Changeset 3149367

Timestamp:

09/10/2024 04:55:34 PM (15 months ago)

Author:

10web

Message:

Fixed: Security issue

Location:

photo-gallery/trunk

Files:

• frontend/views/BWGViewAlbum_compact_preview.php (modified) (1 diff)
• frontend/views/BWGViewThumbnails.php (modified) (1 diff)
• frontend/views/BWGViewThumbnails_masonry.php (modified) (1 diff)
• photo-gallery.php (modified) (2 diffs)
• readme.txt (modified) (2 diffs)

photo-gallery/trunk/frontend/views/BWGViewAlbum_compact_preview.php

@@ -96 +96 @@
         $href = $this->http_strip_query_param($href, 'bwg_search_' . $bwg);
         $href = $this->http_strip_query_param($href, 'page_number_' . $bwg);
-        $title = '<div class="bwg-title1"><div class="bwg-title2">' . ($row->name ? htmlspecialchars_decode($row->name, ENT_COMPAT | ENT_QUOTES) : '&nbsp;') . '</div></div>';
+        $title = '<div class="bwg-title1"><div class="bwg-title2">' . ($row->name ? wp_kses_post(htmlspecialchars_decode($row->name, ENT_COMPAT | ENT_QUOTES)) : '&nbsp;') . '</div></div>';
         $resolution_thumb = $row->resolution_thumb;
         $image_thumb_width = '';

photo-gallery/trunk/frontend/views/BWGViewThumbnails.php

@@ -38 +38 @@
         $data_image_id = '';
         $href = '';
-        $title = '<div class="bwg-title1"><div class="bwg-title2">' . ($image_row->alt ? htmlspecialchars_decode($image_row->alt, ENT_COMPAT | ENT_QUOTES) : '&nbsp;') . '</div></div>';
-        $description = '<div class="bwg-thumb-description bwg_thumb_description_0"><span>' . ($image_row->description ? htmlspecialchars_decode($image_row->description, ENT_COMPAT | ENT_QUOTES) : '') . '</span></div>';
+        $title = '<div class="bwg-title1"><div class="bwg-title2">' . ($image_row->alt ? wp_kses_post(htmlspecialchars_decode($image_row->alt, ENT_COMPAT | ENT_QUOTES)) : '&nbsp;') . '</div></div>';
+        $description = '<div class="bwg-thumb-description bwg_thumb_description_0"><span>' . ($image_row->description ? wp_kses_post(htmlspecialchars_decode($image_row->description, ENT_COMPAT | ENT_QUOTES)) : '') . '</span></div>';
         $play_icon = '<div class="bwg-play-icon1"><i title="' . __('Play', 'photo-gallery') . '" class="bwg-icon-play bwg-title2 bwg-play-icon2"></i></div>';
         $ecommerce_icon = '<div class="bwg-ecommerce1"><div class="bwg-ecommerce2">';

photo-gallery/trunk/frontend/views/BWGViewThumbnails_masonry.php

@@ -48 +48 @@
         $data_image_id = '';
         $href = '';
-            $title = '<div class="bwg-title1"><div class="bwg-title2">' . htmlspecialchars_decode($image_row->alt, ENT_COMPAT | ENT_QUOTES) . '</div></div>';
+            $title = '<div class="bwg-title1"><div class="bwg-title2">' . wp_kses_post(htmlspecialchars_decode($image_row->alt, ENT_COMPAT | ENT_QUOTES)) . '</div></div>';
         $play_icon = '<div class="bwg-play-icon1"><i title="' . __('Play', 'photo-gallery') . '" class="bwg-icon-play bwg-title2 bwg-play-icon2"></i></div>';
         $ecommerce_icon = '<div class="bwg-ecommerce1"><div class="bwg-ecommerce2">';

photo-gallery/trunk/photo-gallery.php

@@ -4 +4 @@
  * Plugin URI: https://10web.io/plugins/wordpress-photo-gallery/?utm_source=photo_gallery&utm_medium=free_plugin
  * Description: This plugin is a fully responsive gallery plugin with advanced functionality.  It allows having different image galleries for your posts and pages. You can create unlimited number of galleries, combine them into albums, and provide descriptions and tags.
- * Version: 1.8.27
+ * Version: 1.8.28
  * Author: Photo Gallery Team
  * Author URI: https://10web.io/plugins/?utm_source=photo_gallery&utm_medium=free_plugin
@@ -109 +109 @@
     $this->front_url = $this->plugin_url;
     $this->main_file = plugin_basename(__FILE__);
-    $this->plugin_version = '1.8.27';
-    $this->db_version = '1.8.27';
+    $this->plugin_version = '1.8.28';
+    $this->db_version = '1.8.28';
     $this->prefix = 'bwg';
     $this->nicename = __('Photo Gallery', 'photo-gallery');

photo-gallery/trunk/readme.txt

@@ -4 +4 @@
 Requires at least: 4.6
 Tested up to: 6.6
-Stable tag: 1.8.27
+Stable tag: 1.8.28
 License: GPLv2 or later
 License URI: http://www.gnu.org/licenses/gpl-2.0.html
@@ -273 +273 @@
 
 == Changelog ==
+
+= 1.8.28 =
+* Fixed: Security fix.
 
 = 1.8.27 =