Version Description
- Minify SVGs after cleaning so they can be loaded correctly through file_get_contents
Download this release
Release Info
| Developer | enshrined |
| Plugin |  Safe SVG |
| Version | 1.3.0 |
| Comparing to | |
| See all releases | |
Code changes from version 1.2.0 to 1.3.0
- lib/composer.json +1 -1
- lib/composer.lock +7 -7
- lib/vendor/composer/LICENSE +1 -1
- lib/vendor/composer/autoload_real.php +20 -13
- lib/vendor/composer/autoload_static.php +31 -0
- lib/vendor/composer/installed.json +6 -6
- lib/vendor/enshrined/svg-sanitize/README.md +4 -0
- lib/vendor/enshrined/svg-sanitize/src/Sanitizer.php +26 -0
- readme.txt +4 -2
- safe-svg.php +2 -1
lib/composer.json
CHANGED
|
@@ -1,5 +1,5 @@
|
|
| 1 |
{
|
| 2 |
"require": {
|
| 3 |
-
"enshrined/svg-sanitize": "
|
| 4 |
}
|
| 5 |
}
|
| 1 |
{
|
| 2 |
"require": {
|
| 3 |
+
"enshrined/svg-sanitize": "0.*"
|
| 4 |
}
|
| 5 |
}
|
lib/composer.lock
CHANGED
|
@@ -4,21 +4,21 @@
|
|
| 4 |
"Read more about it at https://getcomposer.org/doc/01-basic-usage.md#composer-lock-the-lock-file",
|
| 5 |
"This file is @generated automatically"
|
| 6 |
],
|
| 7 |
-
"hash": "
|
| 8 |
-
"content-hash": "
|
| 9 |
"packages": [
|
| 10 |
{
|
| 11 |
"name": "enshrined/svg-sanitize",
|
| 12 |
-
"version": "0.
|
| 13 |
"source": {
|
| 14 |
"type": "git",
|
| 15 |
"url": "https://github.com/darylldoyle/svg-sanitizer.git",
|
| 16 |
-
"reference": "
|
| 17 |
},
|
| 18 |
"dist": {
|
| 19 |
"type": "zip",
|
| 20 |
-
"url": "https://api.github.com/repos/darylldoyle/svg-sanitizer/zipball/
|
| 21 |
-
"reference": "
|
| 22 |
"shasum": ""
|
| 23 |
},
|
| 24 |
"require-dev": {
|
|
@@ -42,7 +42,7 @@
|
|
| 42 |
}
|
| 43 |
],
|
| 44 |
"description": "An SVG sanitizer for PHP",
|
| 45 |
-
"time": "2016-
|
| 46 |
}
|
| 47 |
],
|
| 48 |
"packages-dev": [],
|
| 4 |
"Read more about it at https://getcomposer.org/doc/01-basic-usage.md#composer-lock-the-lock-file",
|
| 5 |
"This file is @generated automatically"
|
| 6 |
],
|
| 7 |
+
"hash": "1ed57f7ea0ec83a7af33211c4ed92344",
|
| 8 |
+
"content-hash": "b63765525e5fabcf664728d548ecf8a2",
|
| 9 |
"packages": [
|
| 10 |
{
|
| 11 |
"name": "enshrined/svg-sanitize",
|
| 12 |
+
"version": "0.4.0",
|
| 13 |
"source": {
|
| 14 |
"type": "git",
|
| 15 |
"url": "https://github.com/darylldoyle/svg-sanitizer.git",
|
| 16 |
+
"reference": "ffd63a4b9982f4d5795fe8a38337ab990f73698b"
|
| 17 |
},
|
| 18 |
"dist": {
|
| 19 |
"type": "zip",
|
| 20 |
+
"url": "https://api.github.com/repos/darylldoyle/svg-sanitizer/zipball/ffd63a4b9982f4d5795fe8a38337ab990f73698b",
|
| 21 |
+
"reference": "ffd63a4b9982f4d5795fe8a38337ab990f73698b",
|
| 22 |
"shasum": ""
|
| 23 |
},
|
| 24 |
"require-dev": {
|
| 42 |
}
|
| 43 |
],
|
| 44 |
"description": "An SVG sanitizer for PHP",
|
| 45 |
+
"time": "2016-10-10 13:57:42"
|
| 46 |
}
|
| 47 |
],
|
| 48 |
"packages-dev": [],
|
lib/vendor/composer/LICENSE
CHANGED
|
@@ -1,5 +1,5 @@
|
|
| 1 |
|
| 2 |
-
Copyright (c)
|
| 3 |
|
| 4 |
Permission is hereby granted, free of charge, to any person obtaining a copy
|
| 5 |
of this software and associated documentation files (the "Software"), to deal
|
| 1 |
|
| 2 |
+
Copyright (c) 2016 Nils Adermann, Jordi Boggiano
|
| 3 |
|
| 4 |
Permission is hereby granted, free of charge, to any person obtaining a copy
|
| 5 |
of this software and associated documentation files (the "Software"), to deal
|
lib/vendor/composer/autoload_real.php
CHANGED
|
@@ -23,19 +23,26 @@ class ComposerAutoloaderInit0917edb609b9527c9322825d39f92c1b
|
|
| 23 |
self::$loader = $loader = new \Composer\Autoload\ClassLoader();
|
| 24 |
spl_autoload_unregister(array('ComposerAutoloaderInit0917edb609b9527c9322825d39f92c1b', 'loadClassLoader'));
|
| 25 |
|
| 26 |
-
$
|
| 27 |
-
|
| 28 |
-
|
| 29 |
-
|
| 30 |
-
|
| 31 |
-
|
| 32 |
-
|
| 33 |
-
|
| 34 |
-
|
| 35 |
-
|
| 36 |
-
|
| 37 |
-
|
| 38 |
-
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 39 |
}
|
| 40 |
|
| 41 |
$loader->register(true);
|
| 23 |
self::$loader = $loader = new \Composer\Autoload\ClassLoader();
|
| 24 |
spl_autoload_unregister(array('ComposerAutoloaderInit0917edb609b9527c9322825d39f92c1b', 'loadClassLoader'));
|
| 25 |
|
| 26 |
+
$useStaticLoader = PHP_VERSION_ID >= 50600 && !defined('HHVM_VERSION');
|
| 27 |
+
if ($useStaticLoader) {
|
| 28 |
+
require_once __DIR__ . '/autoload_static.php';
|
| 29 |
+
|
| 30 |
+
call_user_func(\Composer\Autoload\ComposerStaticInit0917edb609b9527c9322825d39f92c1b::getInitializer($loader));
|
| 31 |
+
} else {
|
| 32 |
+
$map = require __DIR__ . '/autoload_namespaces.php';
|
| 33 |
+
foreach ($map as $namespace => $path) {
|
| 34 |
+
$loader->set($namespace, $path);
|
| 35 |
+
}
|
| 36 |
+
|
| 37 |
+
$map = require __DIR__ . '/autoload_psr4.php';
|
| 38 |
+
foreach ($map as $namespace => $path) {
|
| 39 |
+
$loader->setPsr4($namespace, $path);
|
| 40 |
+
}
|
| 41 |
+
|
| 42 |
+
$classMap = require __DIR__ . '/autoload_classmap.php';
|
| 43 |
+
if ($classMap) {
|
| 44 |
+
$loader->addClassMap($classMap);
|
| 45 |
+
}
|
| 46 |
}
|
| 47 |
|
| 48 |
$loader->register(true);
|
lib/vendor/composer/autoload_static.php
ADDED
|
@@ -0,0 +1,31 @@
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 1 |
+
<?php
|
| 2 |
+
|
| 3 |
+
// autoload_static.php @generated by Composer
|
| 4 |
+
|
| 5 |
+
namespace Composer\Autoload;
|
| 6 |
+
|
| 7 |
+
class ComposerStaticInit0917edb609b9527c9322825d39f92c1b
|
| 8 |
+
{
|
| 9 |
+
public static $prefixLengthsPsr4 = array (
|
| 10 |
+
'e' =>
|
| 11 |
+
array (
|
| 12 |
+
'enshrined\\svgSanitize\\' => 22,
|
| 13 |
+
),
|
| 14 |
+
);
|
| 15 |
+
|
| 16 |
+
public static $prefixDirsPsr4 = array (
|
| 17 |
+
'enshrined\\svgSanitize\\' =>
|
| 18 |
+
array (
|
| 19 |
+
0 => __DIR__ . '/..' . '/enshrined/svg-sanitize/src',
|
| 20 |
+
),
|
| 21 |
+
);
|
| 22 |
+
|
| 23 |
+
public static function getInitializer(ClassLoader $loader)
|
| 24 |
+
{
|
| 25 |
+
return \Closure::bind(function () use ($loader) {
|
| 26 |
+
$loader->prefixLengthsPsr4 = ComposerStaticInit0917edb609b9527c9322825d39f92c1b::$prefixLengthsPsr4;
|
| 27 |
+
$loader->prefixDirsPsr4 = ComposerStaticInit0917edb609b9527c9322825d39f92c1b::$prefixDirsPsr4;
|
| 28 |
+
|
| 29 |
+
}, null, ClassLoader::class);
|
| 30 |
+
}
|
| 31 |
+
}
|
lib/vendor/composer/installed.json
CHANGED
|
@@ -1,24 +1,24 @@
|
|
| 1 |
[
|
| 2 |
{
|
| 3 |
"name": "enshrined/svg-sanitize",
|
| 4 |
-
"version": "0.
|
| 5 |
-
"version_normalized": "0.
|
| 6 |
"source": {
|
| 7 |
"type": "git",
|
| 8 |
"url": "https://github.com/darylldoyle/svg-sanitizer.git",
|
| 9 |
-
"reference": "
|
| 10 |
},
|
| 11 |
"dist": {
|
| 12 |
"type": "zip",
|
| 13 |
-
"url": "https://api.github.com/repos/darylldoyle/svg-sanitizer/zipball/
|
| 14 |
-
"reference": "
|
| 15 |
"shasum": ""
|
| 16 |
},
|
| 17 |
"require-dev": {
|
| 18 |
"codeclimate/php-test-reporter": "^0.1.2",
|
| 19 |
"phpunit/phpunit": "^4.7"
|
| 20 |
},
|
| 21 |
-
"time": "2016-
|
| 22 |
"type": "library",
|
| 23 |
"installation-source": "dist",
|
| 24 |
"autoload": {
|
| 1 |
[
|
| 2 |
{
|
| 3 |
"name": "enshrined/svg-sanitize",
|
| 4 |
+
"version": "0.4.0",
|
| 5 |
+
"version_normalized": "0.4.0.0",
|
| 6 |
"source": {
|
| 7 |
"type": "git",
|
| 8 |
"url": "https://github.com/darylldoyle/svg-sanitizer.git",
|
| 9 |
+
"reference": "ffd63a4b9982f4d5795fe8a38337ab990f73698b"
|
| 10 |
},
|
| 11 |
"dist": {
|
| 12 |
"type": "zip",
|
| 13 |
+
"url": "https://api.github.com/repos/darylldoyle/svg-sanitizer/zipball/ffd63a4b9982f4d5795fe8a38337ab990f73698b",
|
| 14 |
+
"reference": "ffd63a4b9982f4d5795fe8a38337ab990f73698b",
|
| 15 |
"shasum": ""
|
| 16 |
},
|
| 17 |
"require-dev": {
|
| 18 |
"codeclimate/php-test-reporter": "^0.1.2",
|
| 19 |
"phpunit/phpunit": "^4.7"
|
| 20 |
},
|
| 21 |
+
"time": "2016-10-10 13:57:42",
|
| 22 |
"type": "library",
|
| 23 |
"installation-source": "dist",
|
| 24 |
"autoload": {
|
lib/vendor/enshrined/svg-sanitize/README.md
CHANGED
|
@@ -40,6 +40,10 @@ You may pass your own whitelist of tags and attributes by using the `Sanitizer::
|
|
| 40 |
|
| 41 |
These methods require that you implement the `enshrined\svgSanitize\data\TagInterface` or `enshrined\svgSanitize\data\AttributeInterface`.
|
| 42 |
|
|
|
|
|
|
|
|
|
|
|
|
|
| 43 |
## Demo
|
| 44 |
There is a demo available at: [http://svg.enshrined.co.uk/](http://svg.enshrined.co.uk/)
|
| 45 |
|
| 40 |
|
| 41 |
These methods require that you implement the `enshrined\svgSanitize\data\TagInterface` or `enshrined\svgSanitize\data\AttributeInterface`.
|
| 42 |
|
| 43 |
+
## Minification
|
| 44 |
+
|
| 45 |
+
You can minify the XML output by calling `$sanitiser->minify(true);`.
|
| 46 |
+
|
| 47 |
## Demo
|
| 48 |
There is a demo available at: [http://svg.enshrined.co.uk/](http://svg.enshrined.co.uk/)
|
| 49 |
|
lib/vendor/enshrined/svg-sanitize/src/Sanitizer.php
CHANGED
|
@@ -43,6 +43,11 @@ class Sanitizer
|
|
| 43 |
*/
|
| 44 |
protected $xmlLoaderValue;
|
| 45 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 46 |
/**
|
| 47 |
*
|
| 48 |
*/
|
|
@@ -64,6 +69,11 @@ class Sanitizer
|
|
| 64 |
$this->xmlDocument->preserveWhiteSpace = false;
|
| 65 |
$this->xmlDocument->strictErrorChecking = false;
|
| 66 |
$this->xmlDocument->formatOutput = true;
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 67 |
}
|
| 68 |
|
| 69 |
/**
|
|
@@ -141,6 +151,12 @@ class Sanitizer
|
|
| 141 |
$clean = $this->xmlDocument->saveXML($this->xmlDocument->documentElement, LIBXML_NOEMPTYTAG);
|
| 142 |
|
| 143 |
$this->resetAfter();
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 144 |
// Return result
|
| 145 |
return $clean;
|
| 146 |
}
|
|
@@ -252,4 +268,14 @@ class Sanitizer
|
|
| 252 |
$element->removeAttribute('href');
|
| 253 |
}
|
| 254 |
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 255 |
}
|
| 43 |
*/
|
| 44 |
protected $xmlLoaderValue;
|
| 45 |
|
| 46 |
+
/**
|
| 47 |
+
* @var bool
|
| 48 |
+
*/
|
| 49 |
+
protected $minifyXML = false;
|
| 50 |
+
|
| 51 |
/**
|
| 52 |
*
|
| 53 |
*/
|
| 69 |
$this->xmlDocument->preserveWhiteSpace = false;
|
| 70 |
$this->xmlDocument->strictErrorChecking = false;
|
| 71 |
$this->xmlDocument->formatOutput = true;
|
| 72 |
+
|
| 73 |
+
// Maybe don't format the output
|
| 74 |
+
if($this->minifyXML) {
|
| 75 |
+
$this->xmlDocument->formatOutput = false;
|
| 76 |
+
}
|
| 77 |
}
|
| 78 |
|
| 79 |
/**
|
| 151 |
$clean = $this->xmlDocument->saveXML($this->xmlDocument->documentElement, LIBXML_NOEMPTYTAG);
|
| 152 |
|
| 153 |
$this->resetAfter();
|
| 154 |
+
|
| 155 |
+
// Remove any extra whitespaces when minifying
|
| 156 |
+
if($this->minifyXML) {
|
| 157 |
+
$clean = preg_replace('/\s+/', ' ', $clean);
|
| 158 |
+
}
|
| 159 |
+
|
| 160 |
// Return result
|
| 161 |
return $clean;
|
| 162 |
}
|
| 268 |
$element->removeAttribute('href');
|
| 269 |
}
|
| 270 |
}
|
| 271 |
+
|
| 272 |
+
/**
|
| 273 |
+
* Should we minify the output?
|
| 274 |
+
*
|
| 275 |
+
* @param bool $shouldMinify
|
| 276 |
+
*/
|
| 277 |
+
public function minify($shouldMinify = false)
|
| 278 |
+
{
|
| 279 |
+
$this->minifyXML = (bool) $shouldMinify;
|
| 280 |
+
}
|
| 281 |
}
|
readme.txt
CHANGED
|
@@ -3,8 +3,8 @@ Contributors: enshrined
|
|
| 3 |
Donate link: http://enshrined.co.uk
|
| 4 |
Tags: svg, sanitize, uploads, sanitise, security, svg upload
|
| 5 |
Requires at least: 4.0
|
| 6 |
-
Tested up to: 4.
|
| 7 |
-
Stable tag: 1.
|
| 8 |
License: GPLv2 or later
|
| 9 |
License URI: http://www.gnu.org/licenses/gpl-2.0.html
|
| 10 |
|
|
@@ -38,3 +38,5 @@ Install through the WordPress directory or download, unzip and upload the files
|
|
| 38 |
= 1.2.0 =
|
| 39 |
* Added support for camel case attributes such as viewBox
|
| 40 |
|
|
|
|
|
|
| 3 |
Donate link: http://enshrined.co.uk
|
| 4 |
Tags: svg, sanitize, uploads, sanitise, security, svg upload
|
| 5 |
Requires at least: 4.0
|
| 6 |
+
Tested up to: 4.6.1
|
| 7 |
+
Stable tag: 1.3.0
|
| 8 |
License: GPLv2 or later
|
| 9 |
License URI: http://www.gnu.org/licenses/gpl-2.0.html
|
| 10 |
|
| 38 |
= 1.2.0 =
|
| 39 |
* Added support for camel case attributes such as viewBox
|
| 40 |
|
| 41 |
+
= 1.3.0 =
|
| 42 |
+
* Minify SVGs after cleaning so they can be loaded correctly through file_get_contents
|
safe-svg.php
CHANGED
|
@@ -3,7 +3,7 @@
|
|
| 3 |
Plugin Name: Safe SVG
|
| 4 |
Plugin URI: https://wordpress.org/plugins/safe-svg/
|
| 5 |
Description: Allows SVG uploads into Wordpress and sanitizes the SVG before saving it
|
| 6 |
-
Version: 1.
|
| 7 |
Author: Daryll Doyle
|
| 8 |
Author URI: http://enshrined.co.uk
|
| 9 |
Text Domain: safe-svg
|
|
@@ -33,6 +33,7 @@ if ( ! class_exists( 'safe_svg' ) ) {
|
|
| 33 |
*/
|
| 34 |
function __construct() {
|
| 35 |
$this->sanitizer = new enshrined\svgSanitize\Sanitizer();
|
|
|
|
| 36 |
|
| 37 |
add_filter( 'upload_mimes', array( $this, 'allow_svg' ) );
|
| 38 |
add_filter( 'wp_handle_upload_prefilter', array( $this, 'check_for_svg' ) );
|
| 3 |
Plugin Name: Safe SVG
|
| 4 |
Plugin URI: https://wordpress.org/plugins/safe-svg/
|
| 5 |
Description: Allows SVG uploads into Wordpress and sanitizes the SVG before saving it
|
| 6 |
+
Version: 1.3.0
|
| 7 |
Author: Daryll Doyle
|
| 8 |
Author URI: http://enshrined.co.uk
|
| 9 |
Text Domain: safe-svg
|
| 33 |
*/
|
| 34 |
function __construct() {
|
| 35 |
$this->sanitizer = new enshrined\svgSanitize\Sanitizer();
|
| 36 |
+
$this->sanitizer->minify(true);
|
| 37 |
|
| 38 |
add_filter( 'upload_mimes', array( $this, 'allow_svg' ) );
|
| 39 |
add_filter( 'wp_handle_upload_prefilter', array( $this, 'check_for_svg' ) );
|
