Safe SVG - Version 1.2.0

Version Description

Added support for camel case attributes such as viewBox

Release Info

Developer	enshrined
Plugin	Safe SVG
Version	1.2.0
Comparing to
See all releases

lib/composer.json CHANGED Viewed

	@@ -1,5 +1,5 @@
1	{
2	"require": {
3	- "enshrined/svg-sanitize": "^0.2.0"
4	}
5	}


1	{
2	"require": {
3	+ "enshrined/svg-sanitize": "^0.3.0"
4	}
5	}

lib/composer.lock CHANGED Viewed

	@@ -4,20 +4,21 @@
4	"Read more about it at https://getcomposer.org/doc/01-basic-usage.md#composer-lock-the-lock-file",
5	"This file is @generated automatically"
6	],
7	- "hash": "~~7fb36cc4052a3a5b3592765592f98aab~~",

8	"packages": [
9	{
10	"name": "enshrined/svg-sanitize",
11	- "version": "0.2.1",
12	"source": {
13	"type": "git",
14	"url": "https://github.com/darylldoyle/svg-sanitizer.git",
15	- "reference": "~~ed123c268311b2f64adb5f417ffe30ed84335f5f~~"
16	},
17	"dist": {
18	"type": "zip",
19	- "url": "https://api.github.com/repos/darylldoyle/svg-sanitizer/zipball/~~ed123c268311b2f64adb5f417ffe30ed84335f5f~~",
20	- "reference": "~~ed123c268311b2f64adb5f417ffe30ed84335f5f~~",
21	"shasum": ""
22	},
23	"require-dev": {
	@@ -41,7 +42,7 @@
41	}
42	],
43	"description": "An SVG sanitizer for PHP",
44	- "time": "~~2015~~-07-06 23:33:41"
45	}
46	],
47	"packages-dev": [],


4	"Read more about it at https://getcomposer.org/doc/01-basic-usage.md#composer-lock-the-lock-file",
5	"This file is @generated automatically"
6	],
7	+ "hash": "3b8a0551e14b2eaa1dc475c958bccd8e",
8	+ "content-hash": "c77ee3d8efbd3ee8e33cb9e03cd10bac",
9	"packages": [
10	{
11	"name": "enshrined/svg-sanitize",
12	+ "version": "0.3.0",
13	"source": {
14	"type": "git",
15	"url": "https://github.com/darylldoyle/svg-sanitizer.git",
16	+ "reference": "1ed02bbaa0ca85408bdfce1f5268fb4e5efad74b"
17	},
18	"dist": {
19	"type": "zip",
20	+ "url": "https://api.github.com/repos/darylldoyle/svg-sanitizer/zipball/1ed02bbaa0ca85408bdfce1f5268fb4e5efad74b",
21	+ "reference": "1ed02bbaa0ca85408bdfce1f5268fb4e5efad74b",
22	"shasum": ""
23	},
24	"require-dev": {

42	}
43	],
44	"description": "An SVG sanitizer for PHP",
45	+ "time": "2016-02-27 10:31:04"
46	}
47	],
48	"packages-dev": [],

lib/vendor/composer/ClassLoader.php CHANGED Viewed

	@@ -13,9 +13,7 @@
13	namespace Composer\Autoload;
14
15	/**
16	- * ClassLoader implements a PSR-0 class loader
17	- *
18	- * See https://github.com/php-fig/fig-standards/blob/master/accepted/PSR-0.md
19	*
20	* $loader = new \Composer\Autoload\ClassLoader();
21	*
	@@ -39,6 +37,8 @@ namespace Composer\Autoload;
39	*
40	* @author Fabien Potencier <fabien@symfony.com>
41	* @author Jordi Boggiano <j.boggiano@seld.be>


42	*/
43	class ClassLoader
44	{
	@@ -147,7 +147,7 @@ class ClassLoader
147	* appending or prepending to the ones previously set for this namespace.
148	*
149	* @param string $prefix The prefix/namespace, with trailing '\\'
150	- * @param array\|string $paths The PSR-0 base directories
151	* @param bool $prepend Whether to prepend the directories
152	*
153	* @throws \InvalidArgumentException
	@@ -351,7 +351,7 @@ class ClassLoader
351	foreach ($this->prefixLengthsPsr4[$first] as $prefix => $length) {
352	if (0 === strpos($class, $prefix)) {
353	foreach ($this->prefixDirsPsr4[$prefix] as $dir) {
354	- if (~~is_file~~($file = $dir . DIRECTORY_SEPARATOR . substr($logicalPathPsr4, $length))) {
355	return $file;
356	}
357	}
	@@ -361,7 +361,7 @@ class ClassLoader
361
362	// PSR-4 fallback dirs
363	foreach ($this->fallbackDirsPsr4 as $dir) {
364	- if (~~is_file~~($file = $dir . DIRECTORY_SEPARATOR . $logicalPathPsr4)) {
365	return $file;
366	}
367	}
	@@ -380,7 +380,7 @@ class ClassLoader
380	foreach ($this->prefixesPsr0[$first] as $prefix => $dirs) {
381	if (0 === strpos($class, $prefix)) {
382	foreach ($dirs as $dir) {
383	- if (~~is_file~~($file = $dir . DIRECTORY_SEPARATOR . $logicalPathPsr0)) {
384	return $file;
385	}
386	}
	@@ -390,7 +390,7 @@ class ClassLoader
390
391	// PSR-0 fallback dirs
392	foreach ($this->fallbackDirsPsr0 as $dir) {
393	- if (~~is_file~~($file = $dir . DIRECTORY_SEPARATOR . $logicalPathPsr0)) {
394	return $file;
395	}
396	}


13	namespace Composer\Autoload;
14
15	/**
16	+ * ClassLoader implements a PSR-0, PSR-4 and classmap class loader.


17	*
18	* $loader = new \Composer\Autoload\ClassLoader();
19	*

37	*
38	* @author Fabien Potencier <fabien@symfony.com>
39	* @author Jordi Boggiano <j.boggiano@seld.be>
40	+ * @see http://www.php-fig.org/psr/psr-0/
41	+ * @see http://www.php-fig.org/psr/psr-4/
42	*/
43	class ClassLoader
44	{

147	* appending or prepending to the ones previously set for this namespace.
148	*
149	* @param string $prefix The prefix/namespace, with trailing '\\'
150	+ * @param array\|string $paths The PSR-4 base directories
151	* @param bool $prepend Whether to prepend the directories
152	*
153	* @throws \InvalidArgumentException

351	foreach ($this->prefixLengthsPsr4[$first] as $prefix => $length) {
352	if (0 === strpos($class, $prefix)) {
353	foreach ($this->prefixDirsPsr4[$prefix] as $dir) {
354	+ if (file_exists($file = $dir . DIRECTORY_SEPARATOR . substr($logicalPathPsr4, $length))) {
355	return $file;
356	}
357	}

361
362	// PSR-4 fallback dirs
363	foreach ($this->fallbackDirsPsr4 as $dir) {
364	+ if (file_exists($file = $dir . DIRECTORY_SEPARATOR . $logicalPathPsr4)) {
365	return $file;
366	}
367	}

380	foreach ($this->prefixesPsr0[$first] as $prefix => $dirs) {
381	if (0 === strpos($class, $prefix)) {
382	foreach ($dirs as $dir) {
383	+ if (file_exists($file = $dir . DIRECTORY_SEPARATOR . $logicalPathPsr0)) {
384	return $file;
385	}
386	}

390
391	// PSR-0 fallback dirs
392	foreach ($this->fallbackDirsPsr0 as $dir) {
393	+ if (file_exists($file = $dir . DIRECTORY_SEPARATOR . $logicalPathPsr0)) {
394	return $file;
395	}
396	}

lib/vendor/composer/LICENSE ADDED Viewed

	@@ -0,0 +1,21 @@


1	+
2	+ Copyright (c) 2015 Nils Adermann, Jordi Boggiano
3	+
4	+ Permission is hereby granted, free of charge, to any person obtaining a copy
5	+ of this software and associated documentation files (the "Software"), to deal
6	+ in the Software without restriction, including without limitation the rights
7	+ to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
8	+ copies of the Software, and to permit persons to whom the Software is furnished
9	+ to do so, subject to the following conditions:
10	+
11	+ The above copyright notice and this permission notice shall be included in all
12	+ copies or substantial portions of the Software.
13	+
14	+ THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
15	+ IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
16	+ FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
17	+ AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
18	+ LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
19	+ OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
20	+ THE SOFTWARE.
21	+

lib/vendor/composer/autoload_real.php CHANGED Viewed

	@@ -43,8 +43,3 @@ class ComposerAutoloaderInit0917edb609b9527c9322825d39f92c1b
43	return $loader;
44	}
45	}
46	-
47	- function composerRequire0917edb609b9527c9322825d39f92c1b($file)
48	- {
49	- require $file;
50	- }


43	return $loader;
44	}
45	}

lib/vendor/composer/installed.json CHANGED Viewed

	@@ -1,24 +1,24 @@
1	[
2	{
3	"name": "enshrined/svg-sanitize",
4	- "version": "0.2.1",
5	- "version_normalized": "0.2.1.0",
6	"source": {
7	"type": "git",
8	"url": "https://github.com/darylldoyle/svg-sanitizer.git",
9	- "reference": "~~ed123c268311b2f64adb5f417ffe30ed84335f5f~~"
10	},
11	"dist": {
12	"type": "zip",
13	- "url": "https://api.github.com/repos/darylldoyle/svg-sanitizer/zipball/~~ed123c268311b2f64adb5f417ffe30ed84335f5f~~",
14	- "reference": "~~ed123c268311b2f64adb5f417ffe30ed84335f5f~~",
15	"shasum": ""
16	},
17	"require-dev": {
18	"codeclimate/php-test-reporter": "^0.1.2",
19	"phpunit/phpunit": "^4.7"
20	},
21	- "time": "~~2015~~-07-06 23:33:41",
22	"type": "library",
23	"installation-source": "dist",
24	"autoload": {


1	[
2	{
3	"name": "enshrined/svg-sanitize",
4	+ "version": "0.3.0",
5	+ "version_normalized": "0.3.0.0",
6	"source": {
7	"type": "git",
8	"url": "https://github.com/darylldoyle/svg-sanitizer.git",
9	+ "reference": "1ed02bbaa0ca85408bdfce1f5268fb4e5efad74b"
10	},
11	"dist": {
12	"type": "zip",
13	+ "url": "https://api.github.com/repos/darylldoyle/svg-sanitizer/zipball/1ed02bbaa0ca85408bdfce1f5268fb4e5efad74b",
14	+ "reference": "1ed02bbaa0ca85408bdfce1f5268fb4e5efad74b",
15	"shasum": ""
16	},
17	"require-dev": {
18	"codeclimate/php-test-reporter": "^0.1.2",
19	"phpunit/phpunit": "^4.7"
20	},
21	+ "time": "2016-02-27 10:31:04",
22	"type": "library",
23	"installation-source": "dist",
24	"autoload": {

lib/vendor/enshrined/svg-sanitize/README.md CHANGED Viewed

	@@ -47,6 +47,10 @@ There is a demo available at: [http://svg.enshrined.co.uk/](http://svg.enshrined
47
48	I've just released a WordPress plugin containing this code so you can sanitize your WordPress uploads. It's available from the WordPress plugin directory: [https://wordpress.org/plugins/safe-svg/](https://wordpress.org/plugins/safe-svg/)
49




50	## Tests
51
52	You can run these by running `phpunit`


47
48	I've just released a WordPress plugin containing this code so you can sanitize your WordPress uploads. It's available from the WordPress plugin directory: [https://wordpress.org/plugins/safe-svg/](https://wordpress.org/plugins/safe-svg/)
49
50	+ ## Drupal
51	+
52	+ [Michael Potter](https://github.com/heyMP) has kindly created a Drupal module for this library which is available at: [https://www.drupal.org/project/svg_sanitizer](https://www.drupal.org/project/svg_sanitizer)
53	+
54	## Tests
55
56	You can run these by running `phpunit`

lib/vendor/enshrined/svg-sanitize/src/data/AllowedAttributes.php CHANGED Viewed

@@ -64,7 +64,23 @@ class AllowedAttributes implements AttributeInterface
                         'voffset',
                         // XML
-            -
                        'xlink:href','xml:id','xlink:title','xml:space'
                     );
+                }
+            }


64	'voffset',
65
66	// XML
67	+ 'xlink:href','xml:id','xlink:title','xml:space',
68	+
69	+
70	+ // Camel Case
71	+ "allowReorder", "attributeName", "attributeType", "autoReverse", "baseFrequency",
72	+ "baseProfile", "calcMode", "clipPathUnits", "contentScriptType", "contentStyleType",
73	+ "diffuseConstant", "edgeMode", "externalResourcesRequired", "filterRes",
74	+ "filterUnits", "glyphRef", "gradientTransform", "gradientUnits", "kernelMatrix",
75	+ "kernelUnitLength", "keyPoints", "keySplines", "keyTimes", "lengthAdjust",
76	+ "limitingConeAngle", "markerHeight", "markerUnits", "markerWidth", "maskContentUnits",
77	+ "maskUnits", "numOctaves", "pathLength", "patternContentUnits", "patternTransform",
78	+ "patternUnits", "pointsAtX", "pointsAtY", "pointsAtZ", "preserveAlpha",
79	+ "preserveAspectRatio", "primitiveUnits", "refX", "refY", "repeatCount",
80	+ "repeatDur", "requiredExtensions", "requiredFeatures", "specularConstant",
81	+ "specularExponent", "spreadMethod", "startOffset", "stdDeviation", "stitchTiles",
82	+ "surfaceScale", "systemLanguage", "tableValues", "targetX", "targetY", "textLength",
83	+ "viewBox", "viewTarget", "xChannelSelector", "yChannelSelector", "zoomAndPan",
84	);
85	}
86	}

lib/vendor/enshrined/svg-sanitize/tests/data/svgCleanOne.svg CHANGED Viewed

	@@ -1,4 +1,4 @@
1	- <svg xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" id="Layer_1" x="0px" y="0px" width="600px" height="600px" xml:space="preserve">
2	<line fill="none" stroke="#000000" stroke-miterlimit="10" x1="119" y1="84.5" x2="454" y2="84.5"/>
3	<line fill="none" stroke="#000000" stroke-miterlimit="10" x1="111.212" y1="102.852" x2="112.032" y2="476.623"/>
4	<line fill="none" stroke="#000000" stroke-miterlimit="10" x1="198.917" y1="510.229" x2="486.622" y2="501.213"/>


1	+ <svg xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" id="Layer_1" x="0px" y="0px" width="600px" height="600px" viewBox="0 0 600 600" xml:space="preserve">
2	<line fill="none" stroke="#000000" stroke-miterlimit="10" x1="119" y1="84.5" x2="454" y2="84.5"/>
3	<line fill="none" stroke="#000000" stroke-miterlimit="10" x1="111.212" y1="102.852" x2="112.032" y2="476.623"/>
4	<line fill="none" stroke="#000000" stroke-miterlimit="10" x1="198.917" y1="510.229" x2="486.622" y2="501.213"/>

readme.txt CHANGED Viewed

	@@ -3,8 +3,8 @@ Contributors: enshrined
3	Donate link: http://enshrined.co.uk
4	Tags: svg, sanitize, uploads, sanitise, security, svg upload
5	Requires at least: 4.0
6	- Tested up to: 4.3
7	- Stable tag: 1.1.1
8	License: GPLv2 or later
9	License URI: http://www.gnu.org/licenses/gpl-2.0.html
10
	@@ -35,3 +35,6 @@ Install through the WordPress directory or download, unzip and upload the files
35	= 1.1.1 =
36	* Fixed an issue with empty svg elements self-closing
37


3	Donate link: http://enshrined.co.uk
4	Tags: svg, sanitize, uploads, sanitise, security, svg upload
5	Requires at least: 4.0
6	+ Tested up to: 4.4.2
7	+ Stable tag: 1.2.0
8	License: GPLv2 or later
9	License URI: http://www.gnu.org/licenses/gpl-2.0.html
10

35	= 1.1.1 =
36	* Fixed an issue with empty svg elements self-closing
37
38	+ = 1.2.0 =
39	+ * Added support for camel case attributes such as viewBox
40	+

safe-svg.php CHANGED Viewed

	@@ -3,7 +3,7 @@
3	Plugin Name: Safe SVG
4	Plugin URI: https://wordpress.org/plugins/safe-svg/
5	Description: Allows SVG uploads into Wordpress and sanitizes the SVG before saving it
6	- Version: 1.1.1
7	Author: Daryll Doyle
8	Author URI: http://enshrined.co.uk
9	Text Domain: safe-svg


3	Plugin Name: Safe SVG
4	Plugin URI: https://wordpress.org/plugins/safe-svg/
5	Description: Allows SVG uploads into Wordpress and sanitizes the SVG before saving it
6	+ Version: 1.2.0
7	Author: Daryll Doyle
8	Author URI: http://enshrined.co.uk
9	Text Domain: safe-svg

Safe SVG - Version 1.2.0

Version Description

Release Info

Code changes from version 1.1.1 to 1.2.0