Changeset 3191703

Timestamp:

11/19/2024 12:20:57 AM (15 months ago)

Author:

Bluenotes

Message:

1.2.2 Nov 18, 2024

• Security fix for XSS via the shortcode image ID's attribute. My thanks to Peter Thaleikis for the discovery.
• Note that this is a legacy plugin. Users should move towards the built in block editor gallery features.

Location:

bne-gallery-extended/trunk

Files:

• bne-gallery-extended.php (modified) (5 diffs)
• readme.txt (modified) (2 diffs)

bne-gallery-extended/trunk/bne-gallery-extended.php

@@ -2 +2 @@
 /*
  * Plugin Name: BNE Gallery Extended
- * Version: 1.2.1
+ * Version: 1.2.2
  * Description:  Adds a new shortcode attribute, "display" to the WP [gallery] shortcode allowing to display the gallery as a 3D carousel or masonry grid.
  * Author: Kerry Kline
@@ -92 +92 @@
          *  
          *  @since      v1.0
-         *  @updated    v1.2.1
+         *  @updated    v1.2.2
          *
         */
@@ -169 +169 @@
         
                             // Grabs the image ID's in the [gallery] shortcode
-                            $image_ids = explode( ',', $atts['ids'] );
+                            $image_ids = explode( ',', esc_attr( $atts['ids'] ) );
                             
                             // Check if orderby is set to "rand", if so shuffle the stack
@@ -300 +300 @@
                     
                     // Grabs the image ID's in the [gallery] shortcode
-                    $image_ids = explode( ',', $atts['ids'] );
-    
+                    $image_ids = explode( ',', esc_attr( $atts['ids'] ) );
+                    
                     // Check if orderby is set to "rand", if so shuffle the stack
                     if( $atts['orderby'] == 'rand' ) { shuffle( $image_ids ); }
@@ -309 +309 @@
                     foreach( $image_ids as $id ) {
                         $output .= '<div class="gallery-single gallery-item image-id-'.$id.' col-'.$atts['columns'].'-masonry" style="margin-bottom: '.$atts['gutter'].'px; width: '.$grid_col_width.';">';
+                            
+                            /*
+                            LOOK AT NOT OUTPUTING THE IMAGE TWICE FOR CAPTIONS
+                            MAKE SURE LINK WORKS ON HOVER 
+                            */
+                            
                             
                             // Link: File

bne-gallery-extended/trunk/readme.txt

@@ -3 +3 @@
 Tags: WordPress gallery, gallery, masonry gallery, carousel gallery
 Requires at least: 5.0
-Tested up to: 6.0
-Stable tag: 1.2.1
+Tested up to: 6.7
+Stable tag: 1.2.2
 License: GPLv2 or later
 License URI: http://www.gnu.org/licenses/gpl-2.0.html
@@ -83 +83 @@
 == Changelog ==
 
+= 1.2.2 Nov 18, 2024 =
+* Security fix for XSS via the shortcode image ID's attribute. My thanks to Peter Thaleikis for the discovery.
+* Note that this is a legacy plugin. Users should move towards the built in block editor gallery features.
+
+
 = 1.2.1 June 3, 20222 =
 * Fix PHP 8.0 warning.