Version Description
- Added support for camel case attributes such as viewBox
Download this release
Release Info
Developer | enshrined |
Plugin | Safe SVG |
Version | 1.2.0 |
Comparing to | |
See all releases |
Code changes from version 1.1.1 to 1.2.0
- lib/composer.json +1 -1
- lib/composer.lock +7 -6
- lib/vendor/composer/ClassLoader.php +8 -8
- lib/vendor/composer/LICENSE +21 -0
- lib/vendor/composer/autoload_real.php +0 -5
- lib/vendor/composer/installed.json +6 -6
- lib/vendor/enshrined/svg-sanitize/README.md +4 -0
- lib/vendor/enshrined/svg-sanitize/src/data/AllowedAttributes.php +17 -1
- lib/vendor/enshrined/svg-sanitize/tests/data/svgCleanOne.svg +1 -1
- readme.txt +5 -2
- safe-svg.php +1 -1
lib/composer.json
CHANGED
@@ -1,5 +1,5 @@
|
|
1 |
{
|
2 |
"require": {
|
3 |
-
"enshrined/svg-sanitize": "^0.
|
4 |
}
|
5 |
}
|
1 |
{
|
2 |
"require": {
|
3 |
+
"enshrined/svg-sanitize": "^0.3.0"
|
4 |
}
|
5 |
}
|
lib/composer.lock
CHANGED
@@ -4,20 +4,21 @@
|
|
4 |
"Read more about it at https://getcomposer.org/doc/01-basic-usage.md#composer-lock-the-lock-file",
|
5 |
"This file is @generated automatically"
|
6 |
],
|
7 |
-
"hash": "
|
|
|
8 |
"packages": [
|
9 |
{
|
10 |
"name": "enshrined/svg-sanitize",
|
11 |
-
"version": "0.
|
12 |
"source": {
|
13 |
"type": "git",
|
14 |
"url": "https://github.com/darylldoyle/svg-sanitizer.git",
|
15 |
-
"reference": "
|
16 |
},
|
17 |
"dist": {
|
18 |
"type": "zip",
|
19 |
-
"url": "https://api.github.com/repos/darylldoyle/svg-sanitizer/zipball/
|
20 |
-
"reference": "
|
21 |
"shasum": ""
|
22 |
},
|
23 |
"require-dev": {
|
@@ -41,7 +42,7 @@
|
|
41 |
}
|
42 |
],
|
43 |
"description": "An SVG sanitizer for PHP",
|
44 |
-
"time": "
|
45 |
}
|
46 |
],
|
47 |
"packages-dev": [],
|
4 |
"Read more about it at https://getcomposer.org/doc/01-basic-usage.md#composer-lock-the-lock-file",
|
5 |
"This file is @generated automatically"
|
6 |
],
|
7 |
+
"hash": "3b8a0551e14b2eaa1dc475c958bccd8e",
|
8 |
+
"content-hash": "c77ee3d8efbd3ee8e33cb9e03cd10bac",
|
9 |
"packages": [
|
10 |
{
|
11 |
"name": "enshrined/svg-sanitize",
|
12 |
+
"version": "0.3.0",
|
13 |
"source": {
|
14 |
"type": "git",
|
15 |
"url": "https://github.com/darylldoyle/svg-sanitizer.git",
|
16 |
+
"reference": "1ed02bbaa0ca85408bdfce1f5268fb4e5efad74b"
|
17 |
},
|
18 |
"dist": {
|
19 |
"type": "zip",
|
20 |
+
"url": "https://api.github.com/repos/darylldoyle/svg-sanitizer/zipball/1ed02bbaa0ca85408bdfce1f5268fb4e5efad74b",
|
21 |
+
"reference": "1ed02bbaa0ca85408bdfce1f5268fb4e5efad74b",
|
22 |
"shasum": ""
|
23 |
},
|
24 |
"require-dev": {
|
42 |
}
|
43 |
],
|
44 |
"description": "An SVG sanitizer for PHP",
|
45 |
+
"time": "2016-02-27 10:31:04"
|
46 |
}
|
47 |
],
|
48 |
"packages-dev": [],
|
lib/vendor/composer/ClassLoader.php
CHANGED
@@ -13,9 +13,7 @@
|
|
13 |
namespace Composer\Autoload;
|
14 |
|
15 |
/**
|
16 |
-
* ClassLoader implements a PSR-0 class loader
|
17 |
-
*
|
18 |
-
* See https://github.com/php-fig/fig-standards/blob/master/accepted/PSR-0.md
|
19 |
*
|
20 |
* $loader = new \Composer\Autoload\ClassLoader();
|
21 |
*
|
@@ -39,6 +37,8 @@ namespace Composer\Autoload;
|
|
39 |
*
|
40 |
* @author Fabien Potencier <fabien@symfony.com>
|
41 |
* @author Jordi Boggiano <j.boggiano@seld.be>
|
|
|
|
|
42 |
*/
|
43 |
class ClassLoader
|
44 |
{
|
@@ -147,7 +147,7 @@ class ClassLoader
|
|
147 |
* appending or prepending to the ones previously set for this namespace.
|
148 |
*
|
149 |
* @param string $prefix The prefix/namespace, with trailing '\\'
|
150 |
-
* @param array|string $paths The PSR-
|
151 |
* @param bool $prepend Whether to prepend the directories
|
152 |
*
|
153 |
* @throws \InvalidArgumentException
|
@@ -351,7 +351,7 @@ class ClassLoader
|
|
351 |
foreach ($this->prefixLengthsPsr4[$first] as $prefix => $length) {
|
352 |
if (0 === strpos($class, $prefix)) {
|
353 |
foreach ($this->prefixDirsPsr4[$prefix] as $dir) {
|
354 |
-
if (
|
355 |
return $file;
|
356 |
}
|
357 |
}
|
@@ -361,7 +361,7 @@ class ClassLoader
|
|
361 |
|
362 |
// PSR-4 fallback dirs
|
363 |
foreach ($this->fallbackDirsPsr4 as $dir) {
|
364 |
-
if (
|
365 |
return $file;
|
366 |
}
|
367 |
}
|
@@ -380,7 +380,7 @@ class ClassLoader
|
|
380 |
foreach ($this->prefixesPsr0[$first] as $prefix => $dirs) {
|
381 |
if (0 === strpos($class, $prefix)) {
|
382 |
foreach ($dirs as $dir) {
|
383 |
-
if (
|
384 |
return $file;
|
385 |
}
|
386 |
}
|
@@ -390,7 +390,7 @@ class ClassLoader
|
|
390 |
|
391 |
// PSR-0 fallback dirs
|
392 |
foreach ($this->fallbackDirsPsr0 as $dir) {
|
393 |
-
if (
|
394 |
return $file;
|
395 |
}
|
396 |
}
|
13 |
namespace Composer\Autoload;
|
14 |
|
15 |
/**
|
16 |
+
* ClassLoader implements a PSR-0, PSR-4 and classmap class loader.
|
|
|
|
|
17 |
*
|
18 |
* $loader = new \Composer\Autoload\ClassLoader();
|
19 |
*
|
37 |
*
|
38 |
* @author Fabien Potencier <fabien@symfony.com>
|
39 |
* @author Jordi Boggiano <j.boggiano@seld.be>
|
40 |
+
* @see http://www.php-fig.org/psr/psr-0/
|
41 |
+
* @see http://www.php-fig.org/psr/psr-4/
|
42 |
*/
|
43 |
class ClassLoader
|
44 |
{
|
147 |
* appending or prepending to the ones previously set for this namespace.
|
148 |
*
|
149 |
* @param string $prefix The prefix/namespace, with trailing '\\'
|
150 |
+
* @param array|string $paths The PSR-4 base directories
|
151 |
* @param bool $prepend Whether to prepend the directories
|
152 |
*
|
153 |
* @throws \InvalidArgumentException
|
351 |
foreach ($this->prefixLengthsPsr4[$first] as $prefix => $length) {
|
352 |
if (0 === strpos($class, $prefix)) {
|
353 |
foreach ($this->prefixDirsPsr4[$prefix] as $dir) {
|
354 |
+
if (file_exists($file = $dir . DIRECTORY_SEPARATOR . substr($logicalPathPsr4, $length))) {
|
355 |
return $file;
|
356 |
}
|
357 |
}
|
361 |
|
362 |
// PSR-4 fallback dirs
|
363 |
foreach ($this->fallbackDirsPsr4 as $dir) {
|
364 |
+
if (file_exists($file = $dir . DIRECTORY_SEPARATOR . $logicalPathPsr4)) {
|
365 |
return $file;
|
366 |
}
|
367 |
}
|
380 |
foreach ($this->prefixesPsr0[$first] as $prefix => $dirs) {
|
381 |
if (0 === strpos($class, $prefix)) {
|
382 |
foreach ($dirs as $dir) {
|
383 |
+
if (file_exists($file = $dir . DIRECTORY_SEPARATOR . $logicalPathPsr0)) {
|
384 |
return $file;
|
385 |
}
|
386 |
}
|
390 |
|
391 |
// PSR-0 fallback dirs
|
392 |
foreach ($this->fallbackDirsPsr0 as $dir) {
|
393 |
+
if (file_exists($file = $dir . DIRECTORY_SEPARATOR . $logicalPathPsr0)) {
|
394 |
return $file;
|
395 |
}
|
396 |
}
|
lib/vendor/composer/LICENSE
ADDED
@@ -0,0 +1,21 @@
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
1 |
+
|
2 |
+
Copyright (c) 2015 Nils Adermann, Jordi Boggiano
|
3 |
+
|
4 |
+
Permission is hereby granted, free of charge, to any person obtaining a copy
|
5 |
+
of this software and associated documentation files (the "Software"), to deal
|
6 |
+
in the Software without restriction, including without limitation the rights
|
7 |
+
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
|
8 |
+
copies of the Software, and to permit persons to whom the Software is furnished
|
9 |
+
to do so, subject to the following conditions:
|
10 |
+
|
11 |
+
The above copyright notice and this permission notice shall be included in all
|
12 |
+
copies or substantial portions of the Software.
|
13 |
+
|
14 |
+
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
|
15 |
+
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
|
16 |
+
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
|
17 |
+
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
|
18 |
+
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
|
19 |
+
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
|
20 |
+
THE SOFTWARE.
|
21 |
+
|
lib/vendor/composer/autoload_real.php
CHANGED
@@ -43,8 +43,3 @@ class ComposerAutoloaderInit0917edb609b9527c9322825d39f92c1b
|
|
43 |
return $loader;
|
44 |
}
|
45 |
}
|
46 |
-
|
47 |
-
function composerRequire0917edb609b9527c9322825d39f92c1b($file)
|
48 |
-
{
|
49 |
-
require $file;
|
50 |
-
}
|
43 |
return $loader;
|
44 |
}
|
45 |
}
|
|
|
|
|
|
|
|
|
|
lib/vendor/composer/installed.json
CHANGED
@@ -1,24 +1,24 @@
|
|
1 |
[
|
2 |
{
|
3 |
"name": "enshrined/svg-sanitize",
|
4 |
-
"version": "0.
|
5 |
-
"version_normalized": "0.
|
6 |
"source": {
|
7 |
"type": "git",
|
8 |
"url": "https://github.com/darylldoyle/svg-sanitizer.git",
|
9 |
-
"reference": "
|
10 |
},
|
11 |
"dist": {
|
12 |
"type": "zip",
|
13 |
-
"url": "https://api.github.com/repos/darylldoyle/svg-sanitizer/zipball/
|
14 |
-
"reference": "
|
15 |
"shasum": ""
|
16 |
},
|
17 |
"require-dev": {
|
18 |
"codeclimate/php-test-reporter": "^0.1.2",
|
19 |
"phpunit/phpunit": "^4.7"
|
20 |
},
|
21 |
-
"time": "
|
22 |
"type": "library",
|
23 |
"installation-source": "dist",
|
24 |
"autoload": {
|
1 |
[
|
2 |
{
|
3 |
"name": "enshrined/svg-sanitize",
|
4 |
+
"version": "0.3.0",
|
5 |
+
"version_normalized": "0.3.0.0",
|
6 |
"source": {
|
7 |
"type": "git",
|
8 |
"url": "https://github.com/darylldoyle/svg-sanitizer.git",
|
9 |
+
"reference": "1ed02bbaa0ca85408bdfce1f5268fb4e5efad74b"
|
10 |
},
|
11 |
"dist": {
|
12 |
"type": "zip",
|
13 |
+
"url": "https://api.github.com/repos/darylldoyle/svg-sanitizer/zipball/1ed02bbaa0ca85408bdfce1f5268fb4e5efad74b",
|
14 |
+
"reference": "1ed02bbaa0ca85408bdfce1f5268fb4e5efad74b",
|
15 |
"shasum": ""
|
16 |
},
|
17 |
"require-dev": {
|
18 |
"codeclimate/php-test-reporter": "^0.1.2",
|
19 |
"phpunit/phpunit": "^4.7"
|
20 |
},
|
21 |
+
"time": "2016-02-27 10:31:04",
|
22 |
"type": "library",
|
23 |
"installation-source": "dist",
|
24 |
"autoload": {
|
lib/vendor/enshrined/svg-sanitize/README.md
CHANGED
@@ -47,6 +47,10 @@ There is a demo available at: [http://svg.enshrined.co.uk/](http://svg.enshrined
|
|
47 |
|
48 |
I've just released a WordPress plugin containing this code so you can sanitize your WordPress uploads. It's available from the WordPress plugin directory: [https://wordpress.org/plugins/safe-svg/](https://wordpress.org/plugins/safe-svg/)
|
49 |
|
|
|
|
|
|
|
|
|
50 |
## Tests
|
51 |
|
52 |
You can run these by running `phpunit`
|
47 |
|
48 |
I've just released a WordPress plugin containing this code so you can sanitize your WordPress uploads. It's available from the WordPress plugin directory: [https://wordpress.org/plugins/safe-svg/](https://wordpress.org/plugins/safe-svg/)
|
49 |
|
50 |
+
## Drupal
|
51 |
+
|
52 |
+
[Michael Potter](https://github.com/heyMP) has kindly created a Drupal module for this library which is available at: [https://www.drupal.org/project/svg_sanitizer](https://www.drupal.org/project/svg_sanitizer)
|
53 |
+
|
54 |
## Tests
|
55 |
|
56 |
You can run these by running `phpunit`
|
lib/vendor/enshrined/svg-sanitize/src/data/AllowedAttributes.php
CHANGED
@@ -64,7 +64,23 @@ class AllowedAttributes implements AttributeInterface
|
|
64 |
'voffset',
|
65 |
|
66 |
// XML
|
67 |
-
'xlink:href','xml:id','xlink:title','xml:space'
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
68 |
);
|
69 |
}
|
70 |
}
|
64 |
'voffset',
|
65 |
|
66 |
// XML
|
67 |
+
'xlink:href','xml:id','xlink:title','xml:space',
|
68 |
+
|
69 |
+
|
70 |
+
// Camel Case
|
71 |
+
"allowReorder", "attributeName", "attributeType", "autoReverse", "baseFrequency",
|
72 |
+
"baseProfile", "calcMode", "clipPathUnits", "contentScriptType", "contentStyleType",
|
73 |
+
"diffuseConstant", "edgeMode", "externalResourcesRequired", "filterRes",
|
74 |
+
"filterUnits", "glyphRef", "gradientTransform", "gradientUnits", "kernelMatrix",
|
75 |
+
"kernelUnitLength", "keyPoints", "keySplines", "keyTimes", "lengthAdjust",
|
76 |
+
"limitingConeAngle", "markerHeight", "markerUnits", "markerWidth", "maskContentUnits",
|
77 |
+
"maskUnits", "numOctaves", "pathLength", "patternContentUnits", "patternTransform",
|
78 |
+
"patternUnits", "pointsAtX", "pointsAtY", "pointsAtZ", "preserveAlpha",
|
79 |
+
"preserveAspectRatio", "primitiveUnits", "refX", "refY", "repeatCount",
|
80 |
+
"repeatDur", "requiredExtensions", "requiredFeatures", "specularConstant",
|
81 |
+
"specularExponent", "spreadMethod", "startOffset", "stdDeviation", "stitchTiles",
|
82 |
+
"surfaceScale", "systemLanguage", "tableValues", "targetX", "targetY", "textLength",
|
83 |
+
"viewBox", "viewTarget", "xChannelSelector", "yChannelSelector", "zoomAndPan",
|
84 |
);
|
85 |
}
|
86 |
}
|
lib/vendor/enshrined/svg-sanitize/tests/data/svgCleanOne.svg
CHANGED
@@ -1,4 +1,4 @@
|
|
1 |
-
<svg xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" id="Layer_1" x="0px" y="0px" width="600px" height="600px" xml:space="preserve">
|
2 |
<line fill="none" stroke="#000000" stroke-miterlimit="10" x1="119" y1="84.5" x2="454" y2="84.5"/>
|
3 |
<line fill="none" stroke="#000000" stroke-miterlimit="10" x1="111.212" y1="102.852" x2="112.032" y2="476.623"/>
|
4 |
<line fill="none" stroke="#000000" stroke-miterlimit="10" x1="198.917" y1="510.229" x2="486.622" y2="501.213"/>
|
1 |
+
<svg xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" id="Layer_1" x="0px" y="0px" width="600px" height="600px" viewBox="0 0 600 600" xml:space="preserve">
|
2 |
<line fill="none" stroke="#000000" stroke-miterlimit="10" x1="119" y1="84.5" x2="454" y2="84.5"/>
|
3 |
<line fill="none" stroke="#000000" stroke-miterlimit="10" x1="111.212" y1="102.852" x2="112.032" y2="476.623"/>
|
4 |
<line fill="none" stroke="#000000" stroke-miterlimit="10" x1="198.917" y1="510.229" x2="486.622" y2="501.213"/>
|
readme.txt
CHANGED
@@ -3,8 +3,8 @@ Contributors: enshrined
|
|
3 |
Donate link: http://enshrined.co.uk
|
4 |
Tags: svg, sanitize, uploads, sanitise, security, svg upload
|
5 |
Requires at least: 4.0
|
6 |
-
Tested up to: 4.
|
7 |
-
Stable tag: 1.
|
8 |
License: GPLv2 or later
|
9 |
License URI: http://www.gnu.org/licenses/gpl-2.0.html
|
10 |
|
@@ -35,3 +35,6 @@ Install through the WordPress directory or download, unzip and upload the files
|
|
35 |
= 1.1.1 =
|
36 |
* Fixed an issue with empty svg elements self-closing
|
37 |
|
|
|
|
|
|
3 |
Donate link: http://enshrined.co.uk
|
4 |
Tags: svg, sanitize, uploads, sanitise, security, svg upload
|
5 |
Requires at least: 4.0
|
6 |
+
Tested up to: 4.4.2
|
7 |
+
Stable tag: 1.2.0
|
8 |
License: GPLv2 or later
|
9 |
License URI: http://www.gnu.org/licenses/gpl-2.0.html
|
10 |
|
35 |
= 1.1.1 =
|
36 |
* Fixed an issue with empty svg elements self-closing
|
37 |
|
38 |
+
= 1.2.0 =
|
39 |
+
* Added support for camel case attributes such as viewBox
|
40 |
+
|
safe-svg.php
CHANGED
@@ -3,7 +3,7 @@
|
|
3 |
Plugin Name: Safe SVG
|
4 |
Plugin URI: https://wordpress.org/plugins/safe-svg/
|
5 |
Description: Allows SVG uploads into Wordpress and sanitizes the SVG before saving it
|
6 |
-
Version: 1.
|
7 |
Author: Daryll Doyle
|
8 |
Author URI: http://enshrined.co.uk
|
9 |
Text Domain: safe-svg
|
3 |
Plugin Name: Safe SVG
|
4 |
Plugin URI: https://wordpress.org/plugins/safe-svg/
|
5 |
Description: Allows SVG uploads into Wordpress and sanitizes the SVG before saving it
|
6 |
+
Version: 1.2.0
|
7 |
Author: Daryll Doyle
|
8 |
Author URI: http://enshrined.co.uk
|
9 |
Text Domain: safe-svg
|