EWWW Image Optimizer - Version 4.5.3

Version Description

fixed: ExactDN duplicates srcset instead of replacing it
security: remote code execution, low exposure

Release Info

Developer	nosilver4u
Plugin	EWWW Image Optimizer
Version	4.5.3
Comparing to
See all releases

Code changes from version 4.5.2 to 4.5.3

Files changed (7) hide show

.travis.yml +5 -2
changelog.txt +4 -0
classes/class-exactdn.php +2 -2
common.php +2 -1
ewww-image-optimizer.php +1 -1
readme.txt +5 -30
unique.php +1 -1

.travis.yml CHANGED Viewed

	@@ -28,6 +28,9 @@ matrix:
28	- php: 7.2
29	env: WP_VERSION=latest WP_MULTISITE=1
30



31	before_script:
32	- bash bin/install-wp-tests.sh wordpress_test root '' localhost $WP_VERSION
33	- phpenv config-rm xdebug.ini
	@@ -39,8 +42,8 @@ before_script:
39	composer global require "phpunit/phpunit=4.8.*"
40	fi
41	- \|
42	- composer global require wp-coding-standards/wpcs
43	- phpcs --config-set installed_paths $HOME/.composer/vendor/wp-coding-standards/wpcs
44
45	script:
46	- phpcs --standard=phpcs.ruleset.xml --extensions=php .


28	- php: 7.2
29	env: WP_VERSION=latest WP_MULTISITE=1
30
31	+ before_install:
32	+ - sudo apt-get install -y php-codesniffer
33	+
34	before_script:
35	- bash bin/install-wp-tests.sh wordpress_test root '' localhost $WP_VERSION
36	- phpenv config-rm xdebug.ini

42	composer global require "phpunit/phpunit=4.8.*"
43	fi
44	- \|
45	+ - composer global require wp-coding-standards/wpcs
46	+ - phpcs --config-set installed_paths $HOME/.composer/vendor/wp-coding-standards/wpcs
47
48	script:
49	- phpcs --standard=phpcs.ruleset.xml --extensions=php .

changelog.txt CHANGED Viewed

	@@ -1,3 +1,7 @@




1	= 4.5.2 =
2	* added: automatic migration to move image paths from absolute to relative
3	* changed: default quality for PNG to JPG did not match WordPress default


1	+ = 4.5.3 =
2	+ * fixed: ExactDN duplicates srcset instead of replacing it
3	+ * security: remote code execution, low exposure
4	+
5	= 4.5.2 =
6	* added: automatic migration to move image paths from absolute to relative
7	* changed: default quality for PNG to JPG did not match WordPress default

classes/class-exactdn.php CHANGED Viewed

	@@ -926,7 +926,7 @@ class ExactDN extends EWWWIO_Page_Parser {
926	$new_srcset_attr = $this->get_attribute( $new_tag, $this->srcset_attr );
927	if ( $new_srcset_attr && false === strpos( $new_srcset_attr, ' ' . (int) $width . 'w' ) ) {
928	ewwwio_debug_message( 'src not in srcset, adding' );
929	- $this->set_attribute( $new_tag, $this->srcset_attr, $srcset_url . $new_srcset_attr );
930	}
931	}
932
	@@ -968,7 +968,7 @@ class ExactDN extends EWWWIO_Page_Parser {
968	$new_srcset_attr = $this->get_attribute( $new_tag, $this->srcset_attr );
969	if ( $new_srcset_attr && false === strpos( $new_srcset_attr, ' ' . (int) $width . 'w' ) ) {
970	ewwwio_debug_message( 'src not in srcset, adding' );
971	- $this->set_attribute( $new_tag, $this->srcset_attr, $srcset_url . $new_srcset_attr );
972	// Replace original tag with modified version.
973	$content = str_replace( $tag, $new_tag, $content );
974	}


926	$new_srcset_attr = $this->get_attribute( $new_tag, $this->srcset_attr );
927	if ( $new_srcset_attr && false === strpos( $new_srcset_attr, ' ' . (int) $width . 'w' ) ) {
928	ewwwio_debug_message( 'src not in srcset, adding' );
929	+ $this->set_attribute( $new_tag, $this->srcset_attr, $srcset_url . $new_srcset_attr, true );
930	}
931	}
932

968	$new_srcset_attr = $this->get_attribute( $new_tag, $this->srcset_attr );
969	if ( $new_srcset_attr && false === strpos( $new_srcset_attr, ' ' . (int) $width . 'w' ) ) {
970	ewwwio_debug_message( 'src not in srcset, adding' );
971	+ $this->set_attribute( $new_tag, $this->srcset_attr, $srcset_url . $new_srcset_attr, true );
972	// Replace original tag with modified version.
973	$content = str_replace( $tag, $new_tag, $content );
974	}

common.php CHANGED Viewed

	@@ -19,11 +19,12 @@
19	// TODO: use this: https://codex.wordpress.org/AJAX_in_Plugins#The_post-load_JavaScript_Event .
20	// TODO: can some of the bulk "fallbacks" be implemented for async processing?
21	// TODO: check to see if we can use PHP and WP core is_iterable and is_countable functions.

22	if ( ! defined( 'ABSPATH' ) ) {
23	exit;
24	}
25
26	- define( 'EWWW_IMAGE_OPTIMIZER_VERSION', '~~452~~.0' );
27
28	// Initialize a couple globals.
29	$ewww_debug = '';


19	// TODO: use this: https://codex.wordpress.org/AJAX_in_Plugins#The_post-load_JavaScript_Event .
20	// TODO: can some of the bulk "fallbacks" be implemented for async processing?
21	// TODO: check to see if we can use PHP and WP core is_iterable and is_countable functions.
22	+ // TODO: ExactDN can use data-id attribute in 5.0 instead of trying to grok wp-image-1234 in the class.
23	if ( ! defined( 'ABSPATH' ) ) {
24	exit;
25	}
26
27	+ define( 'EWWW_IMAGE_OPTIMIZER_VERSION', '453.0' );
28
29	// Initialize a couple globals.
30	$ewww_debug = '';

ewww-image-optimizer.php CHANGED Viewed

	@@ -14,7 +14,7 @@ Plugin URI: https://wordpress.org/plugins/ewww-image-optimizer/
14	Description: Reduce file sizes for images within WordPress including NextGEN Gallery and GRAND FlAGallery. Uses jpegtran, optipng/pngout, and gifsicle.
15	Author: Exactly WWW
16	Text Domain: ewww-image-optimizer
17	- Version: 4.5.2
18	Author URI: https://ewww.io/
19	License: GPLv3
20	*/


14	Description: Reduce file sizes for images within WordPress including NextGEN Gallery and GRAND FlAGallery. Uses jpegtran, optipng/pngout, and gifsicle.
15	Author: Exactly WWW
16	Text Domain: ewww-image-optimizer
17	+ Version: 4.5.3
18	Author URI: https://ewww.io/
19	License: GPLv3
20	*/

readme.txt CHANGED Viewed

@@ -5,7 +5,7 @@ Tags: image, compress, resize, optimize, optimization, lossless, lossy, seo, web
             Requires at least: 4.9
             Tested up to: 5.0
             Requires PHP: 5.6
-            -
            Stable tag: 4.5.2
             License: GPLv3
             Speed up your website and improve your visitors' experience by automatically compressing and resizing images and PDFs. Boost SEO and improve sales.
@@ -174,6 +174,10 @@ http://developer.yahoo.com/performance/rules.html#opt_images
             * Feature requests can be viewed and submitted at https://github.com/nosilver4u/ewww-image-optimizer/labels/enhancement
             * If you would like to help translate this plugin in your language, get started here: https://translate.wordpress.org/projects/wp-plugins/ewww-image-optimizer/
             = 4.5.2 =
             * added: automatic migration to move image paths from absolute to relative
             * changed: default quality for PNG to JPG did not match WordPress default
@@ -203,35 +207,6 @@ http://developer.yahoo.com/performance/rules.html#opt_images
             * fixed: ExactDN inserts full-size image without arguments
             * removed: PHP 5.5 no longer supported
-            -
            = 4.4.2 =
-            -
            * added: notice for Pantheon users that an API key is required
-            -
            * added: ExactDN fully supports protocol-relative urls for non-image resources
-            -
            * changed: better lazy load support in ExactDN
-            -
            * fixed: optimization failure produces rename() errors
-            -
            * fixed: folder scanner ignores files with no extension
-            -
            * fixed: Alt WebP blocks on Facebook tracking pixel
-            -
            * fixed: ExactDN srcset functions cause duplicate image requests with zoom=1
-            -
            * fixed: ExactDN srcset fill adds double arguments to urls
-            -
            * fixed: srcset fill generates notices with non-numeric widths
-            -
            * fixed: bulk scanner stuck in resume mode with nothing to do
-            -
-            -
            = 4.4.1 =
-            -
            * fixed: ExactDN srcset fill replaces images with first image on page
-            -
-            -
            = 4.4.0 =
-            -
            * added: preserve animations in GIF images during resize operations
-            -
            * added: ExactDN will fill in srcset/sizes attributes for all images based on detected width for better mobile support
-            -
            * added: configuration options in the settings page for several "hidden" ExactDN options
-            -
            * changed: Alt WebP still depends on jQuery, but jQuery can be loaded in async or defer mode
-            -
            * changed: Remove Metadata option has been renamed, if you previously had it configured as an override (JPEGTRAN_COPY), please use the new name: EWWW_IMAGE_OPTIMIZER_METADATA_REMOVE
-            -
            * changed: ExactDN uses premium compression by default
-            -
            * fixed: regression with ExactDN and max-width style attributes
-            -
            * fixed: WP esc_url mangles ExactDN urls
-            -
            * fixed: WebP images missing from S3 when using WP Offload S3
-            -
            * fixed: PDF uploads with S3 Uploads plugin
-            -
            * deprecated: PHP 5.5 support will be removed in the next major release (version 4.5)
-            -
            * removed: PHP 5.4 no longer supported
-            -
             = Earlier versions =
             Please refer to the separate changelog.txt file.


5	Requires at least: 4.9
6	Tested up to: 5.0
7	Requires PHP: 5.6
8	+ Stable tag: 4.5.3
9	License: GPLv3
10
11	Speed up your website and improve your visitors' experience by automatically compressing and resizing images and PDFs. Boost SEO and improve sales.

174	* Feature requests can be viewed and submitted at https://github.com/nosilver4u/ewww-image-optimizer/labels/enhancement
175	* If you would like to help translate this plugin in your language, get started here: https://translate.wordpress.org/projects/wp-plugins/ewww-image-optimizer/
176
177	+ = 4.5.3 =
178	+ * fixed: ExactDN duplicates srcset instead of replacing it
179	+ * security: remote code execution, low exposure
180	+
181	= 4.5.2 =
182	* added: automatic migration to move image paths from absolute to relative
183	* changed: default quality for PNG to JPG did not match WordPress default

207	* fixed: ExactDN inserts full-size image without arguments
208	* removed: PHP 5.5 no longer supported
209





























210	= Earlier versions =
211	Please refer to the separate changelog.txt file.
212

unique.php CHANGED Viewed

	@@ -2471,7 +2471,7 @@ function ewww_image_optimizer( $file, $gallery_type = 4, $converted = false, $ne
2471	if ( $optimize ) {
2472	$tempfile = $file . '.tmp'; // temporary GIF output.
2473	// Run gifsicle on the GIF.
2474	- exec( "$nice " . $tools['GIFSICLE'] . " -O3 --careful -o $tempfile " . ewww_image_optimizer_escapeshellarg( $file ) );
2475	// Retrieve the filesize of the temporary GIF.
2476	$new_size = ewww_image_optimizer_filesize( $tempfile );
2477	// If the new GIF is smaller.


2471	if ( $optimize ) {
2472	$tempfile = $file . '.tmp'; // temporary GIF output.
2473	// Run gifsicle on the GIF.
2474	+ exec( "$nice " . $tools['GIFSICLE'] . ' -O3 --careful -o ' . ewww_image_optimizer_escapeshellarg( $tempfile ) . ' ' . ewww_image_optimizer_escapeshellarg( $file ) );
2475	// Retrieve the filesize of the temporary GIF.
2476	$new_size = ewww_image_optimizer_filesize( $tempfile );
2477	// If the new GIF is smaller.