Plugin Directory

Changeset 1074134 for photo-gallery


Ignore:
Timestamp:
01/23/2015 02:30:31 PM (10 years ago)
Author:
webdorado
Message:

security issue fixed

Location:
photo-gallery
Files:
431 added
8 edited

Legend:

Unmodified
Added
Removed
  • photo-gallery/trunk/admin/models/BWGModelAddAlbumsGalleries.php

    r932267 r1074134  
    2424    $where = ((isset($_POST['search_value']) && (esc_html(stripslashes($_POST['search_value'])) != '')) ? ' AND name LIKE "%' . esc_html(stripslashes($_POST['search_value'])) . '%"' : '');
    2525    $asc_or_desc = ((isset($_POST['asc_or_desc'])) ? esc_html(stripslashes($_POST['asc_or_desc'])) : 'asc');
     26    $asc_or_desc = ($asc_or_desc != 'asc') ? 'desc' : 'asc';
    2627    $order_by = ' ORDER BY ' . ((isset($_POST['order_by']) && esc_html(stripslashes($_POST['order_by'])) != '') ? esc_html(stripslashes($_POST['order_by'])) : 'name') . ' ' . $asc_or_desc;
    2728    if (isset($_POST['page_number']) && $_POST['page_number']) {
  • photo-gallery/trunk/admin/models/BWGModelAddTags.php

    r848319 r1074134  
    2424    $where = ((isset($_POST['search_value']) && (esc_html(stripslashes($_POST['search_value'])) != '')) ? ' AND name LIKE "%' . esc_html(stripslashes($_POST['search_value'])) . '%"' : '');
    2525    $asc_or_desc = ((isset($_POST['asc_or_desc'])) ? esc_html(stripslashes($_POST['asc_or_desc'])) : 'asc');
     26    $asc_or_desc = ($asc_or_desc != 'asc') ? 'desc' : 'asc';
    2627    $order_by = ' ORDER BY ' . ((isset($_POST['order_by']) && esc_html(stripslashes($_POST['order_by'])) != '') ? esc_html(stripslashes($_POST['order_by'])) : 'name') . ' ' . $asc_or_desc;
    2728    if (isset($_POST['page_number']) && $_POST['page_number']) {
  • photo-gallery/trunk/admin/models/BWGModelAlbums_bwg.php

    r876609 r1074134  
    2929    $where .= ((isset($_POST['search_value'])) ? ' AND name LIKE "%' . esc_html(stripslashes($_POST['search_value'])) . '%"' : '');
    3030    $asc_or_desc = ((isset($_POST['asc_or_desc'])) ? esc_html(stripslashes($_POST['asc_or_desc'])) : 'asc');
     31    $asc_or_desc = ($asc_or_desc != 'asc') ? 'desc' : 'asc';
    3132    $order_by = ' ORDER BY `' . ((isset($_POST['order_by']) && esc_html(stripslashes($_POST['order_by'])) != '') ? esc_html(stripslashes($_POST['order_by'])) : 'order') . '` ' . $asc_or_desc;
    3233    if (isset($_POST['page_number']) && $_POST['page_number']) {
  • photo-gallery/trunk/admin/models/BWGModelGalleries_bwg.php

    r975728 r1074134  
    3030    $where .= ((isset($_POST['search_value'])) ? ' AND filename LIKE "%' . esc_html(stripslashes($_POST['search_value'])) . '%"' : '');
    3131    $asc_or_desc = ((isset($_POST['asc_or_desc'])) ? esc_html(stripslashes($_POST['asc_or_desc'])) : 'asc');
     32    $asc_or_desc = ($asc_or_desc != 'asc') ? 'desc' : 'asc';
    3233    $image_order_by = ' ORDER BY `' . ((isset($_POST['image_order_by']) && esc_html(stripslashes($_POST['image_order_by'])) != '') ? esc_html(stripslashes($_POST['image_order_by'])) : 'order') . '` ' . $asc_or_desc;
    3334    if (isset($_POST['page_number']) && $_POST['page_number']) {
     
    5758    $where .= ((isset($_POST['search_value'])) ? ' AND name LIKE "%' . esc_html(stripslashes($_POST['search_value'])) . '%"' : '');
    5859    $asc_or_desc = ((isset($_POST['asc_or_desc'])) ? esc_html(stripslashes($_POST['asc_or_desc'])) : 'asc');
     60    $asc_or_desc = ($asc_or_desc != 'asc') ? 'desc' : 'asc';
    5961    $order_by = ' ORDER BY `' . ((isset($_POST['order_by']) && esc_html(stripslashes($_POST['order_by'])) != '') ? esc_html(stripslashes($_POST['order_by'])) : 'order') . '` ' . $asc_or_desc;
    6062    if (isset($_POST['page_number']) && $_POST['page_number']) {
  • photo-gallery/trunk/admin/models/BWGModelTags_bwg.php

    r904780 r1074134  
    2323    $where = ((isset($_POST['search_value']) && (esc_html(stripslashes($_POST['search_value'])) != '')) ? 'AND A.name LIKE "%' . esc_html(stripslashes($_POST['search_value'])) . '%"'  : '');
    2424    $asc_or_desc = ((isset($_POST['asc_or_desc'])) ? esc_html(stripslashes($_POST['asc_or_desc'])) : 'asc');
     25    $asc_or_desc = ($asc_or_desc != 'asc') ? 'desc' : 'asc';
    2526    $order_by = ' ORDER BY ' . ((isset($_POST['order_by']) && esc_html(stripslashes($_POST['order_by'])) != '') ? esc_html(stripslashes($_POST['order_by'])) : 'A.term_id') . ' ' . $asc_or_desc;
    2627    if (isset($_POST['page_number']) && $_POST['page_number']) {
  • photo-gallery/trunk/admin/models/BWGModelThemes_bwg.php

    r1005050 r1074134  
    2323    $where = ((isset($_POST['search_value']) && (esc_html($_POST['search_value']) != '')) ? 'WHERE name LIKE "%' . esc_html($_POST['search_value']) . '%"' : '');
    2424    $asc_or_desc = ((isset($_POST['asc_or_desc'])) ? esc_html($_POST['asc_or_desc']) : 'asc');
     25    $asc_or_desc = ($asc_or_desc != 'asc') ? 'desc' : 'asc';
    2526    $order_by = ' ORDER BY ' . ((isset($_POST['order_by']) && esc_html($_POST['order_by']) != '') ? esc_html($_POST['order_by']) : 'id') . ' ' . $asc_or_desc;
    2627    if (isset($_POST['page_number']) && $_POST['page_number']) {
  • photo-gallery/trunk/photo-gallery.php

    r1073334 r1074134  
    55 * Plugin URI: http://web-dorado.com/products/wordpress-photo-gallery-plugin.html
    66 * Description: This plugin is a fully responsive gallery plugin with advanced functionality.  It allows having different image galleries for your posts and pages. You can create unlimited number of galleries, combine them into albums, and provide descriptions and tags.
    7  * Version: 1.2.9
     7 * Version: 1.2.10
    88 * Author: WebDorado
    99 * Author URI: http://web-dorado.com/
     
    29302930  }
    29312931  $version = get_option("wd_bwg_version");
    2932   $new_version = '1.2.9';
     2932  $new_version = '1.2.10';
    29332933  if ($version && version_compare($version, $new_version, '<')) {
    29342934    require_once WD_BWG_DIR . "/update/bwg_update.php";
     
    29452945function bwg_update_hook() {
    29462946    $version = get_option("wd_bwg_version");
    2947   $new_version = '1.2.9';
     2947  $new_version = '1.2.10';
    29482948  if ($version && version_compare($version, $new_version, '<')) {
    29492949    require_once WD_BWG_DIR . "/update/bwg_update.php";
  • photo-gallery/trunk/readme.txt

    r1073334 r1074134  
    55Requires at least: 3.0
    66Tested up to: 4.1
    7 Stable tag: 1.2.9
     7Stable tag: 1.2.10
    88License: GPLv2 or later
    99License URI: http://www.gnu.org/licenses/gpl-2.0.html
Note: See TracChangeset for help on using the changeset viewer.