WordPress.org
Get WordPress

Plugin Directory


Ignore:
Timestamp:
04/08/2022 06:40:12 AM (3 years ago)
Author:
10web
Message:
  • Improved: Storable sort order in filemanager.
  • Improved: Storable sort order in list views.
  • Fixed: SQL Injection.
  • Fixed: Cross-Site Scripting.
  • Fixed: Slideshow responsiveness.
  • Fixed: Add tag functionality on PHP 8.
  • Fixed: Open gallery in new tab from gallery group.
  • Fixed: Thumbnails alignment with enabled images titles.
File:
1 edited

Legend:

Unmodified
Added
Removed

  • photo-gallery/trunk/frontend/models/BWGModelGalleryBox.php

    r2587758 r2706797  
    4343      $bwg_filter_tag_temp = WDWLibrary::get('filter_tag_' . $bwg, 0);
    4444      if ( !empty($bwg_filter_tag_temp) ) {
    45         $filter_tags = explode(",", $bwg_filter_tag_temp);
     45        $filter_tags = array_map('intval', explode(",", $bwg_filter_tag_temp));
    4646      }
    4747    }
    4848    else {
    49       $filter_tags = explode(",", $bwg_filter_tag_temp);
     49      $filter_tags = array_map('intval', explode(",", $bwg_filter_tag_temp));
    5050    }
    5151
     
    111111          $join .= ' LEFT JOIN (SELECT GROUP_CONCAT(tag_id order by tag_id SEPARATOR ",") AS tags_combined, image_id FROM  ' . $wpdb->prefix . 'bwg_image_tag GROUP BY image_id) AS tags ON image.id=tags.image_id';
    112112      }
    113       $where .= ' AND CONCAT(",", tags.tags_combined, ",") REGEXP ",(' . implode($compare_sign, $filter_tags) . ')," ';
     113      $where .= ' AND CONCAT(",", tags.tags_combined, ",") REGEXP ",( %s )," ';
     114      $prepareArgs[] = implode($compare_sign, $filter_tags);
    114115    }
    115116
Note: See TracChangeset for help on using the changeset viewer.