WP Photo Album Plus - Version 8.0.10.005

Version Description

= 8.0.10 =

This version addresses various bug fixes, feature requests and security fixes.

Release Info

Developer	opajaap
Plugin	WP Photo Album Plus
Version	8.0.10.005
Comparing to
See all releases

Code changes from version 8.0.10.004 to 8.0.10.005

Files changed (6) hide show

changelog.txt +2 -0
readme.txt +1 -1
wppa-ajax.php +7 -47
wppa-input.php +6 -5
wppa-utils.php +8 -3
wppa.php +2 -2

changelog.txt CHANGED Viewed

	@@ -2,6 +2,7 @@ WP Photo Album Plus Changelog
2
3	= 8.0.10 =
4

5	* Added option 'Same as filmthumb' to the links on slideshow images.
6	This makes sense only for links on filmthubs to lightbox. This construction will transfer the click on slide image to filmstrip image.
7	This is to overcome the restriction that links from slideshow to lightbox do not support zoomable and panoramic images.
	@@ -22,6 +23,7 @@ If you want to show your own zipfile only: Tick Advanced settings -> System -> I
22	* When the 'Admins choice' selection includes tagging the photo, it will now be tagged by the users displayname rather than user-<userid>.
23	* Added maintenance procedure Advanced settings -> Maintenance -> III: One time conversions -> Item 3 to convert old style Choice generated tags to new style tags.
24	* Corrected (lowered) wheel zoom sensitivity on panoramic and zoomable images for browsers other than chrome.

25
26	= 8.0.09 =
27


2
3	= 8.0.10 =
4
5	+ * Security fix: The logfile was prone to XSS attacks. Fixed.
6	* Added option 'Same as filmthumb' to the links on slideshow images.
7	This makes sense only for links on filmthubs to lightbox. This construction will transfer the click on slide image to filmstrip image.
8	This is to overcome the restriction that links from slideshow to lightbox do not support zoomable and panoramic images.

23	* When the 'Admins choice' selection includes tagging the photo, it will now be tagged by the users displayname rather than user-<userid>.
24	* Added maintenance procedure Advanced settings -> Maintenance -> III: One time conversions -> Item 3 to convert old style Choice generated tags to new style tags.
25	* Corrected (lowered) wheel zoom sensitivity on panoramic and zoomable images for browsers other than chrome.
26	+ * On new sites one did not have the rights to change the photo of the day settings. Fixed.
27
28	= 8.0.09 =
29

readme.txt CHANGED Viewed

	@@ -5,7 +5,7 @@ Tags: photo, album, slideshow, video, audio, lightbox, iptc, exif, cloudinary, f
5	Requires at least: 3.9
6	Tested up to: 5.8
7	Requires PHP: 5.5
8	- Stable tag: 8.0.09.~~003~~
9	License: GPLv2 or later
10	License URI: http://www.gnu.org/licenses/gpl-2.0.html
11


5	Requires at least: 3.9
6	Tested up to: 5.8
7	Requires PHP: 5.5
8	+ Stable tag: 8.0.10.005
9	License: GPLv2 or later
10	License URI: http://www.gnu.org/licenses/gpl-2.0.html
11

wppa-ajax.php CHANGED Viewed

@@ -2,7 +2,7 @@
             /* wppa-ajax.php
+            *
             * Functions used in ajax requests
-            -
            * Version 8.0.10.002
+            *
             */
@@ -3003,10 +3003,14 @@ global $wppa;
             		case 'update-option':
             			// Verify that we are legally here
             			$nonce  = wppa_get( 'nonce' );
             			if ( ! wp_verify_nonce( $nonce, 'wppa-nonce' ) ) {
-            -
            				echo '||1||'.__( 'You do not have the rights to update settings' , 'wp-photo-album-plus');
-            -
            				wppa_exit();																// Nonce check failed
+            			}
             			// Initialize
@@ -3019,50 +3023,6 @@ global $wppa;
             			wppa( 'error', '0' );	//
             			$title  = '';			//
-            -
            			// Check for potd settings
-            -
            			$potdarr = array( 	'wppa_potd_title',
-            -
            								'wppa_potd_widget_width',
-            -
            								'wppa_potd_align',
-            -
            								'wppa_potd_linkurl',
-            -
            								'wppa_potd_linktitle',
-            -
            								'wppa_potd_subtitle',
-            -
            								'wppa_potd_counter',
-            -
            								'wppa_potd_counter_link',
-            -
            								'wppa_potd_album_type',
-            -
            								'wppa_potd_album',
-            -
            								'wppa_potd_include_subs',
-            -
            								'wppa_potd_status_filter',
-            -
            								'wppa_potd_inverse',
-            -
            								'wppa_potd_method',
-            -
            								'wppa_potd_period',
-            -
            								'wppa_potd_offset',
-            -
            								'wppa_potd_photo',
-            -
            							);
-            -
-            -
            			// Settings for edit photo tag
-            -
            			$edit_tag_arr = array( 	'wppa_tag_to_edit',
-            -
            									'wppa_new_tag_value',
-            -
            									'wppa_edit_tag',
-            -
            							);
-            -
-            -
            			if ( in_array( $option, $potdarr ) ) {
-            -
            				if ( ! current_user_can( 'wppa_potd' ) ) {
-            -
            					echo '||1||'.__( 'You do not have the rights to update photo of the day settings' , 'wp-photo-album-plus');
-            -
            					wppa_exit();
-            -
            				}
-            -
            			}
-            -
            			elseif ( in_array( $option, $edit_tag_arr ) ) {
-            -
            				if ( ! current_user_can( 'wppa_settings' ) && ! current_user_can( 'wppa_edit_tags' ) ) {
-            -
            					echo '||1||'.__( 'You do not have the rights to update settings' , 'wp-photo-album-plus') . ' (et)';
-            -
            					wppa_exit();
-            -
            				}
-            -
            			}
-            -
            			else {
-            -
            				if ( ! current_user_can( 'wppa_settings' ) ) {
-            -
            					echo '||1||'.__( 'You do not have the rights to update settings' , 'wp-photo-album-plus');
-            -
            					wppa_exit();
-            -
            				}
-            -
            			}
             			// If it is a font family, change all double quotes into single quotes as this destroys much more than you would like
             			if ( strpos( $option, 'wppa_fontfamily_' ) !== false ) $value = str_replace( '"', "'", $value );


2	/* wppa-ajax.php
3	*
4	* Functions used in ajax requests
5	+ * Version 8.0.10.005
6	*
7	*/
8

3003	case 'update-option':
3004
3005	// Verify that we are legally here
3006	+ if ( ! current_user_can( 'wppa_settings' ) ) {
3007	+ echo '\|\|1\|\|'.__( 'You do not have the rights to update settings', 'wp-photo-album-plus' );
3008	+ wppa_exit();
3009	+ }
3010	$nonce = wppa_get( 'nonce' );
3011	if ( ! wp_verify_nonce( $nonce, 'wppa-nonce' ) ) {
3012	+ echo '\|\|1\|\|'.__( 'Security check failure', 'wp-photo-album-plus' );
3013	+ wppa_exit();
3014	}
3015
3016	// Initialize

3023	wppa( 'error', '0' ); //
3024	$title = ''; //
3025












































3026
3027	// If it is a font family, change all double quotes into single quotes as this destroys much more than you would like
3028	if ( strpos( $option, 'wppa_fontfamily_' ) !== false ) $value = str_replace( '"', "'", $value );

wppa-input.php CHANGED Viewed

	@@ -3,7 +3,7 @@
3	* Package: wp-photo-album-plus
4	*
5	* Contains functions for sanitizing and formatting user input
6	- * Version 8.0.10.~~002~~
7	*
8	*/
9
	@@ -129,6 +129,7 @@ function wppa_get_get_filter( $name ) {
129	case 'bulk':
130	case 'applynewdesc':
131	case 'remakealbum':

132	$result = 'bool';
133	break;
134
	@@ -360,13 +361,13 @@ global $wpdb;
360	break;
361
362	case 'raw':
363	- $~~result~~ = $value;
364	- ~~wppa_log(~~ ~~'obs', 'Unfiltered (raw) querystring arg~~= ~~' .~~ $~~name~~ . '~~, value=~~ ' . ~~var_export( $value, true ) )~~;
365	break;
366
367	default:
368	- $~~result~~ = $value;
369	- ~~wppa_log(~~ ~~'obs', 'Unknown filter for querystring arg~~= ~~' .~~ $~~name~~ . '~~, value=~~ ' . ~~var_export( $value, true ) )~~;
370	break;
371	}
372


3	* Package: wp-photo-album-plus
4	*
5	* Contains functions for sanitizing and formatting user input
6	+ * Version 8.0.10.005
7	*
8	*/
9

129	case 'bulk':
130	case 'applynewdesc':
131	case 'remakealbum':
132	+ case 'search-submit':
133	$result = 'bool';
134	break;
135

361	break;
362
363	case 'raw':
364	+ wppa_log( 'obs', 'Unfiltered (raw) querystring arg = ' . $name . ', value = ' . var_export( $value, true ) );
365	+ $result = $value ? '1' : '0';
366	break;
367
368	default:
369	+ wppa_log( 'obs', 'Unknown filter for querystring arg = ' . $name . ', value = ' . var_export( $value, true ) );
370	+ $result = $value ? '1' : '0';
371	break;
372	}
373

wppa-utils.php CHANGED Viewed

	@@ -3,7 +3,7 @@
3	* Package: wp-photo-album-plus
4	*
5	* Contains low-level utility routines
6	- * Version 8.0.10.~~002~~
7	*
8	*/
9
	@@ -1565,6 +1565,13 @@ static $repeat_count;
1565	return;
1566	}
1567







1568	// Test for recursive logging
1569	if ( $busy ) {
1570	update_option( 'wppa_recursive_log', $xtype . ' ' . $msg );
	@@ -1726,8 +1733,6 @@ static $repeat_count;
1726	}
1727
1728	// Write log message
1729	- $msg = strip_tags( $msg );
1730	- $msg = wppa_nl2sp( $msg );
1731	if ( $err && $wppa_current_shortcode ) {
1732	$msg .= ' related shortcode: ' . $wppa_current_shortcode;
1733	}


3	* Package: wp-photo-album-plus
4	*
5	* Contains low-level utility routines
6	+ * Version 8.0.10.005
7	*
8	*/
9

1565	return;
1566	}
1567
1568	+ // Sanitize message
1569	+ $msg = strip_tags( $msg );
1570	+ $msg = wppa_nl2sp( $msg );
1571	+ $msg = htmlspecialchars( $msg, ENT_QUOTES );
1572	+ $msg = str_replace( ['{', '}'], ['{', '}'], $msg );
1573	+ $msg = str_replace( ['{b}', '{/b}'], ['{b}', '{/b}'], $msg );
1574	+
1575	// Test for recursive logging
1576	if ( $busy ) {
1577	update_option( 'wppa_recursive_log', $xtype . ' ' . $msg );

1733	}
1734
1735	// Write log message


1736	if ( $err && $wppa_current_shortcode ) {
1737	$msg .= ' related shortcode: ' . $wppa_current_shortcode;
1738	}

wppa.php CHANGED Viewed

	@@ -2,7 +2,7 @@
2	/*
3	* Plugin Name: WP Photo Album Plus
4	* Description: Easily manage and display your photo albums and slideshows within your WordPress site.
5	- * Version: 8.0.10.~~004~~
6	* Author: J.N. Breetvelt a.k.a. OpaJaap
7	* Author URI: http://wppa.opajaap.nl/
8	* Plugin URI: http://wordpress.org/extend/plugins/wp-photo-album-plus/
	@@ -24,7 +24,7 @@ global $wp_version;
24
25	/* WPPA GLOBALS */
26	global $wppa_api_version;
27	- $wppa_api_version = '8.0.10.~~004~~'; // WPPA software version
28	global $wppa_revno;
29	$wppa_revno = str_replace( '.', '', $wppa_api_version ); // WPPA db version
30


2	/*
3	* Plugin Name: WP Photo Album Plus
4	* Description: Easily manage and display your photo albums and slideshows within your WordPress site.
5	+ * Version: 8.0.10.005
6	* Author: J.N. Breetvelt a.k.a. OpaJaap
7	* Author URI: http://wppa.opajaap.nl/
8	* Plugin URI: http://wordpress.org/extend/plugins/wp-photo-album-plus/

24
25	/* WPPA GLOBALS */
26	global $wppa_api_version;
27	+ $wppa_api_version = '8.0.10.005'; // WPPA software version
28	global $wppa_revno;
29	$wppa_revno = str_replace( '.', '', $wppa_api_version ); // WPPA db version
30