WordPress.org
Get WordPress

Plugin Directory

Changeset 3233519


Ignore:
Timestamp:
02/02/2025 05:54:48 PM (12 months ago)
Author:
wpo-HR
Message:

Adding new functionality and security fix

Location:
ngg-smart-image-search
Files:
6 edited
8 copied

Legend:

Unmodified
Added
Removed

  • ngg-smart-image-search/trunk/README.txt

    r3041581 r3233519  
    11=== NGG Smart Image Search ===
    2 Contributors: wpo-HR
    3 Tags: NextGEN Gallery, image search, smart search, customizable gallery displays, Bildersuche
    4 Requires at least: 4.5.1
    5 Requires PHP: 5.2.4
    6 Tested up to: 6.4.3
    7 Stable tag: trunk
    8 License: GPLv2 or later
    9 License URI: http://www.gnu.org/licenses/gpl-2.0.html
     2Contributors:   wpo-HR
     3Tags:       NextGEN Gallery, image search, smart search, gallery displays, frontend search
     4Tested up to:   7.6.1
     5Stable tag: trunk
     6License:    GPLv2 or later
     7License URI:    http://www.gnu.org/licenses/gpl-2.0.html
    108
    119NGG Smart Image Search provides a smart search and display functionality for images in selectable arbitary collections of NextGEN galleries.
     
    142140== Changelog ==
    143141
     142= 3.3.2 =
     143This is a highly recommended enhancement and security update, uploaded 2025-02-02.
     144
     145*NEW: new url-parameter ?sngg=<search-parameter> provided to initialize searches via url-links
     146*NEW: special search variable a:<album-id> provided to dynamically limit image search to images in specified album <album-id>
     147*NEW: special search variable u:<user-id> provided to dynamically limit image search to images uploaded by specified user <user-id>
     148*Changed: Fancybox 5.0 is now locally included and no longer linked via cdn
     149*Fixed: security issue with unsanatized shortcode parameter attribute: a registered user with edit and publish capabilities could inject malicious code in the browser of a site visitor
    144150
    145151= 3.2.1 =

  • ngg-smart-image-search/trunk/admin/class-ngg-smart-image-search-admin.php

    r3041581 r3233519  
    122122    }
    123123   
     124        wp_register_script( 'hr-hide-nextgen-header-js', plugin_dir_url( __FILE__ ) . 'js/hide-nextgen-header.js', array(), $this->version, true );
     125        wp_enqueue_script(  'hr-hide-nextgen-header-js' );
     126
    124127    }
    125128
     
    10941097add_action( 'wp_footer', 'def_svg_icon' );
    10951098
    1096 
    1097 /**
    1098  * Make sure the function does not exist before defining it
    1099  /
    1100 if( ! function_exists( 'hr_remove_class_filter' ) ){
    1101     /**
    1102      * Remove Class Filter Without Access to Class Object
    1103      *
    1104      * In order to use the core WordPress remove_filter() on a filter added with the callback
    1105      * to a class, you either have to have access to that class object, or it has to be a call
    1106      * to a static method.  This method allows you to remove filters with a callback to a class
    1107      * you don't have access to.
    1108      *
    1109      * Works with WordPress 1.2+ (4.7+ support added 9-19-2016)
    1110      * Updated 2-27-2017 to use internal WordPress removal for 4.7+ (to prevent PHP warnings output)
    1111      *
    1112      * @param string $tag         Filter to remove
    1113      * @param string $class_name  Class name for the filter's callback
    1114      * @param string $method_name Method name for the filter's callback
    1115      * @param int    $priority    Priority of the filter (default 10)
    1116      *
    1117      * @return bool Whether the function is removed.
    1118      *
    1119     function hr_remove_class_filter( $tag, $class_name = '', $method_name = '', $priority = 10 ) {
    1120         global $wp_filter;
    1121         // Check that filter actually exists first
    1122         if ( ! isset( $wp_filter[ $tag ] ) ) {
    1123             return FALSE;
    1124         }
    1125         /**
    1126          * If filter config is an object, means we're using WordPress 4.7+ and the config is no longer
    1127          * a simple array, rather it is an object that implements the ArrayAccess interface.
    1128          *
    1129          * To be backwards compatible, we set $callbacks equal to the correct array as a reference (so $wp_filter is updated)
    1130          *
    1131          * @see https://make.wordpress.org/core/2016/09/08/wp_hook-next-generation-actions-and-filters/
    1132          /
    1133         if ( is_object( $wp_filter[ $tag ] ) && isset( $wp_filter[ $tag ]->callbacks ) ) {
    1134             // Create $fob object from filter tag, to use below
    1135             $fob       = $wp_filter[ $tag ];
    1136             $callbacks = &$wp_filter[ $tag ]->callbacks;
    1137         } else {
    1138             $callbacks = &$wp_filter[ $tag ];
    1139         }
    1140         // Exit if there aren't any callbacks for specified priority
    1141         if ( ! isset( $callbacks[ $priority ] ) || empty( $callbacks[ $priority ] ) ) {
    1142             return FALSE;
    1143         }
    1144         // Loop through each filter for the specified priority, looking for our class & method
    1145         foreach ( (array) $callbacks[ $priority ] as $filter_id => $filter ) {
    1146             // Filter should always be an array - array( $this, 'method' ), if not goto next
    1147             if ( ! isset( $filter['function'] ) || ! is_array( $filter['function'] ) ) {
    1148                 continue;
    1149             }
    1150             // If first value in array is not an object, it can't be a class
    1151             if ( ! is_object( $filter['function'][0] ) ) {
    1152                 continue;
    1153             }
    1154             // Method doesn't match the one we're looking for, goto next
    1155             if ( $filter['function'][1] !== $method_name ) {
    1156                 continue;
    1157             }
    1158             // Method matched, now let's check the Class
    1159             if ( get_class( $filter['function'][0] ) === $class_name ) {
    1160                 // WordPress 4.7+ use core remove_filter() since we found the class object
    1161                 if ( isset( $fob ) ) {
    1162                     // Handles removing filter, reseting callback priority keys mid-iteration, etc.
    1163                     $fob->remove_filter( $tag, $filter['function'], $priority );
    1164                 } else {
    1165                     // Use legacy removal process (pre 4.7)
    1166                     unset( $callbacks[ $priority ][ $filter_id ] );
    1167                     // and if it was the only filter in that priority, unset that priority
    1168                     if ( empty( $callbacks[ $priority ] ) ) {
    1169                         unset( $callbacks[ $priority ] );
    1170                     }
    1171                     // and if the only filter for that tag, set the tag to an empty array
    1172                     if ( empty( $callbacks ) ) {
    1173                         $callbacks = array();
    1174                     }
    1175                     // Remove this filter from merged_filters, which specifies if filters have been sorted
    1176                     unset( $GLOBALS['merged_filters'][ $tag ] );
    1177                 }
    1178                 return TRUE;
    1179             }
    1180         }
    1181         return FALSE;
    1182     }
    1183 }
    1184  /**
    1185  * Make sure the function does not exist before defining it
    1186  ***
    1187 if( ! function_exists( 'hr_remove_class_action9') ){
    1188     /**
    1189      * Remove Class Action Without Access to Class Object
    1190      *
    1191      * In order to use the core WordPress remove_action() on an action added with the callback
    1192      * to a class, you either have to have access to that class object, or it has to be a call
    1193      * to a static method.  This method allows you to remove actions with a callback to a class
    1194      * you don't have access to.
    1195      *
    1196      * Works with WordPress 1.2+ (4.7+ support added 9-19-2016)
    1197      *
    1198      * @param string $tag         Action to remove
    1199      * @param string $class_name  Class name for the action's callback
    1200      * @param string $method_name Method name for the action's callback
    1201      * @param int    $priority    Priority of the action (default 10)
    1202      *
    1203      * @return bool               Whether the function is removed.
    1204      *
    1205     function hr_remove_class_action9( $tag = 'in_admin_header', $class_name = 'M_Marketing', $method_name = 'admin_header', $priority = 10 ) {
    1206         remove_filter( $tag, $class_name, $method_name, $priority=10 );
    1207     }
    1208 }
    1209 if( ! function_exists( 'hr_remove_class_action10') ){
    1210     function hr_remove_class_action10( $tag = 'in_admin_header', $class_name = 'M_Marketing', $method_name = 'admin_header', $priority = 10 ) {
    1211         remove_filter( $tag, $class_name, $method_name, $priority=10 );
    1212     }
    1213 }
    1214 if( ! function_exists( 'hr_remove_class_action11') ){
    1215     function hr_remove_class_action11( $tag = 'in_admin_header', $class_name = 'M_Marketing', $method_name = 'admin_header', $priority = 10 ) {
    1216         remove_filter( $tag, $class_name, $method_name, $priority=10 );
    1217     }
    1218 }
    1219 add_action( 'init', 'hr_remove_class_action9', 9 ) ;
    1220 add_action( 'init', 'hr_remove_class_action10', 10 ) ;
    1221 add_action( 'init', 'hr_remove_class_action11', 11 ) ;
    1222 
    1223 remove_action( 'in_admin_header', [ 'M_Marketing', 'admin_header' ], 10 );
    1224 remove_action( 'in_admin_footer', [ 'M_Marketing', 'footer_template' ], 10 );
    1225 */

  • ngg-smart-image-search/trunk/ngg-smart-image-search.php

    r3041581 r3233519  
    99 * that starts the plugin.
    1010 *
    11  * @link              https://r-fotos.de/wordpress-plugins
    12  * @since             1.0.0
    13  * @package           NGG_Smart_Image_Search
     11 * @link        https://r-fotos.de/wordpress-plugins
     12 * @since       1.0.0
     13 * @package     NGG_Smart_Image_Search
    1414 *
    1515 * @wordpress-plugin
    16  * Plugin Name:       NGG Smart Image Search
    17  * Plugin URI:        https://r-fotos.de/wordpress-plugins/ngg-smart-image-search
    18  * Description:       This plugin provides a customizable smart image search and display function for images in NextGEN galleries.
    19  * Version:           3.2.1
    20  * Requires at least: 5.5.4
    21  * Requires PHP:            7.0
    22  * Author:            Harald R&ouml;h
    23  * Author URI:        https://r-fotos.de
    24  * License:           GPL-2.0+
    25  * License URI:       http://www.gnu.org/licenses/gpl-2.0.txt
    26  * Text Domain:       ngg-smart-image-search
    27  * Domain Path:       /languages
     16 * Plugin Name:     NGG Smart Image Search
     17 * Plugin URI:      https://r-fotos.de/wordpress-plugins/ngg-smart-image-search
     18 * Description:     This plugin provides a customizable smart image search and display function for images in NextGEN galleries.
     19 * Version:     3.3.2
     20 * Requires at least:   5.5.4
     21 * Requires PHP:    7.0
     22 * Author:      Harald R&ouml;h
     23 * Author URI:      https://r-fotos.de
     24 * License:     GPL-2.0+
     25 * License URI:     http://www.gnu.org/licenses/gpl-2.0.txt
     26 * Text Domain:     ngg-smart-image-search
     27 * Domain Path:     /languages
    2828 */
    2929

  • ngg-smart-image-search/trunk/public/class-ngg-smart-image-search-public.php

    r3040703 r3233519  
    8181        wp_enqueue_style( $this->plugin_name . '-genericons', plugins_url( 'fonts/genericons/genericons.css', dirname(__FILE__) ), array(), $this->version, 'all' );
    8282
    83         //wp_register_style( 'hr-fancybox-css', plugin_dir_url( __FILE__ ) . 'js/fancyapps-fancybox-v-5-0.css', array(), $this->version, 'all' );
    84         wp_register_style( 'hr-fancybox-css', 'https://cdn.jsdelivr.net/npm/@fancyapps/[email protected]/dist/fancybox/fancybox.css', array(), $this->version, 'all' );
     83        wp_register_style( 'hr-fancybox-css', plugin_dir_url( __FILE__ ) . 'css/fancyapps_5-0_fancybox.css', array(), $this->version, 'all' );
     84        //wp_register_style( 'hr-fancybox-css', 'https://cdn.jsdelivr.net/npm/@fancyapps/[email protected]/dist/fancybox/fancybox.css', array(), $this->version, 'all' );
    8585        wp_enqueue_style(  'hr-fancybox-css' );
    8686
     
    108108        wp_enqueue_script( $this->plugin_name, plugin_dir_url( __FILE__ ) . 'js/ngg-smart-image-search-public.js', array( 'jquery' ), $this->version, false );
    109109
    110         //wp_register_script( 'hr-fancybox-js',  plugin_dir_url( __FILE__ ) . 'js/fancyapps-fancybox-v-5-0.js', array(), $this->version, true );
    111         wp_register_script( 'hr-fancybox-js',  'https://cdn.jsdelivr.net/npm/@fancyapps/[email protected]/dist/fancybox/fancybox.umd.js', array(), $this->version, true );
     110        wp_register_script( 'hr-fancybox-js',  plugin_dir_url( __FILE__ ) . 'js/fancyapps_5-0_fancybox.uml.js', array(), $this->version, true );
     111        //wp_register_script( 'hr-fancybox-js',  'https://cdn.jsdelivr.net/npm/@fancyapps/[email protected]/dist/fancybox/fancybox.umd.js', array(), $this->version, true );
    112112        wp_enqueue_script(  'hr-fancybox-js' );
    113113
     
    239239                       
    240240                    default:               
    241                         $hr_SIS_output_box .= __("Warning: unknown shortcode parameter:", "ngg-smart-image-search") . " " . $hr_SIS_index . '="' . $hr_SIS_value . '"<br><br>' ;
     241                        $hr_SIS_output_box .= __("Warning: unknown shortcode parameter:", "ngg-smart-image-search") . " " . $hr_SIS_index . '="' . esc_attr($hr_SIS_value) . '"<br><br>' ;
    242242                }
    243243            }
     
    281281        $hr_SIS_output_box .= '<form ' ;
    282282    } else {
    283         $hr_SIS_output_box .= '<form id="' . $hr_SIS_form_id . '" ' ;
     283        $hr_SIS_output_box .= '<form id="' . esc_attr($hr_SIS_form_id) . '" ' ;
    284284    }
    285285    $hr_SIS_output_box .= 'action="' . esc_url($hr_SIS_form_target) . '" method="post" class="' . $hr_SIS_search_form . '" > ' .
     
    358358    if ($hr_SIS_debug1 == 1 ) {
    359359      echo "<br>===========>  Aufruf image list handler<br>";
     360      var_dump( "_GET:", $_GET ); echo "<br>";
    360361      var_dump( "_POST:", $_POST ); echo "<br>";
    361362      var_dump( "_REQUEST:", $_REQUEST ); echo "<br>";
    362363      var_dump( "Parameter _atts: ", $atts ); echo "<br>";
    363       var_dump( "url:", $_SERVER['DOCUMENT_ROOT'] ); echo "<br><hr><br>";
     364      //var_dump( "home_url: ", home_url('/suche-ngg-bilder/') ); echo "<br>";
     365      //var_dump( "url:", $_SERVER['DOCUMENT_ROOT'] ); echo "<br><hr><br>";
    364366    }
    365367
     
    377379    }   
    378380
    379     // check if static streachstring is provided as current shortcode parameter
    380     if ( ( ! $atts == '' ) && (isset($atts['static_search'])) ) {
     381    // check if searchstring is provided per static_search parameter or per url searchstring
     382    if ( ( ( ! $atts == '' ) && (isset($atts['static_search'])) ) or
     383            ( ( ! $_REQUEST == '' ) && (isset($_REQUEST['sngg'])) ) ) {
     384
     385                // sngg search is internally marked as static search too
    381386          $hr_SIS_search_type = "static" ;
    382         $hr_SIS_search_text = $atts['static_search'] ;
    383 //        echo "static_search=&lt;", $hr_SIS_search_text, "&gt;<br><br>" ;
     387
     388                // but sngg search cannot overwrite static_search
     389          if ( ( ! $atts == '' ) && (isset($atts['static_search'])) ) {
     390            $hr_SIS_search_text = $atts['static_search'] ;
     391        } else {
     392            $hr_SIS_search_text = $_REQUEST['sngg'] ;
     393        }
    384394        // prepare for differentiation between public and logged in users
    385395        $hr_user_ID = get_current_user_id(); 
     
    401411    // include all default values, if values are not yet set
    402412    $hr_SIS_array = hr_SIS_check_defaults( $hr_SIS_array ) ;
     413    //        var_dump("update defaults ", $hr_SIS_array); echo "<br><hr>";
    403414    // override search limit
    404415    $hr_SIS_limit = $hr_SIS_array['limit'] ;
     
    502513                    if ( $hr_SIS_search_type == "static" ) {
    503514                        // check for additional search parameters as in shortcode searchbox
     515                        // echo "direct shortcode parameter " . $hr_SIS_index . " = " . $hr_SIS_value . "<br>" ;
    504516                        // check if shortcode parameter is only set for public or logged in user
    505517                        $hr_SIS_shortcode_parameter = preg_match('/^(?P<scope>(pu|lo))\_(?P<scpara>.*)$/', $hr_SIS_index, $hr_SIS_match);
    506 //                        var_dumP( $hr_SIS_index, $hr_SIS_shortcode_parameter ) ; echo "<br>";
    507                         if ( $hr_SIS_shortcode_parameter ) {
    508                               $hr_SIS_scope  = $hr_SIS_match['scope'] ;
    509                               $hr_SIS_scpara = $hr_SIS_match['scpara'] ;
     518                        // var_dump( "preg_match ", $hr_SIS_match ) ; echo "<br>" ;
     519                        // var_dumP( 'static parameter '.$hr_SIS_index, $hr_SIS_shortcode_parameter ) ; echo "<br>";
     520                        if ( $hr_SIS_shortcode_parameter ) {            // match was found
     521                              $hr_SIS_scope  = $hr_SIS_match['scope'] ;   // specifies lo or up
     522                              $hr_SIS_scpara = $hr_SIS_match['scpara'] ;  // specifies correct parameter without lo_/pu_
    510523                        } else {
    511                               $hr_SIS_scope  = "" ;
     524                              $hr_SIS_scope  = "" ;                                             // no match lo_/pu_ found
    512525                              $hr_SIS_scpara = $hr_SIS_index ;
    513526                        }
     
    519532                                   ( ( ( $hr_user_ID == 0 ) && ( $hr_SIS_scope == "pu" ) ) or    // either public
    520533                                     ( ( $hr_user_ID > 0 ) && ( $hr_SIS_scope == "lo" ) ) ) ) {  // or logged in
     534                                  // echo "overwrite parameter " . $hr_SIS_scpara . " old value=" . $hr_SIS_array[$hr_SIS_scpara] . " with " . $hr_SIS_value . " <br>" ;
    521535                                  $hr_SIS_array[$hr_SIS_scpara] = $hr_SIS_value ;
     536                                  if ($hr_SIS_scpara == "limit" ) { $hr_SIS_limit = $hr_SIS_value ; }
    522537                              }
    523538                        } else {
     
    629644    // init variables for extended search mode
    630645    $hr_SIS_search_gallery_id = 0 ;      // init special search gallery marker
     646    $hr_SIS_search_album_id = 0 ;        // init special search album marker
     647    $hr_SIS_search_uploader_id = 0 ;     // init special search qualifier for uploader search
    631648    $hr_SIS_search_limit_type = "" ;     // init special search recent/last marker
    632649    if ( $hr_SIS_search_mode == "basic" ) {
     
    712729        for ( $hr_index0 = 0;  $hr_index0 <= $hr_search_index ; $hr_index0 ++ ) {
    713730            $hr_SIS_search_qmode[$hr_index0] = 'text' ;   // default is text search
    714             $hr_SIS_search_pattern = preg_match('/^(?P<code>(g|r|l)):(?P<digit>\d+)$/', trim($hr_SIS_search_array[$hr_index0]), $hr_SIS_match);
     731            $hr_SIS_search_pattern = preg_match('/^(?P<code>(g|r|l|u|a)):(?P<digit>\d+)$/', trim($hr_SIS_search_array[$hr_index0]), $hr_SIS_match);
    715732            if ( $hr_SIS_search_pattern ) {
    716733                switch ( $hr_SIS_match['code'] ) {
     
    798815                        $hr_sort_direction = "DESC";       
    799816                        break;
     817
     818                    case "u":             // special qualifier to select images of a special uploader
     819                        if ( is_user_logged_in() ) {        // exept only for logged in users
     820                            if ( ( $hr_SIS_search_uploader_id == 0 ) or ( $hr_SIS_search_uploader_id == $hr_SIS_match['digit'] ) ) {
     821                                $hr_SIS_search_uploader_id = $hr_SIS_match['digit'] ;
     822                            } else {
     823                                  // conflict: cannot filter for two different uploaders
     824                                  $hr_SIS_output = sprintf(  __("ERROR: you cannot search for two different uploaders in searchstring %s.", "ngg-smart-image-search"),
     825                                         "<b><em>" . esc_tml($hr_SIS_search_text) . "</em></b>" ) . "<br>" ;
     826                                return $hr_SIS_output;
     827                            }
     828   
     829                            if ( $hr_SIS_search_qcode[$hr_index0] <> "&" ) {
     830                                  // conflict: gallery search only possible with qualifier  &
     831                                  $hr_SIS_output = sprintf(  __("ERROR: you cannot use field qualifier %s for gallery search in searchstring %s.", "ngg-smart-image-search"),
     832                                         $hr_SIS_search_qcode[$hr_index0], "<b><em>" . esc_html($hr_SIS_search_text) . "</em></b>" ) . "<br>" ;
     833                                return $hr_SIS_output;
     834                            }
     835                            $hr_SIS_search_qmode[$hr_index0] = "uploader" ;
     836                        } else {
     837                              // conflict: uploader search only possible for logged in users &
     838                              $hr_SIS_output = sprintf(  __("WARNING: uploader search in searchstring %s is not authorized by settings for public users.", "ngg-smart-image-search"),
     839                                      "<b><em>" . esc_html($hr_SIS_search_text) . "</em></b>" ) . "<br>" ;
     840                            return $hr_SIS_output;
     841                        }
     842                        break;
     843 
     844                    case "a":             // special qualifier to select images of a special album
     845                        if ( is_user_logged_in() ) {        // exept only for logged in users
     846                            if ( ( $hr_SIS_search_album_id == 0 ) or ( $hr_SIS_search_album_id == $hr_SIS_match['digit'] ) ) {
     847                                $hr_SIS_search_album_id = hr_SIS_get_gallery_list ( $hr_SIS_match['digit'], '' ) ;
     848                            } else {
     849                                  // conflict: cannot filter for two different album ids
     850                                  $hr_SIS_output = sprintf(  __("ERROR: you cannot search for two different album ids in searchstring %s.", "ngg-smart-image-search"),
     851                                         "<b><em>" . esc_tml($hr_SIS_search_text) . "</em></b>" ) . "<br>" ;
     852                                return $hr_SIS_output;
     853                            }
     854   
     855                            if ( $hr_SIS_search_qcode[$hr_index0] <> "&" ) {
     856                                  // conflict: gallery search only possible with qualifier  &
     857                                  $hr_SIS_output = sprintf(  __("ERROR: you cannot use field qualifier %s for album search in searchstring %s.", "ngg-smart-image-search"),
     858                                         $hr_SIS_search_qcode[$hr_index0], "<b><em>" . esc_html($hr_SIS_search_text) . "</em></b>" ) . "<br>" ;
     859                                return $hr_SIS_output;
     860                            }
     861                            $hr_SIS_search_qmode[$hr_index0] = "album" ;
     862                        } else {
     863                              // conflict: uploader search only possible for logged in users &
     864                              $hr_SIS_output = sprintf(  __("WARNING: album search in searchstring %s is not authorized by settings for public users.", "ngg-smart-image-search"),
     865                                      "<b><em>" . esc_html($hr_SIS_search_text) . "</em></b>" ) . "<br>" ;
     866                            return $hr_SIS_output;
     867                        }
     868                        break;
     869 
    800870                }
    801871            }
     
    873943    while ( $hr_SIS_loop_index <= $hr_search_index ) :    // loop at least once, or more often for number of qualified searches             
    874944
    875         // echo "loop index ", $hr_SIS_loop_index, " with search qmode ",  $hr_SIS_search_qmode[$hr_SIS_loop_index], "<br>";
     945        //echo "loop index ", $hr_SIS_loop_index, " with search qmode ",  $hr_SIS_search_qmode[$hr_SIS_loop_index], "<br>";
    876946
    877947        switch ( $hr_SIS_search_qmode[$hr_SIS_loop_index] ) {
     
    9451015            case "gallery" :
    9461016                // special case, search for specified gallery id                     
    947                 $hr_SIS_searchstring0     = "( npic.galleryid = " . $hr_SIS_search_gallery_id . " ) " ;
     1017                $hr_SIS_searchstring0     = "npic.galleryid = " . $hr_SIS_search_gallery_id ;
    9481018             //   $hr_SIS_search_scope    = '' ;
    9491019             //   $hr_SIS_exclude_scope   = '' ;
    9501020                break;
    9511021               
    952             case "recent" :
     1022            case "uploader" :
     1023                // special case, search for specified uploader id                     
     1024                $hr_SIS_searchstring0     = "npic.uploader = " . $hr_SIS_search_uploader_id ;
     1025                break;
     1026               
     1027            case "album" :
     1028                // special case, search for specified uploader id                     
     1029                $hr_SIS_searchstring0     = "npic.galleryid in ( " . $hr_SIS_search_album_id . " )" ;
     1030                break;
     1031               
     1032            case "recent" :
    9531033            case "last" :
    9541034                // define dummy qualifier
     
    10081088        $hr_SIS_sql_ngg_pictures .= " AND ( npic.exclude <> 1 ) ";       // one parenthesis still open
    10091089    } 
    1010                                  
    1011     // specify search gallery scope, if set
     1090                               
     1091     // specify search gallery scope, if set
    10121092    if ( $hr_SIS_search_scope <> '' ) {
    10131093           $hr_SIS_sql_ngg_pictures .= " AND ( npic.galleryid in (" . $hr_SIS_search_scope . ") ) ";       // one parenthesis still open
     
    13171397                  // add leading slash to path, if missing (was on some installations)
    13181398                    if ( substr( $hr_SIS_picture->path, 0 , 1) !== '/' ) { $hr_SIS_pathname = '/' . $hr_SIS_picture->path ; } else { $hr_SIS_pathname = $hr_SIS_picture->path ; }
    1319                                
     1399                    //var_dump("para-path", $hr_SIS_picture->path); echo "<br>" ;       
    13201400                                // check for closing slash to path, if missing
    13211401                                if ( substr($hr_SIS_pathname, -1) !== '/' ) { $hr_SIS_pathname .= '/' ; }
    1322                                
    1323                 // to address image file correctly we need the local path to the file
     1402                    //var_dump("clear-path", $hr_SIS_pathname); echo "<br>" ;           
     1403                // to address image file correctly we need the local path to the file but not from home
    13241404                $hr_SIS_document_root = get_option("siteurl") ;
    1325                     $hr_SIS_filename = $hr_SIS_document_root . $hr_SIS_pathname . $hr_SIS_picture->filename ;
    1326                     $hr_SIS_thumbsfilename = $hr_SIS_document_root . $hr_SIS_pathname . "thumbs/thumbs_" .  $hr_SIS_picture->filename ;  // $_SERVER['DOCUMENT_ROOT']
     1405                    $hr_SIS_filename = $hr_SIS_pathname . $hr_SIS_picture->filename ;
     1406                    $hr_SIS_thumbsfilename = $hr_SIS_pathname . "thumbs/thumbs_" .  $hr_SIS_picture->filename ;  // alter thumb name
    13271407                    $hr_SIS_thumbsfilename2 = ABSPATH . substr($hr_SIS_pathname,1) . "thumbs/thumbs_" .  $hr_SIS_picture->filename ; 
    13281408                   
    1329                     if (  !file_exists( $hr_SIS_thumbsfilename2 ) ) {
    1330                             // NextGEN changed at some time thumbs-filename from thumbs_imagefile to thumbs-imagefile
     1409                    if (  !file_exists( $hr_SIS_thumbsfilename2 ) ) {               //kein alter thumb name mit _
     1410                            // NextGEN changed at some time thumbs-filename from thumbs_imagefile to thumbs-imagefile = new thumb name
    13311411                            $hr_SIS_thumbsfilename = $hr_SIS_document_root . $hr_SIS_pathname . "thumbs/thumbs-" .  $hr_SIS_picture->filename ;
    13321412                    }
     
    13871467                          // add leading slash to path, if missing (was on some installations)
    13881468                            if ( substr( $hr_SIS_picture->path, 0 , 1) !== '/' ) { $hr_SIS_pathname = '/' . $hr_SIS_picture->path ; } else { $hr_SIS_pathname = $hr_SIS_picture->path ; }
    1389 
     1469                //var_dump("para-path", $hr_SIS_picture->path); echo "<br>" ;
    13901470                                                // check for closing slash to path, if missing
    13911471                                                if ( substr($hr_SIS_pathname, -1) !== '/' ) { $hr_SIS_pathname .= '/' ; }
    1392                     
     1472       // var_dump("clear-path", $hr_SIS_pathname); echo "<br>" ;           
    13931473                        // to address image file correctly we need the local path to the file
    13941474                        $hr_SIS_document_root = get_option("siteurl") ;
    1395                             $hr_SIS_filename = $hr_SIS_document_root . $hr_SIS_pathname . "/" .  $hr_SIS_picture->filename ;
    1396                             $hr_SIS_thumbsfilename = $hr_SIS_document_root . $hr_SIS_pathname . "/thumbs/thumbs_" .  $hr_SIS_picture->filename ;
     1475                            $hr_SIS_filename = $hr_SIS_pathname . "/" .  $hr_SIS_picture->filename ;
     1476                            $hr_SIS_thumbsfilename = $hr_SIS_pathname . "/thumbs/thumbs_" .  $hr_SIS_picture->filename ;                // alter thumbs name
    13971477                                    $hr_SIS_thumbsfilename2 = ABSPATH . substr($hr_SIS_pathname,1) . "thumbs/thumbs_" .  $hr_SIS_picture->filename ; 
    13981478                   
    13991479                            if (  !file_exists ( $hr_SIS_thumbsfilename2 ) ) {
    14001480                                    // NextGEN changed at some time thumbs-filename from thumbs_imagefile to thumbs-imagefile
    1401                                     $hr_SIS_thumbsfilename = $hr_SIS_document_root . $hr_SIS_pathname . "/thumbs/thumbs-" .  $hr_SIS_picture->filename ;
     1481                                    $hr_SIS_thumbsfilename = $hr_SIS_pathname . "/thumbs/thumbs-" .  $hr_SIS_picture->filename ;   // neuer thumbs name
    14021482                            }
    14031483                 
     
    19612041
    19622042
    1963 /**
    1964  *   mark second paging buttons at top of list as not displayable
    1965  *   if canvas is not supported document.querySelector("hr-top-paging-buttons").style='display: none;';
    1966 
    1967 function mark_canvas_inability() {
    1968    
    1969     echo '<script> if (!Modernizr.Canvas) { document.querySelector("hr-top-paging-buttons").removeAttribute("style") ; } </script>';
    1970    
    1971 }
    1972 
    1973 add_action( 'wp_footer', 'mark_canvas_inability' );
    1974  */
    1975 
    1976 
     2043

  • ngg-smart-image-search/trunk/public/css/ngg-smart-image-search-public.css

    r3040703 r3233519  
    263263      top:32px !important;
    264264 }
     265 

  • ngg-smart-image-search/trunk/public/js/fancyapps-fancybind-v-5-0.js

    r3040721 r3233519  
    1 Fancybox.bind('[data-fancybox="gallery"]', {
     1Fancybox.bind("[data-fancybox]", {
    22// Transition effect when changing gallery items
    33Carousel : {
     
    2424]        //
    2525});
     26
Note: See TracChangeset for help on using the changeset viewer.