WP Photo Album Plus - Version 7.3.13.004

Version Description

= 7.3.12 =

  • This version addresses various bug fixes and feature requests.
Download this release

Release Info

Developer opajaap
Plugin Icon wp plugin WP Photo Album Plus
Version 7.3.13.004
Comparing to
See all releases

Code changes from version 7.3.12.008 to 7.3.13.004

changelog.txt CHANGED
@@ -1,5 +1,10 @@
1
WP Photo Album Plus Changelog
2
3
= 7.3.12 =
4
5
* The cursor on album cover images where cover type is imagefactory(-mcr) and the link is lightbox,
1
WP Photo Album Plus Changelog
2
3
+ = 7.3.13 =
4
+
5
+ * Various security fixes.
6
+ * The nesting level on the album admin page will now only show up when you use the max level limitation in Table VII-B1.0, i.e. the value <> 99.
7
+
8
= 7.3.12 =
9
10
* The cursor on album cover images where cover type is imagefactory(-mcr) and the link is lightbox,
readme.txt CHANGED
@@ -2,8 +2,8 @@
2
Contributors: opajaap
3
Donate link: https://www.paypal.com/cgi-bin/webscr?cmd=_donations&business=OpaJaap@OpaJaap.nl&item_name=WP-Photo-Album-Plus&item_number=Support-Open-Source&currency_code=USD&lc=US
4
Tags: photo, album, slideshow, video, audio, lightbox, iptc, exif, cloudinary, fotomoto, imagemagick, pdf
5
- Version: 7.3.12.008
6
- Stable tag: 7.3.12.007
7
Author: J.N. Breetvelt
8
Author URI: http://www.opajaap.nl/
9
Requires at least: 3.9
2
Contributors: opajaap
3
Donate link: https://www.paypal.com/cgi-bin/webscr?cmd=_donations&business=OpaJaap@OpaJaap.nl&item_name=WP-Photo-Album-Plus&item_number=Support-Open-Source&currency_code=USD&lc=US
4
Tags: photo, album, slideshow, video, audio, lightbox, iptc, exif, cloudinary, fotomoto, imagemagick, pdf
5
+ Version: 7.3.13.004
6
+ Stable tag: 7.3.12.008
7
Author: J.N. Breetvelt
8
Author URI: http://www.opajaap.nl/
9
Requires at least: 3.9
wppa-album-admin-autosave.php CHANGED
@@ -3,7 +3,7 @@
3
* Package: wp-photo-album-plus
4
*
5
* create, edit and delete albums
6
- * Version 7.3.12
7
*
8
*/
9
@@ -991,8 +991,8 @@ global $wppa_revno;
991
value="' . $page['ID'] . '"' .
992
( $linkpage == $page['ID'] ? ' selected="selected"' : '' ) .
993
' >' .
994
- __( $page['post_title'] ) .
995
- ( $page['post_type'] == 'post' ? ' (' . $page['post_date'] . ')' : '' ) .
996
'</option>';
997
}
998
echo '
@@ -1607,6 +1607,7 @@ global $wpdb;
1607
1608
$downimg = '<img src="'.wppa_get_imgdir().'down.png" alt="down" style=" height:12px; position:relative; top:2px; " />';
1609
$upimg = '<img src="'.wppa_get_imgdir().'up.png" alt="up" style=" height:12px; position:relative; top:2px; " />';
1610
1611
wppa_album_table_pagination( $page, $count );
1612
@@ -1616,9 +1617,11 @@ global $wpdb;
1616
<thead>
1617
<tr>
1618
<?php $url = get_admin_url().'admin.php?page=wppa_admin_menu&amp;order_by='; ?>
1619
- <td style="min-width: 50px;" title="<?php esc_attr( _e( 'The album id (the nesting level)', 'wp-photo-album-plus' ) ) ?>" >
1620
<a href="<?php echo wppa_dbg_url($url.'id') ?>">
1621
- <?php _e('ID(nl)', 'wp-photo-album-plus');
1622
if ($order == 'id') {
1623
if ( $reverse ) echo $upimg;
1624
else echo $downimg;
@@ -1712,7 +1715,7 @@ global $wpdb;
1712
// $pendcount = $wpdb->get_var($wpdb->prepare("SELECT COUNT(*) FROM $wpdb->wppa_photos WHERE album=%s AND status=%s", $album['id'], 'pending'));
1713
?>
1714
<tr <?php echo($alt); if ($pendcount) echo 'style="background-color:#ffdddd"' ?>>
1715
- <td><?php echo($album['id'] . '('. wppa_get_nesting_level($album['id']).')') ?></td>
1716
<td><?php echo(esc_attr(__(stripslashes($album['name'])))) ?></td>
1717
<td><small><?php echo(esc_attr(__(stripslashes($album['description'])))) ?></small></td>
1718
<?php if (current_user_can('administrator')) { ?>
@@ -1781,7 +1784,7 @@ global $wpdb;
1781
<?php $url = get_admin_url().'admin.php?page=wppa_admin_menu&amp;order_by='; ?>
1782
<td >
1783
<a href="<?php echo wppa_dbg_url($url.'id') ?>">
1784
- <?php _e('ID', 'wp-photo-album-plus');
1785
if ($order == 'id') {
1786
if ( $reverse ) echo $upimg;
1787
else echo $downimg;
@@ -1883,6 +1886,7 @@ global $wpdb;
1883
$page = '1';
1884
$skips = '0';
1885
$pages = '1';
1886
1887
// Find out what page to show
1888
if ( $pagesize ) {
@@ -2074,9 +2078,11 @@ global $wpdb;
2074
<img src="<?php echo wppa_get_imgdir().'arrow.gif' ?>" style="height:16px;" title="<?php _e('Expand subalbums', 'wp-photo-album-plus') ?>" />
2075
</td>
2076
<?php $url = get_admin_url().'admin.php?page=wppa_admin_menu&amp;order_by='; ?>
2077
- <td colspan="6" style="min-width: 50px;" title="<?php esc_attr( _e( 'The album id (the nesting level)', 'wp-photo-album-plus' ) ) ?>" >
2078
<a href="<?php echo wppa_dbg_url($url.'id') ?>">
2079
- <?php _e('ID(nl)', 'wp-photo-album-plus');
2080
if ($order == 'id') {
2081
if ( $reverse ) echo $upimg;
2082
else echo $downimg;
@@ -2185,7 +2191,7 @@ global $wpdb;
2185
<?php $url = get_admin_url().'admin.php?page=wppa_admin_menu&amp;order_by='; ?>
2186
<td colspan="6" >
2187
<a href="<?php echo wppa_dbg_url($url.'id') ?>">
2188
- <?php _e('ID', 'wp-photo-album-plus');
2189
if ($order == 'id') {
2190
if ( $reverse ) echo $upimg;
2191
else echo $downimg;
@@ -2465,6 +2471,9 @@ global $wpdb;
2465
function wppa_do_albumlist( $parent, $nestinglevel, $albums, $seq ) {
2466
global $wpdb;
2467
2468
$alt = true;
2469
2470
foreach ( array_keys( $seq ) as $s ) { // Obey the global sequence
@@ -2566,7 +2575,7 @@ global $wpdb;
2566
echo '</td>';
2567
2568
// The album id td element
2569
- echo '<td style="padding:2px;" >' . $id . '('. wppa_get_nesting_level( $album['id'] ) . ')</td>';
2570
2571
// Fillers after the arrow
2572
$i = $indent;
3
* Package: wp-photo-album-plus
4
*
5
* create, edit and delete albums
6
+ * Version 7.3.13
7
*
8
*/
9
991
value="' . $page['ID'] . '"' .
992
( $linkpage == $page['ID'] ? ' selected="selected"' : '' ) .
993
' >' .
994
+ __( htmlspecialchars( $page['post_title'] ) ) .
995
+ ( $page['post_type'] == 'post' ? ' (' . htmlspecialchars( $page['post_date'] ) . ')' : '' ) .
996
'</option>';
997
}
998
echo '
1607
1608
$downimg = '<img src="'.wppa_get_imgdir().'down.png" alt="down" style=" height:12px; position:relative; top:2px; " />';
1609
$upimg = '<img src="'.wppa_get_imgdir().'up.png" alt="up" style=" height:12px; position:relative; top:2px; " />';
1610
+ $show_nl = wppa_opt( 'user_create_max_level' ) != '99';
1611
1612
wppa_album_table_pagination( $page, $count );
1613
1617
<thead>
1618
<tr>
1619
<?php $url = get_admin_url().'admin.php?page=wppa_admin_menu&amp;order_by='; ?>
1620
+ <td style="min-width: 50px;" title="<?php $show_nl ?
1621
+ esc_attr( _e( 'The album id (the nesting level)', 'wp-photo-album-plus' ) ) :
1622
+ esc_attr( _e( 'The album id', 'wp-photo-album-plus' ) ) ?>" >
1623
<a href="<?php echo wppa_dbg_url($url.'id') ?>">
1624
+ <?php $show_nl ? _e( 'ID(nl)', 'wp-photo-album-plus' ) : _e( 'ID', 'wp-photo-album-plus' );
1625
if ($order == 'id') {
1626
if ( $reverse ) echo $upimg;
1627
else echo $downimg;
1715
// $pendcount = $wpdb->get_var($wpdb->prepare("SELECT COUNT(*) FROM $wpdb->wppa_photos WHERE album=%s AND status=%s", $album['id'], 'pending'));
1716
?>
1717
<tr <?php echo($alt); if ($pendcount) echo 'style="background-color:#ffdddd"' ?>>
1718
+ <td><?php echo($album['id'] . ( $show_nl ? '('. wppa_get_nesting_level($album['id']).')' : '' ) ) ?></td>
1719
<td><?php echo(esc_attr(__(stripslashes($album['name'])))) ?></td>
1720
<td><small><?php echo(esc_attr(__(stripslashes($album['description'])))) ?></small></td>
1721
<?php if (current_user_can('administrator')) { ?>
1784
<?php $url = get_admin_url().'admin.php?page=wppa_admin_menu&amp;order_by='; ?>
1785
<td >
1786
<a href="<?php echo wppa_dbg_url($url.'id') ?>">
1787
+ <?php $show_nl ? _e( 'ID(nl)', 'wp-photo-album-plus' ) : _e( 'ID', 'wp-photo-album-plus' );
1788
if ($order == 'id') {
1789
if ( $reverse ) echo $upimg;
1790
else echo $downimg;
1886
$page = '1';
1887
$skips = '0';
1888
$pages = '1';
1889
+ $show_nl = wppa_opt( 'user_create_max_level' ) != '99';
1890
1891
// Find out what page to show
1892
if ( $pagesize ) {
2078
<img src="<?php echo wppa_get_imgdir().'arrow.gif' ?>" style="height:16px;" title="<?php _e('Expand subalbums', 'wp-photo-album-plus') ?>" />
2079
</td>
2080
<?php $url = get_admin_url().'admin.php?page=wppa_admin_menu&amp;order_by='; ?>
2081
+ <td style="min-width: 50px;" title="<?php $show_nl ?
2082
+ esc_attr( _e( 'The album id (the nesting level)', 'wp-photo-album-plus' ) ) :
2083
+ esc_attr( _e( 'The album id', 'wp-photo-album-plus' ) ) ?>" >
2084
<a href="<?php echo wppa_dbg_url($url.'id') ?>">
2085
+ <?php $show_nl ? _e( 'ID(nl)', 'wp-photo-album-plus' ) : _e( 'ID', 'wp-photo-album-plus' );
2086
if ($order == 'id') {
2087
if ( $reverse ) echo $upimg;
2088
else echo $downimg;
2191
<?php $url = get_admin_url().'admin.php?page=wppa_admin_menu&amp;order_by='; ?>
2192
<td colspan="6" >
2193
<a href="<?php echo wppa_dbg_url($url.'id') ?>">
2194
+ <?php $show_nl ? _e( 'ID(nl)', 'wp-photo-album-plus' ) : _e( 'ID', 'wp-photo-album-plus' );
2195
if ($order == 'id') {
2196
if ( $reverse ) echo $upimg;
2197
else echo $downimg;
2471
function wppa_do_albumlist( $parent, $nestinglevel, $albums, $seq ) {
2472
global $wpdb;
2473
2474
+ // IUnit
2475
+ $show_nl = wppa_opt( 'user_create_max_level' ) != '99';
2476
+
2477
$alt = true;
2478
2479
foreach ( array_keys( $seq ) as $s ) { // Obey the global sequence
2575
echo '</td>';
2576
2577
// The album id td element
2578
+ echo '<td style="padding:2px;" >' . $id . ( $show_nl ? '(' . wppa_get_nesting_level( $album['id'] ) . ')' : '' ) . '</td>';
2579
2580
// Fillers after the arrow
2581
$i = $indent;
wppa-album-covers.php CHANGED
@@ -3,7 +3,7 @@
3
* Package: wp-photo-album-plus
4
*
5
* Functions for album covers
6
- * Version 7.3.012
7
*
8
*/
9
@@ -1459,13 +1459,19 @@ static $cached_cover_photo_ids;
1459
}
1460
}
1461
1462
// main_photo is 0? Default
1463
if ( '0' == $id ) {
1464
$id = wppa_opt( 'main_photo' );
1465
}
1466
1467
- // Make the private clause
1468
- $non_private = is_user_logged_in() ? "" : "AND status <> 'private' ";
1469
1470
// main_photo is -9: Random
1471
if ( '-9' == $id ) {
@@ -1483,7 +1489,7 @@ static $cached_cover_photo_ids;
1483
$non_private
1484
AND ( ( status <> 'pending' AND status <> 'scheduled' ) OR owner = %s )
1485
ORDER BY RAND(%d)
1486
- LIMIT %d", $alb, $rs, wppa_get_user(), $count ), ARRAY_A );
1487
}
1488
}
1489
@@ -1502,56 +1508,54 @@ static $cached_cover_photo_ids;
1502
$non_private
1503
AND ( ( status <> 'pending' AND status <> 'scheduled' ) OR owner = %s )
1504
ORDER BY timestamp DESC
1505
- LIMIT %d", $alb, wppa_get_user(), $count ), ARRAY_A );
1506
}
1507
}
1508
1509
// main_phtot is -1? Random featured
1510
if ( '-1' == $id ) {
1511
- $rs = wppa_get_randseed( 'page' );
1512
$temp = $wpdb->get_results( $wpdb->prepare( "SELECT * FROM $wpdb->wppa_photos
1513
WHERE album = %s AND status = 'featured'
1514
- ORDER BY RAND(%d) LIMIT %d",$alb, $rs, $count ), ARRAY_A );
1515
}
1516
- /*hbi*/
1517
// Random from children
1518
if ( '-3' == $id ) {
1519
- $allalb = wppa_expand_enum( wppa_alb_to_enum_children( $alb ) );
1520
- $temp = $wpdb->get_results( $wpdb->prepare(
1521
- "SELECT * FROM $wpdb->wppa_photos " .
1522
- "WHERE album IN ( " . str_replace( '.', ',', $allalb ) . " ) " .
1523
- $non_private .
1524
- "AND ( ( status <> 'pending' AND status <> 'scheduled' ) OR owner = %s ) " .
1525
- "ORDER BY RAND( " . wppa_get_randseed( 'page' ) . " ) LIMIT %d", wppa_get_user(), $count ), ARRAY_A );
1526
}
1527
1528
// Most recent from children
1529
if ( '-4' == $id ) {
1530
- $allalb = wppa_expand_enum( wppa_alb_to_enum_children( $alb ) );
1531
- $temp = $wpdb->get_results( $wpdb->prepare(
1532
- "SELECT * FROM $wpdb->wppa_photos " .
1533
- "WHERE album IN ( " . str_replace( '.', ',', $allalb ) . " ) " .
1534
- $non_private .
1535
- "AND ( ( status <> 'pending' AND status <> 'scheduled' ) OR owner = %s ) " .
1536
- "ORDER BY timestamp DESC LIMIT %d", wppa_get_user(), $count ), ARRAY_A );
1537
}
1538
1539
// Imagefactory multiple like album photo order
1540
if ( '-5' == $id ) {
1541
if ( current_user_can( 'wppa_moderate' ) ) {
1542
$temp = $wpdb->get_results( $wpdb->prepare( "SELECT * FROM $wpdb->wppa_photos
1543
- WHERE album = %s " .
1544
- $non_private .
1545
- wppa_get_photo_order( $alb ) . "
1546
LIMIT %d", $alb, $count ), ARRAY_A );
1547
}
1548
else {
1549
$temp = $wpdb->get_results( $wpdb->prepare( "SELECT * FROM $wpdb->wppa_photos
1550
WHERE album = %s
1551
$non_private
1552
- AND ( ( status <> 'pending' AND status <> 'scheduled' ) OR owner = %s ) " .
1553
- wppa_get_photo_order( $alb ) . "
1554
- LIMIT %d", $alb, wppa_get_user(), $count ), ARRAY_A );
1555
}
1556
}
1557
3
* Package: wp-photo-album-plus
4
*
5
* Functions for album covers
6
+ * Version 7.3.13
7
*
8
*/
9
1459
}
1460
}
1461
1462
+ // Make the private clause
1463
+ $non_private = is_user_logged_in() ? "" : "AND status <> 'private' ";
1464
+
1465
+ // Other inits
1466
+ $user = wppa_get_user();
1467
+ $rand = wppa_get_randseed( 'page' );
1468
+ $allalb = str_replace( '.', ',', wppa_expand_enum( wppa_alb_to_enum_children( $alb ) ) );
1469
+
1470
// main_photo is 0? Default
1471
if ( '0' == $id ) {
1472
$id = wppa_opt( 'main_photo' );
1473
}
1474
1475
1476
// main_photo is -9: Random
1477
if ( '-9' == $id ) {
1489
$non_private
1490
AND ( ( status <> 'pending' AND status <> 'scheduled' ) OR owner = %s )
1491
ORDER BY RAND(%d)
1492
+ LIMIT %d", $alb, $rs, $user, $count ), ARRAY_A );
1493
}
1494
}
1495
1508
$non_private
1509
AND ( ( status <> 'pending' AND status <> 'scheduled' ) OR owner = %s )
1510
ORDER BY timestamp DESC
1511
+ LIMIT %d", $alb, $user, $count ), ARRAY_A );
1512
}
1513
}
1514
1515
// main_phtot is -1? Random featured
1516
if ( '-1' == $id ) {
1517
$temp = $wpdb->get_results( $wpdb->prepare( "SELECT * FROM $wpdb->wppa_photos
1518
WHERE album = %s AND status = 'featured'
1519
+ ORDER BY RAND(%d) LIMIT %d",$alb, $rand, $count ), ARRAY_A );
1520
}
1521
+
1522
// Random from children
1523
if ( '-3' == $id ) {
1524
+ $temp = $wpdb->get_results( $wpdb->prepare( "SELECT * FROM $wpdb->wppa_photos
1525
+ WHERE album IN ( $allalb )
1526
+ $non_private
1527
+ AND ( ( status <> 'pending' AND status <> 'scheduled' ) OR owner = %s )
1528
+ ORDER BY RAND( $rand )
1529
+ LIMIT %d", $user, $count ), ARRAY_A );
1530
}
1531
1532
// Most recent from children
1533
if ( '-4' == $id ) {
1534
+
1535
+ $temp = $wpdb->get_results( $wpdb->prepare( "SELECT * FROM $wpdb->wppa_photos
1536
+ WHERE album IN ( $allalb )
1537
+ $non_private
1538
+ AND ( ( status <> 'pending' AND status <> 'scheduled' ) OR owner = %s )
1539
+ ORDER BY timestamp DESC LIMIT %d", $user, $count ), ARRAY_A );
1540
}
1541
1542
// Imagefactory multiple like album photo order
1543
if ( '-5' == $id ) {
1544
+ $order = wppa_get_photo_order( $alb );
1545
if ( current_user_can( 'wppa_moderate' ) ) {
1546
$temp = $wpdb->get_results( $wpdb->prepare( "SELECT * FROM $wpdb->wppa_photos
1547
+ WHERE album = %s
1548
+ $non_private
1549
+ $order
1550
LIMIT %d", $alb, $count ), ARRAY_A );
1551
}
1552
else {
1553
$temp = $wpdb->get_results( $wpdb->prepare( "SELECT * FROM $wpdb->wppa_photos
1554
WHERE album = %s
1555
$non_private
1556
+ AND ( ( status <> 'pending' AND status <> 'scheduled' ) OR owner = %s )
1557
+ $order
1558
+ LIMIT %d", $alb, $user, $count ), ARRAY_A );
1559
}
1560
}
1561
wppa-filter.php CHANGED
@@ -3,7 +3,7 @@
3
* Package: wp-photo-album-plus
4
*
5
* get the albums via shortcode handler
6
- * Version 7.3.06
7
*
8
*/
9
@@ -468,7 +468,7 @@ global $wppa_revno;
468
else {
469
if ( $atts['alt'] ) {
470
if ( wppa_is_int( $atts['alt'] ) && wppa_photo_exists( $atts['alt'] ) ) {
471
- $result = '<img src="' . wppa_get_photo_url( $atts['alt'] ) . '" alt="Photo ' . $atts['alt'] . '" />';
472
}
473
elseif ( $atts['alt'] == 'none' ) {
474
$result = '';
3
* Package: wp-photo-album-plus
4
*
5
* get the albums via shortcode handler
6
+ * Version 7.3.13
7
*
8
*/
9
468
else {
469
if ( $atts['alt'] ) {
470
if ( wppa_is_int( $atts['alt'] ) && wppa_photo_exists( $atts['alt'] ) ) {
471
+ $result = '<img src="' . wppa_get_photo_url( $atts['alt'] ) . '" alt="Photo ' . esc_attr( $atts['alt'] ) . '" />';
472
}
473
elseif ( $atts['alt'] == 'none' ) {
474
$result = '';
wppa-functions.php CHANGED
@@ -3,7 +3,7 @@
3
* Package: wp-photo-album-plus
4
*
5
* Various functions
6
- * Version 7.3.11
7
*
8
*/
9
@@ -1537,7 +1537,7 @@ global $wppa_session;
1537
$first = false;
1538
}
1539
1540
- /* Looks useless *
1541
// Album spec?
1542
if ( wppa( 'start_album' ) ) {
1543
$fac = ' AND ' . $album_clause . ' ';
@@ -1545,7 +1545,7 @@ global $wppa_session;
1545
else {
1546
$fac = " AND album > 0";
1547
}
1548
- */
1549
// Prepare the query
1550
if ( current_user_can( 'wppa_moderate' ) ) {
1551
$query = "SELECT * FROM $wpdb->wppa_photos
@@ -2362,7 +2362,7 @@ global $wpdb;
2362
}
2363
if ( $score >= 4 ) return true;
2364
2365
- wppa_log( 'war', 'Items ' . $it1['id'] . ' and ' . $it2['id'] .
2366
' score only ' .
2367
$score . ' matches' );
2368
3
* Package: wp-photo-album-plus
4
*
5
* Various functions
6
+ * Version 7.3.13
7
*
8
*/
9
1537
$first = false;
1538
}
1539
1540
+ /* Looks useless */
1541
// Album spec?
1542
if ( wppa( 'start_album' ) ) {
1543
$fac = ' AND ' . $album_clause . ' ';
1545
else {
1546
$fac = " AND album > 0";
1547
}
1548
+ /**/
1549
// Prepare the query
1550
if ( current_user_can( 'wppa_moderate' ) ) {
1551
$query = "SELECT * FROM $wpdb->wppa_photos
2362
}
2363
if ( $score >= 4 ) return true;
2364
2365
+ wppa_log( 'dbg', 'Items ' . $it1['id'] . ' and ' . $it2['id'] .
2366
' score only ' .
2367
$score . ' matches' );
2368
wppa-import.php CHANGED
@@ -3,7 +3,7 @@
3
* Package: wp-photo-album-plus
4
*
5
* Contains all the import pages and functions
6
- * Version 7.3.12
7
*
8
*/
9
@@ -836,10 +836,10 @@ global $wppa_session;
836
837
if ( wppa( 'is_wppa_tree' ) ) {
838
$t = explode( 'uploads/wppa/', $file );
839
- echo wppa_sanitize_file_name( basename( str_replace( '/', '', $t[1] ) ) );
840
}
841
else {
842
- echo wppa_sanitize_file_name( basename( $file ) );
843
}
844
845
if ( $meta ) {
@@ -980,7 +980,7 @@ global $wppa_session;
980
' type="checkbox"' .
981
' id="file-' . $idx . '"' .
982
' name="file-' . $idx . '"' .
983
- ' title="' . esc_attr( $file ) . '"' .
984
' class="wppa-video"' .
985
' checked="checked"' .
986
' />' .
@@ -988,7 +988,7 @@ global $wppa_session;
988
' id="name-file-' . $idx . '"' .
989
' >' .
990
'&nbsp;&nbsp;' .
991
- wppa_sanitize_file_name( basename( $file ) ) .
992
' (' . sprintf( '%3.1f', wppa_filesize( $file ) / 1024 ) . ' kb)' .
993
'</span>' .
994
'</td>';
@@ -1093,7 +1093,7 @@ global $wppa_session;
1093
' type="checkbox"' .
1094
' id="file-' . $idx . '"' .
1095
' name="file-' . $idx . '"' .
1096
- ' title="' . esc_attr( $file ) . '"' .
1097
' class="wppa-audio"' .
1098
' checked="checked"' .
1099
' />' .
@@ -1101,7 +1101,7 @@ global $wppa_session;
1101
' id="name-file-' . $idx . '"' .
1102
' >' .
1103
'&nbsp;&nbsp;' .
1104
- wppa_sanitize_file_name( basename( $file ) ) .
1105
' (' . sprintf( '%3.1f', wppa_filesize( $file ) / 1024 ) . ' kb)' .
1106
'</span>' .
1107
'</td>';
3
* Package: wp-photo-album-plus
4
*
5
* Contains all the import pages and functions
6
+ * Version 7.3.13
7
*
8
*/
9
836
837
if ( wppa( 'is_wppa_tree' ) ) {
838
$t = explode( 'uploads/wppa/', $file );
839
+ echo htmlspecialchars( wppa_sanitize_file_name( basename( str_replace( '/', '', $t[1] ) ) ) );
840
}
841
else {
842
+ echo htmlspecialchars( wppa_sanitize_file_name( basename( $file ) ) );
843
}
844
845
if ( $meta ) {
980
' type="checkbox"' .
981
' id="file-' . $idx . '"' .
982
' name="file-' . $idx . '"' .
983
+ ' title="' . esc_attr( htmlspecialchars( $file ) ) . '"' .
984
' class="wppa-video"' .
985
' checked="checked"' .
986
' />' .
988
' id="name-file-' . $idx . '"' .
989
' >' .
990
'&nbsp;&nbsp;' .
991
+ htmlspecialchars( wppa_sanitize_file_name( basename( $file ) ) ) .
992
' (' . sprintf( '%3.1f', wppa_filesize( $file ) / 1024 ) . ' kb)' .
993
'</span>' .
994
'</td>';
1093
' type="checkbox"' .
1094
' id="file-' . $idx . '"' .
1095
' name="file-' . $idx . '"' .
1096
+ ' title="' . esc_attr( htmlspecialchars( $file ) ) . '"' .
1097
' class="wppa-audio"' .
1098
' checked="checked"' .
1099
' />' .
1101
' id="name-file-' . $idx . '"' .
1102
' >' .
1103
'&nbsp;&nbsp;' .
1104
+ htmlspecialchars( wppa_sanitize_file_name( basename( $file ) ) ) .
1105
' (' . sprintf( '%3.1f', wppa_filesize( $file ) / 1024 ) . ' kb)' .
1106
'</span>' .
1107
'</td>';
wppa-photo-admin-autosave.php CHANGED
@@ -3,7 +3,7 @@
3
* Package: wp-photo-album-plus
4
*
5
* edit and delete photos
6
- * Version 7.3.08
7
*
8
*/
9
@@ -1127,6 +1127,7 @@ function wppaToggleExif( id, count ) {
1127
sprintf( __( 'pix, (0=default:%s)', 'wp-photo-album-plus' ), wppa_opt( 'video_height' ) ) .
1128
'. ';
1129
if ( $duration ) {
1130
if ( $duration < 120.0 ) {
1131
echo sprintf( __( 'Duration: %s seconds', 'wp-photo-album-plus' ) ,$duration ) .
1132
'. ';
@@ -2485,9 +2486,9 @@ function wppa_album_photos_bulk( $album ) {
2485
check_admin_referer( 'wppa-bulk', 'wppa-bulk' );
2486
if ( isset ( $_POST['wppa-bulk-photo'] ) ) {
2487
$ids = $_POST['wppa-bulk-photo'];
2488
- $newalb = isset ( $_POST['wppa-bulk-album'] ) ? $_POST['wppa-bulk-album'] : '0';
2489
- $status = isset ( $_POST['wppa-bulk-status'] ) ? $_POST['wppa-bulk-status'] : '';
2490
- $owner = isset ( $_POST['wppa-bulk-owner'] ) ? $_POST['wppa-bulk-owner'] : '';
2491
$totcount = count( $ids );
2492
if ( ! is_numeric( $newalb ) ) wp_die( 'Security check failure 1' );
2493
if ( is_array( $ids ) ) {
3
* Package: wp-photo-album-plus
4
*
5
* edit and delete photos
6
+ * Version 7.3.13
7
*
8
*/
9
1127
sprintf( __( 'pix, (0=default:%s)', 'wp-photo-album-plus' ), wppa_opt( 'video_height' ) ) .
1128
'. ';
1129
if ( $duration ) {
1130
+ $duration = int( $duration * 100 ) / 100;
1131
if ( $duration < 120.0 ) {
1132
echo sprintf( __( 'Duration: %s seconds', 'wp-photo-album-plus' ) ,$duration ) .
1133
'. ';
2486
check_admin_referer( 'wppa-bulk', 'wppa-bulk' );
2487
if ( isset ( $_POST['wppa-bulk-photo'] ) ) {
2488
$ids = $_POST['wppa-bulk-photo'];
2489
+ $newalb = htmlspecialchars( isset ( $_POST['wppa-bulk-album'] ) ? $_POST['wppa-bulk-album'] : '0' );
2490
+ $status = htmlspecialchars( isset ( $_POST['wppa-bulk-status'] ) ? $_POST['wppa-bulk-status'] : '' );
2491
+ $owner = htmlspecialchars( isset ( $_POST['wppa-bulk-owner'] ) ? $_POST['wppa-bulk-owner'] : '' );
2492
$totcount = count( $ids );
2493
if ( ! is_numeric( $newalb ) ) wp_die( 'Security check failure 1' );
2494
if ( is_array( $ids ) ) {
wppa-wrappers.php CHANGED
@@ -102,10 +102,10 @@ function wppa_imagepng( $image, $file, $prec = 0 ) {
102
103
// Wrapper for copy( $from, $to ) that verifies that the pathnames are safe for our application
104
// In case of unexpected operation: Generates a warning in the wppa log, and does not perform the copy.
105
- function wppa_copy( $from, $to ) {
106
107
// First test if we are uploading
108
- if ( ! wppa_is_path_safe( $from ) && $_FILES ) {
109
if ( ! wppa_is_path_safe( $to ) ) {
110
wppa_log( 'Err', '1 Unsafe to path detected in wppa_copy(): ' . wppa_shortpath( $to ), true );
111
return false;
@@ -114,7 +114,7 @@ function wppa_copy( $from, $to ) {
114
return $bret;
115
}
116
117
- if ( ! wppa_is_path_safe( $from ) ) {
118
wppa_log( 'Err', '2 Unsafe from path detected in wppa_copy(): ' . wppa_shortpath( $from ), true );
119
return false; // For diagnostic purposes, no return here yet
120
}
@@ -152,7 +152,7 @@ function wppa_move_uploaded_file( $from, $to ) {
152
}
153
else {
154
155
- $bret = copy( $from, $to ); // Do NOT use wppa_copy here to prevent inf recursion from wppa_copy and wppa_move_uploaded_file
156
// if ( $bret ) {
157
// unlink( $from ); // RIPS does not believe that this is safe (7 msgs), although path is checked agains traversal.
158
// // So, just do not cleanup our garbage
102
103
// Wrapper for copy( $from, $to ) that verifies that the pathnames are safe for our application
104
// In case of unexpected operation: Generates a warning in the wppa log, and does not perform the copy.
105
+ function wppa_copy( $from, $to, $from_upload = false ) {
106
107
// First test if we are uploading
108
+ if ( ! wppa_is_path_safe( $from ) && $_FILES && ! $from_upload ) {
109
if ( ! wppa_is_path_safe( $to ) ) {
110
wppa_log( 'Err', '1 Unsafe to path detected in wppa_copy(): ' . wppa_shortpath( $to ), true );
111
return false;
114
return $bret;
115
}
116
117
+ if ( ! wppa_is_path_safe( $from ) && ! $from_upload ) {
118
wppa_log( 'Err', '2 Unsafe from path detected in wppa_copy(): ' . wppa_shortpath( $from ), true );
119
return false; // For diagnostic purposes, no return here yet
120
}
152
}
153
else {
154
155
+ $bret = wppa_copy( $from, $to, true ); // Set 'from uploaded file' to prevent inf loop from wppa_copy and wppa_move_uploaded_file
156
// if ( $bret ) {
157
// unlink( $from ); // RIPS does not believe that this is safe (7 msgs), although path is checked agains traversal.
158
// // So, just do not cleanup our garbage
wppa.php CHANGED
@@ -2,7 +2,7 @@
2
/*
3
* Plugin Name: WP Photo Album Plus
4
* Description: Easily manage and display your photo albums and slideshows within your WordPress site.
5
- * Version: 7.3.12.008
6
* Author: J.N. Breetvelt a.k.a. OpaJaap
7
* Author URI: http://wppa.opajaap.nl/
8
* Plugin URI: http://wordpress.org/extend/plugins/wp-photo-album-plus/
@@ -23,8 +23,8 @@ global $wpdb;
23
global $wp_version;
24
25
/* WPPA GLOBALS */
26
- global $wppa_revno; $wppa_revno = '7312'; // WPPA db version
27
- global $wppa_api_version; $wppa_api_version = '7.3.12.008'; // WPPA software version
28
29
/* Init page js data */
30
global $wppa_js_page_data; $wppa_js_page_data = '';
2
/*
3
* Plugin Name: WP Photo Album Plus
4
* Description: Easily manage and display your photo albums and slideshows within your WordPress site.
5
+ * Version: 7.3.13.004
6
* Author: J.N. Breetvelt a.k.a. OpaJaap
7
* Author URI: http://wppa.opajaap.nl/
8
* Plugin URI: http://wordpress.org/extend/plugins/wp-photo-album-plus/
23
global $wp_version;
24
25
/* WPPA GLOBALS */
26
+ global $wppa_revno; $wppa_revno = '7313'; // WPPA db version
27
+ global $wppa_api_version; $wppa_api_version = '7.3.13.004'; // WPPA software version
28
29
/* Init page js data */
30
global $wppa_js_page_data; $wppa_js_page_data = '';