Changeset 3171538

Timestamp:

10/18/2024 02:36:46 PM (14 months ago)

Author:

10web

Message:

Fixed: Security fix

Location:

photo-gallery/trunk

Files:

• admin/controllers/Widget.php (modified) (1 diff)
• admin/controllers/WidgetSlideshow.php (modified) (1 diff)
• admin/controllers/WidgetTags.php (modified) (1 diff)
• photo-gallery.php (modified) (2 diffs)
• readme.txt (modified) (2 diffs)

photo-gallery/trunk/admin/controllers/Widget.php

@@ -76 +76 @@
    */
     public function update($new_instance, $old_instance) {
-        $instance['title'] = isset($new_instance['title']) ? strip_tags($new_instance['title']) : '';
-        $instance['type'] = isset($new_instance['type']) ? $new_instance['type'] : 'gallery';
-        $instance['gallery_id'] = isset($new_instance['gallery_id']) ? $new_instance['gallery_id'] : 0;
-        $instance['album_id'] = isset($new_instance['album_id']) ? $new_instance['album_id'] : 0;
-        $instance['show'] = isset($new_instance['show']) ? $new_instance['show'] : 'random';
-        $instance['count'] = isset($new_instance['count']) ? $new_instance['count'] : 4;
-        $instance['width'] = isset($new_instance['width']) ? $new_instance['width'] : 100;
-        $instance['height'] = isset($new_instance['height']) ? $new_instance['height'] : 100;
-        $instance['theme_id'] = isset($new_instance['theme_id']) ? $new_instance['theme_id'] : 1;
-        $instance['view_type'] = isset($new_instance['view_type']) ? $new_instance['view_type'] : 'thumbnails';
+        $instance['title'] = isset($new_instance['title']) ? strip_tags(esc_html($new_instance['title'])) : '';
+        $instance['type'] = isset($new_instance['type']) ? esc_html($new_instance['type']) : 'gallery';
+        $instance['gallery_id'] = isset($new_instance['gallery_id']) ? intval($new_instance['gallery_id']) : 0;
+        $instance['album_id'] = isset($new_instance['album_id']) ? intval($new_instance['album_id']) : 0;
+        $instance['show'] = isset($new_instance['show']) ? esc_html($new_instance['show']) : 'random';
+        $instance['count'] = isset($new_instance['count']) ? intval($new_instance['count']) : 4;
+        $instance['width'] = isset($new_instance['width']) ? intval($new_instance['width']) : 100;
+        $instance['height'] = isset($new_instance['height']) ? intval($new_instance['height']) : 100;
+        $instance['theme_id'] = isset($new_instance['theme_id']) ? intval($new_instance['theme_id']) : 1;
+        $instance['view_type'] = isset($new_instance['view_type']) ? esc_html($new_instance['view_type']) : 'thumbnails';
         return $instance;
     }

photo-gallery/trunk/admin/controllers/WidgetSlideshow.php

@@ -93 +93 @@
     // Update Settings.
     public function update($new_instance, $old_instance) {
-        $instance['title'] = isset($new_instance['title']) ? strip_tags($new_instance['title']) : '';
-        $instance['gallery_id'] = isset($new_instance['gallery_id']) ? $new_instance['gallery_id'] : 0;
-        $instance['width'] = isset($new_instance['width']) ? $new_instance['width'] : 200;
-        $instance['height'] = isset($new_instance['height']) ? $new_instance['height'] : 200;
-        $instance['filmstrip_height'] = isset($new_instance['filmstrip_height']) ? $new_instance['filmstrip_height'] : 40;
-        $instance['effect'] = isset($new_instance['effect']) ? $new_instance['effect'] : 'fade';
-        $instance['interval'] = isset($new_instance['interval']) ? $new_instance['interval'] : 5;
-        $instance['shuffle'] = isset($new_instance['shuffle']) ? $new_instance['shuffle'] : 0;
-        $instance['theme_id'] = isset($new_instance['theme_id']) ? $new_instance['theme_id'] : 1;
-        $instance['enable_ctrl_btn'] = isset($new_instance['enable_ctrl_btn']) ? $new_instance['enable_ctrl_btn'] : 0;
-        $instance['enable_autoplay'] = isset($new_instance['enable_autoplay']) ? $new_instance['enable_autoplay'] : 0;
+        $instance['title'] = isset($new_instance['title']) ? strip_tags(esc_html($new_instance['title'])) : '';
+        $instance['gallery_id'] = isset($new_instance['gallery_id']) ? intval($new_instance['gallery_id']) : 0;
+        $instance['width'] = isset($new_instance['width']) ? intval($new_instance['width']) : 200;
+        $instance['height'] = isset($new_instance['height']) ? intval($new_instance['height']) : 200;
+        $instance['filmstrip_height'] = isset($new_instance['filmstrip_height']) ? intval($new_instance['filmstrip_height']) : 40;
+        $instance['effect'] = isset($new_instance['effect']) ? esc_html($new_instance['effect']) : 'fade';
+        $instance['interval'] = isset($new_instance['interval']) ? intval($new_instance['interval']) : 5;
+        $instance['shuffle'] = isset($new_instance['shuffle']) ? intval($new_instance['shuffle']) : 0;
+        $instance['theme_id'] = isset($new_instance['theme_id']) ? intval($new_instance['theme_id']) : 1;
+        $instance['enable_ctrl_btn'] = isset($new_instance['enable_ctrl_btn']) ? intval($new_instance['enable_ctrl_btn']) : 0;
+        $instance['enable_autoplay'] = isset($new_instance['enable_autoplay']) ? intval($new_instance['enable_autoplay']) : 0;
         return $instance;
     }

photo-gallery/trunk/admin/controllers/WidgetTags.php

@@ -78 +78 @@
    */
     public function update($new_instance, $old_instance) {
-        $instance['title'] = isset($new_instance['title']) ? strip_tags($new_instance['title']) : '';
-        $instance['type'] = isset($new_instance['type']) ? $new_instance['type'] : 'text';
-        $instance['show_name'] = isset($new_instance['show_name']) ? $new_instance['show_name'] : 0;
-        $instance['open_option'] = isset($new_instance['open_option']) ? $new_instance['open_option'] : 'gallery';
-        $instance['count'] = isset($new_instance['count']) ? $new_instance['count'] : 0;
-        $instance['width'] = isset($new_instance['width']) ? $new_instance['width'] : 250;
-        $instance['height'] = isset($new_instance['height']) ? $new_instance['height'] : 250;
-        $instance['background_transparent'] = isset($new_instance['background_transparent']) ? $new_instance['background_transparent'] : 1;
-        $instance['background_color'] = isset($new_instance['background_color']) ? $new_instance['background_color'] : '000000';
-        $instance['text_color'] = isset($new_instance['text_color']) ? $new_instance['text_color'] : 'eeeeee';
-        $instance['theme_id'] = isset($new_instance['theme_id']) ? $new_instance['theme_id'] : 1;
+        $instance['title'] = isset($new_instance['title']) ? strip_tags(esc_html($new_instance['title'])) : '';
+        $instance['type'] = isset($new_instance['type']) ? esc_html($new_instance['type']) : 'text';
+        $instance['show_name'] = isset($new_instance['show_name']) ? intval($new_instance['show_name']) : 0;
+        $instance['open_option'] = isset($new_instance['open_option']) ? esc_html($new_instance['open_option']) : 'gallery';
+        $instance['count'] = isset($new_instance['count']) ? intval($new_instance['count']) : 0;
+        $instance['width'] = isset($new_instance['width']) ? intval($new_instance['width']) : 250;
+        $instance['height'] = isset($new_instance['height']) ? intval($new_instance['height']) : 250;
+        $instance['background_transparent'] = isset($new_instance['background_transparent']) ? esc_html($new_instance['background_transparent']) : 1;
+        $instance['background_color'] = isset($new_instance['background_color']) ? esc_html($new_instance['background_color']) : '000000';
+        $instance['text_color'] = isset($new_instance['text_color']) ? esc_html($new_instance['text_color']) : 'eeeeee';
+        $instance['theme_id'] = isset($new_instance['theme_id']) ? intval($new_instance['theme_id']) : 1;
         return $instance;
     }

photo-gallery/trunk/photo-gallery.php

@@ -4 +4 @@
  * Plugin URI: https://10web.io/plugins/wordpress-photo-gallery/?utm_source=photo_gallery&utm_medium=free_plugin
  * Description: This plugin is a fully responsive gallery plugin with advanced functionality.  It allows having different image galleries for your posts and pages. You can create unlimited number of galleries, combine them into albums, and provide descriptions and tags.
- * Version: 1.8.29
+ * Version: 1.8.30
  * Author: Photo Gallery Team
  * Author URI: https://10web.io/plugins/?utm_source=photo_gallery&utm_medium=free_plugin
@@ -109 +109 @@
     $this->front_url = $this->plugin_url;
     $this->main_file = plugin_basename(__FILE__);
-    $this->plugin_version = '1.8.29';
-    $this->db_version = '1.8.29';
+    $this->plugin_version = '1.8.30';
+    $this->db_version = '1.8.30';
     $this->prefix = 'bwg';
     $this->nicename = __('Photo Gallery', 'photo-gallery');

photo-gallery/trunk/readme.txt

@@ -4 +4 @@
 Requires at least: 4.6
 Tested up to: 6.6
-Stable tag: 1.8.29
+Stable tag: 1.8.30
 License: GPLv2 or later
 License URI: http://www.gnu.org/licenses/gpl-2.0.html
@@ -273 +273 @@
 
 == Changelog ==
+
+= 1.8.30 =
+* Fixed: Security fix.
 
 = 1.8.29 =