Imsanity - Version 2.8.1

Version Description

changed: escape and sanitize more things
changed: tighten PHPCS rules used for pre-release testing

Release Info

Developer	nosilver4u
Plugin	Imsanity
Version	2.8.1
Comparing to
See all releases

Code changes from version 2.8.0 to 2.8.1

Files changed (9) hide show

.travis.yml +1 -1
ajax.php +75 -93
changelog.txt +4 -0
imsanity.php +18 -14
libs/utils.php +0 -17
media.php +2 -2
phpcs.ruleset.xml +12 -0
readme.txt +5 -18
settings.php +18 -19

.travis.yml CHANGED Viewed

	@@ -21,7 +21,7 @@ env:
21	before_script:
22	- export PATH="$HOME/.config/composer/vendor/bin:$PATH"
23	- phpenv config-rm xdebug.ini
24	- - composer global require wp-coding-standards/wpcs dealerdirect/phpcodesniffer-composer-installer
25
26	script:
27	- phpcs --standard=phpcs.ruleset.xml --extensions=php .


21	before_script:
22	- export PATH="$HOME/.config/composer/vendor/bin:$PATH"
23	- phpenv config-rm xdebug.ini
24	+ - composer global require wp-coding-standards/wpcs dealerdirect/phpcodesniffer-composer-installer phpcompatibility/phpcompatibility-wp
25
26	script:
27	- phpcs --standard=phpcs.ruleset.xml --extensions=php .

ajax.php CHANGED Viewed

@@ -11,13 +11,13 @@ add_action( 'wp_ajax_imsanity_remove_original', 'imsanity_ajax_remove_original'
             add_action( 'wp_ajax_imsanity_bulk_complete', 'imsanity_ajax_finish' );
             /**
-            -
             * Verifies that the current user has administrator permission and, if not,
-            -
             * renders a json warning and dies
              */
-            -
            function imsanity_verify_permission() {
-            -
            	if ( ! current_user_can( 'activate_plugins' ) ) {
             		die(
-            -
            			json_encode(
             				array(
             					'success' => false,
             					'message' => esc_html__( 'Administrator permission is required', 'imsanity' ),
@@ -25,9 +25,9 @@ function imsanity_verify_permission() {
+            			)
             		);
+            	}
-            -
            	if ( ! wp_verify_nonce( $_REQUEST['_wpnonce'], 'imsanity-bulk' ) && ! wp_verify_nonce( $_REQUEST['_wpnonce'], 'imsanity-manual-resize' ) ) {
             		die(
-            -
            			json_encode(
             				array(
             					'success' => false,
             					'message' => esc_html__( 'Access token has expired, please reload the page.', 'imsanity' ),
@@ -35,88 +35,13 @@ function imsanity_verify_permission() {
+            			)
             		);
+            	}
-            -
            }
-            -
-            -
-            -
            /**
-            -
             * Searches for up to 250 images that are candidates for resize and renders them
-            -
             * to the browser as a json array, then dies
-            -
             */
-            -
            function imsanity_get_images() {
-            -
            	imsanity_verify_permission();
             	$resume_id = ! empty( $_POST['resume_id'] ) ? (int) $_POST['resume_id'] : PHP_INT_MAX;
             	global $wpdb;
             	// Load up all the image attachments we can find.
             	$attachments = $wpdb->get_col( $wpdb->prepare( "SELECT ID FROM $wpdb->posts WHERE ID < %d AND post_type = 'attachment' AND post_mime_type LIKE %s ORDER BY ID DESC", $resume_id, '%%image%%' ) );
             	array_walk( $attachments, 'intval' );
-            -
            	die( json_encode( $attachments ) );
-            -
-            -
            	// TODO: that's all, get rid of the rest.
-            -
            	$offset  = 0;
-            -
            	$limit   = apply_filters( 'imsanity_attachment_query_limit', 3000 );
-            -
            	$results = array();
-            -
            	$maxw    = imsanity_get_option( 'imsanity_max_width', IMSANITY_DEFAULT_MAX_WIDTH );
-            -
            	$maxh    = imsanity_get_option( 'imsanity_max_height', IMSANITY_DEFAULT_MAX_HEIGHT );
-            -
            	$count   = 0;
-            -
-            -
            	$images = $wpdb->get_results( $wpdb->prepare( "SELECT metas.meta_value as file_meta,metas.post_id as ID FROM $wpdb->postmeta metas INNER JOIN $wpdb->posts posts ON posts.ID = metas.post_id WHERE posts.post_type = 'attachment' AND posts.post_mime_type LIKE %s AND posts.post_mime_type != 'image/bmp' AND metas.meta_key = '_wp_attachment_metadata' ORDER BY ID DESC LIMIT %d,%d", '%image%', $offset, $limit ) );
-            -
            	while ( $images ) {
-            -
-            -
            		foreach ( $images as $image ) {
-            -
            			$imagew = false;
-            -
            			$imageh = false;
-            -
-            -
            			$meta = unserialize( $image->file_meta );
-            -
-            -
            			// If "noresize" is included in the filename then we will bypass imsanity scaling.
-            -
            			if ( ! empty( $meta['file'] ) && strpos( $meta['file'], 'noresize' ) !== false ) {
-            -
            				continue;
-            -
            			}
-            -
-            -
            			// Let folks filter the allowed mime-types for resizing.
-            -
            			$allowed_types = apply_filters( 'imsanity_allowed_mimes', array( 'image/png', 'image/gif', 'image/jpeg' ), $meta['file'] );
-            -
            			if ( is_string( $allowed_types ) ) {
-            -
            				$allowed_types = array( $allowed_types );
-            -
            			} elseif ( ! is_array( $allowed_types ) ) {
-            -
            				$allowed_types = array();
-            -
            			}
-            -
            			$ftype = imsanity_quick_mimetype( $meta['file'] );
-            -
            			if ( ! in_array( $ftype, $allowed_types, true ) ) {
-            -
            				continue;
-            -
            			}
-            -
-            -
            			if ( imsanity_get_option( 'imsanity_deep_scan', false ) ) {
-            -
            				$file_path = imsanity_attachment_path( $meta, $image->ID, '', false );
-            -
            				if ( $file_path ) {
-            -
            					list( $imagew, $imageh ) = getimagesize( $file_path );
-            -
            				}
-            -
            			}
-            -
            			if ( empty( $imagew ) || empty( $imageh ) ) {
-            -
            				$imagew = $meta['width'];
-            -
            				$imageh = $meta['height'];
-            -
            			}
-            -
-            -
            			if ( $imagew > $maxw || $imageh > $maxh ) {
-            -
            				$count++;
-            -
-            -
            				$results[] = array(
-            -
            					'id'     => $image->ID,
-            -
            					'width'  => $imagew,
-            -
            					'height' => $imageh,
-            -
            					'file'   => $meta['file'],
-            -
            				);
-            -
            			}
-            -
-            -
            			// Make sure we only return a limited number of records so we don't overload the ajax features.
-            -
            			if ( $count >= IMSANITY_AJAX_MAX_RECORDS ) {
-            -
            				break 2;
-            -
            			}
-            -
            		}
-            -
            		$offset += $limit;
-            -
            		$images  = $wpdb->get_results( $wpdb->prepare( "SELECT metas.meta_value as file_meta,metas.post_id as ID FROM $wpdb->postmeta metas INNER JOIN $wpdb->posts posts ON posts.ID = metas.post_id WHERE posts.post_type = 'attachment' AND posts.post_mime_type LIKE %s AND posts.post_mime_type != 'image/bmp' AND metas.meta_key = '_wp_attachment_metadata' ORDER BY ID DESC LIMIT %d,%d", '%image%', $offset, $limit ) );
-            -
            	} // endwhile
-            -
            	die( json_encode( $results ) );
+            }
             /**
@@ -124,12 +49,31 @@ function imsanity_get_images() {
              * renders a json response indicating success/failure and dies
              */
             function imsanity_ajax_resize() {
-            -
            	imsanity_verify_permission();
-            -
            	$id = (int) $_POST['id'];
             	if ( ! $id ) {
             		die(
-            -
            			json_encode(
             				array(
             					'success' => false,
             					'message' => esc_html__( 'Missing ID Parameter', 'imsanity' ),
@@ -143,7 +87,7 @@ function imsanity_ajax_resize() {
             		sleep( 1 );
+            	}
-            -
            	die( json_encode( $results ) );
+            }
             /**
@@ -151,12 +95,31 @@ function imsanity_ajax_resize() {
              * renders a json response indicating success/failure and dies
              */
             function imsanity_ajax_remove_original() {
-            -
            	imsanity_verify_permission();
-            -
            	$id = (int) $_POST['id'];
             	if ( ! $id ) {
             		die(
-            -
            			json_encode(
             				array(
             					'success' => false,
             					'message' => esc_html__( 'Missing ID Parameter', 'imsanity' ),
@@ -167,17 +130,36 @@ function imsanity_ajax_remove_original() {
             	$remove_original = imsanity_remove_original_image( $id );
             	if ( $remove_original && is_array( $remove_original ) ) {
             		wp_update_attachment_metadata( $id, $remove_original );
-            -
            		die( json_encode( array( 'success' => true ) ) );
+            	}
-            -
            	die( json_encode( array( 'success' => false ) ) );
+            }
             /**
              * Finalizes the resizing process.
              */
             function imsanity_ajax_finish() {
-            -
            	imsanity_verify_permission();
             	update_option( 'imsanity_resume_id', 0, false );


11	add_action( 'wp_ajax_imsanity_bulk_complete', 'imsanity_ajax_finish' );
12
13	/**
14	+ * Searches for up to 250 images that are candidates for resize and renders them
15	+ * to the browser as a json array, then dies
16	*/
17	+ function imsanity_get_images() {
18	+ if ( ! current_user_can( 'activate_plugins' ) \|\| empty( $_REQUEST['_wpnonce'] ) ) {
19	die(
20	+ wp_json_encode(
21	array(
22	'success' => false,
23	'message' => esc_html__( 'Administrator permission is required', 'imsanity' ),

25	)
26	);
27	}
28	+ if ( ! wp_verify_nonce( sanitize_key( $_REQUEST['_wpnonce'] ), 'imsanity-bulk' ) && ! wp_verify_nonce( sanitize_key( $_REQUEST['_wpnonce'] ), 'imsanity-manual-resize' ) ) {
29	die(
30	+ wp_json_encode(
31	array(
32	'success' => false,
33	'message' => esc_html__( 'Access token has expired, please reload the page.', 'imsanity' ),

35	)
36	);
37	}









38
39	$resume_id = ! empty( $_POST['resume_id'] ) ? (int) $_POST['resume_id'] : PHP_INT_MAX;
40	global $wpdb;
41	// Load up all the image attachments we can find.
42	$attachments = $wpdb->get_col( $wpdb->prepare( "SELECT ID FROM $wpdb->posts WHERE ID < %d AND post_type = 'attachment' AND post_mime_type LIKE %s ORDER BY ID DESC", $resume_id, '%%image%%' ) );
43	array_walk( $attachments, 'intval' );
44	+ die( wp_json_encode( $attachments ) );


































































45	}
46
47	/**

49	* renders a json response indicating success/failure and dies
50	*/
51	function imsanity_ajax_resize() {
52	+ if ( ! current_user_can( 'activate_plugins' ) \|\| empty( $_REQUEST['_wpnonce'] ) ) {
53	+ die(
54	+ wp_json_encode(
55	+ array(
56	+ 'success' => false,
57	+ 'message' => esc_html__( 'Administrator permission is required', 'imsanity' ),
58	+ )
59	+ )
60	+ );
61	+ }
62	+ if ( ! wp_verify_nonce( sanitize_key( $_REQUEST['_wpnonce'] ), 'imsanity-bulk' ) && ! wp_verify_nonce( sanitize_key( $_REQUEST['_wpnonce'] ), 'imsanity-manual-resize' ) ) {
63	+ die(
64	+ wp_json_encode(
65	+ array(
66	+ 'success' => false,
67	+ 'message' => esc_html__( 'Access token has expired, please reload the page.', 'imsanity' ),
68	+ )
69	+ )
70	+ );
71	+ }
72
73	+ $id = ! empty( $_POST['id'] ) ? (int) $_POST['id'] : 0;
74	if ( ! $id ) {
75	die(
76	+ wp_json_encode(
77	array(
78	'success' => false,
79	'message' => esc_html__( 'Missing ID Parameter', 'imsanity' ),

87	sleep( 1 );
88	}
89
90	+ die( wp_json_encode( $results ) );
91	}
92
93	/**

95	* renders a json response indicating success/failure and dies
96	*/
97	function imsanity_ajax_remove_original() {
98	+ if ( ! current_user_can( 'activate_plugins' ) \|\| empty( $_REQUEST['_wpnonce'] ) ) {
99	+ die(
100	+ wp_json_encode(
101	+ array(
102	+ 'success' => false,
103	+ 'message' => esc_html__( 'Administrator permission is required', 'imsanity' ),
104	+ )
105	+ )
106	+ );
107	+ }
108	+ if ( ! wp_verify_nonce( sanitize_key( $_REQUEST['_wpnonce'] ), 'imsanity-bulk' ) && ! wp_verify_nonce( sanitize_key( $_REQUEST['_wpnonce'] ), 'imsanity-manual-resize' ) ) {
109	+ die(
110	+ wp_json_encode(
111	+ array(
112	+ 'success' => false,
113	+ 'message' => esc_html__( 'Access token has expired, please reload the page.', 'imsanity' ),
114	+ )
115	+ )
116	+ );
117	+ }
118
119	+ $id = ! empty( $_POST['id'] ) ? (int) $_POST['id'] : 0;
120	if ( ! $id ) {
121	die(
122	+ wp_json_encode(
123	array(
124	'success' => false,
125	'message' => esc_html__( 'Missing ID Parameter', 'imsanity' ),

130	$remove_original = imsanity_remove_original_image( $id );
131	if ( $remove_original && is_array( $remove_original ) ) {
132	wp_update_attachment_metadata( $id, $remove_original );
133	+ die( wp_json_encode( array( 'success' => true ) ) );
134	}
135
136	+ die( wp_json_encode( array( 'success' => false ) ) );
137	}
138
139	/**
140	* Finalizes the resizing process.
141	*/
142	function imsanity_ajax_finish() {
143	+ if ( ! current_user_can( 'activate_plugins' ) \|\| empty( $_REQUEST['_wpnonce'] ) ) {
144	+ die(
145	+ wp_json_encode(
146	+ array(
147	+ 'success' => false,
148	+ 'message' => esc_html__( 'Administrator permission is required', 'imsanity' ),
149	+ )
150	+ )
151	+ );
152	+ }
153	+ if ( ! wp_verify_nonce( sanitize_key( $_REQUEST['_wpnonce'] ), 'imsanity-bulk' ) && ! wp_verify_nonce( sanitize_key( $_REQUEST['_wpnonce'] ), 'imsanity-manual-resize' ) ) {
154	+ die(
155	+ wp_json_encode(
156	+ array(
157	+ 'success' => false,
158	+ 'message' => esc_html__( 'Access token has expired, please reload the page.', 'imsanity' ),
159	+ )
160	+ )
161	+ );
162	+ }
163
164	update_option( 'imsanity_resume_id', 0, false );
165

changelog.txt CHANGED Viewed

	@@ -1,3 +1,7 @@




1	= 2.8.0 =
2	* added: support for resizing WebP images via ImageMagick
3	* changed: update attachment file size to keep WP 6.0 metadata in sync


1	+ = 2.8.1 =
2	+ * changed: escape and sanitize more things
3	+ * changed: tighten PHPCS rules used for pre-release testing
4	+
5	= 2.8.0 =
6	* added: support for resizing WebP images via ImageMagick
7	* changed: update attachment file size to keep WP 6.0 metadata in sync

imsanity.php CHANGED Viewed

	@@ -14,7 +14,7 @@ Plugin URI: https://wordpress.org/plugins/imsanity/
14	Description: Imsanity stops insanely huge image uploads
15	Author: Exactly WWW
16	Domain Path: /languages
17	- Version: 2.8.0
18	Requires at least: 5.5
19	Requires PHP: 7.2
20	Author URI: https://ewww.io/
	@@ -25,7 +25,7 @@ if ( ! defined( 'ABSPATH' ) ) {
25	exit;
26	}
27
28	- define( 'IMSANITY_VERSION', '2.8.0' );
29	define( 'IMSANITY_SCHEMA_VERSION', '1.1' );
30
31	define( 'IMSANITY_DEFAULT_MAX_WIDTH', 1920 );
	@@ -101,19 +101,21 @@ function imsanity_debug( $message ) {
101	*/
102	function imsanity_get_source() {
103	imsanity_debug( __FUNCTION__ );
104	- $id = array_key_exists( 'post_id', $_REQUEST ) ? (int) $_REQUEST['post_id'] : '';
105	- $action = ~~array_key_exists~~( 'action', ~~$_REQUEST~~ ) ? $_REQUEST['action'] : '';
106	imsanity_debug( "getting source for id=$id and action=$action" );
107
108	- ~~imsanity_debug~~( $_SERVER );
109	- if ( ~~! empty(~~ $~~_REQUEST['_wp_http_referer']~~ ) ~~) {~~
110	- ~~imsanity_debug(~~ '~~_wp_http_referer:~~' );
111	- imsanity_debug( $_REQUEST['_wp_http_referer'] );
112	- }
113	if ( ! empty( $_SERVER['HTTP_REFERER'] ) ) {
114	- ~~imsanity_debug~~( '~~http_referer:~~' );
115	- imsanity_debug( $~~_SERVER['HTTP_REFERER']~~ );
116	}




117	// A post_id indicates image is attached to a post.
118	if ( $id > 0 ) {
119	imsanity_debug( 'from a post (id)' );
	@@ -121,12 +123,12 @@ function imsanity_get_source() {
121	}
122
123	// If the referrer is the post editor, that's a good indication the image is attached to a post.
124	- if ( ! ~~empty(~~ ~~$_SERVER['HTTP_REFERER'] ) &&~~ strpos( $~~_SERVER['HTTP_REFERER']~~, '/post.php' ) ) {
125	imsanity_debug( 'from a post.php' );
126	return IMSANITY_SOURCE_POST;
127	}
128	// If the referrer is the (new) post editor, that's a good indication the image is attached to a post.
129	- if ( ! ~~empty(~~ ~~$_SERVER['HTTP_REFERER'] ) &&~~ strpos( $~~_SERVER['HTTP_REFERER']~~, '/post-new.php' ) ) {
130	imsanity_debug( 'from a new post' );
131	return IMSANITY_SOURCE_POST;
132	}
	@@ -311,7 +313,9 @@ function imsanity_convert_to_jpg( $type, $params ) {
311	$img = null;
312
313	if ( 'bmp' === $type ) {
314	- ~~include_once~~( '~~libs/~~imagecreatefrombmp~~.php~~' );


315	$img = imagecreatefrombmp( $params['file'] );
316	} elseif ( 'png' === $type ) {
317	// Prevent converting PNG images with alpha/transparency, unless overridden by the user.


14	Description: Imsanity stops insanely huge image uploads
15	Author: Exactly WWW
16	Domain Path: /languages
17	+ Version: 2.8.1
18	Requires at least: 5.5
19	Requires PHP: 7.2
20	Author URI: https://ewww.io/

25	exit;
26	}
27
28	+ define( 'IMSANITY_VERSION', '2.8.1' );
29	define( 'IMSANITY_SCHEMA_VERSION', '1.1' );
30
31	define( 'IMSANITY_DEFAULT_MAX_WIDTH', 1920 );

101	*/
102	function imsanity_get_source() {
103	imsanity_debug( __FUNCTION__ );
104	+ $id = array_key_exists( 'post_id', $_REQUEST ) ? (int) $_REQUEST['post_id'] : ''; // phpcs:ignore WordPress.Security.NonceVerification
105	+ $action = ! empty( $_REQUEST['action'] ) ? sanitize_key( $_REQUEST['action'] ) : ''; // phpcs:ignore WordPress.Security.NonceVerification
106	imsanity_debug( "getting source for id=$id and action=$action" );
107
108	+ // Uncomment this (and remove the trailing .) to temporarily check the full $_SERVER vars.
109	+ // imsanity_debug( $_SERVER );.
110	+ $referer = '';


111	if ( ! empty( $_SERVER['HTTP_REFERER'] ) ) {
112	+ $referer = sanitize_text_field( wp_unslash( $_SERVER['HTTP_REFERER'] ) );
113	+ imsanity_debug( "http_referer: $referer" );
114	}
115	+
116	+ $request_uri = wp_referer_field( false );
117	+ imsanity_debug( "request URI: $request_uri" );
118	+
119	// A post_id indicates image is attached to a post.
120	if ( $id > 0 ) {
121	imsanity_debug( 'from a post (id)' );

123	}
124
125	// If the referrer is the post editor, that's a good indication the image is attached to a post.
126	+ if ( false !== strpos( $referer, '/post.php' ) ) {
127	imsanity_debug( 'from a post.php' );
128	return IMSANITY_SOURCE_POST;
129	}
130	// If the referrer is the (new) post editor, that's a good indication the image is attached to a post.
131	+ if ( false !== strpos( $referer, '/post-new.php' ) ) {
132	imsanity_debug( 'from a new post' );
133	return IMSANITY_SOURCE_POST;
134	}

313	$img = null;
314
315	if ( 'bmp' === $type ) {
316	+ if ( ! function_exists( 'imagecreatefrombmp' ) ) {
317	+ return $params;
318	+ }
319	$img = imagecreatefrombmp( $params['file'] );
320	} elseif ( 'png' === $type ) {
321	// Prevent converting PNG images with alpha/transparency, unless overridden by the user.

libs/utils.php CHANGED Viewed

@@ -178,23 +178,6 @@ function imsanity_gd_support() {
             	return false;
+            }
-            -
            /**
-            -
             * Output a fatal error and optionally die.
-            -
             *
-            -
             * @param string $message The message to output.
-            -
             * @param string $title A title/header for the message.
-            -
             * @param bool   $die Default false. Whether we should die.
-            -
             */
-            -
            function imsanity_fatal( $message, $title = '', $die = false ) {
-            -
            	echo ( "<div style='margin:5px 0px 5px 0px;padding:10px;border: solid 1px red; background-color: #ff6666; color: black;'>"
-            -
            		. ( $title ? "<h4 style='font-weight: bold; margin: 3px 0px 8px 0px;'>" . $title . '</h4>' : '' )
-            -
            		. $message
-            -
            		. '</div>' );
-            -
            	if ( $die ) {
-            -
            		die();
-            -
            	}
-            -
            }
-            -
             /**
              * Resizes the image with the given id according to the configured max width and height settings.
+             *

             	return false;
+            }
             /**
              * Resizes the image with the given id according to the configured max width and height settings.
+             *

media.php CHANGED Viewed

	@@ -104,7 +104,7 @@ function imsanity_custom_column( $column_name, $id, $meta = null ) {
104	// Give the user the option to optimize the image right now.
105	printf(
106	'<div><button class="imsanity-manual-resize button button-secondary" data-id="%1$d" data-nonce="%2$s">%3$s</button>',
107	- $id,
108	esc_attr( $manual_nonce ),
109	esc_html__( 'Resize Image', 'imsanity' )
110	);
	@@ -123,7 +123,7 @@ function imsanity_custom_column( $column_name, $id, $meta = null ) {
123	// Give the user the option to optimize the image right now.
124	printf(
125	'<div><button class="imsanity-manual-remove-original button button-secondary" data-id="%1$d" data-nonce="%2$s">%3$s</button>',
126	- $id,
127	esc_attr( $manual_nonce ),
128	esc_html( $link_text )
129	);


104	// Give the user the option to optimize the image right now.
105	printf(
106	'<div><button class="imsanity-manual-resize button button-secondary" data-id="%1$d" data-nonce="%2$s">%3$s</button>',
107	+ (int) $id,
108	esc_attr( $manual_nonce ),
109	esc_html__( 'Resize Image', 'imsanity' )
110	);

123	// Give the user the option to optimize the image right now.
124	printf(
125	'<div><button class="imsanity-manual-remove-original button button-secondary" data-id="%1$d" data-nonce="%2$s">%3$s</button>',
126	+ (int) $id,
127	esc_attr( $manual_nonce ),
128	esc_html( $link_text )
129	);

phpcs.ruleset.xml CHANGED Viewed

@@ -12,4 +12,16 @@
             			<property name="custom_whitelist" type="array" value="exif_read_data"/>
             		</properties>
             	</rule>
             </ruleset>


12	<property name="custom_whitelist" type="array" value="exif_read_data"/>
13	</properties>
14	</rule>
15	+
16	+ <rule ref="PHPCompatibilityWP">
17	+ <severity>10</severity>
18	+ </rule>
19	+
20	+ <rule ref="WordPress.Security">
21	+ <severity>10</severity>
22	+ </rule>
23	+
24	+ <rule ref="WordPress.DB.PreparedSQL">
25	+ <severity>10</severity>
26	+ </rule>
27	</ruleset>

readme.txt CHANGED Viewed

	@@ -5,7 +5,7 @@ Tags: image, scale, resize, space saver, quality, upload
5	Requires at least: 5.5
6	Tested up to: 6.0
7	Requires PHP: 7.2
8	- Stable tag: 2.8.0
9	License: GPLv3
10
11	Imsanity automatically resizes huge image uploads. Are contributors uploading huge photos? Tired of manually resizing your images? Imsanity to the rescue!
	@@ -106,6 +106,10 @@ Questions may be posted on the support forum at https://wordpress.org/support/pl
106
107	== Changelog ==
108




109	= 2.8.0 =
110	* added: support for resizing WebP images via ImageMagick
111	* changed: update attachment file size to keep WP 6.0 metadata in sync
	@@ -130,23 +134,6 @@ Questions may be posted on the support forum at https://wordpress.org/support/pl
130	* fixed: BMP files not converted when server uses image/x-ms-bmp as mime identifier
131	* removed: Deep Scan option is the default behavior now, no need for configuration
132
133	- = 2.6.1 =
134	- * fixed: wrong parameter passed to imsanity_attachment_path()
135	-
136	- = 2.6.0 =
137	- * added: wp-cli command 'wp help imsanity resize'
138	- * fixed: adding an image to a post in pre-draft status uses wrong settings/dimensions
139	-
140	- = 2.5.0 =
141	- * added: imsanity_allowed_mimes filter to override the default list of image formats allowed
142	- * added: imsanity_orientation filter to modify auto-rotation behavior, return 1 to bypass
143	- * added: imsanity_get_max_width_height filter to customize max width/height
144	- * added: define network settings as defaults for new sites in multi-site mode
145	- * fixed: WP threshold of 2560 overrides Imsanity when using larger dimensions
146	- * fixed: settings link on plugins page broken in some cases
147	- * fixed: crop filter not applied if max width or height is equal to existing dimension
148	- * fixed: invalid capabilities used for settings page - props @cfoellmann
149	-
150	= Earlier versions =
151	Please refer to the separate changelog.txt file.
152


5	Requires at least: 5.5
6	Tested up to: 6.0
7	Requires PHP: 7.2
8	+ Stable tag: 2.8.1
9	License: GPLv3
10
11	Imsanity automatically resizes huge image uploads. Are contributors uploading huge photos? Tired of manually resizing your images? Imsanity to the rescue!

106
107	== Changelog ==
108
109	+ = 2.8.1 =
110	+ * changed: escape and sanitize more things
111	+ * changed: tighten PHPCS rules used for pre-release testing
112	+
113	= 2.8.0 =
114	* added: support for resizing WebP images via ImageMagick
115	* changed: update attachment file size to keep WP 6.0 metadata in sync

134	* fixed: BMP files not converted when server uses image/x-ms-bmp as mime identifier
135	* removed: Deep Scan option is the default behavior now, no need for configuration
136

















137	= Earlier versions =
138	Please refer to the separate changelog.txt file.
139

settings.php CHANGED Viewed

	@@ -257,7 +257,7 @@ function imsanity_network_settings() {
257	printf(
258	/* translators: %s: link to install EWWW Image Optimizer plugin */
259	esc_html__( 'Get comprehensive image optimization with %s', 'imsanity' ),
260	- '<br><a href="' . admin_url( 'plugin-install.php?s=ewww+image+optimizer&tab=search&type=term' ) . '">EWWW Image Optimizer</a>'
261	);
262	?>
263	<ul>
	@@ -334,7 +334,7 @@ function imsanity_network_settings() {
334	printf(
335	/* translators: %s: link to install EWWW Image Optimizer plugin */
336	esc_html__( 'Only applies to new image uploads, existing images may be converted with %s.', 'imsanity' ),
337	- '<a href="' . admin_url( 'plugin-install.php?s=ewww+image+optimizer&tab=search&type=term' ) . '">EWWW Image Optimizer</a>'
338	);
339	?>
340	</td>
	@@ -363,7 +363,7 @@ function imsanity_network_settings() {
363	* and clear the cached settings
364	*/
365	function imsanity_network_settings_update() {
366	- if ( ! current_user_can( 'manage_options' ) \|\| ! wp_verify_nonce( $_REQUEST['_wpnonce'], 'imsanity_network_options' ) ) {
367	return;
368	}
369	global $wpdb;
	@@ -376,16 +376,16 @@ function imsanity_network_settings_update() {
376
377	$data = new stdClass();
378
379	- $data->imsanity_override_site = (bool) $_POST['imsanity_override_site'];
380	- $data->imsanity_max_height = ~~sanitize_text_field~~( $_POST['imsanity_max_height'] );
381	- $data->imsanity_max_width = ~~sanitize_text_field~~( $_POST['imsanity_max_width'] );
382	- $data->imsanity_max_height_library = ~~sanitize_text_field~~( $_POST['imsanity_max_height_library'] );
383	- $data->imsanity_max_width_library = ~~sanitize_text_field~~( $_POST['imsanity_max_width_library'] );
384	- $data->imsanity_max_height_other = ~~sanitize_text_field~~( $_POST['imsanity_max_height_other'] );
385	- $data->imsanity_max_width_other = ~~sanitize_text_field~~( $_POST['imsanity_max_width_other'] );
386	$data->imsanity_bmp_to_jpg = ! empty( $_POST['imsanity_bmp_to_jpg'] );
387	$data->imsanity_png_to_jpg = ! empty( $_POST['imsanity_png_to_jpg'] );
388	- $data->imsanity_quality = imsanity_jpg_quality( $_POST['imsanity_quality'] );
389	$data->imsanity_delete_originals = ! empty( $_POST['imsanity_delete_originals'] );
390
391	$success = $wpdb->update(
	@@ -513,7 +513,8 @@ function imsanity_set_defaults() {
513	function imsanity_register_settings() {
514	imsanity_upgrade();
515	// We only want to update if the form has been submitted.
516	- if ( ~~isset(~~ ~~$_POST['update_imsanity_settings']~~ ) && ~~is_multisite~~() ~~&& is_network_admin() ) {~~

517	imsanity_network_settings_update();
518	}
519	// Register our settings.
	@@ -640,7 +641,7 @@ function imsanity_settings_page() {
640	printf(
641	/* translators: %s: link to install EWWW Image Optimizer plugin */
642	esc_html__( 'Get comprehensive image optimization with %s', 'imsanity' ),
643	- '<br><a href="' . admin_url( 'plugin-install.php?s=ewww+image+optimizer&tab=search&type=term' ) . '">EWWW Image Optimizer</a>'
644	);
645	?>
646	<ul>
	@@ -716,11 +717,11 @@ function imsanity_settings_page() {
716	<button id="imsanity-bulk-reset" type="submit" class="button-secondary action"><?php esc_html_e( 'Clear Queue', 'imsanity' ); ?></button>
717	</form>
718	<?php endif; ?>
719	- <div id="imsanity_loading" style="display: none;margin:1em 0 1em;"><img src="<?php echo plugins_url( 'images/ajax-loader.gif', __FILE__ ); ?>" style="margin-bottom: .25em; vertical-align:middle;" />
720	<?php esc_html_e( 'Searching for images. This may take a moment.', 'imsanity' ); ?>
721	</div>
722	<div id="resize_results" style="display: none; border: solid 2px #666666; padding: 10px; height: 400px; overflow: auto;">
723	- <div id="bulk-resize-beginning"><?php esc_html_e( 'Resizing...', 'imsanity' ); ?> <img src="<?php echo plugins_url( 'images/ajax-loader.gif', __FILE__ ); ?>" style="margin-bottom: .25em; vertical-align:middle;" /></div>
724	</div>
725
726	<?php
	@@ -790,7 +791,7 @@ function imsanity_settings_page_form() {
790	<label for='imsanity_quality' ><?php esc_html_e( 'JPG image quality', 'imsanity' ); ?>
791	</th>
792	<td>
793	- <input type='text' id='imsanity_quality' name='imsanity_quality' class='small-text' value='<?php echo imsanity_jpg_quality(); ?>' />
794	<?php esc_html_e( 'Usable values are 1-92.', 'imsanity' ); ?>
795	<p class='description'><?php esc_html_e( 'Only used when resizing images, does not affect thumbnails.', 'imsanity' ); ?></p>
796	</td>
	@@ -815,7 +816,7 @@ function imsanity_settings_page_form() {
815	printf(
816	/* translators: %s: link to install EWWW Image Optimizer plugin */
817	esc_html__( 'Only applies to new image uploads, existing images may be converted with %s.', 'imsanity' ),
818	- '<a href="' . admin_url( 'plugin-install.php?s=ewww+image+optimizer&tab=search&type=term' ) . '">EWWW Image Optimizer</a>'
819	);
820	?>
821	</td>
	@@ -837,5 +838,3 @@ function imsanity_settings_page_form() {
837	<?php
838
839	}
840	-
841	- ?>


257	printf(
258	/* translators: %s: link to install EWWW Image Optimizer plugin */
259	esc_html__( 'Get comprehensive image optimization with %s', 'imsanity' ),
260	+ '<br><a href="' . esc_url( admin_url( 'plugin-install.php?s=ewww+image+optimizer&tab=search&type=term' ) ) . '">EWWW Image Optimizer</a>'
261	);
262	?>
263	<ul>

334	printf(
335	/* translators: %s: link to install EWWW Image Optimizer plugin */
336	esc_html__( 'Only applies to new image uploads, existing images may be converted with %s.', 'imsanity' ),
337	+ '<a href="' . esc_url( admin_url( 'plugin-install.php?s=ewww+image+optimizer&tab=search&type=term' ) ) . '">EWWW Image Optimizer</a>'
338	);
339	?>
340	</td>

363	* and clear the cached settings
364	*/
365	function imsanity_network_settings_update() {
366	+ if ( ! current_user_can( 'manage_options' ) \|\| empty( $_REQUEST['_wpnonce'] ) \|\| ! wp_verify_nonce( sanitize_key( $_REQUEST['_wpnonce'] ), 'imsanity_network_options' ) ) {
367	return;
368	}
369	global $wpdb;

376
377	$data = new stdClass();
378
379	+ $data->imsanity_override_site = isset( $_POST['imsanity_override_site'] ) ? (bool) $_POST['imsanity_override_site'] : false;
380	+ $data->imsanity_max_height = isset( $_POST['imsanity_max_height'] ) ? (int) $_POST['imsanity_max_height'] : 0;
381	+ $data->imsanity_max_width = isset( $_POST['imsanity_max_width'] ) ? (int) $_POST['imsanity_max_width'] : 0;
382	+ $data->imsanity_max_height_library = isset( $_POST['imsanity_max_height_library'] ) ? (int) $_POST['imsanity_max_height_library'] : 0;
383	+ $data->imsanity_max_width_library = isset( $_POST['imsanity_max_width_library'] ) ? (int) $_POST['imsanity_max_width_library'] : 0;
384	+ $data->imsanity_max_height_other = isset( $_POST['imsanity_max_height_other'] ) ? (int) $_POST['imsanity_max_height_other'] : 0;
385	+ $data->imsanity_max_width_other = isset( $_POST['imsanity_max_width_other'] ) ? (int) $_POST['imsanity_max_width_other'] : 0;
386	$data->imsanity_bmp_to_jpg = ! empty( $_POST['imsanity_bmp_to_jpg'] );
387	$data->imsanity_png_to_jpg = ! empty( $_POST['imsanity_png_to_jpg'] );
388	+ $data->imsanity_quality = isset( $_POST['imsanity_quality'] ) ? imsanity_jpg_quality( intval( $_POST['imsanity_quality'] ) ) : 82;
389	$data->imsanity_delete_originals = ! empty( $_POST['imsanity_delete_originals'] );
390
391	$success = $wpdb->update(

513	function imsanity_register_settings() {
514	imsanity_upgrade();
515	// We only want to update if the form has been submitted.
516	+ // Verification is done inside the imsanity_network_settings_update() function.
517	+ if ( isset( $_POST['update_imsanity_settings'] ) && is_multisite() && is_network_admin() ) { // phpcs:ignore WordPress.Security.NonceVerification
518	imsanity_network_settings_update();
519	}
520	// Register our settings.

641	printf(
642	/* translators: %s: link to install EWWW Image Optimizer plugin */
643	esc_html__( 'Get comprehensive image optimization with %s', 'imsanity' ),
644	+ '<br><a href="' . esc_url( admin_url( 'plugin-install.php?s=ewww+image+optimizer&tab=search&type=term' ) ) . '">EWWW Image Optimizer</a>'
645	);
646	?>
647	<ul>

717	<button id="imsanity-bulk-reset" type="submit" class="button-secondary action"><?php esc_html_e( 'Clear Queue', 'imsanity' ); ?></button>
718	</form>
719	<?php endif; ?>
720	+ <div id="imsanity_loading" style="display: none;margin:1em 0 1em;"><img src="<?php echo esc_url( plugins_url( 'images/ajax-loader.gif', __FILE__ ) ); ?>" style="margin-bottom: .25em; vertical-align:middle;" />
721	<?php esc_html_e( 'Searching for images. This may take a moment.', 'imsanity' ); ?>
722	</div>
723	<div id="resize_results" style="display: none; border: solid 2px #666666; padding: 10px; height: 400px; overflow: auto;">
724	+ <div id="bulk-resize-beginning"><?php esc_html_e( 'Resizing...', 'imsanity' ); ?> <img src="<?php echo esc_url( plugins_url( 'images/ajax-loader.gif', __FILE__ ) ); ?>" style="margin-bottom: .25em; vertical-align:middle;" /></div>
725	</div>
726
727	<?php

791	<label for='imsanity_quality' ><?php esc_html_e( 'JPG image quality', 'imsanity' ); ?>
792	</th>
793	<td>
794	+ <input type='text' id='imsanity_quality' name='imsanity_quality' class='small-text' value='<?php echo (int) imsanity_jpg_quality(); ?>' />
795	<?php esc_html_e( 'Usable values are 1-92.', 'imsanity' ); ?>
796	<p class='description'><?php esc_html_e( 'Only used when resizing images, does not affect thumbnails.', 'imsanity' ); ?></p>
797	</td>

816	printf(
817	/* translators: %s: link to install EWWW Image Optimizer plugin */
818	esc_html__( 'Only applies to new image uploads, existing images may be converted with %s.', 'imsanity' ),
819	+ '<a href="' . esc_url( admin_url( 'plugin-install.php?s=ewww+image+optimizer&tab=search&type=term' ) ) . '">EWWW Image Optimizer</a>'
820	);
821	?>
822	</td>

838	<?php
839
840	}