Changeset 1047338

Timestamp:

12/17/2014 06:14:15 PM (11 years ago)

Author:

shauno

Message:

Security patch to stop unauthorized access to certain features

Location:

nextgen-gallery-voting

Files:

• tags/2.7.6 (added)
• tags/2.7.6/css (added)
• tags/2.7.6/css/jquery-ui (added)
• tags/2.7.6/css/jquery-ui/images (added)
• tags/2.7.6/css/jquery-ui/images/animated-overlay.gif (added)
• tags/2.7.6/css/jquery-ui/images/ui-bg_flat_0_aaaaaa_40x100.png (added)
• tags/2.7.6/css/jquery-ui/images/ui-bg_flat_75_ffffff_40x100.png (added)
• tags/2.7.6/css/jquery-ui/images/ui-bg_glass_55_fbf9ee_1x400.png (added)
• tags/2.7.6/css/jquery-ui/images/ui-bg_glass_65_ffffff_1x400.png (added)
• tags/2.7.6/css/jquery-ui/images/ui-bg_glass_75_dadada_1x400.png (added)
• tags/2.7.6/css/jquery-ui/images/ui-bg_glass_75_e6e6e6_1x400.png (added)
• tags/2.7.6/css/jquery-ui/images/ui-bg_glass_95_fef1ec_1x400.png (added)
• tags/2.7.6/css/jquery-ui/images/ui-bg_highlight-soft_75_cccccc_1x100.png (added)
• tags/2.7.6/css/jquery-ui/images/ui-icons_222222_256x240.png (added)
• tags/2.7.6/css/jquery-ui/images/ui-icons_2e83ff_256x240.png (added)
• tags/2.7.6/css/jquery-ui/images/ui-icons_454545_256x240.png (added)
• tags/2.7.6/css/jquery-ui/images/ui-icons_888888_256x240.png (added)
• tags/2.7.6/css/jquery-ui/images/ui-icons_cd0a0a_256x240.png (added)
• tags/2.7.6/css/jquery-ui/jquery-ui-1.10.3.custom.css (added)
• tags/2.7.6/css/jquery-ui/jquery-ui-1.10.3.custom.min.css (added)
• tags/2.7.6/css/star_rating.css (added)
• tags/2.7.6/images (added)
• tags/2.7.6/images/loading.gif (added)
• tags/2.7.6/images/star.gif (added)
• tags/2.7.6/images/thumbs_down.png (added)
• tags/2.7.6/images/thumbs_up.png (added)
• tags/2.7.6/js (added)
• tags/2.7.6/js/admin_gallery.js (added)
• tags/2.7.6/js/ajaxify-likes.js (added)
• tags/2.7.6/js/ajaxify-stars.js (added)
• tags/2.7.6/js/top-voted.js (added)
• tags/2.7.6/ngg-voting.php (added)
• tags/2.7.6/readme.txt (added)
• tags/2.7.6/voting-types.php (added)
• trunk/ngg-voting.php (modified) (2 diffs)
• trunk/readme.txt (modified) (3 diffs)

nextgen-gallery-voting/trunk/ngg-voting.php

@@ -4 +4 @@
 Plugin URI: http://shauno.co.za/wordpress/nextgen-gallery-voting/
 Description: This plugin allows you to add user voting and rating to NextGEN Galleries and Images
-Version: 2.7.5
+Version: 2.7.6
 Author: Shaun Alberts
 Author URI: http://shauno.co.za
@@ -1186 +1186 @@
                         
             $qry .= ' GROUP BY v.pid, v.criteria_id';
-            $qry .= ' ORDER BY avg '.$_GET['nggv']['order'].', num '.$_GET['nggv']['order'];
+            $qry .= ' ORDER BY avg '.$wpdb->escape($_GET['nggv']['order']).', num '.$wpdb->escape($_GET['nggv']['order']);
             if($_GET['nggv']['limit']) {
-                $qry .= ' LIMIT 0, '.$_GET['nggv']['limit'];
+                $qry .= ' LIMIT 0, '.$wpdb->escape($_GET['nggv']['limit']);
             }
             

nextgen-gallery-voting/trunk/readme.txt

@@ -4 +4 @@
 Tags: nextgen-gallery, nextgen, gallery, voting, rating, ratings, nextgen-gallery-voting
 Requires at least: 2.9.1
-Tested up to: 3.8.3
-Stable tag: 2.7.5
+Tested up to: 4.0.1
+Stable tag: 2.7.6
 
 Adds the ability for users to vote and rate your NextGEN Images. Simple options give you the ability to limit who can vote on what.
@@ -77 +77 @@
 
 == Changelog ==
+
+= 2.7.6 =
+* Security patch to stop unauthorized access to certain features
 
 = 2.7.5 =
@@ -230 +233 @@
 == Upgrade Notice ==
 
+= 2.7.6 =
+Security patch to stop unauthorized access to certain features
+
 = 2.7.5 =
 CSS fix for stopping numeric values of stars showing under certain conditions