Headline
CVE-2023-5821: Changeset 1263536 for wp-responsive-slider-with-lightbox/trunk/wp-responsive-slider-with-lightbox.php – WordPress Plugin Repository
The Thumbnail carousel slider plugin for WordPress is vulnerable to Cross-Site Request Forgery in version 1.0. This is due to missing nonce validation on the deleteselected function. This makes it possible for unauthenticated attackers to delete sliders in bulk via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
r1165854 r1263536 6464 global $wpdb; 6565 $table_name = $wpdb->prefix . “responsive_slider_plus_responsive_lightbox"; 66 $charset_collate = $wpdb->get_charset_collate(); 6667 6768 $sql = “CREATE TABLE " . $table_name . " ( … … 7273 custom_link varchar(1000) default NULL, 7374 PRIMARY KEY (id) 74 );"; 75 ) $charset_collate;"; 7576 require_once(ABSPATH . ‘wp-admin/includes/upgrade.php’); 7677 dbDelta($sql); … … 128129 if(isset($_POST[‘btnsave’])){ 129130 130 $auto=trim($_POST[‘isauto’]); 131 if ( !check_admin_referer( ‘action_image_add_edit’,’add_edit_image_nonce’)){ 132 133 wp_die(‘Security check fail’); 134 } 135 136 $auto=trim(htmlentities(strip_tags($_POST[‘isauto’]),ENT_QUOTES)); 131137 132138 if($auto==’auto’) … … 135141 $auto=false; 136142 137 $speed=(int)trim($_POST[‘speed’]); 138 $pause=(int)trim($_POST[‘pause’]); 143 $speed=(int) trim(htmlentities(strip_tags($_POST[‘speed’]),ENT_QUOTES)); 144 $pause=(int) trim(htmlentities(strip_tags($_POST[‘pause’]),ENT_QUOTES)); 139145 140146 if(isset($_POST[‘circular’])) … … 145151 //$scrollerwidth=$_POST[‘scrollerwidth’]; 146152 147 $visible=trim($_POST[‘visible’]); 148 149 $min_visible=trim($_POST[‘min_visible’]); 153 $visible=trim(htmlentities(strip_tags($_POST[‘visible’]),ENT_QUOTES)); 154 155 $min_visible=trim(htmlentities(strip_tags($_POST[‘min_visible’]),ENT_QUOTES)); 150156 151157 … … 156162 157163 158 $scroll=trim($_POST[‘scroll’]); 164 $scroll=trim(htmlentities(strip_tags($_POST[‘scroll’]),ENT_QUOTES)); 159165 160166 if($scroll=="”) 161167 $scroll=1; 162168 163 $imageMargin=(int)trim($_POST[‘imageMargin’]); 164 $imageheight=(int)trim($_POST[‘imageheight’]); 165 $imagewidth=(int)trim($_POST[‘imagewidth’]); 166 167 $scollerBackground=trim($_POST[‘scollerBackground’]); 169 $imageMargin=(int) trim(htmlentities(strip_tags($_POST[‘imageMargin’]),ENT_QUOTES)); 170 $imageheight=(int) trim(htmlentities(strip_tags($_POST[‘imageheight’]),ENT_QUOTES)); 171 $imagewidth=(int) trim(htmlentities(strip_tags($_POST[‘imagewidth’]),ENT_QUOTES)); 172 173 $scollerBackground=trim(htmlentities(strip_tags($_POST[‘scollerBackground’]),ENT_QUOTES)); 168174 169175 $options=array(); … … 205211 <td> 206212 <a target="_blank” title="Donate" href="http://www.i13websolution.com/donate-wordpress_image_thumbnail.php"> 207 <img id="help us for free plugin" height="30" width="90" src="http://www.i13websolution.com/images/paypaldonate.jpg" border="0" alt="help us for free plugin" title="help us for free plugin"> 213 <img id="help us for free plugin" height="30" width="90" src="<?php echo plugins_url( 'images/paypaldonate.jpg’, __FILE__ );?>" border="0" alt="help us for free plugin" title="help us for free plugin"> 208214 </a> 209215 </td> … … 383389 </div> 384390 </div> 385 <!-- <div class="stuffbox" id="namediv" style="width:100%;"> 386 <h3><label>Slider Width</label></h3> 387 <div class="inside"> 388 <table> 389 <tr> 390 <td> 391 <input type="text" id="scrollerwidth" size="30" name="scrollerwidth" value="<?php echo $settings[‘scrollerwidth’]; ?>" style="width:100px;"> 392 <div style="clear:both"></div> 393 <div></div> 394 </td> 395 </tr> 396 </table> 397 <div style="clear:both"></div> 398 399 </div> 400 </div>–> 391 401392 <div class="stuffbox" id="namediv" style="width:100%;"> 402393 <h3><label>Image Height</label></h3> … … 447438 </div> 448439 </div> 449 440 <?php wp_nonce_field(‘action_image_add_edit’,’add_edit_image_nonce’); ?> 450441 <input type="submit" name="btnsave" id="btnsave" value="Save Changes" class="button-primary"> <input type="button" name="cancle" id="cancle" value="Cancel" class="button-primary" onclick="location.href=’admin.php?page=responsive_thumbnail_slider_with_lightbox_image_management’"> 451442 … … 517508 518509 }) 510 511 $n(‘#scollerBackground’).wpColorPicker(); 519512 }); 520513 … … 531524 <h3 class="hndle"><span></span>Access All Themes In One Price</h3> 532525 <div class="inside"> 533 <center><a href="http://www.elegantthemes.com/affiliates/idevaffiliate.php?id=11715_0_1_10" target="_blank"><img border="0" src="http://www.elegantthemes.com/affiliates/banners/300x250.gif" width="250" height="250"></a></center> 526 <center><a href="http://www.elegantthemes.com/affiliates/idevaffiliate.php?id=11715_0_1_10" target="_blank"><img border="0" src="<?php echo plugins_url( ‘images/300x250.gif’, __FILE__ ); ?>" width="250" height="250"></a></center> 534527 535528 <div style="margin:10px 5px"> … … 540533 <h3 class="hndle"><span></span>Recommended WordPress Hostings</h3> 541534 <div class="inside"> 542 <center><a href="http://secure.hostgator.com/~affiliat/cgi-bin/affiliates/clickthru.cgi?id=nik00726-hs-wp"><img src="http://tracking.hostgator.com/img/WordPress_Hosting/300x250-animated.gif" width="250" height="250" border="0"></a></center> 535 <center><a href="http://secure.hostgator.com/~affiliat/cgi-bin/affiliates/clickthru.cgi?id=nik00726-hs-wp"><img src="<?php echo plugins_url( ‘images/300x250-animated.gif’, __FILE__ ); ?>" width="250" height="250" border="0"></a></center> 543536 <div style="margin:10px 5px"> 544537 </div> … … 671664 <td> 672665 <a target="_blank" title="Donate" href="http://www.i13websolution.com/donate-wordpress_image_thumbnail.php"> 673 <img id="help us for free plugin" height="30" width="90" src="http://www.i13websolution.com/images/paypaldonate.jpg" border="0" alt="help us for free plugin" title="help us for free plugin"> 666 <img id="help us for free plugin" height="30" width="90" src="<?php echo plugins_url( ‘images/paypaldonate.jpg’, __FILE__ );?>" border="0" alt="help us for free plugin" title="help us for free plugin"> 674667 </a> 675668 </td> … … 707700 <form method="POST" action="admin.php?page=responsive_thumbnail_slider_with_lightbox_image_management&action=deleteselected" id="posts-filter"> 708701 <div class="alignleft actions"> 709 <select name="action_upper"> 702 <select name="action_upper" id="action_upper"> 710703 <option selected="selected" value="-1">Bulk Actions</option> 711704 <option value="delete">delete</option> 712705 </select> 713 <input type="submit" value="Apply" class="button-secondary action" id="deleteselected" name="deleteselected"> 706 <input type="submit" value="Apply" class="button-secondary action" id="deleteselected" name="deleteselected" onclick="return confirmDelete_bulk();"> 714707 </div> 715708 <br class="clear"> … … 748741 749742 global $wp_rewrite; 750 $rows_per_page = 5; 743 $rows_per_page = 10; 751744 752745 $current = (isset($_GET[‘paged’])) ? ($_GET[‘paged’]) : 1; … … 764757 $end = $start + $rows_per_page; 765758 $end = (sizeof($rows) < $end) ? sizeof($rows) : $end; 766 759 $delRecNonce=wp_create_nonce(‘delete_image’); 760 767761 for ($i=$start;$i < $end ;++$i ) { 768762 … … 770764 $id=$row[‘id’]; 771765 $editlink="admin.php?page=responsive_thumbnail_slider_with_lightbox_image_management&action=addedit&id=$id"; 772 $deletelink="admin.php?page=responsive_thumbnail_slider_with_lightbox_image_management&action=delete&id=$id"; 766 $deletelink="admin.php?page=responsive_thumbnail_slider_with_lightbox_image_management&action=delete&id=$id&nonce=$delRecNonce"; 773767 $outputimgmain = $baseurl.$row[‘image_name’]; 774768 … … 776770 <tr valign="top" > 777771 <td class="alignCenter check-column" data-title="Select Record" ><input type="checkbox" value="<?php echo $row[‘id’] ?>" name="thumbnails[]“></td> 778 <td data-title="Title” ><strong><?php echo stripslashes($row[‘title’]) ?></strong></td> 772 <td data-title="Title" ><strong><?php echo $row[‘title’]; ?></strong></td> 779773 <td class="alignCenter"> 780774 <img src="<?php echo $outputimgmain;?>" style="width:50px" height="50px"/> … … 809803 <br/> 810804 <div class="alignleft actions"> 811 <select name="action"> 805 <select name="action" id="action_bottom"> 812806 <option selected="selected" value="-1">Bulk Actions</option> 813807 <option value="delete">delete</option> 814808 </select> 815 <input type="submit" value="Apply" class="button-secondary action" id="deleteselected" name="deleteselected"> 809 <?php wp_nonce_field(‘action_settings_mass_delete’,’mass_delete_nonce’); ?> 810 <input type="submit" value="Apply" class="button-secondary action" id="deleteselected" name="deleteselected" onclick="return confirmDelete_bulk();"> 816811 </div> 817812 … … 819814 <script type="text/JavaScript"> 820815 816 function confirmDelete_bulk(){ 817 var topval=document.getElementById(“action_bottom”).value; 818 var bottomVal=document.getElementById(“action_upper”).value; 819 820 if(topval==’delete’ || bottomVal==’delete’){ 821 822 823 var agree=confirm(“Are you sure you want to delete selected images ?”); 824 if (agree) 825 return true ; 826 else 827 return false; 828 } 829 } 821830 function confirmDelete(){ 822831 var agree=confirm(“Are you sure you want to delete this image ?”); … … 840849 <h3 class="hndle"><span></span>Recommended WordPress Themes</h3> 841850 <div class="inside"> 842 <center><a href="http://www.elegantthemes.com/affiliates/idevaffiliate.php?id=11715_0_1_10" target="_blank"><img border="0" src="http://www.elegantthemes.com/affiliates/banners/300x250.gif" width="250" height="250"></a></center> 851 <center><a href="http://www.elegantthemes.com/affiliates/idevaffiliate.php?id=11715_0_1_10" target="_blank"><img border="0" src="<?php echo plugins_url( ‘images/300x250.gif’, __FILE__ );?>" width="250" height="250"></a></center> 843852 <div style="margin:10px 5px"> 844853 … … 859868 if(isset($_POST[‘btnsave’])){ 860869 870 if ( !check_admin_referer( ‘action_image_add_edit’,’add_edit_image_nonce’)){ 871 872 wp_die(‘Security check fail’); 873 } 874 861875 $uploads = wp_upload_dir(); 862876 $baseDir=$uploads[‘basedir’]; … … 869883 //add new 870884 $location=’admin.php?page=responsive_thumbnail_slider_with_lightbox_image_management’; 871 $title=trim(addslashes($_POST[‘imagetitle’])); 872 $imageurl=trim($_POST[‘imageurl’]); 873 $imageid=trim($_POST[‘imageid’]); 885 $title=trim(htmlentities(strip_tags($_POST[‘imagetitle’]),ENT_QUOTES)); 886 $imageurl=trim(htmlentities(strip_tags($_POST[‘imageurl’]),ENT_QUOTES)); 887 $imageid=trim(htmlentities(strip_tags($_POST[‘imageid’]),ENT_QUOTES)); 874888 $imagename=""; 875889 $imagename=""; 876 if($_FILES[“image_name”][‘name’]!="" and $_FILES[“image_name”][‘name’]!=null){ 877 878 if ($_FILES[“image_name”][“error”] > 0) 879 { 880 $responsive_thumbnail_slider_plus_lightbox_messages=array(); 881 $responsive_thumbnail_slider_plus_lightbox_messages[‘type’]=’err’; 882 $responsive_thumbnail_slider_plus_lightbox_messages[‘message’]=’Error while file uploading.’; 883 update_option(‘responsive_thumbnail_slider_plus_lightbox_messages’, $responsive_thumbnail_slider_plus_lightbox_messages); 884 885 886 echo "<script type=’text/javascript’> location.href=’$location’;</script>"; 887 exit; 888 889 } 890 else{ 891 892 $wpcurrentdir=dirname(__FILE__); 893 $wpcurrentdir=str_replace("\\","/",$wpcurrentdir); 894 $path_parts = pathinfo($_FILES[“image_name”][“name”]); 895 $extension = $path_parts[‘extension’]; 896 $imagename=md5(time()).".$extension"; 897 $imageUploadTo=$pathToImagesFolder.’/’.$imagename; 898 move_uploaded_file($_FILES[“image_name”][“tmp_name”],$imageUploadTo); 899 900 } 901 902 } 903 else if(trim($_POST[‘HdnMediaSelection’])!=’’){ 904 905 $postThumbnailID=(int)$_POST[‘HdnMediaSelection’]; 890 if(trim($_POST[‘HdnMediaSelection’])!=’’){ 891 892 $postThumbnailID=(int) htmlentities(strip_tags($_POST[‘HdnMediaSelection’]),ENT_QUOTES); 906893 $photoMeta = wp_get_attachment_metadata( $postThumbnailID ); 907894 if(is_array($photoMeta) and isset($photoMeta[‘file’])) { … … 964951 965952 $location=’admin.php?page=responsive_thumbnail_slider_with_lightbox_image_management’; 966 $title=trim(addslashes($_POST[‘imagetitle’])); 967 $imageurl=trim($_POST[‘imageurl’]); 953 $title=trim(htmlentities(strip_tags($_POST[‘imagetitle’]),ENT_QUOTES)); 954 $imageurl=trim(htmlentities(strip_tags($_POST[‘imageurl’]),ENT_QUOTES)); 968955 $createdOn=date(‘Y-m-d h:i:s’); 969956 if(function_exists(‘date_i18n’)){ … … 975962 $createdOn=date(‘Y-m-d h:i:s’,strtotime($createdOn)); 976963 977 } 978 979 if ($_FILES[“image_name”][‘name’]!=’’ and $_FILES[“image_name”][“error”] > 0) 980 { 981 $responsive_thumbnail_slider_plus_lightbox_messages=array(); 982 $responsive_thumbnail_slider_plus_lightbox_messages[‘type’]=’err’; 983 $responsive_thumbnail_slider_plus_lightbox_messages[‘message’]=’Error while file uploading.’; 984 update_option(‘responsive_thumbnail_slider_plus_lightbox_messages’, $responsive_thumbnail_slider_plus_lightbox_messages); 985 986 987 echo “<script type=’text/javascript’> location.href=’$location’;</script>"; 988 exit; 989 990 } 991 else{ 964 } 965 966 992967 $location=’admin.php?page=responsive_thumbnail_slider_with_lightbox_image_management’; 993968 994969 try{ 995970 996 if(isset($_FILES[“image_name”][‘name’]) and $_FILES[“image_name”][‘name’]!="” and $_FILES[“image_name”][‘name’]!=null){ 997 998 $wpcurrentdir=dirname(__FILE__); 999 $wpcurrentdir=str_replace("\\","/",$wpcurrentdir); 1000 $path_parts = pathinfo($_FILES[“image_name”][“name”]); 1001 $extension = $path_parts[‘extension’]; 1002 $imagename=md5(time()).".$extension"; 1003 $imageUploadTo=$pathToImagesFolder.’/’.$imagename; 1004 1005 move_uploaded_file($_FILES[“image_name”][“tmp_name”],$imageUploadTo ); 1006 1007 } 1008 else if(trim($_POST[‘HdnMediaSelection’])!=’’){ 1009 1010 $postThumbnailID=(int)$_POST[‘HdnMediaSelection’]; 971 if(trim($_POST[‘HdnMediaSelection’])!=’’){ 972 973 $postThumbnailID=(int) htmlentities(strip_tags($_POST[‘HdnMediaSelection’]),ENT_QUOTES); 1011974 $photoMeta = wp_get_attachment_metadata( $postThumbnailID ); 1012975 … … 10541017 } 10551018 1056 } 1019 10571020 echo “<script type=’text/javascript’> location.href=’$location’;</script>"; 10581021 exit; … … 10711034 10721035 1073 $id= $_GET[‘id’]; 1036 $id= htmlentities(strip_tags($_GET[‘id’]),ENT_QUOTES); 10741037 $query="SELECT * FROM “.$wpdb->prefix."responsive_slider_plus_responsive_lightbox WHERE id=$id"; 10751038 $myrow = $wpdb->get_row($query); … … 10771040 if(is_object($myrow)){ 10781041 1079 $title=stripslashes($myrow->title); 1042 $title=$myrow->title; 10801043 $image_link=$myrow->custom_link; 1081 $image_name=stripslashes($myrow->image_name); 1044 $image_name=$myrow->image_name; 10821045 10831046 } … … 11091072 <div><b>Current Image : </b><a id="currImg” href="<?php echo $baseurl.$image_name; ?>” target="_new"><?php echo $image_name; ?></a></div> 11101073 <?php } ?> 1111 <input type="file" name="image_name" onchange="reloadfileupload();" id="image_name" size="30" /> 1112 <div style="clear:both"></div> 1113 <div></div> 1074 11141075 <div class="uploader"> 11151076 <br/> 1116 <b style="margin-left: 50px;">OR</b><div style="clear: both;margin-top: 15px;"></div> 1117 <?php if(responsive_slider_plus_responsive_lightbox_get_wp_version()>=3.5){ ?> 1118 <a href="javascript:;" class="niks_media" id="myMediaUploader"><b>Use WordPress Media Uploader</b></a> 1119 <?php }?> 1077 1078 <a href="javascript:;" class="niks_media" id="myMediaUploader"><b>Click here add image</b></a> 1079 11201080 <input id="HdnMediaSelection" name="HdnMediaSelection" type="hidden" value="" /> 11211081 <br/> … … 11591119 validExtensions[2]=’png’; 11601120 validExtensions[3]=’gif’; 1161 validExtensions[4]=’bmp’; 1162 validExtensions[5]=’tif’; 1121 11631122 11641123 var inarr=parseInt($n.inArray( attachment.subtype, validExtensions)); … … 12571216 } 12581217 ?> 1218 1219 <?php wp_nonce_field(‘action_image_add_edit’,’add_edit_image_nonce’); ?> 12591220 <input type="submit" onclick="return validateFile();" name="btnsave" id="btnsave" value="Save Changes" class="button-primary"> <input type="button" name="cancle" id="cancle" value="Cancel" class="button-primary" onclick="location.href=’admin.php?page=responsive_thumbnail_slider_with_lightbox_image_management’"> 12601221 … … 12871248 }); 12881249 1289 function validateFile(){ 1290 1291 var $n = jQuery.noConflict(); 1292 if($n(‘#currImg’).length>0 || $n.trim($n(“#HdnMediaSelection”).val())!=""){ 1293 return true; 1294 } 1295 var fragment = $n(“#image_name”).val(); 1296 var filename = $n(“#image_name”).val().replace(/.+[\\\/]/, “”); 1297 var imageid=$n(“#image_name”).val(); 1298 1299 if(imageid==""){ 1300 1301 if(filename!="") 1250 function validateFile(){ 1251 1252 var $n = jQuery.noConflict(); 1253 if($n(‘#currImg’).length>0 || $n.trim($n(“#HdnMediaSelection”).val())!="" ){ 13021254 return true; 1255 } 13031256 else 13041257 { 13051258 $n(“#err_daynamic”).remove(); 1306 $n(“#image_name”).after(‘<label class="image_error" id="err_daynamic">Please select file or use media manager to select file.</label>’); 1259 $n(“#myMediaUploader”).after(‘<br/><label class="image_error" id="err_daynamic">Please select file.</label>’); 13071260 return false; 13081261 } 1309 } 1310 else{ 1311 return true; 1312 } 1313 } 1314 function reloadfileupload(){ 1315 1316 var $n = jQuery.noConflict(); 1317 var fragment = $n(“#image_name”).val(); 1318 var filename = $n(“#image_name”).val().replace(/.+[\\\/]/, “”); 1319 var validExtensions=new Array(); 1320 validExtensions[0]=’jpg’; 1321 validExtensions[1]=’jpeg’; 1322 validExtensions[2]=’png’; 1323 validExtensions[3]=’gif’; 1324 validExtensions[4]=’bmp’; 1325 validExtensions[5]=’tif’; 1326 1327 var extension = filename.substr( (filename.lastIndexOf(‘.’) +1) ).toLowerCase(); 1328 1329 var inarr=parseInt($n.inArray( extension, validExtensions)); 1330 1331 if(inarr<0){ 1332 1333 $n(“#err_daynamic”).remove(); 1334 $n(‘#fileuploaddiv’).html($n(‘#fileuploaddiv’).html()); 1335 $n(“#image_name”).after(‘<label class="image_error" id="err_daynamic">Invalid file extension</label>’); 1336 1337 } 1338 else{ 1339 $n(“#err_daynamic”).remove(); 13401262 13411263 } 1342 1343 1344 } 13451264 </script> 13461265 … … 13531272 <h3 class="hndle"><span></span>Access All Themes In One Price</h3> 13541273 <div class="inside"> 1355 <center><a href="http://www.elegantthemes.com/affiliates/idevaffiliate.php?id=11715_0_1_10" target="_blank"><img border="0" src="http://www.elegantthemes.com/affiliates/banners/300x250.gif" width="250" height="250"></a></center> 1274 <center><a href="http://www.elegantthemes.com/affiliates/idevaffiliate.php?id=11715_0_1_10" target="_blank"><img border="0" src="<?php echo plugins_url( 'images/300x250.gif’, __FILE__ ) ;?>" width="250" height="250"></a></center> 13561275 13571276 <div style="margin:10px 5px"> … … 13621281 <h3 class="hndle"><span></span>Best WordPress Hosting </h3> 13631282 <div class="inside"> 1364 <center><a href="http://secure.hostgator.com/~affiliat/cgi-bin/affiliates/clickthru.cgi?id=nik00726-hs-wp"><img src="http://tracking.hostgator.com/img/WordPress_Hosting/300x250-animated.gif" width="250" height="250" border="0"></a></center> 1283 <center><a href="http://secure.hostgator.com/~affiliat/cgi-bin/affiliates/clickthru.cgi?id=nik00726-hs-wp"><img src="<?php echo plugins_url( 'images/300x250-animated.gif’, __FILE__ ) ;?>" width="250" height="250" border="0"></a></center> 13651284 13661285 <div style="margin:10px 5px"> … … 13781297 else if(strtolower($action)==strtolower(‘delete’)){ 13791298 1299 $retrieved_nonce = ‘’; 1300 1301 if(isset($_GET[‘nonce’]) and $_GET[‘nonce’]!=’’){ 1302 1303 $retrieved_nonce=$_GET[‘nonce’]; 1304 1305 } 1306 if (!wp_verify_nonce($retrieved_nonce, ‘delete_image’ ) ){ 1307 1308 1309 wp_die(‘Security check fail’); 1310 } 1311 13801312 $location=’admin.php?page=responsive_thumbnail_slider_with_lightbox_image_management’; 1381 $deleteId=(int)$_GET[‘id’]; 1382 1313 $deleteId=(int) htmlentities(strip_tags($_GET[‘id’]),ENT_QUOTES); 1314 13831315 $uploads = wp_upload_dir(); 13841316 $baseDir=$uploads[‘basedir’]; … … 13941326 if(is_object($myrow)){ 13951327 1396 $image_name=stripslashes($myrow->image_name); 1328 $image_name=$myrow->image_name; 13971329 $wpcurrentdir=dirname(__FILE__); 13981330 $wpcurrentdir=str_replace(“\\","/",$wpcurrentdir); … … 14261358 else if(strtolower($action)==strtolower(‘deleteselected’)){ 14271359 1360 if(!check_admin_referer(‘action_settings_mass_delete’,’mass_delete_nonce’)){ 1361 1362 wp_die(‘Security check fail’); 1363 } 1364 14281365 $uploads = wp_upload_dir(); 14291366 $baseDir=$uploads[‘basedir’]; … … 14481385 if(is_object($myrow)){ 14491386 1450 $image_name=stripslashes($myrow->image_name); 1387 $image_name=$myrow->image_name; 14511388 $wpcurrentdir=dirname(__FILE__); 14521389 $wpcurrentdir=str_replace(“\\","/",$wpcurrentdir); … … 15281465 <?php $url = plugin_dir_url(__FILE__); ?> 15291466 <div id="divResponsiveSliderPlusLightboxMain_admin"> 1530 <div class="responsiveSlider” style="margin-top: 2px !important;"> 1467 <div class="responsiveSlider” style="margin-top: 2px !important;visibility: hidden;"> 15311468 <?php 15321469 global $wpdb; … … 16271564 16281565 $title=""; 1629 $rowTitle=stripslashes($row[‘title’]); 1566 $rowTitle=$row[‘title’]; 16301567 $rowTitle=str_replace(“’","’",$rowTitle); 16311568 $rowTitle=str_replace('"’,’”’,$rowTitle); … … 17341671 17351672 }); 1673 1674 1675 $n(“.responsiveSlider”).css(‘visibility’,’visible’); 17361676 <?php if($settings[‘auto’]){?> 17371677 … … 17581698 function onResize(){ 17591699 slider.reloadSlider(); 1760 $n(“.responsiveSliderWithResponsiveLightbox”).show(); 1700 $n(“.responsiveSlider”).css(‘visibility’,’visible’); 17611701 } 17621702 … … 18101750 <?php $url = plugin_dir_url(__FILE__); ?> 18111751 <div style="width: auto;postion:relative” id="divSliderMain"> 1812 <div class="responsiveSliderWithResponsiveLightbox" style="margin-top: 2px !important;display: none;"> 1752 <div class="responsiveSliderWithResponsiveLightbox" style="margin-top: 2px !important;visibility: hidden;"> 18131753 <?php 18141754 global $wpdb; … … 19091849 19101850 $title=""; 1911 $rowTitle=stripslashes($row[‘title’]); 1851 $rowTitle=$row[‘title’]; 19121852 $rowTitle=str_replace("’","’",$rowTitle); 19131853 $rowTitle=str_replace('"’,’”’,$rowTitle); … … 20191959 }); 20201960 2021 $n(“.responsiveSliderWithResponsiveLightbox”).show(); 1961 $n(“.responsiveSliderWithResponsiveLightbox”).css(‘visibility’,’visible’); 20221962 <?php if($settings[‘auto’]){?> 20231963 … … 20441984 function onResize(){ 20451985 slider.reloadSlider(); 2046 $n(“.responsiveSliderWithResponsiveLightbox”).show(); 1986 $n(“.responsiveSliderWithResponsiveLightbox”).css(‘visibility’,’visible’); 20471987 } 20481988 … … 20712011 $server_uri = "http://{$_SERVER[‘HTTP_HOST’]}{$_SERVER[‘REQUEST_URI’]}"; 20722012 2073 foreach (array(‘responsive_thumbnail_slider_with_lightbox_image_management’) as $allowURI) { 2013 foreach (array(‘responsive_thumbnail_slider_image_management’,’responsive_thumbnail_slider’) as $allowURI) { 20742014 if(stristr($server_uri, $allowURI)) return true; 20752015 } … … 20862026 } 20872027 wp_enqueue_style(‘media’); 2028 wp_enqueue_style( ‘wp-color-picker’ ); 2029 wp_enqueue_script( ‘wp-color-picker’ ); 20882030 } 20892031 }