Security update NextGEN Gallery V1.3.5

Since two years I fear this moment that I forgot to check proper my code in NGG, today I need to release the very first security update for a possible XSS vulnerability in NextGEN Gallery. Please update now to version 1.3.5 at wordpress.org or via the auto update routine.

Download NextGEN Gallery Version 1.3.5
Release @ wordpress.org

Advertisements
Tagged

40 thoughts on “Security update NextGEN Gallery V1.3.5

  1. Rajesh says:

    Hi,
    After using auto-upgrade I got this error:
    Warning: nggLoader::require_once(/home/content/n/r/a/nrajesh/html/blog/wp-content/plugins/nextgen-gallery/lib/core.php) [function.nggLoader-require-once]: failed to open stream: No such file or directory in /home/content/n/r/a/nrajesh/html/blog/wp-content/plugins/nextgen-gallery/nggallery.php on line 229

    I was no longer able to access my blog (admin)!

    I removed and installed nextgen again and it worked. It could be due to some falut of WP auto-upgrade as I had a similar issue with some other plugin (I think it was GDStar Rating) before…

    Thanks,
    Rajesh

  2. Pedro Velado says:

    After upgrading, the darker screen stopped working, and it opens the image in the same windown instead, without functioning properly.
    Example: http://toyotaclubsv.com/?p=347

  3. John says:

    Hi!

    I just wanted to say, I’m deeply impressed by the quality of NGG.
    Thank you for providing this plugin!

    John

  4. Meg says:

    Keep up the good work! No problems with new version install.

    Many thanks!

  5. mau says:

    hi,
    there’s been some attacks? what conseguences?

  6. mau says:

    i’ve just upgrade to 1.3.5 version but my wordpress show again the message “a new version of nextgen gallery is available”..why?

  7. alex.rabe says:

    @Mau
    Clear the browser cache ?

  8. masterkarp says:

    Hi,
    Nextgen- Gallery is the best WordPress- Plugin ever, but since a few Days i have got trouble with the Album Managment. The Drag’n Drop Function didn’t work! The new Release ddidn’t solve the problem. What’s wromg???

  9. masterkarp says:

    Hello again,

    i solved the problem:

    Put “php_value memory_limit 128M” in your .htaccess and nextgen works pefect!!!

  10. digitalpbk says:

    Happy to see that you fixed the vulnerability 🙂

  11. Omer says:

    This is the best plugin for wordpress by a land slide. I just wish it worked better for google images, as I still only have 200 out of 12,000 UNIQUE images indexed by google =[.

  12. Awesome plugin! Never had a problem. Keep up the good work.

  13. Ramona says:

    I’ve installed ngg some hours ago. The Gallery don’t create thumbs automatically. This problem is discussed in serveral German forums.
    php_value memory_limit 128M in .htaccess doesn’t solve the problem.
    Any idea? I work with wp 2.8.1.

  14. I am also have a similar problem to the above user. I’ve used ngg for several months without problem, then just in the last week I’ve had the problem with thumbnail creation (a bad thing since my website is about photo galleries more than anything else).

    I posted this issue on the WordPress support area, but since the above user’s problem sounds similar, I thought I’d mention it here. I also changed the memory limit to 128M with no result.

  15. Mit says:

    Hello,

    I am fairly new to the world of php. I have been trying to modify a wordpress theme which has got a picture associated with it. I am trying to change that picture to a slideshow using the NextGen gallery plugin.

    Attached herewith is the theme code and also the slidshow code.

    ID, ‘Image’, true) ) { ?>

    <a href="” title=””><img src="ID, “Image”, true); ?>” title=”” alt=” ” align=”top” border=”0″ style=”padding: 0px; margin: 0px 0px 0px 0px;width: 412px; height: 232px;”/>

    <a href="” title=””><img src="/images/default.gif” title=”” alt=”” align=”top” border=”0″ style=”padding: 0px; margin: 0px 0px 0px 0px;width: 412px; height: 232px;”/>

    Insted of the default.gif I wish a slideshow to be seen and the code I wanted to insert is “[slideshow id=1]“.

    Any help in how to modify this will be highly appreciated.

    Thanks in advance.

  16. dee says:

    Hello Alex,

    I love your plugin for WP. How can I get the image to stay on the same page when it is clicked. It used to simply enlarge in the center of the page than it stopped working. I would love to be able to have this feature work on my blog. Please assist.

    Thank you,
    Dee

  17. JimmyV says:

    Hi Alex,
    This looks like ane xcellent plug-in, but I keep getting this error:
    public_html/wp-mu/wp-content/blogs.dir/3/files/test-one-gallery contains no pictures

    at the end when I upload pictures. Any clues?

    Thanks in advance.

    Jim

  18. AchimG says:

    After the update I cant upload zips or pics with capital letters or with the underline Sign into the name. could you help me ?

  19. AchimG says:

    I Work with I work with wp 2.8.2

  20. Great plugin Alex – although I’m new to both WordPress and WordPress plugins. Can you tell me if your NextGen gallery plugin will work even if you are hosting your blog at WordPress.com? Or do you need to host your blog yourself?

  21. Matthias M says:

    hi, the plugin have a bug if have more then 250 gallerys i cant the album not cange wordpress dashbord not more working in 2.8.2 in wordpress 2.7.1 it works waht is the problem with ngg and wordpress 2.8.2 Plase help me!!!!

  22. Ryan says:

    Great plugin Alex! I do have a question I was hoping you or someone here could answer. I have Thickbox selected as my effect and it looks great except it seems to auto resize the full size picture in the thickbox popup. Is there a file I can edit or a setting I can choose that will make sure it loads the full size picture in the Thickbox effect?

  23. alex.rabe says:

    @all
    Please do not post any support question in the comment section, use the forums. Thanks !

  24. Jon B says:

    Hi,
    Can anyone shed some light as to why all of a sudden my drag and drop function has stopped me from adding galleries to new albums?? I can add galleries to alums with content but not new ones!

    Any help greatfully received.

  25. Jon B says:

    Thanks Alex,
    Will try this afternoon and let you know if it works!
    Thanks
    Jon.

  26. Simmons says:

    hello!
    your plugin is really clean and great!!
    but i’m trying to fix a little bug that could create difficulties to the webmaster. If i allow other user (for example in my case subscribers) to create gallery and manage them in edit gallery, the will be able to create page (also with no mother)!!! that’s a bad bug because usually they can’t even imagine to create a page…
    how could i fix it?
    thank you very much.

    Simmons

  27. don says:

    Hi Alex,
    I like your plugin but I just made mistake, I really need your help.
    Below I quote a warning from David Potter about the gallery name
    (link to his page : http://dpotter.net/Technical/2008/03/nextgen-gallery-review-image-management/)

    “Choose the name of your gallery very carefully as once it’s been created it is very difficult to change it. You’ll have to rename the folder on the server’s disk and then modify the gallery record in the database – not for the faint of heart. I’d like to see the plugin modified to support this feature from the admin UI.”

    Now I’ve got 2 similar button on homepage, how to delete them.
    I attach link to the picture here for reference

    My site is http://www.platinum-treasure.com/ (sorry it’s an adult site)
    How to remove these both button on my header menu. From the quote above it said that I have to rename the database, which folder anyway.
    I try to uninstall NextGEN, remove previous theme and then re upload the theme again but it still appear
    Thank You much.

  28. Ak says:

    Where do I define the imagerotator path?

    I go to the Options page and select the Slideshow tab but there isn’t anything in there. The other tabs have content but not the slideshow tab, which is where I’ve been told from the WP forum to do this, is empty. it only has a little icon in the area where I should be able to define the path

    Can you please tell me where to define the path to Imagerotator.swf or why my slideshow tab is empty, if that is where i am supposed to define it?

    I’m on WordPress 2.7

    thanks!

  29. Marc says:

    Hi,

    tankx for this plugin. Work great and ist the best to time.

    Greez

  30. crz says:

    I have a problem here … why is my gallery shown like this: http://i28.tinypic.com/2z4zevc.jpg How can I fix it?

  31. senshi says:

    Hi, I’m wondering still for some weekes that there is no neewsfeed at the Overview Page of NGG anymore.

    I get just the following message:
    Newsfeed could not be loaded. Check the front page to check for updates.

    I can’t tell you when it started. It must be after I restored my database or after installing a WordPress or NGG update. I’ve already posted this Problem at the NGG Forum, but there is still no response. I don’t really know if I’m the only one witch such a problem. But the newsfeed at the dashboard is working perfectly so I think it’s not because of the server.

    Did you deactivated your newsfeed or smth. alse?
    Sorry If I’m posting such a question as a comment. Perhaps It’s started after installing this last update, I’m not sure.

  32. senshi says:

    @crz
    Did you try another style? It seems like there is some code, like float:left; missing.

  33. alex.rabe says:

    @senshi
    I will fix that in the next update…

  34. Bajazzo90 says:

    Hallo Herr Rabe

    Könnten Sie nicht versuchen das die Version 1.3.5 auch mit der deutschen Version WP 2.8 DE funktioniert?
    Mit der Englischen geht es.
    Vielen Dank

  35. Arteccentrix says:

    Hi Alex

    I just upgraded to 1.3.6 and it has broken the functionality with the simple wordpress shopping cart.

    Can I disable the plugin and just re-install the previous version or is this going to be more complicated than that?

  36. Arteccentrix says:

    Sorry, I’ve fixed it, the upgrade had just deleted the wp-estore template, it’s all OK again now I’ve uploaded it again 🙂

  37. Salvatore says:

    Hello Alex. i can’t see the image on my site.. i see only the tag like [ nggallery id = 16 ] in the post… i tryed to put the tag into visual or html tab, but is the same way… the strangest is that this problem happened now, i have see the picture on my post but not now.. you can see here : http://www.tutto-gossip.com/george-clooney-e-la-canalis-al-lido-di-venezia-ecco-le-foto.htm

  38. Mylander says:

    hey alex,

    i automatically updated my wordpress and nextgen plugin last week.

    1.
    suddenly my slideshow widget doesnt showup anymore at the sidebar.
    (i updated the location of imagerotator.swf – but it doesnt help!)

    2.
    also the flot = right tag doesnt work anymore. it worked always – the other float tags still work???

    3.
    the thickbox effect also always worked. suddenly not?! (opens image as url link in same page)

    you know what happend or how to repair this?
    i tried it already for houres…

  39. […] more here: Security update NextGEN Gallery V1.3.5 at alex.rabe AKPC_IDS += "189,";Popularity: unranked […]

Comments are closed.

%d bloggers like this: