Changeset 3447757

modula-best-grid-gallery/tags/2.13.7/Modula.php

-                      r3443192
+                      r3447757
 * Description:              Modula is the most powerful, user-friendly WordPress gallery plugin. Add galleries, masonry grids and more in a few clicks.
 * Author:                   WPChill
 * Version:                  2.13.6
+* Version:                  2.13.7
 * Author URI:               https://www.wpchill.com/
 * License:                  GPLv3 or later
 …
  */
 define( 'MODULA_LITE_VERSION', '2.13.6' );
+define( 'MODULA_LITE_VERSION', '2.13.7' );
 define( 'MODULA_PATH', plugin_dir_path( __FILE__ ) );
 define( 'MODULA_URL', plugin_dir_url( __FILE__ ) );

modula-best-grid-gallery/tags/2.13.7/assets/js/admin/editor-plugin.js

-                      r3262199
+                      r3447757
 (function () {
     tinymce.create('tinymce.plugins.Modula', {
+        tinymce.create('tinymce.plugins.Modula', {
         init: function (ed, url) {
             ed.addCommand('modula_shortcode_editor', function () {
+                var nonce = typeof modulaEditorNonce !== 'undefined' ? modulaEditorNonce : '';
+                var ajaxUrl = ajaxurl + '?action=modula_shortcode_editor';
+                if (nonce) {
+                    ajaxUrl += '&nonce=' + encodeURIComponent(nonce);
+                }
                 ed.windowManager.open(
+                    {
                         file: ajaxurl + '?action=modula_shortcode_editor',
+                        file: ajaxUrl,
                         width:
 + parseInt(ed.getLang('button.delta_width', 0)),

modula-best-grid-gallery/tags/2.13.7/assets/js/admin/editor-plugin.min.js

r2982490	r3447757
1		tinymce.create("tinymce.plugins.Modula",{init:function(t,o){t.addCommand("modula_shortcode_editor",(function(){t.windowManager.open({file:ajaxurl+"?action=modula_shortcode_editor",width:900+parseInt(t.getLang("button.delta_width",0)),height:500+parseInt(t.getLang("button.delta_height",0)),inline:1},{plugin_url:o})}));var e=o.split("assets/");t.addButton("modula_shortcode_editor",{title:"Modula Gallery",cmd:"modula_shortcode_editor",image:e[0]+"assets/images/modula-logo.jpg"})},getInfo:function(){return{longname:"Modula Gallery",author:"Macho Themes",authorurl:"https://www.machothemes.com/",infourl:"https://www.machothemes.com/",version:tinymce.majorVersion+"."+tinymce.minorVersion}}}),tinymce.PluginManager.add("modula_shortcode_editor",tinymce.plugins.Modula);
	1	tinymce.create("tinymce.plugins.Modula",{init:function(o,e){o.addCommand("modula_shortcode_editor",(function(){var t="undefined"!=typeof modulaEditorNonce?modulaEditorNonce:"",n=ajaxurl+"?action=modula_shortcode_editor";t&&(n+="&nonce="+encodeURIComponent(t)),o.windowManager.open({file:n,width:900+parseInt(o.getLang("button.delta_width",0)),height:500+parseInt(o.getLang("button.delta_height",0)),inline:1},{plugin_url:e})}));var t=e.split("assets/");o.addButton("modula_shortcode_editor",{title:"Modula Gallery",cmd:"modula_shortcode_editor",image:t[0]+"assets/images/modula-logo.jpg"})},getInfo:function(){return{longname:"Modula Gallery",author:"Macho Themes",authorurl:"https://www.machothemes.com/",infourl:"https://www.machothemes.com/",version:tinymce.majorVersion+"."+tinymce.minorVersion}}}),tinymce.PluginManager.add("modula_shortcode_editor",tinymce.plugins.Modula);

modula-best-grid-gallery/tags/2.13.7/changelog.txt

r3443192	r3447757
	1	= 2.13.7 - 27.01.2026 =
	2	Fixed: Security issues.
	3
1	4	= 2.13.6 - 20.01.2026 =
2	5	Fixed: Gutenberg block editor was throwing an error due to circular references.

modula-best-grid-gallery/tags/2.13.7/includes/admin/class-modula-cpt.php

-                      r3352565
+                      r3447757
         $modula_images = $this->sanitize_images( $value );
+        $this->batch_update_images( $modula_images, $obj->ID );
+        // Validate and filter out invalid attachment IDs before processing
+        $valid_images = array();
+        foreach ( $modula_images as $image ) {
+            if ( ! isset( $image['id'] ) || empty( $image['id'] ) ) {
+                continue;
+            }
+            $attachment_id = absint( $image['id'] );
+            if ( ! $attachment_id ) {
+                continue;
+            }
+            // Security check: Verify the ID is an attachment
+            if ( 'attachment' !== get_post_type( $attachment_id ) ) {
+                continue;
+            }
+            // Security check: Verify user has permission to edit this attachment
+            if ( ! current_user_can( 'edit_post', $attachment_id ) ) {
+                continue;
+            }
+            $valid_images[] = $image;
+        }
+        // Only update with valid attachments
+        $this->batch_update_images( $valid_images, $obj->ID );
+        // Update gallery meta with filtered valid images
         update_post_meta(
             $obj->ID,
             'modula-images',
             $modula_images
+            $valid_images
         );
+    }
 …
         // We’ll process in chunks to avoid overly large queries
+        // Additional security: Filter out any invalid attachments that may have slipped through
+        $valid_images = array();
+        foreach ( $images as $image ) {
+            if ( ! isset( $image['id'] ) || empty( $image['id'] ) ) {
+                continue;
+            }
+            $attachment_id = absint( $image['id'] );
+            if ( ! $attachment_id ) {
+                continue;
+            }
+            // Security check: Verify the ID is an attachment
+            if ( 'attachment' !== get_post_type( $attachment_id ) ) {
+                continue;
+            }
+            // Security check: Verify user has permission to edit this attachment
+            if ( ! current_user_can( 'edit_post', $attachment_id ) ) {
+                continue;
+            }
+            $valid_images[] = $image;
+        }
+        if ( empty( $valid_images ) ) {
+            return;
+        }
         $batch_size = 200;
         $chunks     = array_chunk( $images, $batch_size );
+        $chunks     = array_chunk( $valid_images, $batch_size );
         foreach ( $chunks as $chunk ) {
 …
         global $wpdb;
         // 1) Collect all relevant attachment IDs
+        // 1) Collect and validate all relevant attachment IDs
         $attachment_ids = array();
+        $valid_images   = array();
         foreach ( $images_chunk as $image ) {
+            if ( ! empty( $image['id'] ) ) {
+                $attachment_ids[] = absint( $image['id'] );
+            }
+        }
+        $attachment_ids = array_filter( $attachment_ids );
+            if ( ! isset( $image['id'] ) || empty( $image['id'] ) ) {
+                continue;
+            }
+            $attachment_id = absint( $image['id'] );
+            if ( ! $attachment_id ) {
+                continue;
+            }
+            // Security check: Verify the ID is an attachment
+            if ( 'attachment' !== get_post_type( $attachment_id ) ) {
+                continue;
+            }
+            // Security check: Verify user has permission to edit this attachment
+            if ( ! current_user_can( 'edit_post', $attachment_id ) ) {
+                continue;
+            }
+            $attachment_ids[] = $attachment_id;
+            $valid_images[]   = $image;
+        }
         $attachment_ids = array_unique( $attachment_ids );
 …
         $meta_inserts    = array();  // We'll insert the new alt rows
         // 4) Loop through images and build the final updates only if needed
         foreach ( $images_chunk as $image ) {
+        // 4) Loop through valid images and build the final updates only if needed
+        foreach ( $valid_images as $image ) {
             $attachment_id = isset( $image['id'] ) ? absint( $image['id'] ) : 0;
             if ( ! $attachment_id ) {
+                continue;
+            }
+            // Additional security check: Verify the ID is still an attachment (defense in depth)
+            if ( 'attachment' !== get_post_type( $attachment_id ) ) {
+                continue;
+            }
+            // Additional security check: Verify user still has permission (defense in depth)
+            if ( ! current_user_can( 'edit_post', $attachment_id ) ) {
                 continue;
+            }

modula-best-grid-gallery/tags/2.13.7/includes/class-modula.php

-                      r3394968
+                      r3447757
         add_filter( 'mce_external_plugins', array( $this, 'register_editor_plugin' ) );
         add_action( 'wp_ajax_modula_shortcode_editor', array( $this, 'modula_shortcode_editor' ) );
+        add_action( 'admin_print_scripts', array( $this, 'add_editor_nonce' ) );
         // Allow other mime types to be uploaded
 …
     /**
+     * Add nonce for TinyMCE editor plugin
+     */
+    public function add_editor_nonce() {
+        $screen = get_current_screen();
+        // Only add nonce on post edit screens where TinyMCE is available
+        if ( ! $screen || ! in_array( $screen->base, array( 'post', 'page' ), true ) ) {
+            return;
+        }
+        ?>
+        <script type="text/javascript">
+            var modulaEditorNonce = '<?php echo esc_js( wp_create_nonce( 'modula-ajax-save' ) ); ?>';
+        </script>
+        <?php
+    }
+    /**
      * Display galleries selection
      */
     public function modula_shortcode_editor() {
+        // Check user capability
+        if ( ! current_user_can( 'edit_posts' ) ) {
+            wp_die( esc_html__( 'You do not have sufficient permissions to access this page.', 'modula-best-grid-gallery' ) );
+        }
+        // Verify nonce
+        $nonce = '';
+        if ( isset( $_REQUEST['nonce'] ) ) {
+            $nonce = sanitize_text_field( wp_unslash( $_REQUEST['nonce'] ) );
+        }
+        if ( ! wp_verify_nonce( $nonce, 'modula-ajax-save' ) ) {
+            wp_die( esc_html__( 'Security check failed.', 'modula-best-grid-gallery' ) );
+        }
         $css_path  = MODULA_URL . 'assets/css/admin/edit.css';
         $admin_url = admin_url();

modula-best-grid-gallery/tags/2.13.7/readme.txt

-                      r3443192
+                      r3447757
 Tested up to: 6.9
 Requires PHP: 5.6
 Stable tag: 2.13.6
+Stable tag: 2.13.7
 License: GNU General Public License v3.0 or later
 …
 == Changelog ==
+= 2.13.7 - 27.01.2026 =
+Fixed: Security issues.
 = 2.13.6 - 20.01.2026 =
 Fixed: Gutenberg block editor was throwing an error due to circular references.
-= 2.13.5 - 14.12.2025 =
-Fixed: Fatal error when the theme enqueues styles for all widgets.
-Fixed: Security issues.
-= 2.13.4 - 08.12.2025 =
-Fixed: Security issues.
-= 2.13.3 - 02.12.2025 =
-Fixed: Vulnerability in zip import.
-= 2.13.2 - 19.11.2025 =
-Updated: Performance improvements.
-= 2.13.1 - 14.11.2025 =
-Added: Enhancements for zip import.
-= 2.13.0 - 12.11.2025 =
-Added: Yoast/Rank Math/SEOPress image sitemaps.
-= 2.12.30 - 11.11.2025 =
-Fixed: Improved remote requests handling.
-= 2.12.29 - 07.11.2025 =
-Fixed: Security issue.
-= 2.12.28 - 05.11.2025 =
-Added: Filters to exclude Modula JS files from third-party optimization plugins.
-Added: Black Friday upsells & notifications updates.
-Fixed: Missing data-image-id on lightbox link.
-= 2.12.27 - 24.10.2025 =
-Fixed: Left/Right thumbnail navigation.
-Fixed: Lightbox image display.
-Fixed: Custom gallery Guttenberg preview.
-Fixed: Divi builder compatibility.
-= 2.12.26 - 20.10.2025 =
-Updated: Fancybox Lightbox to version 5.0.36.
-Changed: Enabled the Custom Responsiveness setting by default for a better out of the box experience.
-Fixed: Missing text domains in some strings.
-Fixed: Load in view setting causing gallery images to remain hidden.
-Added: Debounce on window resize.
-Added: Interactive elements now include proper button roles and visible focus indicators, improving WCAG 2.1 compliance.
-= 2.12.25 - 18.09.2025 =
-Update: Better fit for social icons when using smaller images.
-= 2.12.23 - 29.08.2025 =
-Update: Share icons.
-Added: Collapsable social buttons for desktop and set default to be collapsed.
-= 2.12.22 - 28.08.2025 =
-Fixed: Social icons hover display issue.
-= 2.12.21 - 27.08.2025 =
-Fixed: Loading effect 'in view' setting not properly working.
-= 2.12.20 - 20.08.2025 =
-Fixed: Gallery jumping/scrolling issue in Elementor due to lazy load re-rendering.
-= 2.12.19 - 12.08.2025 =
-Fixed: Broken lightbox images when original image type was .heic.
-= 2.12.18 - 28.07.2025 =
-Added: Filter `modula_show_alignment_options` to allow enabling image alignment options.
-Fixed: Inconsistency between masonry script responsive breakpoints and CSS breakpoints.
-= 2.12.17 - 22.07.2025 =
-Added: Compatibility with Translatepress.
-= 2.12.16 - 14.07.2025 =
-Enhancement: The `modula_gallery_images` filter now receives the `gallery_id` parameter, allowing for more context-aware modifications.
-= 2.12.15 - 08.07.2025 =
-Added: Compatibility with Imagify and Modula Lazy Load option.
-= 2.12.14 - 07.07.2025 =
-Fixed: PHP warning when image has no valign or halign.
-= 2.12.13 - 24.06.2025 =
-Added: Compatibility with Imagify.
-= 2.12.12 - 13.05.2025 =
-Fixed: Security update
-= 2.12.11 - 26.03.2025 =
-Fixed: Import sources are now queried only on the Modula settings page.
-Update: Improved code formatting for the gallery template.
-= 2.12.10 - 19.03.2025 =
-Updated: Twitter icon to X icon.
-Added: Upsells in gallery edit screen.
-= 2.12.9 – 18.03.2025 =
-Changed: Removed tooltips.
-Update: Links to online knowledge base.
-Update: Default gallery type set to Masonry.
-Update: Title and Caption default size values.
-Update: Removed Misc tab from general settings.
-= 2.12.8 - 15.03.2025 =
-Added: Performance improvements in gallery listing page.
-= 2.12.7 - 12.03.2025 =
-Fixed: Fixes a PHP error occurring in certain scenarios
-= 2.12.6 - 11.03.2025 =
-Update: Notification system to WPChill Notification System.
-Fixed: Custom galleries preview images wrong scaling after image/bulk edit.
-Added: Upsells for Modula Comments.
-Fixed: Fixed: PHP Warning
-= 2.12.5 - 07.03.2025 =
-Fixed: Escaping of links in image's title & caption.
-= 2.12.4 - 06.03.2025 =
-Fixed: Not displaying image metadata properly
-Fixed: Saving image metadata on gallery edit
-= 2.12.3 - 05.03.2025 =
-Fixed: Do not strip image's title & caption html tags on image edit.
-= 2.12.2 - 05.03.2025 =
-Fixed: Plugin loading order.
-= 2.12.1 – 03.03.2025 =
-Fixed: AI Image Optimizer update method.
-= 2.12.0 – 28.02.2025 =
-Added: AI Image Optimizer.
-= 2.11.11 – 07.01.2025 =
-Fixed: ZIP file vulnerability fix.
-See the full changelog [here](https://github.com/WPChill/modula-lite/blob/master/changelog.txt).
-== Upgrade Notice ==
-= 2.11.11 =
-This update resolved a vulnerability for ZIP files!

modula-best-grid-gallery/trunk/Modula.php

-                      r3443192
+                      r3447757
 * Description:              Modula is the most powerful, user-friendly WordPress gallery plugin. Add galleries, masonry grids and more in a few clicks.
 * Author:                   WPChill
 * Version:                  2.13.6
+* Version:                  2.13.7
 * Author URI:               https://www.wpchill.com/
 * License:                  GPLv3 or later
 …
  */
 define( 'MODULA_LITE_VERSION', '2.13.6' );
+define( 'MODULA_LITE_VERSION', '2.13.7' );
 define( 'MODULA_PATH', plugin_dir_path( __FILE__ ) );
 define( 'MODULA_URL', plugin_dir_url( __FILE__ ) );

modula-best-grid-gallery/trunk/assets/js/admin/editor-plugin.js

-                      r3262199
+                      r3447757
 (function () {
     tinymce.create('tinymce.plugins.Modula', {
+        tinymce.create('tinymce.plugins.Modula', {
         init: function (ed, url) {
             ed.addCommand('modula_shortcode_editor', function () {
+                var nonce = typeof modulaEditorNonce !== 'undefined' ? modulaEditorNonce : '';
+                var ajaxUrl = ajaxurl + '?action=modula_shortcode_editor';
+                if (nonce) {
+                    ajaxUrl += '&nonce=' + encodeURIComponent(nonce);
+                }
                 ed.windowManager.open(
+                    {
                         file: ajaxurl + '?action=modula_shortcode_editor',
+                        file: ajaxUrl,
                         width:
 + parseInt(ed.getLang('button.delta_width', 0)),

modula-best-grid-gallery/trunk/assets/js/admin/editor-plugin.min.js

r2982490	r3447757
1		tinymce.create("tinymce.plugins.Modula",{init:function(t,o){t.addCommand("modula_shortcode_editor",(function(){t.windowManager.open({file:ajaxurl+"?action=modula_shortcode_editor",width:900+parseInt(t.getLang("button.delta_width",0)),height:500+parseInt(t.getLang("button.delta_height",0)),inline:1},{plugin_url:o})}));var e=o.split("assets/");t.addButton("modula_shortcode_editor",{title:"Modula Gallery",cmd:"modula_shortcode_editor",image:e[0]+"assets/images/modula-logo.jpg"})},getInfo:function(){return{longname:"Modula Gallery",author:"Macho Themes",authorurl:"https://www.machothemes.com/",infourl:"https://www.machothemes.com/",version:tinymce.majorVersion+"."+tinymce.minorVersion}}}),tinymce.PluginManager.add("modula_shortcode_editor",tinymce.plugins.Modula);
	1	tinymce.create("tinymce.plugins.Modula",{init:function(o,e){o.addCommand("modula_shortcode_editor",(function(){var t="undefined"!=typeof modulaEditorNonce?modulaEditorNonce:"",n=ajaxurl+"?action=modula_shortcode_editor";t&&(n+="&nonce="+encodeURIComponent(t)),o.windowManager.open({file:n,width:900+parseInt(o.getLang("button.delta_width",0)),height:500+parseInt(o.getLang("button.delta_height",0)),inline:1},{plugin_url:e})}));var t=e.split("assets/");o.addButton("modula_shortcode_editor",{title:"Modula Gallery",cmd:"modula_shortcode_editor",image:t[0]+"assets/images/modula-logo.jpg"})},getInfo:function(){return{longname:"Modula Gallery",author:"Macho Themes",authorurl:"https://www.machothemes.com/",infourl:"https://www.machothemes.com/",version:tinymce.majorVersion+"."+tinymce.minorVersion}}}),tinymce.PluginManager.add("modula_shortcode_editor",tinymce.plugins.Modula);

modula-best-grid-gallery/trunk/changelog.txt

r3443192	r3447757
	1	= 2.13.7 - 27.01.2026 =
	2	Fixed: Security issues.
	3
1	4	= 2.13.6 - 20.01.2026 =
2	5	Fixed: Gutenberg block editor was throwing an error due to circular references.

modula-best-grid-gallery/trunk/includes/admin/class-modula-cpt.php

-                      r3352565
+                      r3447757
         $modula_images = $this->sanitize_images( $value );
+        $this->batch_update_images( $modula_images, $obj->ID );
+        // Validate and filter out invalid attachment IDs before processing
+        $valid_images = array();
+        foreach ( $modula_images as $image ) {
+            if ( ! isset( $image['id'] ) || empty( $image['id'] ) ) {
+                continue;
+            }
+            $attachment_id = absint( $image['id'] );
+            if ( ! $attachment_id ) {
+                continue;
+            }
+            // Security check: Verify the ID is an attachment
+            if ( 'attachment' !== get_post_type( $attachment_id ) ) {
+                continue;
+            }
+            // Security check: Verify user has permission to edit this attachment
+            if ( ! current_user_can( 'edit_post', $attachment_id ) ) {
+                continue;
+            }
+            $valid_images[] = $image;
+        }
+        // Only update with valid attachments
+        $this->batch_update_images( $valid_images, $obj->ID );
+        // Update gallery meta with filtered valid images
         update_post_meta(
             $obj->ID,
             'modula-images',
             $modula_images
+            $valid_images
         );
+    }
 …
         // We’ll process in chunks to avoid overly large queries
+        // Additional security: Filter out any invalid attachments that may have slipped through
+        $valid_images = array();
+        foreach ( $images as $image ) {
+            if ( ! isset( $image['id'] ) || empty( $image['id'] ) ) {
+                continue;
+            }
+            $attachment_id = absint( $image['id'] );
+            if ( ! $attachment_id ) {
+                continue;
+            }
+            // Security check: Verify the ID is an attachment
+            if ( 'attachment' !== get_post_type( $attachment_id ) ) {
+                continue;
+            }
+            // Security check: Verify user has permission to edit this attachment
+            if ( ! current_user_can( 'edit_post', $attachment_id ) ) {
+                continue;
+            }
+            $valid_images[] = $image;
+        }
+        if ( empty( $valid_images ) ) {
+            return;
+        }
         $batch_size = 200;
         $chunks     = array_chunk( $images, $batch_size );
+        $chunks     = array_chunk( $valid_images, $batch_size );
         foreach ( $chunks as $chunk ) {
 …
         global $wpdb;
         // 1) Collect all relevant attachment IDs
+        // 1) Collect and validate all relevant attachment IDs
         $attachment_ids = array();
+        $valid_images   = array();
         foreach ( $images_chunk as $image ) {
+            if ( ! empty( $image['id'] ) ) {
+                $attachment_ids[] = absint( $image['id'] );
+            }
+        }
+        $attachment_ids = array_filter( $attachment_ids );
+            if ( ! isset( $image['id'] ) || empty( $image['id'] ) ) {
+                continue;
+            }
+            $attachment_id = absint( $image['id'] );
+            if ( ! $attachment_id ) {
+                continue;
+            }
+            // Security check: Verify the ID is an attachment
+            if ( 'attachment' !== get_post_type( $attachment_id ) ) {
+                continue;
+            }
+            // Security check: Verify user has permission to edit this attachment
+            if ( ! current_user_can( 'edit_post', $attachment_id ) ) {
+                continue;
+            }
+            $attachment_ids[] = $attachment_id;
+            $valid_images[]   = $image;
+        }
         $attachment_ids = array_unique( $attachment_ids );
 …
         $meta_inserts    = array();  // We'll insert the new alt rows
         // 4) Loop through images and build the final updates only if needed
         foreach ( $images_chunk as $image ) {
+        // 4) Loop through valid images and build the final updates only if needed
+        foreach ( $valid_images as $image ) {
             $attachment_id = isset( $image['id'] ) ? absint( $image['id'] ) : 0;
             if ( ! $attachment_id ) {
+                continue;
+            }
+            // Additional security check: Verify the ID is still an attachment (defense in depth)
+            if ( 'attachment' !== get_post_type( $attachment_id ) ) {
+                continue;
+            }
+            // Additional security check: Verify user still has permission (defense in depth)
+            if ( ! current_user_can( 'edit_post', $attachment_id ) ) {
                 continue;
+            }

modula-best-grid-gallery/trunk/includes/class-modula.php

-                      r3394968
+                      r3447757
         add_filter( 'mce_external_plugins', array( $this, 'register_editor_plugin' ) );
         add_action( 'wp_ajax_modula_shortcode_editor', array( $this, 'modula_shortcode_editor' ) );
+        add_action( 'admin_print_scripts', array( $this, 'add_editor_nonce' ) );
         // Allow other mime types to be uploaded
 …
     /**
+     * Add nonce for TinyMCE editor plugin
+     */
+    public function add_editor_nonce() {
+        $screen = get_current_screen();
+        // Only add nonce on post edit screens where TinyMCE is available
+        if ( ! $screen || ! in_array( $screen->base, array( 'post', 'page' ), true ) ) {
+            return;
+        }
+        ?>
+        <script type="text/javascript">
+            var modulaEditorNonce = '<?php echo esc_js( wp_create_nonce( 'modula-ajax-save' ) ); ?>';
+        </script>
+        <?php
+    }
+    /**
      * Display galleries selection
      */
     public function modula_shortcode_editor() {
+        // Check user capability
+        if ( ! current_user_can( 'edit_posts' ) ) {
+            wp_die( esc_html__( 'You do not have sufficient permissions to access this page.', 'modula-best-grid-gallery' ) );
+        }
+        // Verify nonce
+        $nonce = '';
+        if ( isset( $_REQUEST['nonce'] ) ) {
+            $nonce = sanitize_text_field( wp_unslash( $_REQUEST['nonce'] ) );
+        }
+        if ( ! wp_verify_nonce( $nonce, 'modula-ajax-save' ) ) {
+            wp_die( esc_html__( 'Security check failed.', 'modula-best-grid-gallery' ) );
+        }
         $css_path  = MODULA_URL . 'assets/css/admin/edit.css';
         $admin_url = admin_url();

modula-best-grid-gallery/trunk/readme.txt

-                      r3443192
+                      r3447757
 Tested up to: 6.9
 Requires PHP: 5.6
 Stable tag: 2.13.6
+Stable tag: 2.13.7
 License: GNU General Public License v3.0 or later
 …
 == Changelog ==
+= 2.13.7 - 27.01.2026 =
+Fixed: Security issues.
 = 2.13.6 - 20.01.2026 =
 Fixed: Gutenberg block editor was throwing an error due to circular references.
-= 2.13.5 - 14.12.2025 =
-Fixed: Fatal error when the theme enqueues styles for all widgets.
-Fixed: Security issues.
-= 2.13.4 - 08.12.2025 =
-Fixed: Security issues.
-= 2.13.3 - 02.12.2025 =
-Fixed: Vulnerability in zip import.
-= 2.13.2 - 19.11.2025 =
-Updated: Performance improvements.
-= 2.13.1 - 14.11.2025 =
-Added: Enhancements for zip import.
-= 2.13.0 - 12.11.2025 =
-Added: Yoast/Rank Math/SEOPress image sitemaps.
-= 2.12.30 - 11.11.2025 =
-Fixed: Improved remote requests handling.
-= 2.12.29 - 07.11.2025 =
-Fixed: Security issue.
-= 2.12.28 - 05.11.2025 =
-Added: Filters to exclude Modula JS files from third-party optimization plugins.
-Added: Black Friday upsells & notifications updates.
-Fixed: Missing data-image-id on lightbox link.
-= 2.12.27 - 24.10.2025 =
-Fixed: Left/Right thumbnail navigation.
-Fixed: Lightbox image display.
-Fixed: Custom gallery Guttenberg preview.
-Fixed: Divi builder compatibility.
-= 2.12.26 - 20.10.2025 =
-Updated: Fancybox Lightbox to version 5.0.36.
-Changed: Enabled the Custom Responsiveness setting by default for a better out of the box experience.
-Fixed: Missing text domains in some strings.
-Fixed: Load in view setting causing gallery images to remain hidden.
-Added: Debounce on window resize.
-Added: Interactive elements now include proper button roles and visible focus indicators, improving WCAG 2.1 compliance.
-= 2.12.25 - 18.09.2025 =
-Update: Better fit for social icons when using smaller images.
-= 2.12.23 - 29.08.2025 =
-Update: Share icons.
-Added: Collapsable social buttons for desktop and set default to be collapsed.
-= 2.12.22 - 28.08.2025 =
-Fixed: Social icons hover display issue.
-= 2.12.21 - 27.08.2025 =
-Fixed: Loading effect 'in view' setting not properly working.
-= 2.12.20 - 20.08.2025 =
-Fixed: Gallery jumping/scrolling issue in Elementor due to lazy load re-rendering.
-= 2.12.19 - 12.08.2025 =
-Fixed: Broken lightbox images when original image type was .heic.
-= 2.12.18 - 28.07.2025 =
-Added: Filter `modula_show_alignment_options` to allow enabling image alignment options.
-Fixed: Inconsistency between masonry script responsive breakpoints and CSS breakpoints.
-= 2.12.17 - 22.07.2025 =
-Added: Compatibility with Translatepress.
-= 2.12.16 - 14.07.2025 =
-Enhancement: The `modula_gallery_images` filter now receives the `gallery_id` parameter, allowing for more context-aware modifications.
-= 2.12.15 - 08.07.2025 =
-Added: Compatibility with Imagify and Modula Lazy Load option.
-= 2.12.14 - 07.07.2025 =
-Fixed: PHP warning when image has no valign or halign.
-= 2.12.13 - 24.06.2025 =
-Added: Compatibility with Imagify.
-= 2.12.12 - 13.05.2025 =
-Fixed: Security update
-= 2.12.11 - 26.03.2025 =
-Fixed: Import sources are now queried only on the Modula settings page.
-Update: Improved code formatting for the gallery template.
-= 2.12.10 - 19.03.2025 =
-Updated: Twitter icon to X icon.
-Added: Upsells in gallery edit screen.
-= 2.12.9 – 18.03.2025 =
-Changed: Removed tooltips.
-Update: Links to online knowledge base.
-Update: Default gallery type set to Masonry.
-Update: Title and Caption default size values.
-Update: Removed Misc tab from general settings.
-= 2.12.8 - 15.03.2025 =
-Added: Performance improvements in gallery listing page.
-= 2.12.7 - 12.03.2025 =
-Fixed: Fixes a PHP error occurring in certain scenarios
-= 2.12.6 - 11.03.2025 =
-Update: Notification system to WPChill Notification System.
-Fixed: Custom galleries preview images wrong scaling after image/bulk edit.
-Added: Upsells for Modula Comments.
-Fixed: Fixed: PHP Warning
-= 2.12.5 - 07.03.2025 =
-Fixed: Escaping of links in image's title & caption.
-= 2.12.4 - 06.03.2025 =
-Fixed: Not displaying image metadata properly
-Fixed: Saving image metadata on gallery edit
-= 2.12.3 - 05.03.2025 =
-Fixed: Do not strip image's title & caption html tags on image edit.
-= 2.12.2 - 05.03.2025 =
-Fixed: Plugin loading order.
-= 2.12.1 – 03.03.2025 =
-Fixed: AI Image Optimizer update method.
-= 2.12.0 – 28.02.2025 =
-Added: AI Image Optimizer.
-= 2.11.11 – 07.01.2025 =
-Fixed: ZIP file vulnerability fix.
-See the full changelog [here](https://github.com/WPChill/modula-lite/blob/master/changelog.txt).
-== Upgrade Notice ==
-= 2.11.11 =
-This update resolved a vulnerability for ZIP files!

Plugin Directory

Context Navigation

Legend:

modula-best-grid-gallery/tags/2.13.7/Modula.php

modula-best-grid-gallery/tags/2.13.7/assets/js/admin/editor-plugin.js

modula-best-grid-gallery/tags/2.13.7/assets/js/admin/editor-plugin.min.js

modula-best-grid-gallery/tags/2.13.7/changelog.txt

modula-best-grid-gallery/tags/2.13.7/includes/admin/class-modula-cpt.php

modula-best-grid-gallery/tags/2.13.7/includes/class-modula.php

modula-best-grid-gallery/tags/2.13.7/readme.txt

modula-best-grid-gallery/trunk/Modula.php

modula-best-grid-gallery/trunk/assets/js/admin/editor-plugin.js

modula-best-grid-gallery/trunk/assets/js/admin/editor-plugin.min.js

modula-best-grid-gallery/trunk/changelog.txt

modula-best-grid-gallery/trunk/includes/admin/class-modula-cpt.php

modula-best-grid-gallery/trunk/includes/class-modula.php

modula-best-grid-gallery/trunk/readme.txt

Download in other formats: