A patch to the easy-media-gallery security issue.

patch to emg

function spg_add_admin() {
    global $emgplugname, $theshort, $theopt;
    // Checks that the wp_http_referer includes emg_settigns. This means that the request originated from the emg settings form. But this 
    // may cause problems if other plugins user the same parameters, which is nontheless very unlikely.
    if (strpos($_REQUEST['_wp_http_referer'], 'post_type=easymediagallery&page=emg_settings') !== FALSE && isset($_REQUEST['_wpnonce']) && check_admin_referer('easy_options_group-options')) {
        if (is_admin() && ( isset($_GET['page']) == 'emg_settings' ) && ( isset($_GET['post_type']) == 'easymediagallery' )) {
            if (isset($_REQUEST['action']) && 'save' == $_REQUEST['action']) {
                $curtosv = get_option('easy_media_opt');
                foreach ($theopt as $theval) {
                    $curtosv[$theval['id']] = $_REQUEST[$theval['id']];
                    update_option('easy_media_opt', $curtosv);
                }
                header("Location: edit.php?post_type=easymediagallery&page=emg_settings&saved=true");
                die;
            } else if (isset($_REQUEST['action']) && 'reset' == $_REQUEST['action']) {

                // RESTORE DEFAULT SETTINGS
                easymedia_restore_to_default($_REQUEST['action']);
                // END

                header("Location: edit.php?post_type=easymediagallery&page=emg_settings&reset=true");
                die;
            }
        }
    }
    add_submenu_page(
		'edit.php?post_type=easymediagallery',
		__('Easy Media Gallery Settings', 'easmedia' ),
		__( 'Settings', 'easmedia' ),
		'manage_options',
		'emg_settings',
		'spg_admin'
	);
}