← Back to November Gallery Pro Support
What I'd like to do is have a generic gallery page that is just passed a slug as a parameter (for SEO reasons), rather than creating a separate page for each gallery. E.g.
http://whatever.com/art/pretty-flowers
http://whatever.com/art/mountain-scenes
etc.
I can pass the slug in no problem, but can't seem to figure out a way to get an embedded gallery component to use the slug rather than manually assigning the gallery to show via the dropdown list. Any ideas?
In looking at the code, it seems that it would require a small bit of refactoring to work with passing the slug instead.
Hi Scott56276!
You sure are keeping me busy! But these are great questions.
I think the issue you are running into is that internally, for galleries uploaded using the backend Galleries page, the plugin uses the internal ID.
I've updated the plugin to support what you want.
Please update your plugin again (current version should be 1.0.8). I've added a new demo page as well as expanded the documentation to explain how to achieve your aims.
Again, please leave a positive review of the plugin if you found it useful!
Ok, works great, provided the regex includes all the galleries that you want. A bit cumbersome, though. Unfortunately, you can't specify a wildcard pattern there, so it really limits it a bit.
One option might be to just have a flag in each gallery that would expose the slug to an internal list that would be checked against. Would be much easier on the user, I think, especially if you have lots of galleries.
Thoughts?
If a hacker targets your site then you'll get compromised one way or another, even if you leave the regex off completely. I've only had that happen once in 20 years of building websites, so I personally don't worry about it much.
The plugin gives access to two types of galleries, ones uploaded to the filesystem (via ftp or through the October media manager), and ones created on the "Galleries" backend page - these are then stored in the database. The plugin first checks if there are any rows in the galleries table with the given tag. So I don't think that part of the code is vulnerable. SQL isn't constructed manually anywhere. So I don't think an attacker could use SQL injection to hack your database. If the plugin doesn't find any rows that match, then it checks the filesystem. So I suppose without any sort of validation of the URL parameter, an attacker might be able to see pictures stored outside of your gallery "root" folder.
In any case I would use a regex like this: ?|^[a-z0-9-_]+$
So your full url might be: /galleries/:gallerycode?|^[a-z0-9-\]+$
This should take any combination of letters and numbers and dash or underscore, so it should be quite safe.
Also updated the docs. Thanks for the question!
1-5 of 5