // Do ~~NOT~~ ~~use~~ ~~wppa_copy~~ ~~here~~ to prevent inf ~~recursion~~ from wppa_copy and wppa_move_uploaded_file
156	// if ( $bret ) {
157	// unlink( $from ); // RIPS does not believe that this is safe (7 msgs), although path is checked agains traversal.
158	// // So, just do not cleanup our garbage


102
103	// Wrapper for copy( $from, $to ) that verifies that the pathnames are safe for our application
104	// In case of unexpected operation: Generates a warning in the wppa log, and does not perform the copy.
105	+ function wppa_copy( $from, $to, $from_upload = false ) {
106
107	// First test if we are uploading
108	+ if ( ! wppa_is_path_safe( $from ) && $_FILES && ! $from_upload ) {
109	if ( ! wppa_is_path_safe( $to ) ) {
110	wppa_log( 'Err', '1 Unsafe to path detected in wppa_copy(): ' . wppa_shortpath( $to ), true );
111	return false;

114	return $bret;
115	}
116
117	+ if ( ! wppa_is_path_safe( $from ) && ! $from_upload ) {
118	wppa_log( 'Err', '2 Unsafe from path detected in wppa_copy(): ' . wppa_shortpath( $from ), true );
119	return false; // For diagnostic purposes, no return here yet
120	}

152	}
153	else {
154
155	+ $bret = wppa_copy( $from, $to, true ); // Set 'from uploaded file' to prevent inf loop from wppa_copy and wppa_move_uploaded_file
156	// if ( $bret ) {
157	// unlink( $from ); // RIPS does not believe that this is safe (7 msgs), although path is checked agains traversal.
158	// // So, just do not cleanup our garbage

wppa.php CHANGED Viewed

	@@ -2,7 +2,7 @@
2	/*
3	* Plugin Name: WP Photo Album Plus
4	* Description: Easily manage and display your photo albums and slideshows within your WordPress site.
5	- * Version: 7.3.12.~~008~~
6	* Author: J.N. Breetvelt a.k.a. OpaJaap
7	* Author URI: http://wppa.opajaap.nl/
8	* Plugin URI: http://wordpress.org/extend/plugins/wp-photo-album-plus/
	@@ -23,8 +23,8 @@ global $wpdb;
23	global $wp_version;
24
25	/* WPPA GLOBALS */
26	- global $wppa_revno; $wppa_revno = '~~7312~~'; // WPPA db version
27	- global $wppa_api_version; $wppa_api_version = '7.3.12.~~008~~'; // WPPA software version
28
29	/* Init page js data */
30	global $wppa_js_page_data; $wppa_js_page_data = '';


2	/*
3	* Plugin Name: WP Photo Album Plus
4	* Description: Easily manage and display your photo albums and slideshows within your WordPress site.
5	+ * Version: 7.3.13.004
6	* Author: J.N. Breetvelt a.k.a. OpaJaap
7	* Author URI: http://wppa.opajaap.nl/
8	* Plugin URI: http://wordpress.org/extend/plugins/wp-photo-album-plus/

23	global $wp_version;
24
25	/* WPPA GLOBALS */
26	+ global $wppa_revno; $wppa_revno = '7313'; // WPPA db version
27	+ global $wppa_api_version; $wppa_api_version = '7.3.13.004'; // WPPA software version
28
29	/* Init page js data */
30	global $wppa_js_page_data; $wppa_js_page_data = '';