Context Navigation

← Previous Changeset
Next Changeset →

Changeset 1468601

Timestamp:

08/05/2016 12:47:53 PM (10 years ago)

Author:

aueda

Message:

media-file-manager 1.4.1

Location:

media-file-manager

Files:

: 23 added
: 3 edited

tags/1.4.1 (added)
tags/1.4.1/images (added)
tags/1.4.1/images/MRL_Icons.svg (added)
tags/1.4.1/images/audio.png (added)
tags/1.4.1/images/dir.png (added)
tags/1.4.1/images/dir_new.png (added)
tags/1.4.1/images/dir_up.png (added)
tags/1.4.1/images/file.png (added)
tags/1.4.1/images/left.png (added)
tags/1.4.1/images/media_folder.png (added)
tags/1.4.1/images/no_thumb.png (added)
tags/1.4.1/images/right.png (added)
tags/1.4.1/images/video.png (added)
tags/1.4.1/jquery.appear-1.1.1.min.js (added)
tags/1.4.1/media-relocator.js (added)
tags/1.4.1/media-relocator.php (added)
tags/1.4.1/media-selector.js (added)
tags/1.4.1/media-selector.php (added)
tags/1.4.1/output_log.php (added)
tags/1.4.1/readme.txt (added)
tags/1.4.1/screenshot-1.jpg (added)
tags/1.4.1/set_document_root.php (added)
tags/1.4.1/style.css (added)
trunk/media-relocator.php (modified) (1 diff)
trunk/media-selector.php (modified) (6 diffs)
trunk/readme.txt (modified) (2 diffs)

Legend:

: Unmodified
: Added
: Removed

media-file-manager/trunk/media-relocator.php

r1335996	r1468601
4	4	Plugin URI: http://tempspace.net/plugins/?page_id=111
5	5	Description: You can make sub-directories in the upload directory, and move files into them. At the same time, this plugin modifies the URLs/path names in the database. Also an alternative file-selector is added in the editing post/page screen, so you can pick up media files from the subfolders easily.
6		Version: 1.4.0
	6	Version: 1.4.1
7	7	Author: Atsushi Ueda
8	8	Author URI: http://tempspace.net/plugins/

media-file-manager/trunk/media-selector.php

-                      r1335996
+                      r1468601
     global $wpdb;
     $id = $_POST['id'];
+    $res = $wpdb->get_results(
+    if (!is_numeric($id)) {
+        die("error");
+    }
+    $query = $wpdb->prepare(
         "SELECT * from $wpdb->posts ".
         "WHERE id=".$id." ".
         " ");
+        "WHERE id='%d'",$id);
+    $res = $wpdb->get_results($query);
     $ret->posts = $res[0];
 …
     $ret->meta = $meta;
+    $file = $wpdb->get_results(
+        "SELECT meta_value FROM $wpdb->postmeta WHERE post_id=".$id." AND  meta_key='_wp_attached_file'");
+    $query = $wpdb->prepare(
+        "SELECT meta_value FROM $wpdb->postmeta WHERE post_id='%d' AND meta_key='_wp_attached_file'", $id);
+    $file = $wpdb->get_results($query);
     $ret->file = $file[0]->meta_value;
+    $alt = $wpdb->get_results(
+        "SELECT meta_value FROM $wpdb->postmeta WHERE post_id=".$id." AND meta_key='_wp_attachment_image_alt'");
+    $query = $wpdb->prepare(
+        "SELECT meta_value FROM $wpdb->postmeta WHERE post_id='%d' AND meta_key='_wp_attachment_image_alt'", $id);
+    $alt = $wpdb->get_results($query);
     if ($alt) {
         $ret->alt = $alt[0]->meta_value;
 …
     $id = $_POST['id'];
+    if (!is_numeric($id)) {
+        die("error");
+    }
     $mime_type = "";
 …
     $dat =  array();
     $res = $wpdb->get_results(
+    $query = $wpdb->prepare(
         "SELECT * from $wpdb->posts ".
         "WHERE id=".$id." ".
         " ");
+        "WHERE id='%d'", $id);
+    $res = $wpdb->get_results($query);
     if (count($res)) {
         $mime_type = $res[0]->post_mime_type;
 …
     $is_image = (substr($mime_type, 0, 5)=='image');
+    $res = $wpdb->get_results(
+        "SELECT meta_value FROM $wpdb->postmeta WHERE post_id=".$id." AND  meta_key='_wp_attached_file'");
+    $query = $wpdb->prepare(
+        "SELECT meta_value FROM $wpdb->postmeta WHERE post_id='%d' AND meta_key='_wp_attached_file'", $id);
+    $res = $wpdb->get_results($query);
     if (count($res)) {
         $file = $res[0]->meta_value;
 …
         $size_full='('.$meta['width']." x ".$meta['height'].')';
+        $res = $wpdb->get_results(
+            "SELECT meta_value FROM $wpdb->postmeta WHERE post_id=".$id." AND meta_key='_wp_attachment_image_alt'");
+        $query = $wpdb->prepare(
+            "SELECT meta_value FROM $wpdb->postmeta WHERE post_id='%d' AND meta_key='_wp_attachment_image_alt'", $id);
+        $res = $wpdb->get_results($query);
         if (count($res)) {
             $alt = esc_html($res[0]->meta_value);

media-file-manager/trunk/readme.txt

-                      r1335996
+                      r1468601
 Donate link: http://tempspace.net/plugins/
 Tags: media,file,manager,explorer,relocate,folder,folders,files,rename,make directory,directories,organize,organizer,select,selector,database
 Requires at least: 4.3.0
 Tested up to: 4.4.1
 Stable tag: 1.4.0
+Requires at least: 4.5.0
+Tested up to: 4.5.3
+Stable tag: 1.4.1
 You can make sub-directories in the upload directory, and move files into them.
 …
 == Changelog ==
+= 1.4.1 =
+* Fixed security bugs.
 = 1.4.0 =
 * Added an option of disabling set_time_limit().

Note: See TracChangeset for help on using the changeset viewer.

Trac UI Preferences

Plugin Directory

Context Navigation

Changeset 1468601

Legend:

media-file-manager/trunk/media-relocator.php

media-file-manager/trunk/media-selector.php

media-file-manager/trunk/readme.txt

Download in other formats: