Lazyest Gallery 0.12.0 introduced comments for images and folders. That seemes to work nice, until spam hits your gallery. Spam filters may catch the comments and delete them or change their status, sometimes without triggering a WordPress action hook. I’m now trying to find out what happens in the most popular spam filters and see if I can keep the comment count for images and folders in line.
As soon as I have a reasonable fix, version 0.12.1 will be ready for download.
As you know, I have picked up this project where KeyTwo left it. It takes some time to feel ‘at home’ in somebody else’s work. Every time I walk through the source code I find some minor bugs. Today however, I found some realy nasty security issues. It turns out that Lazyest gallery did write caption.xml files and thumbs and slides folders to your website and left them world writeable. Ouch! 
I have changed all chmod calls. The files and folders now inherit their permissions from the parent folder. Just like WordPress creates files and folders. So if you have manually set your folders with sloppy permissions, it’s your responsibility.
Please download the new plugin version 0.10.4.4 now. As soon as you activate this new plugin, all Lazyest Gallery made folders’ permissions will be reset. This could take some time, but it has to run only once.
A number of deprecated functions were used. Those have been updated too. Also, wpautop filtering has been tweaked, because it interfered with other plugins that filter wpautop like the inline javascript plugin.
download version 0.10.4.4
Twitter Posts
Recent Comments