WP Photo Album Plus - Version 8.0.07.005

Version Description

= 8.0.07 =

  • This version addresses various bug fixes and security fixes.
Download this release

Release Info

Developer opajaap
Plugin Icon wp plugin WP Photo Album Plus
Version 8.0.07.005
Comparing to
See all releases

Code changes from version 8.0.07.004 to 8.0.07.005

Files changed (19) hide show
  1. changelog.txt +2 -1
  2. wppa-ajax.php +3 -3
  3. wppa-album-admin-autosave.php +73 -80
  4. wppa-album-navigator-widget.php +2 -4
  5. wppa-boxes-html.php +5 -5
  6. wppa-breadcrumb.php +3 -6
  7. wppa-encrypt.php +56 -12
  8. wppa-functions.php +2 -2
  9. wppa-input.php +308 -542
  10. wppa-links.php +3 -3
  11. wppa-maintenance.php +7 -15
  12. wppa-photo-admin-autosave.php +10 -10
  13. wppa-qr-widget.php +5 -2
  14. wppa-session.php +2 -2
  15. wppa-setting-functions.php +5 -5
  16. wppa-settings-autosave.php +13 -28
  17. wppa-upload.php +5 -5
  18. wppa-utils.php +4 -4
  19. wppa.php +2 -2
changelog.txt CHANGED
@@ -4,8 +4,9 @@ WP Photo Album Plus Changelog
4
 
5
  * Security release. All querystring args are now processed and sanitized in one function wppa_get() in wppa-input.php
6
  * Role specific upload limits did no longer work. Fixed.
7
- * Popups on masonry thumbnails did not work when links on thumbnails differ from lightbox.
8
  * Rightclick on thumbnail or thumbnail popup allows you to open the link in a new tab, if No rightclick is not on.
 
9
 
10
  = 8.0.06 =
11
 
4
 
5
  * Security release. All querystring args are now processed and sanitized in one function wppa_get() in wppa-input.php
6
  * Role specific upload limits did no longer work. Fixed.
7
+ * Popups on masonry thumbnails did not work when links on thumbnails differ from lightbox. Fixed.
8
  * Rightclick on thumbnail or thumbnail popup allows you to open the link in a new tab, if No rightclick is not on.
9
+ * Yitle of the QR widget was wrong and not editable. Fixed.
10
 
11
  = 8.0.06 =
12
 
wppa-ajax.php CHANGED
@@ -2,7 +2,7 @@
2
  /* wppa-ajax.php
3
  *
4
  * Functions used in ajax requests
5
- * Version 8.0.07.004
6
  *
7
  */
8
 
@@ -65,7 +65,7 @@ global $wppa;
65
  $wppa_session['page']--;
66
  $wppa_session['ajax']++;
67
 
68
- $wppa_action = wppa_get( 'action' );
69
 
70
  if ( wppa_switch( 'log_ajax' ) && wppa_get( 'action' ) != 'heartbeat' && wppa_get( 'option' ) != 'heartbeat' ) {
71
  $args = '';
@@ -893,7 +893,7 @@ global $wppa;
893
  // Remove all User-<userid> tags
894
  $tag = 'user-' . wppa_get_user( 'id' );
895
  $items = $wpdb->get_results( "SELECT id, tags FROM $wpdb->wppa_photos
896
- WHERE tags LIKE '%,".$wpdb->esc_like($tag).",%'", ARRAY_A );
897
  foreach( $items as $item ) {
898
  $id = $item['id'];
899
  $tags = preg_replace( '/,'.$tag.',/siu', ',', $tags );
2
  /* wppa-ajax.php
3
  *
4
  * Functions used in ajax requests
5
+ * Version 8.0.07.005
6
  *
7
  */
8
 
65
  $wppa_session['page']--;
66
  $wppa_session['ajax']++;
67
 
68
+ $wppa_action = wppa_get( 'wppa-action' );
69
 
70
  if ( wppa_switch( 'log_ajax' ) && wppa_get( 'action' ) != 'heartbeat' && wppa_get( 'option' ) != 'heartbeat' ) {
71
  $args = '';
893
  // Remove all User-<userid> tags
894
  $tag = 'user-' . wppa_get_user( 'id' );
895
  $items = $wpdb->get_results( "SELECT id, tags FROM $wpdb->wppa_photos
896
+ WHERE tags LIKE '%" . str_replace( "'", "\'", ',' . $wpdb->esc_like( $tag ) . ',' ) . "%'", ARRAY_A );
897
  foreach( $items as $item ) {
898
  $id = $item['id'];
899
  $tags = preg_replace( '/,'.$tag.',/siu', ',', $tags );
wppa-album-admin-autosave.php CHANGED
@@ -3,7 +3,7 @@
3
  * Package: wp-photo-album-plus
4
  *
5
  * create, edit and delete albums
6
- * Version 8.0.07.004
7
  *
8
  */
9
 
@@ -94,24 +94,24 @@ global $wppa_revno;
94
  return;
95
  }
96
 
97
- if ( $_REQUEST['edit-id'] == 'search' ) {
98
 
99
  $back_url = get_admin_url() . 'admin.php?page=wppa_admin_menu';
100
- if ( isset ( $_REQUEST['wppa-searchstring'] ) ) {
101
- $back_url .= '&wppa-searchstring=' . wppa_sanitize_searchstring( $_REQUEST['wppa-searchstring'] );
102
  }
103
  $back_url .= '#wppa-edit-search-tag';
104
 
105
  echo '
106
  <a name="manage-photos" id="manage-photos" ></a>
107
  <h2>' . __( 'Manage Photos', 'wp-photo-album-plus' );
108
- if ( isset( $_REQUEST['bulk'] ) ) {
109
  echo
110
  ' - <small><i>' .
111
  __( 'Copy / move / delete / edit name / edit description / change status', 'wp-photo-album-plus' ) .
112
  '</i></small>';
113
  }
114
- elseif ( isset( $_REQUEST['quick'] ) ) {
115
  echo
116
  ' - <small><i>' .
117
  __( 'Edit photo information except copy and move', 'wp-photo-album-plus' ) .
@@ -131,7 +131,7 @@ global $wppa_revno;
131
  '</a>
132
  <br /><br />';
133
 
134
- if ( isset( $_REQUEST['bulk'] ) ) {
135
  wppa_album_photos_bulk( $ei );
136
  }
137
  else {
@@ -152,7 +152,7 @@ global $wppa_revno;
152
  return;
153
  }
154
 
155
- if ( $_REQUEST['edit-id'] == 'trash' ) {
156
 
157
  echo '
158
  <div class="wrap">
@@ -166,7 +166,7 @@ global $wppa_revno;
166
  return;
167
  }
168
 
169
- if ( $_REQUEST['edit-id'] == 'new' ) {
170
 
171
  if ( ! wppa_can_create_album() ) {
172
  wp_die( __( 'You have insufficient rights to create an album', 'wp-photo-album-plus' ) );
@@ -174,11 +174,8 @@ global $wppa_revno;
174
  $id = wppa_nextkey( WPPA_ALBUMS );
175
 
176
  // Creating a sub-album of a given parent?
177
- if ( isset( $_REQUEST['parent_id'] ) ) {
178
- $parent = $_REQUEST['parent_id'];
179
- if ( ! is_numeric( $parent ) ) {
180
- wp_die('Security check failure 3');
181
- }
182
  $name = wppa_get_album_name( $parent ) . '-#' . $id;
183
  if ( ! current_user_can( 'administrator' ) ) { // someone creating an album for someone else?
184
  $parentowner = $wpdb->get_var( $wpdb->prepare( "SELECT owner FROM $wpdb->wppa_albums WHERE id = %s", $parent ) );
@@ -215,26 +212,26 @@ global $wppa_revno;
215
  wppa_set_last_album( $id );
216
  wppa_invalidate_treecounts( $id );
217
  wppa_index_add( 'album', $id );
218
- if ( isset( $_REQUEST['is_sibling_of'] ) && is_numeric( $_REQUEST['is_sibling_of'] ) ) {
219
- $sib_id = strval( intval( $_REQUEST['is_sibling_of'] ) );
220
- if ( $sib_id > 0 ) {
221
-
222
- // Get siblings data to inherit
223
- $sib_alb = wppa_cache_album( $sib_id );
224
- wppa_update_album( array( 'id' => $id,
225
- 'cover_type' => $sib_alb['cover_type'],
226
- 'cover_linktype' => $sib_alb['cover_linktype'],
227
- 'main_photo' => ( $sib_alb['main_photo'] < '0' ? $sib_alb['main_photo'] : '0' ),
228
- ) );
229
- }
230
  }
 
231
  wppa_update_message( sprintf( __( 'Album #%d added', 'wp-photo-album-plus' ), $id ) );
232
  wppa_create_pl_htaccess();
233
  $edit_id = $id;
234
  }
235
  }
236
  else {
237
- $edit_id = strval( intval( $_REQUEST['edit-id'] ) );
238
  }
239
 
240
  // See if this user may edit this album
@@ -244,8 +241,8 @@ global $wppa_revno;
244
  }
245
 
246
  // Apply new desc
247
- if ( isset( $_REQUEST['applynewdesc'] ) ) {
248
- if ( ! wp_verify_nonce( $_REQUEST['wppa-nonce'], 'wppa-nonce') ) {
249
  wp_die( __( 'You do not have the rights to do this', 'wp-photo-album-plus' ) );
250
  }
251
  $iret = $wpdb->query( $wpdb->prepare( "UPDATE $wpdb->wppa_photos
@@ -255,8 +252,8 @@ global $wppa_revno;
255
  }
256
 
257
  // Remake album
258
- if ( isset( $_REQUEST['remakealbum'] ) ) {
259
- if ( ! wp_verify_nonce( $_REQUEST['wppa-nonce'], 'wppa-nonce' ) ) {
260
  wp_die( __( 'You do not have the rights to do this', 'wp-photo-album-plus' ) );
261
  }
262
 
@@ -282,9 +279,9 @@ global $wppa_revno;
282
 
283
  // Set all to pano
284
  $timeup = false;
285
- if ( isset( $_REQUEST['pano-val'] ) ) {
 
286
 
287
- $pano = $_REQUEST['pano-val'];
288
  $last = get_option( 'wppa_last_pano_set', '0' );
289
  $done = '0';
290
  $todo = $wpdb->get_results( $wpdb->prepare( "SELECT id, photox, photoy, panorama, angle FROM $wpdb->wppa_photos
@@ -1409,7 +1406,7 @@ global $wppa_revno;
1409
 
1410
  // Apply New photo desc
1411
  if ( wppa_switch( 'apply_newphoto_desc') ) {
1412
- $onc = 'if ( confirm(\'Are you sure you want to set the description of all photos to \n\n'.esc_js(wppa_opt( 'newphoto_description')).'\')) document.location=\''.wppa_ea_url($albuminfo['id'], 'edit').'&applynewdesc\'';
1413
  echo
1414
  '<input' .
1415
  ' type="button"' .
@@ -1420,7 +1417,7 @@ global $wppa_revno;
1420
 
1421
  // Remake all
1422
  if ( wppa_user_is( 'administrator' ) ) {
1423
- $onc = 'if ( confirm(\'Are you sure you want to remake the files for all photos in this album?\')) document.location=\''.wppa_ea_url($albuminfo['id'], 'edit').'&remakealbum\'';
1424
  echo
1425
  '<input' .
1426
  ' type="button"' .
@@ -1451,7 +1448,7 @@ global $wppa_revno;
1451
  '&amp;tab=edit' .
1452
  '&amp;edit-id=new' .
1453
  '&amp;parent_id=' . $albuminfo['a_parent'] .
1454
- '&amp;is_sibling_of=' . $albuminfo['id'] .
1455
  '&amp;wppa-nonce=' . wp_create_nonce( 'wppa-nonce' ) );
1456
  $onc = 'if (confirm(\''.__('Are you sure you want to create a subalbum?', 'wp-photo-album-plus').'\')) document.location=\''.$url.'\';';
1457
 
@@ -1567,14 +1564,14 @@ global $wppa_revno;
1567
  <a id="manage-photos" ></a>
1568
  <img src="<?php echo WPPA_URL.'/img/camera32.png' ?>" alt="Camera icon" />
1569
  <h1 style="display:inline;" ><?php _e('Manage Photos', 'wp-photo-album-plus');
1570
- if ( isset($_REQUEST['bulk']) ) echo ' - <small><i>'.__('Copy / move / delete / edit name / edit description / change status', 'wp-photo-album-plus').'</i></small>';
1571
- elseif ( isset($_REQUEST['seq']) ) echo ' - <small><i>'.__('Change sequence order by drag and drop', 'wp-photo-album-plus').'</i></small>';
1572
- elseif ( isset($_REQUEST['quick']) ) echo ' - <small><i>'.__('Edit photo information except copy and move', 'wp-photo-album-plus').'</i></small>';
1573
  else echo ' - <small><i>'.__('Edit photo information', 'wp-photo-album-plus').'</i></small>';
1574
  ?></h1><div style="clear:both;" >&nbsp;</div>
1575
  <?php
1576
- if ( isset($_REQUEST['bulk']) ) wppa_album_photos_bulk($edit_id);
1577
- elseif ( isset($_REQUEST['seq']) ) wppa_album_photos_sequence($edit_id);
1578
  else wppa_album_photos($edit_id);
1579
 
1580
 
@@ -1593,10 +1590,10 @@ global $wppa_revno;
1593
  <?php }
1594
 
1595
  // Comment moderate
1596
- else if ($_REQUEST['tab'] == 'cmod') {
1597
- $photo = $_REQUEST['photo'];
1598
- $alb = wppa_get_album_id_by_photo_id($photo);
1599
- if ( current_user_can('wppa_comments') && wppa_have_access($alb) ) { ?>
1600
  <div class="wrap">
1601
  <img src="<?php echo WPPA_URL.'/img/page_green.png' ?>" />
1602
  <h1 style="display:inline;" ><?php _e('Moderate comment', 'wp-photo-album-plus') ?></h1>
@@ -1610,13 +1607,13 @@ global $wppa_revno;
1610
  }
1611
 
1612
  // Photo moderate
1613
- elseif ( $_REQUEST['tab'] == 'pmod' || $_REQUEST['tab'] == 'pedit' ) {
1614
- $photo = $_REQUEST['photo'];
1615
- $alb = wppa_get_album_id_by_photo_id($photo);
1616
- if ( current_user_can('wppa_admin') && wppa_have_access($alb) ) { ?>
1617
  <div class="wrap">
1618
  <img src="<?php echo WPPA_URL.'/img/page_green.png' ?>" />
1619
- <h1 style="display:inline;" ><?php if ( $_REQUEST['tab'] == 'pmod' ) _e('Moderate photo', 'wp-photo-album-plus');
1620
  else _e('Edit photo', 'wp-photo-album-plus'); ?>
1621
  </h1><div style="clear:both;" >&nbsp;</div>
1622
  <?php wppa_album_photos('', $photo) ?>
@@ -1628,10 +1625,10 @@ global $wppa_revno;
1628
  }
1629
 
1630
  // album delete confirm page
1631
- else if ($_REQUEST['tab'] == 'del') {
1632
 
1633
- $album_owner = $wpdb->get_var($wpdb->prepare( "SELECT owner FROM $wpdb->wppa_albums WHERE id = %s", $_REQUEST['edit-id']));
1634
- if ( ( $album_owner == '--- public ---' && ! current_user_can('administrator') ) || ! wppa_have_access($_REQUEST['edit-id']) ) {
1635
  wp_die('You do not have the rights to delete this album');
1636
  }
1637
  ?>
@@ -1639,7 +1636,7 @@ global $wppa_revno;
1639
  <img src="<?php echo WPPA_URL.'/img/albumdel32.png' ?>" />
1640
  <h1 style="display:inline;" ><?php _e('Delete Album', 'wp-photo-album-plus'); ?></h1>
1641
 
1642
- <p><?php _e('Album:', 'wp-photo-album-plus'); ?> <b><?php echo htmlspecialchars( wppa_get_album_name($_REQUEST['edit-id']) ); ?>.</b></p>
1643
  <p><?php _e('Are you sure you want to delete this album?', 'wp-photo-album-plus'); ?><br />
1644
  <?php _e('Press Delete to continue, and Cancel to go back.', 'wp-photo-album-plus'); ?>
1645
  </p>
@@ -1653,7 +1650,7 @@ global $wppa_revno;
1653
  <?php echo wppa_album_select_a( array( 'checkaccess' => true,
1654
  'path' => true,
1655
  'selected' => '0',
1656
- 'exclude' => strval( intval( $_REQUEST['edit-id'] ) ),
1657
  'addpleaseselect' => true,
1658
  'sort' => true,
1659
  ) )
@@ -1661,7 +1658,7 @@ global $wppa_revno;
1661
  </select>
1662
  </p>
1663
 
1664
- <input type="hidden" name="wppa-del-id" value="<?php echo strval( intval( $_REQUEST['edit-id'] ) ) ?>" />
1665
  <input type="button" class="button-primary" value="<?php _e('Cancel', 'wp-photo-album-plus'); ?>" onclick="parent.history.back()" />
1666
  <input type="submit" class="button-primary" style="color: red" name="wppa-del-confirm" value="<?php _e('Delete', 'wp-photo-album-plus'); ?>" />
1667
  </form>
@@ -1670,7 +1667,7 @@ global $wppa_revno;
1670
  }
1671
  else {
1672
  wppa_error_message( sprintf( __( 'Album admin action %s is not implemented', 'wp-photo-album-plus' ),
1673
- '<b>' . sanitize_text_field( $_REQUEST['tab'] ) . '</b>' ) );
1674
  }
1675
  }
1676
 
@@ -1699,8 +1696,8 @@ global $wppa_revno;
1699
  }
1700
  }
1701
 
1702
- if ( isset($_REQUEST['switchto'] ) ) {
1703
- update_option( 'wppa_album_table_'.wppa_get_user(), $_REQUEST['switchto'] );
1704
  }
1705
  $style = wppa_get_option('wppa_album_table_'.wppa_get_user(), 'flat');
1706
 
@@ -1817,8 +1814,8 @@ global $wpdb;
1817
 
1818
  // Find out what page to show
1819
  if ( $pagesize ) {
1820
- if ( isset( $_REQUEST['album-page-no'] ) ) {
1821
- $page = strval( intval( $_REQUEST['album-page-no'] ) );
1822
  $page = max( $page, '1' );
1823
  $skips = ( $page - 1 ) * $pagesize;
1824
  }
@@ -1883,12 +1880,8 @@ global $wpdb;
1883
  }
1884
 
1885
  // If filter, filter
1886
- if ( isset( $_REQUEST['filter'] ) ) {
1887
- $filter = $_REQUEST['filter'];
1888
- }
1889
- else {
1890
- $filter = false;
1891
- }
1892
  if ( $filter ) {
1893
  $filter_albs = $wpdb->get_var( $wpdb->prepare( "SELECT albums FROM $wpdb->wppa_index WHERE slug = %s LIMIT 1", $filter ) );
1894
  $filter_albs = wppa_index_string_to_array( $filter_albs );
@@ -1917,7 +1910,7 @@ global $wpdb;
1917
 
1918
  // Find the final ordering method
1919
  $reverse = false;
1920
- if ( isset($_REQUEST['order_by']) ) $order = $_REQUEST['order_by']; else $order = '';
1921
  if ( ! $order ) {
1922
  $order = wppa_get_option('wppa_album_order_'.wppa_get_user(), 'id');
1923
  $reverse = (wppa_get_option('wppa_album_order_'.wppa_get_user().'_reverse') == 'yes');
@@ -2106,12 +2099,12 @@ global $wpdb;
2106
 
2107
  <?php $url = wppa_ea_url($album['id']) ?>
2108
  <td><a href="<?php echo($url) ?>" class="wppaedit"><?php _e('Edit', 'wp-photo-album-plus'); ?></a></td>
2109
- <td><a href="<?php echo($url.'&amp;quick') ?>" class="wppaedit"><?php _e('Quick', 'wp-photo-album-plus'); ?></a></td>
2110
- <td><a href="<?php echo($url.'&amp;bulk#manage-photos') ?>" class="wppaedit"><?php _e('Bulk', 'wp-photo-album-plus'); ?></a></td>
2111
 
2112
  <?php if ( ! wppa_switch( 'porder_restricted' ) || wppa_user_is( 'administrator' ) ) {
2113
  ?>
2114
- <td><a href="<?php echo($url.'&amp;seq') ?>" class="wppaedit"><?php _e('Seq', 'wp-photo-album-plus'); ?></a></td>
2115
  <?php
2116
  }
2117
  else {
@@ -2268,8 +2261,8 @@ global $wpdb;
2268
 
2269
  // Find out what page to show
2270
  if ( $pagesize ) {
2271
- if ( isset( $_REQUEST['album-page-no'] ) ) {
2272
- $page = strval( intval( $_REQUEST['album-page-no'] ) );
2273
  $page = max( $page, '1' );
2274
  $skips = ( $page - 1 ) * $pagesize;
2275
  }
@@ -2380,7 +2373,7 @@ global $wpdb;
2380
 
2381
  // Find the ordering method
2382
  $reverse = false;
2383
- if ( isset($_REQUEST['order_by']) ) $order = $_REQUEST['order_by']; else $order = '';
2384
  if ( ! $order ) {
2385
  $order = wppa_get_option('wppa_album_order_'.wppa_get_user(), 'id');
2386
  $reverse = (wppa_get_option('wppa_album_order_'.wppa_get_user().'_reverse') == 'yes');
@@ -2711,7 +2704,7 @@ function wppa_search_edit( $collapsible = false ) {
2711
  __( 'Search for', 'wp-photo-album-plus' ) .
2712
  '</td>' .
2713
  '<td colspan="4" >';
2714
- $value = isset( $_REQUEST['wppa-searchstring'] ) ? wppa_sanitize_searchstring( $_REQUEST['wppa-searchstring'] ) : '';
2715
  $result .=
2716
  '<a id="wppa-edit-search-tag" />' .
2717
  '<input' .
@@ -2737,7 +2730,7 @@ function wppa_search_edit( $collapsible = false ) {
2737
  '</a>' .
2738
  '</td>' .
2739
  '<td>' .
2740
- '<a class="wppaedit" onclick="wppaEditSearch(\'' . wppa_ea_url( 'search' ) . '&amp;bulk' . '\', \'wppa-edit-search\' )" >' .
2741
  '<b>' . __( 'Bulk', 'wp-photo-album-plus' ) . '</b>' .
2742
  '</a>' .
2743
  '</td>' .
@@ -2984,12 +2977,12 @@ global $wpdb;
2984
  <?php if ( wppa_have_access( $album['id'] ) ) {// if ( $album['owner'] == wppa_get_user() || wppa_user_is('administrator') ) { ?>
2985
  <?php $url = wppa_ea_url($id) ?>
2986
  <td><a href="<?php echo($url) ?>" class="wppaedit"><?php _e('Edit', 'wp-photo-album-plus'); ?></a></td>
2987
- <td><a href="<?php echo($url.'&amp;quick') ?>" class="wppaedit"><?php _e('Quick', 'wp-photo-album-plus'); ?></a></td>
2988
- <td><a href="<?php echo($url.'&amp;bulk#manage-photos') ?>" class="wppaedit"><?php _e('Bulk', 'wp-photo-album-plus'); ?></a></td>
2989
 
2990
  <?php if ( ! wppa_switch( 'porder_restricted' ) || wppa_user_is( 'administrator' ) ) {
2991
  ?>
2992
- <td><a href="<?php echo($url.'&amp;seq') ?>" class="wppaedit"><?php _e('Seq', 'wp-photo-album-plus'); ?></a></td>
2993
  <?php
2994
  }
2995
  else {
@@ -3120,7 +3113,7 @@ function wppa_main_photo($cur, $covertype) {
3120
  global $wpdb;
3121
 
3122
  $output = '';
3123
- $a_id = strval( intval( $_REQUEST['edit-id'] ) );
3124
  $photos = $wpdb->get_results($wpdb->prepare("SELECT * FROM $wpdb->wppa_photos WHERE album = %s " . wppa_get_photo_order( $a_id ) . " LIMIT 1000", $a_id ), ARRAY_A );
3125
 
3126
  $cur_in_album = wppa_get_photo_item( $cur, 'album' ) == $a_id;
3
  * Package: wp-photo-album-plus
4
  *
5
  * create, edit and delete albums
6
+ * Version 8.0.07.005
7
  *
8
  */
9
 
94
  return;
95
  }
96
 
97
+ if ( wppa_get( 'edit-id' ) == 'search' ) {
98
 
99
  $back_url = get_admin_url() . 'admin.php?page=wppa_admin_menu';
100
+ if ( wppa_get( 'searchstring' ) ) {
101
+ $back_url .= '&wppa-searchstring=' . wppa_get( 'searchstring' );
102
  }
103
  $back_url .= '#wppa-edit-search-tag';
104
 
105
  echo '
106
  <a name="manage-photos" id="manage-photos" ></a>
107
  <h2>' . __( 'Manage Photos', 'wp-photo-album-plus' );
108
+ if ( wppa_get( 'bulk' ) ) {
109
  echo
110
  ' - <small><i>' .
111
  __( 'Copy / move / delete / edit name / edit description / change status', 'wp-photo-album-plus' ) .
112
  '</i></small>';
113
  }
114
+ elseif ( wppa_get( 'quick' ) ) {
115
  echo
116
  ' - <small><i>' .
117
  __( 'Edit photo information except copy and move', 'wp-photo-album-plus' ) .
131
  '</a>
132
  <br /><br />';
133
 
134
+ if ( wppa_get( 'bulk' ) ) {
135
  wppa_album_photos_bulk( $ei );
136
  }
137
  else {
152
  return;
153
  }
154
 
155
+ if ( wppa_get( 'edit-id' ) == 'trash' ) {
156
 
157
  echo '
158
  <div class="wrap">
166
  return;
167
  }
168
 
169
+ if ( wppa_get( 'edit-id' ) == 'new' ) {
170
 
171
  if ( ! wppa_can_create_album() ) {
172
  wp_die( __( 'You have insufficient rights to create an album', 'wp-photo-album-plus' ) );
174
  $id = wppa_nextkey( WPPA_ALBUMS );
175
 
176
  // Creating a sub-album of a given parent?
177
+ if ( wppa_get( 'parent_id' ) ) {
178
+ $parent = wppa_get( 'parent_id' );
 
 
 
179
  $name = wppa_get_album_name( $parent ) . '-#' . $id;
180
  if ( ! current_user_can( 'administrator' ) ) { // someone creating an album for someone else?
181
  $parentowner = $wpdb->get_var( $wpdb->prepare( "SELECT owner FROM $wpdb->wppa_albums WHERE id = %s", $parent ) );
212
  wppa_set_last_album( $id );
213
  wppa_invalidate_treecounts( $id );
214
  wppa_index_add( 'album', $id );
215
+ $sib_id = wppa_get( 'is-sibling-of' );
216
+
217
+ if ( $sib_id > 0 ) {
218
+
219
+ // Get siblings data to inherit
220
+ $sib_alb = wppa_cache_album( $sib_id );
221
+ wppa_update_album( array( 'id' => $id,
222
+ 'cover_type' => $sib_alb['cover_type'],
223
+ 'cover_linktype' => $sib_alb['cover_linktype'],
224
+ 'main_photo' => ( $sib_alb['main_photo'] < '0' ? $sib_alb['main_photo'] : '0' ),
225
+ ) );
 
226
  }
227
+
228
  wppa_update_message( sprintf( __( 'Album #%d added', 'wp-photo-album-plus' ), $id ) );
229
  wppa_create_pl_htaccess();
230
  $edit_id = $id;
231
  }
232
  }
233
  else {
234
+ $edit_id = wppa_get( 'edit-id' );
235
  }
236
 
237
  // See if this user may edit this album
241
  }
242
 
243
  // Apply new desc
244
+ if ( wppa_get( 'applynewdesc' ) ) {
245
+ if ( ! wp_verify_nonce( wppa_get( 'nonce' ), 'wppa-nonce' ) ) {
246
  wp_die( __( 'You do not have the rights to do this', 'wp-photo-album-plus' ) );
247
  }
248
  $iret = $wpdb->query( $wpdb->prepare( "UPDATE $wpdb->wppa_photos
252
  }
253
 
254
  // Remake album
255
+ if ( wppa_get( 'remakealbum' ) ) {
256
+ if ( ! wp_verify_nonce( wppa_get( 'nonce' ), 'wppa-nonce' ) ) {
257
  wp_die( __( 'You do not have the rights to do this', 'wp-photo-album-plus' ) );
258
  }
259
 
279
 
280
  // Set all to pano
281
  $timeup = false;
282
+ $pano = wppa_get( 'pano-val', '9' );
283
+ if ( in_array( $pano, array( '0', '1', '2' ) ) ) {
284
 
 
285
  $last = get_option( 'wppa_last_pano_set', '0' );
286
  $done = '0';
287
  $todo = $wpdb->get_results( $wpdb->prepare( "SELECT id, photox, photoy, panorama, angle FROM $wpdb->wppa_photos
1406
 
1407
  // Apply New photo desc
1408
  if ( wppa_switch( 'apply_newphoto_desc') ) {
1409
+ $onc = 'if ( confirm(\'Are you sure you want to set the description of all photos to \n\n'.esc_js(wppa_opt( 'newphoto_description')).'\')) document.location=\''.wppa_ea_url($albuminfo['id'], 'edit').'&applynewdesc=1\'';
1410
  echo
1411
  '<input' .
1412
  ' type="button"' .
1417
 
1418
  // Remake all
1419
  if ( wppa_user_is( 'administrator' ) ) {
1420
+ $onc = 'if ( confirm(\'Are you sure you want to remake the files for all photos in this album?\')) document.location=\''.wppa_ea_url($albuminfo['id'], 'edit').'&remakealbum=1\'';
1421
  echo
1422
  '<input' .
1423
  ' type="button"' .
1448
  '&amp;tab=edit' .
1449
  '&amp;edit-id=new' .
1450
  '&amp;parent_id=' . $albuminfo['a_parent'] .
1451
+ '&amp;is-sibling-of=' . $albuminfo['id'] .
1452
  '&amp;wppa-nonce=' . wp_create_nonce( 'wppa-nonce' ) );
1453
  $onc = 'if (confirm(\''.__('Are you sure you want to create a subalbum?', 'wp-photo-album-plus').'\')) document.location=\''.$url.'\';';
1454
 
1564
  <a id="manage-photos" ></a>
1565
  <img src="<?php echo WPPA_URL.'/img/camera32.png' ?>" alt="Camera icon" />
1566
  <h1 style="display:inline;" ><?php _e('Manage Photos', 'wp-photo-album-plus');
1567
+ if ( wppa_get( 'bulk' ) ) echo ' - <small><i>'.__('Copy / move / delete / edit name / edit description / change status', 'wp-photo-album-plus').'</i></small>';
1568
+ elseif ( wppa_get( 'seq' ) ) echo ' - <small><i>'.__('Change sequence order by drag and drop', 'wp-photo-album-plus').'</i></small>';
1569
+ elseif ( wppa_get( 'quick' ) ) echo ' - <small><i>'.__('Edit photo information except copy and move', 'wp-photo-album-plus').'</i></small>';
1570
  else echo ' - <small><i>'.__('Edit photo information', 'wp-photo-album-plus').'</i></small>';
1571
  ?></h1><div style="clear:both;" >&nbsp;</div>
1572
  <?php
1573
+ if ( wppa_get( 'bulk' ) ) wppa_album_photos_bulk($edit_id);
1574
+ elseif ( wppa_get( 'seq' ) ) wppa_album_photos_sequence($edit_id);
1575
  else wppa_album_photos($edit_id);
1576
 
1577
 
1590
  <?php }
1591
 
1592
  // Comment moderate
1593
+ elseif ( wppa_get( 'tab' ) == 'cmod' ) {
1594
+ $photo = wppa_get( 'photo' );
1595
+ $alb = wppa_get_album_id_by_photo_id( $photo );
1596
+ if ( current_user_can('wppa_comments') && wppa_have_access( $alb ) ) { ?>
1597
  <div class="wrap">
1598
  <img src="<?php echo WPPA_URL.'/img/page_green.png' ?>" />
1599
  <h1 style="display:inline;" ><?php _e('Moderate comment', 'wp-photo-album-plus') ?></h1>
1607
  }
1608
 
1609
  // Photo moderate
1610
+ elseif ( wppa_get( 'tab' ) == 'pmod' || wppa_get( 'tab' ) == 'pedit' ) {
1611
+ $photo = wppa_get( 'photo' );
1612
+ $alb = wppa_get_album_id_by_photo_id( $photo );
1613
+ if ( current_user_can( 'wppa_admin' ) && wppa_have_access( $alb ) ) { ?>
1614
  <div class="wrap">
1615
  <img src="<?php echo WPPA_URL.'/img/page_green.png' ?>" />
1616
+ <h1 style="display:inline;" ><?php if ( wppa_get( 'tab' ) == 'pmod' ) _e('Moderate photo', 'wp-photo-album-plus');
1617
  else _e('Edit photo', 'wp-photo-album-plus'); ?>
1618
  </h1><div style="clear:both;" >&nbsp;</div>
1619
  <?php wppa_album_photos('', $photo) ?>
1625
  }
1626
 
1627
  // album delete confirm page
1628
+ elseif ( wppa_get( 'tab' ) == 'del' ) {
1629
 
1630
+ $album_owner = $wpdb->get_var($wpdb->prepare( "SELECT owner FROM $wpdb->wppa_albums WHERE id = %s", wppa_get( 'edit-id' ) ) );
1631
+ if ( ( $album_owner == '--- public ---' && ! current_user_can('administrator') ) || ! wppa_have_access( wppa_get( 'edit-id' ) ) ) {
1632
  wp_die('You do not have the rights to delete this album');
1633
  }
1634
  ?>
1636
  <img src="<?php echo WPPA_URL.'/img/albumdel32.png' ?>" />
1637
  <h1 style="display:inline;" ><?php _e('Delete Album', 'wp-photo-album-plus'); ?></h1>
1638
 
1639
+ <p><?php _e('Album:', 'wp-photo-album-plus'); ?> <b><?php echo htmlspecialchars( wppa_get_album_name( wppa_get( 'edit-id' ) ) ); ?>.</b></p>
1640
  <p><?php _e('Are you sure you want to delete this album?', 'wp-photo-album-plus'); ?><br />
1641
  <?php _e('Press Delete to continue, and Cancel to go back.', 'wp-photo-album-plus'); ?>
1642
  </p>
1650
  <?php echo wppa_album_select_a( array( 'checkaccess' => true,
1651
  'path' => true,
1652
  'selected' => '0',
1653
+ 'exclude' => strval( intval( wppa_get( 'edit-id' ) ) ),
1654
  'addpleaseselect' => true,
1655
  'sort' => true,
1656
  ) )
1658
  </select>
1659
  </p>
1660
 
1661
+ <input type="hidden" name="wppa-del-id" value="<?php echo strval( intval( wppa_get( 'edit-id' ) ) ) ?>" />
1662
  <input type="button" class="button-primary" value="<?php _e('Cancel', 'wp-photo-album-plus'); ?>" onclick="parent.history.back()" />
1663
  <input type="submit" class="button-primary" style="color: red" name="wppa-del-confirm" value="<?php _e('Delete', 'wp-photo-album-plus'); ?>" />
1664
  </form>
1667
  }
1668
  else {
1669
  wppa_error_message( sprintf( __( 'Album admin action %s is not implemented', 'wp-photo-album-plus' ),
1670
+ '<b>' . wppa_get( 'tab' ) ) . '</b>' );
1671
  }
1672
  }
1673
 
1696
  }
1697
  }
1698
 
1699
+ if ( wppa_get( 'switchto' ) ) {
1700
+ update_option( 'wppa_album_table_'.wppa_get_user(), wppa_get( 'switchto' ) );
1701
  }
1702
  $style = wppa_get_option('wppa_album_table_'.wppa_get_user(), 'flat');
1703
 
1814
 
1815
  // Find out what page to show
1816
  if ( $pagesize ) {
1817
+ if ( wppa_get( 'album-page-no' ) ) {
1818
+ $page = wppa_get( 'album-page-no' );
1819
  $page = max( $page, '1' );
1820
  $skips = ( $page - 1 ) * $pagesize;
1821
  }
1880
  }
1881
 
1882
  // If filter, filter
1883
+ $filter = wppa_get( 'filter' );
1884
+
 
 
 
 
1885
  if ( $filter ) {
1886
  $filter_albs = $wpdb->get_var( $wpdb->prepare( "SELECT albums FROM $wpdb->wppa_index WHERE slug = %s LIMIT 1", $filter ) );
1887
  $filter_albs = wppa_index_string_to_array( $filter_albs );
1910
 
1911
  // Find the final ordering method
1912
  $reverse = false;
1913
+ $order = wppa_get( 'order_by' );
1914
  if ( ! $order ) {
1915
  $order = wppa_get_option('wppa_album_order_'.wppa_get_user(), 'id');
1916
  $reverse = (wppa_get_option('wppa_album_order_'.wppa_get_user().'_reverse') == 'yes');
2099
 
2100
  <?php $url = wppa_ea_url($album['id']) ?>
2101
  <td><a href="<?php echo($url) ?>" class="wppaedit"><?php _e('Edit', 'wp-photo-album-plus'); ?></a></td>
2102
+ <td><a href="<?php echo($url.'&amp;quick=1') ?>" class="wppaedit"><?php _e('Quick', 'wp-photo-album-plus'); ?></a></td>
2103
+ <td><a href="<?php echo($url.'&amp;bulk=1#manage-photos') ?>" class="wppaedit"><?php _e('Bulk', 'wp-photo-album-plus'); ?></a></td>
2104
 
2105
  <?php if ( ! wppa_switch( 'porder_restricted' ) || wppa_user_is( 'administrator' ) ) {
2106
  ?>
2107
+ <td><a href="<?php echo($url.'&amp;seq=1') ?>" class="wppaedit"><?php _e('Seq', 'wp-photo-album-plus'); ?></a></td>
2108
  <?php
2109
  }
2110
  else {
2261
 
2262
  // Find out what page to show
2263
  if ( $pagesize ) {
2264
+ $page = wppa_get( 'album-page-no' );
2265
+ if ( $page ) {
2266
  $page = max( $page, '1' );
2267
  $skips = ( $page - 1 ) * $pagesize;
2268
  }
2373
 
2374
  // Find the ordering method
2375
  $reverse = false;
2376
+ $order = wppa_get( 'order_by' );
2377
  if ( ! $order ) {
2378
  $order = wppa_get_option('wppa_album_order_'.wppa_get_user(), 'id');
2379
  $reverse = (wppa_get_option('wppa_album_order_'.wppa_get_user().'_reverse') == 'yes');
2704
  __( 'Search for', 'wp-photo-album-plus' ) .
2705
  '</td>' .
2706
  '<td colspan="4" >';
2707
+ $value = wppa_get( 'searchstring' );
2708
  $result .=
2709
  '<a id="wppa-edit-search-tag" />' .
2710
  '<input' .
2730
  '</a>' .
2731
  '</td>' .
2732
  '<td>' .
2733
+ '<a class="wppaedit" onclick="wppaEditSearch(\'' . wppa_ea_url( 'search' ) . '&amp;bulk=1' . '\', \'wppa-edit-search\' )" >' .
2734
  '<b>' . __( 'Bulk', 'wp-photo-album-plus' ) . '</b>' .
2735
  '</a>' .
2736
  '</td>' .
2977
  <?php if ( wppa_have_access( $album['id'] ) ) {// if ( $album['owner'] == wppa_get_user() || wppa_user_is('administrator') ) { ?>
2978
  <?php $url = wppa_ea_url($id) ?>
2979
  <td><a href="<?php echo($url) ?>" class="wppaedit"><?php _e('Edit', 'wp-photo-album-plus'); ?></a></td>
2980
+ <td><a href="<?php echo($url.'&amp;quick=1') ?>" class="wppaedit"><?php _e('Quick', 'wp-photo-album-plus'); ?></a></td>
2981
+ <td><a href="<?php echo($url.'&amp;bulk=1#manage-photos') ?>" class="wppaedit"><?php _e('Bulk', 'wp-photo-album-plus'); ?></a></td>
2982
 
2983
  <?php if ( ! wppa_switch( 'porder_restricted' ) || wppa_user_is( 'administrator' ) ) {
2984
  ?>
2985
+ <td><a href="<?php echo($url.'&amp;seq=1') ?>" class="wppaedit"><?php _e('Seq', 'wp-photo-album-plus'); ?></a></td>
2986
  <?php
2987
  }
2988
  else {
3113
  global $wpdb;
3114
 
3115
  $output = '';
3116
+ $a_id = wppa_get( 'edit-id' );
3117
  $photos = $wpdb->get_results($wpdb->prepare("SELECT * FROM $wpdb->wppa_photos WHERE album = %s " . wppa_get_photo_order( $a_id ) . " LIMIT 1000", $a_id ), ARRAY_A );
3118
 
3119
  $cur_in_album = wppa_get_photo_item( $cur, 'album' ) == $a_id;
wppa-album-navigator-widget.php CHANGED
@@ -3,7 +3,7 @@
3
  * Package: wp-photo-album-plus
4
  *
5
  * display album names linking to content
6
- * Version 8.0.04.005
7
  */
8
 
9
  class AlbumNavigatorWidget extends WP_Widget {
@@ -186,9 +186,7 @@ class AlbumNavigatorWidget extends WP_Widget {
186
 
187
  if ( ! $level ) {
188
  $level = '1';
189
- if ( isset( $_REQUEST['wppa-album'] ) ) $ca = $_REQUEST['wppa-album'];
190
- elseif ( isset( $_REQUEST['album'] ) ) $ca = $_REQUEST['album'];
191
- else $ca = '0';
192
  $ca = wppa_force_numeric_else( $ca, '0' );
193
  if ( $ca && ! wppa_album_exists( $ca ) ) {
194
  $ca = '0';
3
  * Package: wp-photo-album-plus
4
  *
5
  * display album names linking to content
6
+ * Version 8.0.07.005
7
  */
8
 
9
  class AlbumNavigatorWidget extends WP_Widget {
186
 
187
  if ( ! $level ) {
188
  $level = '1';
189
+ $ca = wppa_get( 'album' );
 
 
190
  $ca = wppa_force_numeric_else( $ca, '0' );
191
  if ( $ca && ! wppa_album_exists( $ca ) ) {
192
  $ca = '0';
wppa-boxes-html.php CHANGED
@@ -3,7 +3,7 @@
3
  * Package: wp-photo-album-plus
4
  *
5
  * Various wppa boxes
6
- * Version 8.0.07.004
7
  *
8
  */
9
 
@@ -593,7 +593,7 @@ global $wppa_session;
593
  type="search"
594
  class="search-field"
595
  placeholder="' . esc_attr( wppa_opt( 'search_placeholder' ) ) . '"
596
- value="' . esc_attr( isset( $_REQUEST['wppa-searchstring'] ) ? $_REQUEST['wppa-searchstring'] : '' ) . '"
597
  name="wppa-searchstring"
598
  />
599
  </label>
@@ -613,7 +613,7 @@ global $wppa_session;
613
  </label>
614
  <input
615
  type="text"
616
- value="' . esc_attr( isset( $_REQUEST['wppa-searchstring'] ) ? $_REQUEST['wppa-searchstring'] : '' ) . '"
617
  name="wppa-searchstring"
618
  id="wppa_s-' . $mocc . '"
619
  />
@@ -678,7 +678,7 @@ global $wppa_session;
678
  }
679
 
680
  // Fix previous input
681
- $form_core = str_replace( 'value=""', 'value="' . esc_attr( isset( $_REQUEST['wppa-searchstring'] ) ? $_REQUEST['wppa-searchstring'] : '' ) . '"', $form_core );
682
 
683
  // Fix placeholder
684
  $form_core = preg_replace( '/placeholder=\"[^\"]*/', 'placeholder="' . esc_attr( wppa_opt( 'search_placeholder' ) ), $form_core );
@@ -6472,7 +6472,7 @@ global $wppa_lang;
6472
  }
6473
  $al .= '&wppa-fromp=' . wppa_get_the_ID();
6474
 
6475
- if ( wppa_get( 'lang' ) ) { // If lang in querystring: keep it
6476
  if ( strpos( $al, 'lang=' ) === false ) { // Not yet
6477
  $al .= '&lang=' . $wppa_lang;
6478
  }
3
  * Package: wp-photo-album-plus
4
  *
5
  * Various wppa boxes
6
+ * Version 8.0.07.005
7
  *
8
  */
9
 
593
  type="search"
594
  class="search-field"
595
  placeholder="' . esc_attr( wppa_opt( 'search_placeholder' ) ) . '"
596
+ value="' . esc_attr( wppa_get( 'searchstring' ) ) . '"
597
  name="wppa-searchstring"
598
  />
599
  </label>
613
  </label>
614
  <input
615
  type="text"
616
+ value="' . esc_attr( wppa_get( 'searchstring' ) ) . '"
617
  name="wppa-searchstring"
618
  id="wppa_s-' . $mocc . '"
619
  />
678
  }
679
 
680
  // Fix previous input
681
+ $form_core = str_replace( 'value=""', 'value="' . esc_attr( wppa_get( 'searchstring' ) ) . '"', $form_core );
682
 
683
  // Fix placeholder
684
  $form_core = preg_replace( '/placeholder=\"[^\"]*/', 'placeholder="' . esc_attr( wppa_opt( 'search_placeholder' ) ), $form_core );
6472
  }
6473
  $al .= '&wppa-fromp=' . wppa_get_the_ID();
6474
 
6475
+ if ( $wppa_lang ) { // If lang in querystring: keep it
6476
  if ( strpos( $al, 'lang=' ) === false ) { // Not yet
6477
  $al .= '&lang=' . $wppa_lang;
6478
  }
wppa-breadcrumb.php CHANGED
@@ -3,7 +3,7 @@
3
  * Package: wp-photo-album-plus
4
  *
5
  * Functions for breadcrumbs
6
- * Version 8.0.07.004
7
  *
8
  */
9
 
@@ -249,11 +249,8 @@ global $wppa_session;
249
  elseif ( wppa( 'searchstring' ) ) {
250
  $value .= stripslashes( wppa( 'searchstring' ) );
251
  }
252
- elseif ( isset( $_REQUEST['wppa-searchstring'] ) ) {
253
- $value .= $_REQUEST['wppa-searchstring'];
254
- }
255
- elseif ( isset( $_REQUEST['searchstring'] ) ) {
256
- $value .= $_REQUEST['searchstring'];
257
  }
258
  if ( wppa( 'catbox' ) ) {
259
  $value .= ', ' . __( 'in category:', 'wp-photo-album-plus' ) . ' ' . trim( wppa( 'catbox' ), ',' );
3
  * Package: wp-photo-album-plus
4
  *
5
  * Functions for breadcrumbs
6
+ * Version 8.0.07.005
7
  *
8
  */
9
 
249
  elseif ( wppa( 'searchstring' ) ) {
250
  $value .= stripslashes( wppa( 'searchstring' ) );
251
  }
252
+ else {
253
+ $value .= wppa_get( 'searchstring' );
 
 
 
254
  }
255
  if ( wppa( 'catbox' ) ) {
256
  $value .= ', ' . __( 'in category:', 'wp-photo-album-plus' ) . ' ' . trim( wppa( 'catbox' ), ',' );
wppa-encrypt.php CHANGED
@@ -3,7 +3,7 @@
3
  * Package: wp-photo-album-plus
4
  *
5
  * Contains all ecryption/decryption logic
6
- * Version 8.0.06.003
7
  *
8
  */
9
 
@@ -169,11 +169,6 @@ global $wpdb;
169
  // Fix js trick
170
  $photo = trim( $photo, '/' );
171
 
172
- // Feature enabled?
173
- if ( ! wppa_switch( 'use_encrypted_links' ) ) {
174
- return $photo;
175
- }
176
-
177
  // If enumeration, split
178
  if ( strpos( $photo, '.' ) !== false ) {
179
  $photos = explode( '.', $photo );
@@ -208,16 +203,38 @@ global $wpdb;
208
  return $id;
209
  }
210
 
211
- // Convert album crypt to id
212
- function wppa_decrypt_album( $album, $dummy = true, $no_refuse = false ) {
213
  global $wpdb;
214
 
215
- // Feature enabled?
216
- if ( ! wppa_switch( 'use_encrypted_links' ) ) {
217
- return $album;
 
 
 
 
218
  }
219
 
220
- // Yes. Decompose possible album enumeration
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
221
  $album_crypts = explode( '.', $album );
222
  $album_ids = array();
223
  $i = 0;
@@ -283,6 +300,33 @@ global $wpdb;
283
  return $result;
284
  }
285
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
286
  // Encrypt a full url
287
  function wppa_encrypt_url( $url ) {
288
 
3
  * Package: wp-photo-album-plus
4
  *
5
  * Contains all ecryption/decryption logic
6
+ * Version 8.0.07.005
7
  *
8
  */
9
 
169
  // Fix js trick
170
  $photo = trim( $photo, '/' );
171
 
 
 
 
 
 
172
  // If enumeration, split
173
  if ( strpos( $photo, '.' ) !== false ) {
174
  $photos = explode( '.', $photo );
203
  return $id;
204
  }
205
 
206
+ // Photo name to id. One only because of possible . in name or try to expand enum
207
+ function wppa_decode_photo( $photo ) {
208
  global $wpdb;
209
 
210
+ // Fix js trick
211
+ $photo = trim( $photo, '/' );
212
+
213
+ // Already decoded?
214
+ if ( wppa_is_int( $photo ) ) {
215
+
216
+ return $photo;
217
  }
218
 
219
+ // Just do it
220
+ $id = $wpdb->get_var( $wpdb->prepare( "SELECT id FROM $wpdb->wppa_photos WHERE sname = %s", $photo ) );
221
+ if ( $id === null ) {
222
+
223
+ // Maybe an enumeration
224
+ $photo = wppa_expand_enum( $photo );
225
+ }
226
+ else {
227
+ $photo = $id;
228
+ }
229
+
230
+ return $photo;
231
+ }
232
+
233
+ // Convert album crypt to id
234
+ function wppa_decrypt_album( $album, $dummy = true, $no_refuse = false ) {
235
+ global $wpdb;
236
+
237
+ // Decompose possible album enumeration
238
  $album_crypts = explode( '.', $album );
239
  $album_ids = array();
240
  $i = 0;
300
  return $result;
301
  }
302
 
303
+ // Album name to id. One only because of possible . in name or try to expand enum
304
+ function wppa_decode_album( $album ) {
305
+ global $wpdb;
306
+
307
+ // Fix js trick
308
+ $album = trim( $album, '/' );
309
+
310
+ // Already decoded?
311
+ if ( wppa_is_int( $album ) ) {
312
+
313
+ return $album;
314
+ }
315
+
316
+ // Just do it
317
+ $id = $wpdb->get_var( $wpdb->prepare( "SELECT id FROM $wpdb->wppa_albums WHERE sname = %s", $album ) );
318
+ if ( $id === null ) {
319
+
320
+ // Maybe an enumeration
321
+ $album = wppa_expand_enum( $album );
322
+ }
323
+ else {
324
+ $album = $id;
325
+ }
326
+
327
+ return $album;
328
+ }
329
+
330
  // Encrypt a full url
331
  function wppa_encrypt_url( $url ) {
332
 
wppa-functions.php CHANGED
@@ -3,7 +3,7 @@
3
  * Package: wp-photo-album-plus
4
  *
5
  * Various functions
6
- * Version 8.0.07.004
7
  *
8
  */
9
 
@@ -1608,7 +1608,7 @@ global $wppa_session;
1608
  if ( ! $first ) {
1609
  $tags_like .= " " . $andor;
1610
  }
1611
- $tags_like .= " tags LIKE '%,".$wpdb->esc_like($tag).",%'";
1612
  $first = false;
1613
  }
1614
 
3
  * Package: wp-photo-album-plus
4
  *
5
  * Various functions
6
+ * Version 8.0.07.005
7
  *
8
  */
9
 
1608
  if ( ! $first ) {
1609
  $tags_like .= " " . $andor;
1610
  }
1611
+ $tags_like .= " tags LIKE '%" . str_replace( "'", "\'", ',' . $wpdb->esc_like( $tag ) . ',' ) . "%'";
1612
  $first = false;
1613
  }
1614
 
wppa-input.php CHANGED
@@ -3,7 +3,7 @@
3
  * Package: wp-photo-album-plus
4
  *
5
  * Contains functions for sanitizing and formatting user input
6
- * Version 8.0.07.004
7
  *
8
  */
9
 
@@ -46,573 +46,339 @@ function wppa_redirect() {
46
  }
47
  }
48
 
49
- /* PARSE QUERYSTRING AND SAVE IN $wppa_query_vars */
50
- // add_action( 'plugins_loaded', 'wppa_parse_query_string', '2' );
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
51
 
52
- function wppa_parse_query_string() {
53
- global $wppa_query_vars;
54
- global $wppa_sanitized_query_vars;
 
 
 
 
55
  global $wpdb;
56
 
57
- // Init
58
- $wppa_query_vars = array_merge( $_GET, $_POST );
59
-
60
- // Debug
61
- $wppa_sanitized_query_vars =
62
- array(
63
- 'occur',
64
- 'moccur',
65
- 'woccur',
66
- 'topten',
67
- 'lasten',
68
- 'comten',
69
- 'featen',
70
- 'relcount',
71
- 'page',
72
- 'caldate',
73
- 'calendar-month',
74
- 'calendar-year',
75
- 'slug',
76
- 'size',
77
- 'fromp',
78
- 'forceroot',
79
- 'cover',
80
- 'slide',
81
- 'slideonly',
82
- 'filmonly',
83
- 'single',
84
- 'photos-only',
85
- 'albums-only',
86
- 'medals-only',
87
- 'rel',
88
- 'rootsearch',
89
- 'potdhis',
90
- 'debug',
91
- 'inv',
92
- 'vt',
93
- 'catbox',
94
- 'resp',
95
- 'searchstring',
96
- 'supersearch',
97
- 'lang',
98
- 'wppalocale',
99
- 'tag',
100
- 'calendar',
101
- 'upldr',
102
- 'owner',
103
- 'nonce',
104
- 'photo',
105
- 'photos',
106
- 'hilite',
107
- 'photo-id',
108
- 'album',
109
- 'value',
110
- 'option',
111
- 'action',
112
- 'forceroot',
113
- 'albumeditsubmit',
114
- 'comment-id',
115
- 'comemail',
116
- 'cache',
117
- 'commentbtn',
118
- 'comname',
119
- 'fe-create',
120
- 'comment',
121
- 'p',
122
- 'page_id',
123
- 'rating',
124
- 'rating-id',
125
- 's',
126
- 'searchroot',
127
- 'searchselbox-0',
128
- 'searchselbox-1',
129
- 'searchselbox-2',
130
- 'superview',
131
- 'upload-album',
132
- 'user-name',
133
- 'user-desc',
134
- 'ntfy-nonce',
135
- 'qr-nonce',
136
- 'crypt',
137
- 'user',
138
- 'url',
139
- 'index',
140
- 'just-edit',
141
- 'next-after',
142
- 'filter',
143
- 'commentid',
144
- 'commentids',
145
- 'commenttext',
146
- 'orderby',
147
- 'order',
148
- 'quick',
149
- 'bulk-status',
150
- 'bulk-album',
151
- 'bulk-owner',
152
- 'set-album',
153
- 'watermark-file',
154
- 'watermark-pos',
155
- 'photo-album',
156
- 'video-album',
157
- 'audio-album',
158
- 'document-album',
159
- 'del-after-p',
160
- 'del-after-f',
161
- 'del-after-a',
162
- 'del-after-z',
163
- 'del-after-v',
164
- 'del-after-u',
165
- 'del-after-c',
166
- 'del-after-d',
167
- 'del-dir',
168
- 'cre-album',
169
- 'use-backup',
170
- 'update',
171
- 'bulk-action',
172
- 'import-ajax-file',
173
- 'import-set-source-dir',
174
- 'import-set-source-url',
175
- 'import-submit',
176
- 'local-remote',
177
- 'zip',
178
- 'superview',
179
- 'nodups',
180
- 'upn-name',
181
- 'upn-description',
182
- 'upn-tags',
183
- 'del-confirm',
184
- 'custom_0',
185
- 'custom_1',
186
- 'custom_2',
187
- 'custom_3',
188
- 'custom_4',
189
- 'custom_5',
190
- 'custom_6',
191
- 'custom_7',
192
- 'custom_8',
193
- 'custom_9',
194
- 'del-id',
195
- 'del-photos',
196
- 'move-album',
197
- 'edit-id',
198
- 'cron',
199
- 'tab',
200
-
201
- );
202
-
203
- // Parse and sanitize
204
- foreach( array_keys( $wppa_query_vars ) as $key ) {
205
-
206
- // For ajax: Ignore 'action', only look at wppa-action
207
- if ( $key == 'action' ) continue;
208
-
209
- // For admin: Igbore 'page', only look at wppa-page
210
- if ( $key == 'page' ) continue;
211
-
212
- // Find an arg
213
- $name = $key;
214
- $value = $wppa_query_vars[$name];
215
- if ( substr( $name, 0, 5 ) == 'wppa-' ) {
216
- unset( $wppa_query_vars[$name] );
217
- $name = substr( $name, 5 );
218
- $wppa_query_vars[$name] = $value;
219
  }
 
220
 
221
- // Sanitize
222
- $is_cryptic = false;
223
- switch ( $name ) {
224
-
225
- // Integer
226
- case 'occur':
227
- case 'moccur':
228
- case 'woccur':
229
- case 'topten':
230
- case 'lasten':
231
- case 'comten':
232
- case 'featen':
233
- case 'relcount':
234
- case 'page':
235
- case 'page_id':
236
- case 'caldate':
237
- case 'size':
238
- case 'fromp':
239
- case 'forceroot':
240
- case 'comment-id':
241
- case 'upload-album':
242
- case 'user':
243
- case 'rating':
244
- case 'index':
245
- case 'next-after':
246
- case 'commentid':
247
- case 'bulk-album':
248
- case 'set-album':
249
- case 'photo-album':
250
- case 'video-album':
251
- case 'audio-album':
252
- case 'document-album':
253
- case 'del-id':
254
- case 'move-album':
255
-
256
- $value = strval( intval( $value ) );
257
- break;
258
-
259
- // Array of integers
260
- case 'commentids':
261
- break;
262
-
263
- // Boolean
264
- case 'cover':
265
- case 'slide':
266
- case 'slideonly':
267
- case 'filmonly':
268
- case 'single':
269
- case 'photos-only':
270
- case 'albums-only':
271
- case 'medals-only':
272
- case 'rel':
273
- case 'rootsearch':
274
- case 'potdhis':
275
- case 'debug':
276
- case 'inv':
277
- case 'vt':
278
- case 'catbox':
279
- case 'resp':
280
- case 'quick':
281
- case 'continue':
282
- case 'del-after-p':
283
- case 'del-after-f':
284
- case 'del-after-a':
285
- case 'del-after-z':
286
- case 'del-after-v':
287
- case 'del-after-u':
288
- case 'del-after-c':
289
- case 'del-after-d':
290
- case 'del-dir':
291
- case 'use-backup':
292
- case 'update':
293
- case 'superview':
294
- case 'nodups':
295
- if ( $value !== '0' && $value != 'nil' ) {
296
- $value = '1';
297
- }
298
- else {
299
- $value = '0';
300
- }
301
- break;
302
-
303
- // Searchstring
304
- case 'searchstring':
305
- $value = wppa_sanitize_searchstring( $value );
306
- break;
307
-
308
- // Html
309
- case 'comment':
310
- case 'commenttext':
311
- case 'upn-description':
312
- if ( current_user_can( 'unfiltered_html' ) ) {
313
- $value = force_balance_tags( $value );
314
- }
315
- else {
316
- $value = strip_tags( $value );
317
- }
318
- break;
319
-
320
- // Tags / Cats
321
- case 'tag':
322
- case 'upn-tags':
323
- $value = wppa_sanitize_tags( $value );
324
- break;
325
-
326
- // Custom data
327
- case 'custom_0':
328
- case 'custom_1':
329
- case 'custom_2':
330
- case 'custom_3':
331
- case 'custom_4':
332
- case 'custom_5':
333
- case 'custom_6':
334
- case 'custom_7':
335
- case 'custom_8':
336
- case 'custom_9':
337
- $value = wppa_sanitize_custom_field( $value );
338
- break;
339
-
340
- // Textstring expected
341
- case 'supersearch':
342
- case 'lang':
343
- case 'wppalocale':
344
- case 'calendar':
345
- case 'upldr':
346
- case 'owner':
347
- case 'nonce':
348
- case 'user-name': // Photo/video name supplied by user
349
- case 'user-desc': // Desc by user
350
- case 'ntfy-nonce':
351
- case 'qr-nonce':
352
- case 'crypt':
353
- case 'slug':
354
- case 'just-edit':
355
- case 'filter':
356
- case 'orderby':
357
- case 'order':
358
- case 'bulk-status':
359
- case 'bulk-owner':
360
- case 'watermark-file':
361
- case 'watermark-pos':
362
- case 'cre-album':
363
- case 'bulk-action':
364
- case 'action':
365
- case 'option':
366
- case 'local-remote':
367
- case 'upn-name':
368
- case 'del-confirm':
369
- case 'del-photos':
370
- case 'tab':
371
- case 'edit-id':
372
-
373
- $value = sanitize_text_field( $value );
374
- break;
375
-
376
- // Possibly encrypted or nemed photo(s)
377
- case 'photo':
378
- case 'photos':
379
- case 'hilite':
380
- case 'photo-id':
381
- case 'rating-id':
382
-
383
- // Assume enumeration if multi allowed
384
- if ( $name == 'photos' ) {
385
- $values = explode( '.', $value );
386
- $multi = count( $values ) > 1;
387
- }
388
- elseif ( $name == 'photo-id' ) {
389
- $values = array( trim( $value, '/' ) );
390
- $multi = false;
391
- }
392
- else {
393
- $values = array( $value );
394
- $multi = false;
395
- }
396
 
397
- foreach ( array_keys( $values ) as $key ) {
 
 
 
398
 
399
- // Numeric?
400
- if ( is_numeric( $values[$key] ) ) {
401
- // Ok
402
- }
403
 
404
- // Text?
405
- else {
406
 
407
- // Cryptic?
408
- $val = $wpdb->get_var( $wpdb->prepare( "SELECT id FROM $wpdb->wppa_photos WHERE crypt = %s", $values[$key] ) );
409
- if ( $val ) {
410
 
411
- $values[$key] = $val;
412
- $is_cryptic = true;
413
- }
414
 
415
- // Name?
416
- else {
417
- $val = $wpdb->get_var( $wpdb->prepare( "SELECT id FROM $wpdb->wppa_photos WHERE sname = %s", $values[$key] ) );
418
- if ( $val ) {
419
 
420
- $values[$key] = $val;
421
- }
422
- }
423
- }
424
- }
425
 
426
- $value = implode( '.', $values );
427
- if ( $multi ) {
428
- $value = wppa_expand_enum( $value );
429
- }
430
- break;
431
-
432
- // Possibly encrypted or nemed album
433
- case 'album':
434
-
435
- // Assume enumeration
436
- $values = explode( '.', $value );
437
- $multi = count( $values ) > 1;
438
-
439
- foreach ( array_keys( $values ) as $key ) {
440
-
441
- // Numeric?
442
- if ( is_numeric( $values[$key] ) ) {
443
- // Ok
444
- }
445
-
446
- // Text?
447
- else {
448
-
449
- // Special album?
450
- if ( $values[$key] == wppa_get_option( 'wppa_album_crypt_9', false ) ) {
451
- $values[$key] = '999999';
452
- $is_cryptic = true;
453
- }
454
- elseif ( $values[$key] == wppa_get_option( 'wppa_album_crypt_0', false ) ) {
455
- $values[$key] = '0';
456
- $is_cryptic = true;
457
- }
458
- elseif ( $values[$key] == wppa_get_option( 'wppa_album_crypt_1', false ) ) {
459
- $values[$key] = '-1';
460
- $is_cryptic = true;
461
- }
462
- elseif ( $values[$key] == wppa_get_option( 'wppa_album_crypt_2', false ) ) {
463
- $values[$key] = '-2';
464
- $is_cryptic = true;
465
- }
466
- elseif ( $values[$key] == wppa_get_option( 'wppa_album_crypt_3', false ) ) {
467
- $values[$key] = '-3';
468
- $is_cryptic = true;
469
- }
470
-
471
- else {
472
-
473
- // Cryptic?
474
- $val = $wpdb->get_var( $wpdb->prepare( "SELECT id FROM $wpdb->wppa_albums WHERE crypt = %s", $values[$key] ) );
475
- if ( is_numeric( $val ) ) {
476
-
477
- $values[$key] = $val;
478
- $is_cryptic = true;
479
- }
480
-
481
- // Name?
482
- else {
483
- $val = $wpdb->get_var( $wpdb->prepare( "SELECT id FROM $wpdb->wppa_albums WHERE sname = %s", $values[$key] ) );
484
- if ( is_numeric( $val ) ) {
485
-
486
- $values[$key] = $val;
487
- }
488
- }
489
- }
490
- }
491
  }
 
 
492
 
493
- $value = implode( '.', $values );
494
- if ( $multi ) {
495
- $value = wppa_expand_enum( $value );
496
- }
497
- break;
498
-
499
- // Email
500
- case 'comemail':
501
- $value = sanitize_email( $value );
502
- break;
503
-
504
- // Url
505
- case 'url':
506
- $value = esc_url_raw( $value );
507
- break;
508
-
509
- // Unprocessed
510
- case 'value':
511
- case 'forceroot':
512
- case 'albumeditsubmit':
513
- case 'cache':
514
- case 'commentbtn': // Buttontext
515
- case 'comname': // Name of commenter
516
- case 'fe-create': // Yes
517
- case 'p':
518
- case 's':
519
- case 'searchroot':
520
- case 'searchselbox-0':
521
- case 'searchselbox-1':
522
- case 'searchselbox-2':
523
- case 'superview':
524
- case 'calendar-month':
525
- case 'calendar-year':
526
- case 'import-ajax-file':
527
- case 'import-set-source-dir':
528
- case 'import-set-source-url':
529
- case 'import-submit':
530
- case 'zip':
531
- case 'cron':
532
-
533
- if ( $name != 'value' || ! is_numeric( $value ) ) {
534
- // wppa_dump( 'Unprocessed querystring item found: ' . $key . ', value = ' . var_export( $value, true ) );
535
- }
536
- break;
537
 
538
- default:
539
- // wppa_dump( 'Unfiltered querystring item found: ' . $key . ', value = ' . var_export( $value, true ) );
540
- break;
541
- }
542
 
543
- // Check for refuse unencrypted
544
- if ( $name == 'photo' || $name == 'album' ) {
545
- if ( get_option( 'wppa_use_encrypted_links', 'no' ) == 'yes' && // Encryption enabled
546
- get_option( 'wppa_refuse_unencrypted', 'no' ) == 'yes' && // Must be encrypted
547
- ! wppa( 'ajax' ) && // But not needed when ajax
548
- ! $is_cryptic ) {
549
- $value = '';
550
  }
551
- }
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
552
 
553
- // Save if not empty
554
- if ( $value ) {
555
- if ( $value == 'nil' ) {
556
- $value = false;
557
  }
558
- $wppa_query_vars[$name] = $value;
559
- }
560
- else {
561
- unset( $wppa_query_vars[$name] );
562
- }
563
- }
564
- }
565
 
566
- // Retrieve a get- or post- variable, sanitized and post-processed
567
- function wppa_get( $xname, $default = false ) {
568
- global $wppa_query_vars;
569
- global $wppa_sanitized_query_vars;
570
 
571
- // Non wppa ajax call?
572
- if ( isset( $_REQUEST['action'] ) && $_REQUEST['action'] != 'wppa' ) {
573
- return $default;
574
- }
575
 
576
- // Normalize $name
577
- if ( substr( $xname, 0, 5 ) == 'wppa-' ) {
578
- $name = substr( $xname, 5 );
579
- }
580
- else {
581
- $name = $xname;
582
- }
583
 
584
- // Init required?
585
- if ( ! is_array( $wppa_query_vars ) ) {
586
- wppa_parse_query_string();
 
587
  }
588
 
589
- // See if set
590
- if ( isset( $wppa_query_vars[$name] ) ) {
591
- return $wppa_query_vars[$name];
592
- }
593
-
594
- // Not set
595
- else {
596
-
597
- // Start debug
598
- if ( ! in_array( $name, $wppa_sanitized_query_vars ) ) {
599
- if ( substr( $name, 0, 5 ) != 'file-' || ! is_numeric( substr( $name, 5 ) ) ) {
600
- $t = get_option( 'wppa_unfiltered_qvars', array() );
601
- if ( ! in_array( $name, $t ) ) {
602
- $t[] = $name;
603
- sort( $t );
604
- update_option( 'wppa_unfiltered_qvars', $t );
605
- $a = array_merge( $_GET, $_POST );
606
- if ( count( $a ) ) {
607
- wppa_dump( $name . ' in ' . var_export( $a, true ) );
608
- }
609
- }
610
- }
611
- }
612
- // End debug
613
-
614
- return $default;
615
- }
616
  }
617
 
618
  // Sanitize a searchstring
3
  * Package: wp-photo-album-plus
4
  *
5
  * Contains functions for sanitizing and formatting user input
6
+ * Version 8.0.07.005
7
  *
8
  */
9
 
46
  }
47
  }
48
 
49
+ // Gert the filter slug to use for the querystring var
50
+ function wppa_get_get_filter( $name ) {
51
+
52
+ switch ( $name ) {
53
+
54
+ // Integer
55
+ case 'occur':
56
+ case 'moccur':
57
+ case 'woccur':
58
+ case 'topten':
59
+ case 'lasten':
60
+ case 'comten':
61
+ case 'featen':
62
+ case 'relcount':
63
+ case 'page':
64
+ case 'page_id':
65
+ case 'caldate':
66
+ case 'size':
67
+ case 'fromp':
68
+ case 'forceroot':
69
+ case 'comment-id':
70
+ case 'upload-album':
71
+ case 'user':
72
+ case 'rating':
73
+ case 'index':
74
+ case 'next-after':
75
+ case 'commentid':
76
+ case 'bulk-album':
77
+ case 'set-album':
78
+ case 'photo-album':
79
+ case 'video-album':
80
+ case 'audio-album':
81
+ case 'document-album':
82
+ case 'del-id':
83
+ case 'move-album':
84
+ case 'parent-id':
85
+ case 'is-sibling-of':
86
+ case 'sub':
87
+ case 'subtab':
88
+ case 'pano-val':
89
+ case 'album-page-no':
90
+ $result = 'int';
91
+ break;
92
+
93
+ // Array of integers
94
+ case 'commentids':
95
+ $result = 'intarr';
96
+ break;
97
+
98
+ // Boolean
99
+ case 'cover':
100
+ case 'slide':
101
+ case 'slideonly':
102
+ case 'filmonly':
103
+ case 'single':
104
+ case 'photos-only':
105
+ case 'albums-only':
106
+ case 'medals-only':
107
+ case 'rel':
108
+ case 'rootsearch':
109
+ case 'potdhis':
110
+ case 'debug':
111
+ case 'inv':
112
+ case 'vt':
113
+ case 'catbox':
114
+ case 'resp':
115
+ case 'quick':
116
+ case 'continue':
117
+ case 'del-after-p':
118
+ case 'del-after-f':
119
+ case 'del-after-a':
120
+ case 'del-after-z':
121
+ case 'del-after-v':
122
+ case 'del-after-u':
123
+ case 'del-after-c':
124
+ case 'del-after-d':
125
+ case 'del-dir':
126
+ case 'use-backup':
127
+ case 'update':
128
+ case 'superview':
129
+ case 'nodups':
130
+ case 'raw':
131
+ case 'bulk':
132
+ case 'applynewdesc':
133
+ case 'remakealbum':
134
+ $result = 'bool';
135
+ break;
136
+
137
+ // Searchstring
138
+ case 'searchstring':
139
+ $result = 'src';
140
+ break;
141
+
142
+ // Html
143
+ case 'comment':
144
+ case 'commenttext':
145
+ case 'upn-description':
146
+ $result = 'html';
147
+ break;
148
+
149
+ // Tags / Cats
150
+ case 'tag':
151
+ case 'upn-tags':
152
+ $result = 'tags';
153
+ break;
154
+
155
+ // Custom data
156
+ case 'custom_0':
157
+ case 'custom_1':
158
+ case 'custom_2':
159
+ case 'custom_3':
160
+ case 'custom_4':
161
+ case 'custom_5':
162
+ case 'custom_6':
163
+ case 'custom_7':
164
+ case 'custom_8':
165
+ case 'custom_9':
166
+ $result = 'custom';
167
+ break;
168
+
169
+ // Text
170
+ case 'supersearch':
171
+ case 'lang':
172
+ case 'wppalocale':
173
+ case 'calendar':
174
+ case 'upldr':
175
+ case 'owner':
176
+ case 'nonce':
177
+ case 'user-name': // Photo/video name supplied by user
178
+ case 'user-desc': // Desc by user
179
+ case 'ntfy-nonce':
180
+ case 'qr-nonce':
181
+ case 'crypt':
182
+ case 'slug':
183
+ case 'just-edit':
184
+ case 'filter':
185
+ case 'orderby':
186
+ case 'order':
187
+ case 'bulk-status':
188
+ case 'bulk-owner':
189
+ case 'watermark-file':
190
+ case 'watermark-pos':
191
+ case 'cre-album':
192
+ case 'bulk-action':
193
+ case 'action':
194
+ case 'option':
195
+ case 'local-remote':
196
+ case 'upn-name':
197
+ case 'del-confirm':
198
+ case 'del-photos':
199
+ case 'tab':
200
+ case 'edit-id':
201
+ case 'settings-submit':
202
+ case 'key':
203
+ case 'subtab':
204
+ case 'switchto':
205
+ case 'order_by':
206
+ case 'comname':
207
+ $result = 'text';
208
+ break;
209
+
210
+ // Possibly encrypted or nemed photo(s)
211
+ case 'photo':
212
+ case 'photos':
213
+ case 'hilite':
214
+ case 'photo-id':
215
+ case 'rating-id':
216
+ $result = 'pcrypt';
217
+ break;
218
+
219
+ // Possibly encrypted or nemed album
220
+ case 'album':
221
+ $result = 'acrypt';
222
+ break;
223
+
224
+ // Email
225
+ case 'comemail':
226
+ $result = 'email';
227
+ break;
228
+
229
+ // Url
230
+ case 'url':
231
+ case 'returnurl':
232
+ $result = 'url';
233
+ break;
234
+
235
+ default:
236
+ $result = 'raw';
237
+ break;
238
 
239
+ }
240
+
241
+ return $result;
242
+ }
243
+
244
+ // Retrieve a get- or post- variable, sanitized and post-processed
245
+ function wppa_get( $xname, $default = false, $filter = false ) {
246
  global $wpdb;
247
 
248
+ // Ajax call?
249
+ if ( $xname == 'wppa-action' ) {
250
+ if ( isset( $_REQUEST['wppa-action'] ) ) {
251
+ return sanitize_text_field( $_REQUEST['wppa-action'] );
252
+ }
253
+ }
254
+ elseif ( $xname == 'action' ) {
255
+ if ( isset( $_REQUEST['action'] ) ) {
256
+ return sanitize_text_field( $_REQUEST['action'] );
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
257
  }
258
+ }
259
 
260
+ // Normalize $name and $xname
261
+ if ( substr( $xname, 0, 5 ) == 'wppa-' ) {
262
+ $name = substr( $xname, 5 );
263
+ }
264
+ else {
265
+ $name = $xname;
266
+ $xname = 'wppa-' . $name;
267
+ }
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
268
 
269
+ // Get the value
270
+ $value = isset( $_REQUEST[$name] ) ? $_REQUEST[$name] : null;
271
+ if ( $value === null ) $value = isset( $_REQUEST[$xname] ) ? $_REQUEST[$xname] : null;
272
+ if ( $value === null ) return $default;
273
 
274
+ // Get the right filter
275
+ if ( ! $filter ) {
276
+ $filter = wppa_get_get_filter( $name );
277
+ }
278
 
279
+ // wppa_dump( $name . ' requested. Filter = ' . $filter . ' Returned: ' . $value . ' - not filtered.' );
 
280
 
281
+ // return $value;
 
 
282
 
283
+ // Do the filtering
284
+ switch ( $filter ) {
 
285
 
286
+ case 'int':
287
+ $result = strval( intval ( $value ) );
288
+ break;
 
289
 
290
+ case 'posint':
291
+ $result = max( '1', strval( intval ( $value ) ) );
292
+ break;
 
 
293
 
294
+ case 'intarr':
295
+ if ( is_array( $value ) ) {
296
+ foreach( array_keys( $value ) as $i ) {
297
+ $value[$i] = strval( intval( $value[$i] ) );
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
298
  }
299
+ }
300
+ break;
301
 
302
+ case 'bool':
303
+ if ( $value !== '0' && $value != 'nil' && $value != 'no' ) {
304
+ $result = '1';
305
+ }
306
+ else {
307
+ $result = '0';
308
+ }
309
+ break;
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
310
 
311
+ case 'src':
312
+ $result = wppa_sanitize_searchstring( $value );
313
+ break;
 
314
 
315
+ case 'html':
316
+ if ( current_user_can( 'unfiltered_html' ) ) {
317
+ $result = force_balance_tags( $value );
 
 
 
 
318
  }
319
+ else {
320
+ $result = strip_tags( $value );
321
+ }
322
+ break;
323
+
324
+ case 'tag':
325
+ case 'tags':
326
+ case 'cat':
327
+ $result = trim( wppa_sanitize_tags( $value ), ',' );
328
+ break;
329
+
330
+ case 'custom':
331
+ $result = wppa_sanitize_custom_field( $value );
332
+ break;
333
+
334
+ case 'text':
335
+ $result = sanitize_text_field( $value );
336
+ break;
337
+
338
+ case 'pcrypt':
339
+ $result = trim( $value, '/' );
340
+ if ( get_option( 'wppa_use_photo_names_in_urls', 'no' ) == 'yes' ) {
341
+ $result = wppa_decode_photo( $value );
342
+ }
343
+ else {
344
+ $result = wppa_decrypt_photo( $value );
345
+ }
346
+ break;
347
 
348
+ case 'acrypt':
349
+ $result = trim( $value, '/' );
350
+ if ( get_option( 'wppa_use_album_names_in_urls', 'no' ) == 'yes' ) {
351
+ $result = wppa_decode_album( $value );
352
  }
353
+ else {
354
+ $result = wppa_decrypt_album( $value );
355
+ }
356
+ break;
 
 
 
357
 
358
+ case 'email':
359
+ $result = sanitize_email( $value );
360
+ break;
 
361
 
362
+ case 'url':
363
+ $result = esc_url_raw( $value );
364
+ break;
 
365
 
366
+ case 'raw':
367
+ $result = $value;
368
+ wppa_dump( 'Unfiltered (raw) querystring arg ' . $name . ', value= ' . $value );
369
+ break;
 
 
 
370
 
371
+ default:
372
+ $result = $value;
373
+ wppa_dump( 'Unknown filter for querystring arg ' . $name . ', value= ' . $value );
374
+ break;
375
  }
376
 
377
+ // $r = is_array( $result ) ? var_export( $result, true ) : $result;
378
+ // $text = 'Query arg '.$xname.' requested. Raw data = '.$value.', filtered by '.$filter.', returned '.$r;
379
+ // wppa_log( 'obs', $text );
380
+ // wppa_dump( $text );
381
+ return $result;
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
382
  }
383
 
384
  // Sanitize a searchstring
wppa-links.php CHANGED
@@ -4,7 +4,7 @@
4
  *
5
  * Frontend links
6
 
7
- * Version 8.0.07.004
8
  */
9
 
10
  if ( ! defined( 'ABSPATH' ) ) die( "Can't load this file directly" );
@@ -79,7 +79,7 @@ global $wppa_locale;
79
  break;
80
  }
81
 
82
- if ( wppa_get( 'lang' ) ) { // If lang in querystring: keep it
83
  if ( strpos( $pl, 'lang=' ) === false ) { // Not yet
84
  if ( $key == 'js' ) $pl .= 'lang=' . $wppa_lang . '&';
85
  else $pl .= 'lang=' . $wppa_lang . '&amp;';
@@ -165,7 +165,7 @@ global $wppa_runtime_settings;
165
  $al .= '&amp;wppa-fromp=' . wppa_get_the_ID();
166
  }
167
 
168
- if ( wppa_get( 'lang' ) ) { // If lang in querystring: keep it
169
  if ( strpos($al, 'lang=') === false ) { // Not yet
170
  if ( $key == 'js' ) $al .= '&lang=' . $wppa_lang;
171
  else $al .= '&amp;lang=' . $wppa_lang;
4
  *
5
  * Frontend links
6
 
7
+ * Version 8.0.07.005
8
  */
9
 
10
  if ( ! defined( 'ABSPATH' ) ) die( "Can't load this file directly" );
79
  break;
80
  }
81
 
82
+ if ( $wppa_lang ) { // If lang in querystring: keep it
83
  if ( strpos( $pl, 'lang=' ) === false ) { // Not yet
84
  if ( $key == 'js' ) $pl .= 'lang=' . $wppa_lang . '&';
85
  else $pl .= 'lang=' . $wppa_lang . '&amp;';
165
  $al .= '&amp;wppa-fromp=' . wppa_get_the_ID();
166
  }
167
 
168
+ if ( $wppa_lang ) { // If lang in querystring: keep it
169
  if ( strpos($al, 'lang=') === false ) { // Not yet
170
  if ( $key == 'js' ) $al .= '&lang=' . $wppa_lang;
171
  else $al .= '&amp;lang=' . $wppa_lang;
wppa-maintenance.php CHANGED
@@ -3,7 +3,7 @@
3
  * Package: wp-photo-album-plus
4
  *
5
  * Contains (not yet, but in the future maybe) all the maintenance routines
6
- * Version 8.0.07.002
7
  *
8
  */
9
 
@@ -492,21 +492,13 @@ global $wppa_endtime;
492
  break;
493
 
494
  case 'wppa_remove_file_extensions':
495
- if ( ! wppa_is_video( $id ) ) {
496
- $name = str_replace( array( '.jpg', '.png', '.gif', '.JPG', '.PNG', '.GIF' ), '', $photo['name'] );
497
- if ( $name != $photo['name'] ) { // Modified photo name
498
- $wpdb->query( $wpdb->prepare( "UPDATE $wpdb->wppa_photos SET name = %s WHERE id = %s", $name, $id ) );
499
- }
500
- }
501
  break;
502
 
503
  case 'wppa_readd_file_extensions':
504
- if ( ! wppa_is_video( $id ) ) {
505
- $name = str_replace( array( '.jpg', '.png', 'gif', '.JPG', '.PNG', '.GIF' ), '', $photo['name'] );
506
- if ( $name == $photo['name'] ) { // Name had no fileextension
507
- $wpdb->query( $wpdb->prepare( "UPDATE $wpdb->wppa_photos SET name = %s WHERE id = %s", $name.'.'.$photo['ext'], $id ) );
508
- }
509
- }
510
  break;
511
 
512
  case 'wppa_all_ext_to_lower':
@@ -1264,7 +1256,7 @@ global $wppa_log_file;
1264
  $result =
1265
  '<div' .
1266
  ' id="wppa-maintenance-list"' .
1267
- ( strpos( $_SERVER['REQUEST_URI'], 'page=wppa_log' ) !== false || isset( $_REQUEST['raw'] ) ? '' : ' style="max-height:500px; overflow:hidden;width:100%;"' ) .
1268
  ' >' .
1269
  '<style type="text/css" >' .
1270
  '#wppa-maintenance-list h2 {' .
@@ -1334,7 +1326,7 @@ global $wppa_log_file;
1334
  break;
1335
 
1336
  case 'wppa_list_errorlog':
1337
- if ( wppa( 'ajax' ) && ! isset( $_REQUEST['raw'] ) ) {
1338
  $header = __( 'List of WPPA+ log messages', 'wp-photo-album-plus' );
1339
  }
1340
  else {
3
  * Package: wp-photo-album-plus
4
  *
5
  * Contains (not yet, but in the future maybe) all the maintenance routines
6
+ * Version 8.0.07.005
7
  *
8
  */
9
 
492
  break;
493
 
494
  case 'wppa_remove_file_extensions':
495
+ $name = wppa_strip_ext( $photo['name'] );
496
+ wppa_update_photo( array( 'id' => $id, 'name' => $name ) );
 
 
 
 
497
  break;
498
 
499
  case 'wppa_readd_file_extensions':
500
+ $name = wppa_strip_ext( $photo['name'] ) . '.' . $photo['ext'];
501
+ wppa_update_photo( array( 'id' => $id, 'name' => $name ) );
 
 
 
 
502
  break;
503
 
504
  case 'wppa_all_ext_to_lower':
1256
  $result =
1257
  '<div' .
1258
  ' id="wppa-maintenance-list"' .
1259
+ ( strpos( $_SERVER['REQUEST_URI'], 'page=wppa_log' ) !== false || wppa_get( 'raw' ) ? '' : ' style="max-height:500px; overflow:hidden;width:100%;"' ) .
1260
  ' >' .
1261
  '<style type="text/css" >' .
1262
  '#wppa-maintenance-list h2 {' .
1326
  break;
1327
 
1328
  case 'wppa_list_errorlog':
1329
+ if ( wppa( 'ajax' ) && ! wppa_get( 'raw' ) ) {
1330
  $header = __( 'List of WPPA+ log messages', 'wp-photo-album-plus' );
1331
  }
1332
  else {
wppa-photo-admin-autosave.php CHANGED
@@ -3,7 +3,7 @@
3
  * Package: wp-photo-album-plus
4
  *
5
  * edit and delete photos
6
- * Version 8.0.07.004
7
  *
8
  */
9
 
@@ -2651,8 +2651,8 @@ function wppa_album_photos_bulk( $album ) {
2651
  }
2652
 
2653
  $pagesize = wppa_opt( 'photo_admin_pagesize' ) ? wppa_opt( 'photo_admin_pagesize' ) : '20';
2654
- $next_after = isset ( $_REQUEST['next-after'] ) ? strval( intval( $_REQUEST['next-after'] ) ) : '0';
2655
- $p = wppa_get( 'page' );
2656
  if ( ! is_numeric( $p ) ) $p = 0;
2657
  $page = ( $p ? max( wppa_get( 'page' ), '1' ) : '1' ) + wppa_get( 'next-after' );
2658
  $skip = ( $page > '0' ? ( $page - '1' ) * $pagesize : '0' );
@@ -2672,7 +2672,7 @@ function wppa_album_photos_bulk( $album ) {
2672
  $count = wppa_get_edit_search_photos( '', '', 'count_only' );
2673
  $photos = wppa_get_edit_search_photos( $skip, $pagesize );
2674
 
2675
- $link = wppa_dbg_url( get_admin_url().'admin.php?page=wppa_admin_menu&tab=edit&edit-id='.$album.'&wppa-searchstring='.wppa_sanitize_searchstring($_REQUEST['wppa-searchstring']).'&bulk'.'&wppa-nonce=' . wp_create_nonce('wppa-nonce') );
2676
  wppa_show_search_statistics();
2677
  }
2678
  else {
@@ -2684,7 +2684,7 @@ function wppa_album_photos_bulk( $album ) {
2684
  " . wppa_get_photo_order( $album ) . "
2685
  LIMIT %d, %d", $album, $skip, $pagesize ), ARRAY_A );
2686
 
2687
- $link = wppa_dbg_url( get_admin_url().'admin.php?page=wppa_admin_menu&tab=edit&edit-id='.$album.'&bulk'.'&wppa-nonce=' . wp_create_nonce('wppa-nonce') );
2688
  }
2689
 
2690
  if ( $photos ) {
@@ -3162,7 +3162,7 @@ function wppaSetConfirmMove( id ) {
3162
  }
3163
  else {
3164
  if ( $page == '1' ) {
3165
- if ( isset( $_REQUEST['wppa-searchstring'] ) ) {
3166
  echo '<h3>'.__( 'No photos matching your search criteria.' , 'wp-photo-album-plus').'</h3>';
3167
  }
3168
  elseif ( $album == 'moderate' ) {
@@ -3194,7 +3194,7 @@ global $wpdb;
3194
  $photos = $wpdb->get_results( $wpdb->prepare( "SELECT * FROM $wpdb->wppa_photos
3195
  WHERE album = %s" . $photoorder, $album ), ARRAY_A );
3196
 
3197
- $link = wppa_dbg_url( get_admin_url().'admin.php?page=wppa_admin_menu&tab=edit&edit-id='.$album.'&bulk'.'&wppa-nonce=' . wp_create_nonce('wppa-nonce') );
3198
  $size = '180';
3199
 
3200
  if ( $photos ) {
@@ -3409,7 +3409,7 @@ global $wppa_search_stats;
3409
  die('Security check failure #309');
3410
  }
3411
 
3412
- $words = explode( ',', wppa_sanitize_searchstring( $_REQUEST['wppa-searchstring'] ) );
3413
 
3414
  $wppa_search_stats = array();
3415
 
@@ -3520,7 +3520,7 @@ global $wppa_search_stats;
3520
  function wppa_show_search_statistics() {
3521
  global $wppa_search_stats;
3522
 
3523
- if ( isset( $_REQUEST['wppa-searchstring'] ) ) {
3524
  echo '
3525
  <table>
3526
  <thead>
@@ -3711,7 +3711,7 @@ function wppa_fe_edit_new_style( $photo ) {
3711
  ' type="button"' .
3712
  ' style="margin-top:8px;"' .
3713
  ' value="' . esc_attr( __( 'Cancel', 'wp-photo-album-plus' ) ) . '"' .
3714
- ' onclick="jQuery( \'#wppa-modal-container-' . strval( intval( $_REQUEST['moccur'] ) ) . '\').dialog(\'close\')"' .
3715
  ' />';
3716
 
3717
  // Close form
3
  * Package: wp-photo-album-plus
4
  *
5
  * edit and delete photos
6
+ * Version 8.0.07.005
7
  *
8
  */
9
 
2651
  }
2652
 
2653
  $pagesize = wppa_opt( 'photo_admin_pagesize' ) ? wppa_opt( 'photo_admin_pagesize' ) : '20';
2654
+ $next_after = wppa_get( 'next-after', '0' );
2655
+ $p = wppa_get( 'page' );
2656
  if ( ! is_numeric( $p ) ) $p = 0;
2657
  $page = ( $p ? max( wppa_get( 'page' ), '1' ) : '1' ) + wppa_get( 'next-after' );
2658
  $skip = ( $page > '0' ? ( $page - '1' ) * $pagesize : '0' );
2672
  $count = wppa_get_edit_search_photos( '', '', 'count_only' );
2673
  $photos = wppa_get_edit_search_photos( $skip, $pagesize );
2674
 
2675
+ $link = wppa_dbg_url( get_admin_url().'admin.php?page=wppa_admin_menu&tab=edit&edit-id='.$album.'&wppa-searchstring='.wppa_get( 'searchstring' ).'&bulk=1'.'&wppa-nonce=' . wp_create_nonce('wppa-nonce') );
2676
  wppa_show_search_statistics();
2677
  }
2678
  else {
2684
  " . wppa_get_photo_order( $album ) . "
2685
  LIMIT %d, %d", $album, $skip, $pagesize ), ARRAY_A );
2686
 
2687
+ $link = wppa_dbg_url( get_admin_url().'admin.php?page=wppa_admin_menu&tab=edit&edit-id='.$album.'&bulk=1'.'&wppa-nonce=' . wp_create_nonce('wppa-nonce') );
2688
  }
2689
 
2690
  if ( $photos ) {
3162
  }
3163
  else {
3164
  if ( $page == '1' ) {
3165
+ if ( wppa_get( 'searchstring' ) ) {
3166
  echo '<h3>'.__( 'No photos matching your search criteria.' , 'wp-photo-album-plus').'</h3>';
3167
  }
3168
  elseif ( $album == 'moderate' ) {
3194
  $photos = $wpdb->get_results( $wpdb->prepare( "SELECT * FROM $wpdb->wppa_photos
3195
  WHERE album = %s" . $photoorder, $album ), ARRAY_A );
3196
 
3197
+ $link = wppa_dbg_url( get_admin_url().'admin.php?page=wppa_admin_menu&tab=edit&edit-id='.$album.'&bulk=1'.'&wppa-nonce=' . wp_create_nonce('wppa-nonce') );
3198
  $size = '180';
3199
 
3200
  if ( $photos ) {
3409
  die('Security check failure #309');
3410
  }
3411
 
3412
+ $words = explode( ',', wppa_get( 'searchstring' ) );
3413
 
3414
  $wppa_search_stats = array();
3415
 
3520
  function wppa_show_search_statistics() {
3521
  global $wppa_search_stats;
3522
 
3523
+ if ( wppa_get( 'searchstring' ) ) {
3524
  echo '
3525
  <table>
3526
  <thead>
3711
  ' type="button"' .
3712
  ' style="margin-top:8px;"' .
3713
  ' value="' . esc_attr( __( 'Cancel', 'wp-photo-album-plus' ) ) . '"' .
3714
+ ' onclick="jQuery( \'#wppa-modal-container-' . wppa_get( 'moccur' ) . '\').dialog(\'close\')"' .
3715
  ' />';
3716
 
3717
  // Close form
wppa-qr-widget.php CHANGED
@@ -3,7 +3,8 @@
3
  * Package: wp-photo-album-plus
4
  *
5
  * display qr code
6
- * Version 8.0.04.005
 
7
  */
8
 
9
  class wppaQRWidget extends WP_Widget {
@@ -115,6 +116,8 @@ class wppaQRWidget extends WP_Widget {
115
  $instance['title'] = strip_tags( $instance['title'] );
116
 
117
  wppa_remove_widget_cache_path( $this->id );
 
 
118
  }
119
 
120
  /** @see WP_Widget::form */
@@ -142,7 +145,7 @@ class wppaQRWidget extends WP_Widget {
142
  // Set defaults
143
  function get_defaults() {
144
 
145
- $defaults = array( 'title' => __( 'Sidebar Slideshow', 'wp-photo-album-plus' ),
146
  'logonly' => 'no',
147
  'cache' => '0',
148
  );
3
  * Package: wp-photo-album-plus
4
  *
5
  * display qr code
6
+ * Version 8.0.07.005
7
+ *
8
  */
9
 
10
  class wppaQRWidget extends WP_Widget {
116
  $instance['title'] = strip_tags( $instance['title'] );
117
 
118
  wppa_remove_widget_cache_path( $this->id );
119
+
120
+ return $instance;
121
  }
122
 
123
  /** @see WP_Widget::form */
145
  // Set defaults
146
  function get_defaults() {
147
 
148
+ $defaults = array( 'title' => __( 'QR Code', 'wp-photo-album-plus' ),
149
  'logonly' => 'no',
150
  'cache' => '0',
151
  );
wppa-session.php CHANGED
@@ -3,7 +3,7 @@
3
  * Package: wp-photo-album-plus
4
  *
5
  * Contains all session routines
6
- * Version 8.0.07.001
7
  *
8
  * Firefox modifies data in the superglobal $_SESSION.
9
  * See https://bugzilla.mozilla.org/show_bug.cgi?id=991019
@@ -113,7 +113,7 @@ global $wppa_session;
113
  }
114
 
115
  // Get info for root and sub search
116
- if ( isset( $_REQUEST['wppa-search-submit'] ) ) {
117
  $wppa_session['rootbox'] = wppa_get( 'rootsearch' ) || wppa_get( 'rootsearch' );
118
  $wppa_session['subbox'] = wppa_get( 'subsearch' ) || wppa_get( 'subsearch' );
119
  if ( $wppa_session['subbox'] ) {
3
  * Package: wp-photo-album-plus
4
  *
5
  * Contains all session routines
6
+ * Version 8.0.07.005
7
  *
8
  * Firefox modifies data in the superglobal $_SESSION.
9
  * See https://bugzilla.mozilla.org/show_bug.cgi?id=991019
113
  }
114
 
115
  // Get info for root and sub search
116
+ if ( wppa_get( 'search-submit' ) ) {
117
  $wppa_session['rootbox'] = wppa_get( 'rootsearch' ) || wppa_get( 'rootsearch' );
118
  $wppa_session['subbox'] = wppa_get( 'subsearch' ) || wppa_get( 'subsearch' );
119
  if ( $wppa_session['subbox'] ) {
wppa-setting-functions.php CHANGED
@@ -3,7 +3,7 @@
3
  * Package: wp-photo-album-plus
4
  *
5
  * manage all options
6
- * Version 8.0.04.007
7
  *
8
  */
9
 
@@ -415,7 +415,7 @@ global $wppa_cur_tab;
415
  <input
416
  type="submit"
417
  class="wppa-doit-button"
418
- name="wppa_settings_submit"
419
  value="' . $label . '"
420
  />
421
  </form>';
@@ -452,7 +452,7 @@ function wppa_upload_form( $slug, $tab, $accept = 'image/*' ) {
452
  type="submit"
453
  class="wppa-doit-button"
454
  style="height:30px;"
455
- name="wppa_settings_submit"
456
  value="' . $label . '"
457
  onclick="' . $onclick . '"
458
  />
@@ -468,7 +468,7 @@ function wppa_doit_button_new( $slug, $height = '18' ) {
468
  type="button"
469
  class="wppa-doit-button"
470
  style="height: ' . $height . 'px;"
471
- name="wppa_settings_submit" value="' . __( 'Do it!', 'wp-photo-album-plus' ) . '"
472
  onclick="if ( confirm(\'' . __( 'Are you sure?', 'wp-photo-album-plus' ) . '\') ) {
473
  jQuery(\'#wppa-admin-spinner\').show();document.location.href=wppaReturnUrl(\''.$slug.'\');
474
  } else return false;"
@@ -724,7 +724,7 @@ global $wppa_setting_error;
724
  }
725
 
726
  // Bg color
727
- $error = isset( $_REQUEST['wppa-error'] );
728
  if ( $is_requested ) {
729
  if ( $error ) {
730
  $bgcolor = '#ffeeee';
3
  * Package: wp-photo-album-plus
4
  *
5
  * manage all options
6
+ * Version 8.0.07.005
7
  *
8
  */
9
 
415
  <input
416
  type="submit"
417
  class="wppa-doit-button"
418
+ name="wppa-settings-submit"
419
  value="' . $label . '"
420
  />
421
  </form>';
452
  type="submit"
453
  class="wppa-doit-button"
454
  style="height:30px;"
455
+ name="wppa-settings-submit"
456
  value="' . $label . '"
457
  onclick="' . $onclick . '"
458
  />
468
  type="button"
469
  class="wppa-doit-button"
470
  style="height: ' . $height . 'px;"
471
+ name="wppa-settings-submit" value="' . __( 'Do it!', 'wp-photo-album-plus' ) . '"
472
  onclick="if ( confirm(\'' . __( 'Are you sure?', 'wp-photo-album-plus' ) . '\') ) {
473
  jQuery(\'#wppa-admin-spinner\').show();document.location.href=wppaReturnUrl(\''.$slug.'\');
474
  } else return false;"
724
  }
725
 
726
  // Bg color
727
+ $error = wppa_get( 'error' );
728
  if ( $is_requested ) {
729
  if ( $error ) {
730
  $bgcolor = '#ffeeee';
wppa-settings-autosave.php CHANGED
@@ -3,7 +3,7 @@
3
  * Package: wp-photo-album-plus
4
  *
5
  * manage all options
6
- * Version 8.0.07.001
7
  *
8
  */
9
 
@@ -47,14 +47,14 @@ global $wppa_subtab_names;
47
 
48
  $key = '';
49
  // Someone hit a submit button or the like?
50
- if ( isset($_REQUEST['wppa_settings_submit']) ) { // Yep!
51
 
52
- if ( ! wp_verify_nonce( $_REQUEST['wppa-nonce'], 'wppa-nonce' ) ) {
53
  wp_die( 'Security check failuere' );
54
  }
55
 
56
- $key = $_REQUEST['wppa-key'];
57
- $sub = isset( $_REQUEST['wppa-sub'] ) ? $_REQUEST['wppa-sub'] : '';
58
 
59
  // Switch on action key
60
  switch ( $key ) {
@@ -274,7 +274,7 @@ global $wppa_subtab_names;
274
  '<script type="text/javascript" >' .
275
  'document.location=' .
276
  'document.location+"&' .
277
- 'wppa_settings_submit=Doit&' .
278
  'wppa-nonce=' . wp_create_nonce( 'wppa-nonce' ) . '&' .
279
  'wppa-key=' . $key . '"' .
280
  '</script>';
@@ -293,7 +293,7 @@ global $wppa_subtab_names;
293
  '<script type="text/javascript" >' .
294
  'document.location=' .
295
  'document.location+"&' .
296
- 'wppa_settings_submit=Doit&' .
297
  'wppa-nonce=' . wp_create_nonce( 'wppa-nonce' ) . '&' .
298
  'wppa-key=' . $key . '"' .
299
  '</script>';
@@ -558,18 +558,8 @@ global $wppa_subtab_names;
558
  }
559
 
560
  // Any tab set? else default general
561
- if ( isset( $_REQUEST['wppa-tab'] ) ) {
562
- $tab = sanitize_text_field( $_REQUEST['wppa-tab'] );
563
- }
564
- else {
565
- $tab = 'general';
566
- }
567
- if ( isset( $_REQUEST['wppa-subtab'] ) ) {
568
- $subtab = strval( intval( $_REQUEST['wppa-subtab'] ) );
569
- }
570
- else {
571
- $subtab = '0';
572
- }
573
 
574
  // Get the linkpages dependant of tab (if we need them)
575
  if ( $tab == 'share' || $tab == 'links' ) {
@@ -651,14 +641,9 @@ global $wppa_subtab_names;
651
 
652
  // See if specific item is requested
653
  $wppa_requested_subtab = $subtab;
654
- $wppa_requested_items = false;
655
- if ( isset( $_REQUEST['wppa-item'] ) ) {
656
- if ( $_REQUEST['wppa-item'] === '0' ) {
657
- $wppa_requested_items = array( '0' );
658
- }
659
- else {
660
- $wppa_requested_items = explode( '.', wppa_expand_enum( sanitize_text_field( $_REQUEST['wppa-item'] ) ) );
661
- }
662
  }
663
 
664
  // The master header selectors
@@ -745,7 +730,7 @@ global $wppa_subtab_names;
745
  url = url.substr(0,qpos) + "?page=wppa_options&wppa-tab=' . $tab . '";
746
  if ( actionSlug ) {
747
  url += "&wppa-nonce=' . wp_create_nonce( 'wppa-nonce' ) . '";
748
- url += "&wppa_settings_submit=Doit&wppa-key=" + actionSlug;
749
  }
750
  return url;
751
  }
3
  * Package: wp-photo-album-plus
4
  *
5
  * manage all options
6
+ * Version 8.0.07.005
7
  *
8
  */
9
 
47
 
48
  $key = '';
49
  // Someone hit a submit button or the like?
50
+ if ( wppa_get( 'settings-submit' ) ) { // Yep!
51
 
52
+ if ( ! wp_verify_nonce( wppa_get( 'nonce' ), 'wppa-nonce' ) ) {
53
  wp_die( 'Security check failuere' );
54
  }
55
 
56
+ $key = wppa_get( 'key' );
57
+ $sub = wppa_get( 'sub' );
58
 
59
  // Switch on action key
60
  switch ( $key ) {
274
  '<script type="text/javascript" >' .
275
  'document.location=' .
276
  'document.location+"&' .
277
+ 'wppa-settings-submit=Doit&' .
278
  'wppa-nonce=' . wp_create_nonce( 'wppa-nonce' ) . '&' .
279
  'wppa-key=' . $key . '"' .
280
  '</script>';
293
  '<script type="text/javascript" >' .
294
  'document.location=' .
295
  'document.location+"&' .
296
+ 'wppa-settings-submit=Doit&' .
297
  'wppa-nonce=' . wp_create_nonce( 'wppa-nonce' ) . '&' .
298
  'wppa-key=' . $key . '"' .
299
  '</script>';
558
  }
559
 
560
  // Any tab set? else default general
561
+ $tab = wppa_get( 'tab', 'general' );
562
+ $subtab = wppa_get( 'subtab', '0' );
 
 
 
 
 
 
 
 
 
 
563
 
564
  // Get the linkpages dependant of tab (if we need them)
565
  if ( $tab == 'share' || $tab == 'links' ) {
641
 
642
  // See if specific item is requested
643
  $wppa_requested_subtab = $subtab;
644
+ $wppa_requested_items = wppa_get( 'item', array( '0' ) );
645
+ if ( ! is_array( $wppa_requested_items ) ) {
646
+ $wppa_requested_items = explode( '.', wppa_expand_enum( $wppa_requested_items ) );
 
 
 
 
 
647
  }
648
 
649
  // The master header selectors
730
  url = url.substr(0,qpos) + "?page=wppa_options&wppa-tab=' . $tab . '";
731
  if ( actionSlug ) {
732
  url += "&wppa-nonce=' . wp_create_nonce( 'wppa-nonce' ) . '";
733
+ url += "&wppa-settings-submit=Doit&wppa-key=" + actionSlug;
734
  }
735
  return url;
736
  }
wppa-upload.php CHANGED
@@ -3,7 +3,7 @@
3
  * Package: wp-photo-album-plus
4
  *
5
  * Contains all the upload pages and functions
6
- * Version 8.0.07.004
7
  *
8
  */
9
 
@@ -65,11 +65,11 @@ global $upload_album;
65
  }
66
 
67
  // If from album admin set the last album
68
- if ( isset( $_REQUEST['wppa-set-album'] ) ) {
69
- wppa_set_last_album( strval( intval( $_REQUEST['wppa-set-album'] ) ) );
70
  }
71
- elseif( isset( $_REQUEST['wppa-album'] ) ) {
72
- wppa_set_last_album( strval( intval( $_REQUEST['wppa-album'] ) ) );
73
  }
74
 
75
  // Do the upload if requested
3
  * Package: wp-photo-album-plus
4
  *
5
  * Contains all the upload pages and functions
6
+ * Version 8.0.07.005
7
  *
8
  */
9
 
65
  }
66
 
67
  // If from album admin set the last album
68
+ if ( wppa_get( 'set-album' ) ) {
69
+ wppa_set_last_album( wppa_get( 'set-album' ) );
70
  }
71
+ elseif ( wppa_get( 'album' ) ) {
72
+ wppa_set_last_album( strval( intval( wppa_get( 'album' ) ) ) );
73
  }
74
 
75
  // Do the upload if requested
wppa-utils.php CHANGED
@@ -3,7 +3,7 @@
3
  * Package: wp-photo-album-plus
4
  *
5
  * Contains low-level utility routines
6
- * Version 8.0.07.004
7
  *
8
  */
9
 
@@ -726,7 +726,7 @@ global $wpdb;
726
  $result[$tag]['ids'] = $wpdb->get_col( $wpdb->prepare( "SELECT id FROM $wpdb->wppa_photos
727
  WHERE status NOT IN ('pending','scheduled')
728
  AND $alb_clause
729
- AND tags LIKE %s", '%' . $wpdb->esc_like( ',' . $tag . ',' ) . '%' ) );
730
  $result[$tag]['count'] = count( $result[$tag]['ids'] );
731
  $total += $result[$tag]['count'];
732
  }
@@ -1387,7 +1387,7 @@ function wppa_sanitize_tags( $value, $keepsemi = false, $keephash = false ) {
1387
 
1388
  // Capitalize single words within tags
1389
  // Can not use wppa_switch because its used in wppa_get()
1390
- // if ( wppa_switch( 'capitalize_tags' ) ) {
1391
  if ( get_option( 'wppa_capitalize_tags', 'yes' ) == 'yes' ) {
1392
  foreach ( array_keys($temp) as $idx ) {
1393
  if ( strlen( $temp[$idx] ) > '1' ) {
@@ -4791,7 +4791,7 @@ function wppa_is_divisible( $t, $n ) {
4791
  function wppa_dump( $txt = '' ) {
4792
 
4793
  // Init
4794
- $file = WPPA_PATH . '/wppa-dump.txt';
4795
 
4796
  if ( $txt ) {
4797
  if ( wppa_is_file( $file ) ) {
3
  * Package: wp-photo-album-plus
4
  *
5
  * Contains low-level utility routines
6
+ * Version 8.0.07.005
7
  *
8
  */
9
 
726
  $result[$tag]['ids'] = $wpdb->get_col( $wpdb->prepare( "SELECT id FROM $wpdb->wppa_photos
727
  WHERE status NOT IN ('pending','scheduled')
728
  AND $alb_clause
729
+ AND tags LIKE %s", '%' . str_replace( "'", "\'", ',' . $wpdb->esc_like( $tag ) . ',' ) . '%' ) );
730
  $result[$tag]['count'] = count( $result[$tag]['ids'] );
731
  $total += $result[$tag]['count'];
732
  }
1387
 
1388
  // Capitalize single words within tags
1389
  // Can not use wppa_switch because its used in wppa_get()
1390
+ // if ( wppa_switch( 'capitalize_tags' ) ) {
1391
  if ( get_option( 'wppa_capitalize_tags', 'yes' ) == 'yes' ) {
1392
  foreach ( array_keys($temp) as $idx ) {
1393
  if ( strlen( $temp[$idx] ) > '1' ) {
4791
  function wppa_dump( $txt = '' ) {
4792
 
4793
  // Init
4794
+ $file = dirname( __FILE__ ) . '/wppa-dump.txt';
4795
 
4796
  if ( $txt ) {
4797
  if ( wppa_is_file( $file ) ) {
wppa.php CHANGED
@@ -2,7 +2,7 @@
2
  /*
3
  * Plugin Name: WP Photo Album Plus
4
  * Description: Easily manage and display your photo albums and slideshows within your WordPress site.
5
- * Version: 8.0.07.004
6
  * Author: J.N. Breetvelt a.k.a. OpaJaap
7
  * Author URI: http://wppa.opajaap.nl/
8
  * Plugin URI: http://wordpress.org/extend/plugins/wp-photo-album-plus/
@@ -24,7 +24,7 @@ global $wp_version;
24
 
25
  /* WPPA GLOBALS */
26
  global $wppa_api_version;
27
- $wppa_api_version = '8.0.07.004'; // WPPA software version
28
  global $wppa_revno;
29
  $wppa_revno = str_replace( '.', '', $wppa_api_version ); // WPPA db version
30
 
2
  /*
3
  * Plugin Name: WP Photo Album Plus
4
  * Description: Easily manage and display your photo albums and slideshows within your WordPress site.
5
+ * Version: 8.0.07.005
6
  * Author: J.N. Breetvelt a.k.a. OpaJaap
7
  * Author URI: http://wppa.opajaap.nl/
8
  * Plugin URI: http://wordpress.org/extend/plugins/wp-photo-album-plus/
24
 
25
  /* WPPA GLOBALS */
26
  global $wppa_api_version;
27
+ $wppa_api_version = '8.0.07.005'; // WPPA software version
28
  global $wppa_revno;
29
  $wppa_revno = str_replace( '.', '', $wppa_api_version ); // WPPA db version
30