Context Navigation

← Previous Changeset
Next Changeset →

Changeset 3391790

Timestamp:

11/07/2025 02:21:51 PM (5 months ago)

Author:

wpchill

Message:

Update to version 2.12.29 from GitHub

Location:

modula-best-grid-gallery

Files:

: 8 edited
: 1 copied

tags/2.12.29 (copied) (copied from modula-best-grid-gallery/trunk)
tags/2.12.29/Modula.php (modified) (2 diffs)
tags/2.12.29/changelog.txt (modified) (1 diff)
tags/2.12.29/includes/admin/class-modula-gallery-upload.php (modified) (2 diffs)
tags/2.12.29/readme.txt (modified) (1 diff)
trunk/Modula.php (modified) (2 diffs)
trunk/changelog.txt (modified) (1 diff)
trunk/includes/admin/class-modula-gallery-upload.php (modified) (2 diffs)
trunk/readme.txt (modified) (1 diff)

Legend:

: Unmodified
: Added
: Removed

modula-best-grid-gallery/tags/2.12.29/Modula.php

-                      r3390878
+                      r3391790
 * Description:              Modula is the most powerful, user-friendly WordPress gallery plugin. Add galleries, masonry grids and more in a few clicks.
 * Author:                   WPChill
 * Version:                  2.12.28
+* Version:                  2.12.29
 * Author URI:               https://www.wpchill.com/
 * License:                  GPLv3 or later
 …
  */
 define( 'MODULA_LITE_VERSION', '2.12.28' );
+define( 'MODULA_LITE_VERSION', '2.12.29' );
 define( 'MODULA_PATH', plugin_dir_path( __FILE__ ) );
 define( 'MODULA_URL', plugin_dir_url( __FILE__ ) );

modula-best-grid-gallery/tags/2.12.29/changelog.txt

r3390878	r3391790
	1	= 2.12.29 - 07.11.2025 =
	2	Fixed: Security issue.
	3
1	4	= 2.12.28 - 05.11.2025 =
2	5	Added: Filters to exclude Modula JS files from third-party optimization plugins.

modula-best-grid-gallery/tags/2.12.29/includes/admin/class-modula-gallery-upload.php

-                      r3292565
+                      r3391790
+        }
+        $file        = wp_unslash( $_POST['file'] );
+        $delete_file = 'false' === sanitize_text_field( wp_unslash( $_POST['delete_files'] ) ) ? false : true;
+        $attachment_id = $this->upload_image( $file, $delete_file );
+        $file = wp_unslash( $_POST['file'] ); // phpcs:ignore WordPress.Security.ValidatedSanitizedInput.InputNotSanitized
+        $real_path    = realpath( $file );
+        $uploads_dir  = wp_upload_dir();
+        $allowed_base = realpath( $uploads_dir['basedir'] );
+        if ( false === $real_path || false === $allowed_base || 0 !== strpos( $real_path, $allowed_base ) ) {
+            wp_send_json_error( __( 'Invalid file path.', 'modula-best-grid-gallery' ) );
+        }
+        if ( ! file_exists( $real_path ) || ! is_readable( $real_path ) ) {
+            wp_send_json_error( __( 'File does not exist or is not readable.', 'modula-best-grid-gallery' ) );
+        }
+        $delete_file = isset( $_POST['delete_files'] ) && 'false' !== sanitize_text_field( wp_unslash( $_POST['delete_files'] ) ) ? true : false;
+        $attachment_id = $this->upload_image( $real_path, $delete_file );
         if ( ! $attachment_id ) {
+            $prev_uploaded_files       = $this->get_uploaded_error_files( absint( $_POST['post_ID'] ) );
+            $uploaded_files['files'][] = $_POST['file'];
+            $this->update_uploaded_error_files( absint( $_POST['post_ID'] ), array_merge( $prev_uploaded_files, $uploaded_files ) );
+            $post_id = isset( $_POST['post_ID'] ) ? absint( $_POST['post_ID'] ) : 0;
+            if ( $post_id > 0 ) {
+                $prev_uploaded_files       = $this->get_uploaded_error_files( $post_id );
+                $uploaded_files['files'][] = $file;
+                $this->update_uploaded_error_files( $post_id, array_merge( $prev_uploaded_files, $uploaded_files ) );
+            }
             wp_send_json_error( __( 'The file could not be uploaded.', 'modula-best-grid-gallery' ) );
+        }
 …
+    }
     private function delete_atachment( $file_id, $force ){
+    private function delete_atachment( $file_id, $force ) {
         if ( ! current_user_can( 'delete_post', $file_id ) ) {
             return false;

modula-best-grid-gallery/tags/2.12.29/readme.txt

-                      r3390878
+                      r3391790
 == Changelog ==
+= 2.12.29 - 07.11.2025 =
+Fixed: Security issue.
 = 2.12.28 - 05.11.2025 =
 Added: Filters to exclude Modula JS files from third-party optimization plugins.

modula-best-grid-gallery/trunk/Modula.php

-                      r3390878
+                      r3391790
 * Description:              Modula is the most powerful, user-friendly WordPress gallery plugin. Add galleries, masonry grids and more in a few clicks.
 * Author:                   WPChill
 * Version:                  2.12.28
+* Version:                  2.12.29
 * Author URI:               https://www.wpchill.com/
 * License:                  GPLv3 or later
 …
  */
 define( 'MODULA_LITE_VERSION', '2.12.28' );
+define( 'MODULA_LITE_VERSION', '2.12.29' );
 define( 'MODULA_PATH', plugin_dir_path( __FILE__ ) );
 define( 'MODULA_URL', plugin_dir_url( __FILE__ ) );

modula-best-grid-gallery/trunk/changelog.txt

r3390878	r3391790
	1	= 2.12.29 - 07.11.2025 =
	2	Fixed: Security issue.
	3
1	4	= 2.12.28 - 05.11.2025 =
2	5	Added: Filters to exclude Modula JS files from third-party optimization plugins.

modula-best-grid-gallery/trunk/includes/admin/class-modula-gallery-upload.php

-                      r3292565
+                      r3391790
+        }
+        $file        = wp_unslash( $_POST['file'] );
+        $delete_file = 'false' === sanitize_text_field( wp_unslash( $_POST['delete_files'] ) ) ? false : true;
+        $attachment_id = $this->upload_image( $file, $delete_file );
+        $file = wp_unslash( $_POST['file'] ); // phpcs:ignore WordPress.Security.ValidatedSanitizedInput.InputNotSanitized
+        $real_path    = realpath( $file );
+        $uploads_dir  = wp_upload_dir();
+        $allowed_base = realpath( $uploads_dir['basedir'] );
+        if ( false === $real_path || false === $allowed_base || 0 !== strpos( $real_path, $allowed_base ) ) {
+            wp_send_json_error( __( 'Invalid file path.', 'modula-best-grid-gallery' ) );
+        }
+        if ( ! file_exists( $real_path ) || ! is_readable( $real_path ) ) {
+            wp_send_json_error( __( 'File does not exist or is not readable.', 'modula-best-grid-gallery' ) );
+        }
+        $delete_file = isset( $_POST['delete_files'] ) && 'false' !== sanitize_text_field( wp_unslash( $_POST['delete_files'] ) ) ? true : false;
+        $attachment_id = $this->upload_image( $real_path, $delete_file );
         if ( ! $attachment_id ) {
+            $prev_uploaded_files       = $this->get_uploaded_error_files( absint( $_POST['post_ID'] ) );
+            $uploaded_files['files'][] = $_POST['file'];
+            $this->update_uploaded_error_files( absint( $_POST['post_ID'] ), array_merge( $prev_uploaded_files, $uploaded_files ) );
+            $post_id = isset( $_POST['post_ID'] ) ? absint( $_POST['post_ID'] ) : 0;
+            if ( $post_id > 0 ) {
+                $prev_uploaded_files       = $this->get_uploaded_error_files( $post_id );
+                $uploaded_files['files'][] = $file;
+                $this->update_uploaded_error_files( $post_id, array_merge( $prev_uploaded_files, $uploaded_files ) );
+            }
             wp_send_json_error( __( 'The file could not be uploaded.', 'modula-best-grid-gallery' ) );
+        }
 …
+    }
     private function delete_atachment( $file_id, $force ){
+    private function delete_atachment( $file_id, $force ) {
         if ( ! current_user_can( 'delete_post', $file_id ) ) {
             return false;

modula-best-grid-gallery/trunk/readme.txt

-                      r3390878
+                      r3391790
 == Changelog ==
+= 2.12.29 - 07.11.2025 =
+Fixed: Security issue.
 = 2.12.28 - 05.11.2025 =
 Added: Filters to exclude Modula JS files from third-party optimization plugins.

Note: See TracChangeset for help on using the changeset viewer.

Trac UI Preferences

Plugin Directory