diff -Naur fgallery-2.4.1/fgallery/css/fim_style.css fgallery-2.4.1-1/fgallery/css/fim_style.css --- fgallery-2.4.1/fgallery/css/fim_style.css 2006-10-18 12:14:17.000000000 +0500 +++ fgallery-2.4.1-1/fgallery/css/fim_style.css 2007-01-28 00:00:00.000000000 +0500 @@ -4,7 +4,6 @@ margin: 0px; clear: both; width: 99%; - min-width: none; } h3.fim-nav { padding:0px; diff -Naur fgallery-2.4.1/fgallery/fim_photos.php fgallery-2.4.1-1/fgallery/fim_photos.php --- fgallery-2.4.1/fgallery/fim_photos.php 2006-09-01 13:14:46.000000000 +0500 +++ fgallery-2.4.1-1/fgallery/fim_photos.php 2008-09-19 13:10:00.000000000 +0500 @@ -3,6 +3,11 @@ + +
diff -Naur fgallery-2.4.1/fgallery/fim_rss.php fgallery-2.4.1-1/fgallery/fim_rss.php --- fgallery-2.4.1/fgallery/fim_rss.php 2006-09-30 01:31:02.000000000 +0500 +++ fgallery-2.4.1-1/fgallery/fim_rss.php 2008-09-20 08:56:00.000000000 +0500 @@ -5,16 +5,19 @@ global $wpdb, $table_prefix; $cats = $table_prefix."fim_cat"; $imgs = $table_prefix."fim_images"; +$order_by = get_option('fim_image_order'); +$order_type = get_option('fim_image_order_type'); +$album = mysql_real_escape_string($_GET['album']); -$cat = $wpdb->get_row("SELECT * FROM $cats WHERE id = $_GET[album]"); -$images = $wpdb->get_results("SELECT * FROM $imgs WHERE cat = $_GET[album] AND status = 'include'"); +$cat = $wpdb->get_row("SELECT * FROM $cats WHERE id = $album"); +$images = $wpdb->get_results("SELECT * FROM $imgs WHERE cat = $album AND status = 'include' ORDER BY `$table_image`.`$order_by` $order_type"); $rss = new UniversalFeedCreator(); $rss->useCached(); $rss->title = get_bloginfo('name')." Image Gallery"; -$rss->description = __("Image Gallery feed from", 'fgallery') .get_bloginfo('name'); -$rss->link = get_bloginfo('wpurl')."/wp-content/plugins/fgallery/fim_rss.php?album=$_GET[album]"; -$rss->syndicationURL = get_bloginfo('wpurl')."/wp-content/plugins/fgallery/fim_rss.php?album=$_GET[album]"; +$rss->description = __("Image Gallery feed from ", 'fgallery') .get_bloginfo('name'); +$rss->link = get_bloginfo('wpurl')."/wp-content/plugins/fgallery/fim_rss.php?album=$album"; +$rss->syndicationURL = get_bloginfo('wpurl')."/wp-content/plugins/fgallery/fim_rss.php?album=$album"; foreach ($images as $data) { @@ -23,9 +26,9 @@ $item->title = "$cat->catname - $data->image"; else $item->title = "$cat->catname - $data->title"; - $item->link = $url = get_url("album/$_GET[album]/image/$data->id"); + $item->link = $url = get_url("album/$album/image/$data->id"); $item->description = "folder/thumb_$data->image' />
$data->description"; - $item->date = $data->date; + $item->date = strtotime($data->date); $item->author = get_bloginfo("admin_email"); $rss->addItem($item); diff -Naur fgallery-2.4.1/fgallery/functions/fim_functions.php fgallery-2.4.1-1/fgallery/functions/fim_functions.php --- fgallery-2.4.1/fgallery/functions/fim_functions.php 2006-10-18 12:12:23.000000000 +0500 +++ fgallery-2.4.1-1/fgallery/functions/fim_functions.php 2008-09-19 15:17:00.000000000 +0500 @@ -57,7 +57,7 @@
- $title + ".htmlspecialchars($title).".

@@ -138,9 +138,9 @@
"; if($lightbox == 'false'){ - $fim .= "$title"; + $fim .= "".htmlspecialchars($title)."."; }else{ - $fim .= "$title"; + $fim .= "".htmlspecialchars($title)."."; } $fim .= "
"; if(get_option('fim_show_caption') == 'true'){ @@ -177,8 +177,11 @@ $query_string = $_SERVER['QUERY_STRING']; $image = fim_query_one_image($_GET['image']); $title = ($image->title!="") ? "$title" : "Image"; - $back_link = get_url("album/$image->cat"); + // $back_link = get_url("album/$image->cat"); $folder = get_bloginfo('wpurl')."/wp-content/fgallery/".fim_get_folder($image->cat); + $gdsize = getimagesize($folder.rawurlencode($image->image)); + $gdwidth = ($gdsize[0] <= 600 ? $gdsize[0] : 600); + $gdheight = ($gdsize[0] <= 600 ? $gdsize[1] : $gdsize[1] * 600 / $gdsize[0]); $fim .= "
"; $fim .= fim_build_navigation(fim_get_cat_name_($image->cat), $image->image, $image->cat); @@ -190,9 +193,12 @@ $fim .= "

".__("Send this image as eCard", "fgallery").".

"; } $fim .= "
"; + if($gdsize[0] > 600) { + $fim .= "
(Click to enlarge)
"; + } $fim .= "
- $title + ".htmlspecialchars($title).".
"; $fim .= "
"; @@ -328,7 +334,7 @@ { $md5sum = md5($email); - return ""; + return "Gravatar"; } // Get comments for an image function fim_get_comments($image_id) @@ -488,7 +494,7 @@ $order_by = get_option('fim_image_order'); $order_type = get_option('fim_image_order_type'); - return $wpdb->get_results("SELECT * FROM $table_image WHERE cat = '$catid' AND status <> 'exclude' ORDER BY '$order_by' $order_type"); + return $wpdb->get_results("SELECT * FROM $table_image WHERE cat = '$catid' AND status <> 'exclude' ORDER BY `$table_image`.`$order_by` $order_type"); } // Get all galleries function fim_query_cats($status = 'public') @@ -524,11 +530,11 @@ $imagetitle = ($t->title == "")?$image:$t->title; $string = "

".__('Current Albums', 'fgallery').""; if($album && $image) - $string .= " » $album"; + $string .= " » ".htmlspecialchars($album).""; else - $string .= " » $album"; + $string .= " » ".htmlspecialchars($album); if($image) - $string .= " » $imagetitle"; + $string .= " » ".htmlspecialchars($imagetitle); $string .= "

"; return $string; @@ -553,11 +559,11 @@ echo "
"; echo "
"; if(get_option('fim_use_lightbox') == 'true'){ - echo "$title"; + echo "".htmlspecialchars($title)."."; } else{ - echo "$title"; + echo "".htmlspecialchars($title)."."; } echo "
"; } @@ -585,11 +591,11 @@
"; if(get_option('fim_use_lightbox') == 'true'){ echo " - $title"; + ".htmlspecialchars($title)."."; } else{ - echo "$title"; + echo "".htmlspecialchars($title)."."; } echo "

@@ -724,7 +730,7 @@ "; - $out .= "

$image->title

$title"; + $out .= "

$image->title

".htmlspecialchars($title)."."; } return $out; diff -Naur fgallery-2.4.1/fgallery/functions/fim_gallery.php fgallery-2.4.1-1/fgallery/functions/fim_gallery.php --- fgallery-2.4.1/fgallery/functions/fim_gallery.php 2006-10-18 03:33:26.000000000 +0500 +++ fgallery-2.4.1-1/fgallery/functions/fim_gallery.php 2008-09-20 06:04:00.000000000 +0500 @@ -58,8 +58,8 @@ { global $wpdb, $table_prefix; $table = $table_prefix."fim_cat"; - $name = escape($_POST['edit_catname']); - $desc = escape($_POST['edit_catdesc']); + $name = strip_tags(escape($_POST['edit_catname'])); + $desc = strip_tags(escape($_POST['edit_catdesc'])); $catid = $_POST['edit_catid']; $pass = $_POST['pass']; $status = $_POST['fim_cat_status']; @@ -77,8 +77,8 @@ // Edit the image if(isset($_POST['edit_image'])) { - $title = escape($_POST['name']); - $description = escape($_POST['description']); + $title = strip_tags(escape($_POST['name'])); + $description = strip_tags(escape($_POST['description'])); $edit_image_id = $_POST['edit_image_id']; $status = $_POST['status']; $gallery = $_POST['gallery']; @@ -218,8 +218,8 @@ __('Directory', 'fgallery').' '.$dirname.' '.__('exists', 'fgallery').'!

'); } - $new = escape($new); - $description = escape($_POST['description']); + $new = strip_tags(escape($new)); + $description = strip_tags(escape($_POST['description'])); $date = gmdate('Y-m-d H:i:s', time()); $status = $_POST['fim_cat_status']; $pass = $_POST['pass']; diff -Naur fgallery-2.4.1/fgallery/functions/fim_main.php fgallery-2.4.1-1/fgallery/functions/fim_main.php --- fgallery-2.4.1/fgallery/functions/fim_main.php 2006-10-18 03:35:34.000000000 +0500 +++ fgallery-2.4.1-1/fgallery/functions/fim_main.php 2008-09-20 05:58:00.000000000 +0500 @@ -86,7 +86,7 @@ ?> - + @@ -207,7 +207,7 @@
$title$title
:
- + @@ -315,7 +315,7 @@ --> @@ -349,8 +349,8 @@ $d = "desc_".$i; $im = "imagename_".$i; - $title = escape($_POST["title_".$i]); - $description = escape($_POST["desc_".$i]); + $title = strip_tags(escape($_POST["title_".$i])); + $description = strip_tags(escape($_POST["desc_".$i])); $image = $_POST["imagename_".$i]; $editSQL = "UPDATE $table_image SET title = '$title', description = '$description' WHERE image = '$image'";
/>/>
:
 - $title + $title
: