Safe SVG - Version 1.4.1

Version Description

  • Updated underlying library to allow attributes/tags in all case variations
Download this release

Release Info

Developer enshrined
Plugin Icon 128x128 Safe SVG
Version 1.4.1
Comparing to
See all releases

Code changes from version 1.3.4 to 1.4.1

Files changed (14) hide show
  1. lib/composer.lock +5 -5
  2. lib/vendor/composer/installed.json +6 -6
  3. lib/vendor/enshrined/svg-sanitize/.gitignore +2 -1
  4. lib/vendor/enshrined/svg-sanitize/.travis.yml +1 -0
  5. lib/vendor/enshrined/svg-sanitize/README.md +8 -0
  6. lib/vendor/enshrined/svg-sanitize/src/Sanitizer.php +45 -2
  7. lib/vendor/enshrined/svg-sanitize/src/data/AllowedAttributes.php +13 -13
  8. lib/vendor/enshrined/svg-sanitize/src/data/AllowedTags.php +9 -2
  9. lib/vendor/enshrined/svg-sanitize/tests/SanitizerTest.php +30 -0
  10. lib/vendor/enshrined/svg-sanitize/tests/data/externalClean.svg +6 -0
  11. lib/vendor/enshrined/svg-sanitize/tests/data/externalTest.svg +8 -0
  12. lib/vendor/enshrined/svg-sanitize/tests/data/svgCleanOneMinified.svg +1 -0
  13. readme.txt +26 -19
  14. safe-svg.php +70 -11
lib/composer.lock CHANGED
@@ -9,16 +9,16 @@
9
  "packages": [
10
  {
11
  "name": "enshrined/svg-sanitize",
12
- "version": "0.4.1",
13
  "source": {
14
  "type": "git",
15
  "url": "https://github.com/darylldoyle/svg-sanitizer.git",
16
- "reference": "7a1e99504b54698607f039b4384f626d13222aeb"
17
  },
18
  "dist": {
19
  "type": "zip",
20
- "url": "https://api.github.com/repos/darylldoyle/svg-sanitizer/zipball/7a1e99504b54698607f039b4384f626d13222aeb",
21
- "reference": "7a1e99504b54698607f039b4384f626d13222aeb",
22
  "shasum": ""
23
  },
24
  "require-dev": {
@@ -42,7 +42,7 @@
42
  }
43
  ],
44
  "description": "An SVG sanitizer for PHP",
45
- "time": "2016-12-01 23:15:52"
46
  }
47
  ],
48
  "packages-dev": [],
9
  "packages": [
10
  {
11
  "name": "enshrined/svg-sanitize",
12
+ "version": "0.5.2",
13
  "source": {
14
  "type": "git",
15
  "url": "https://github.com/darylldoyle/svg-sanitizer.git",
16
+ "reference": "59abb58f5cf68e55be5bfb93574c0e055c2a577d"
17
  },
18
  "dist": {
19
  "type": "zip",
20
+ "url": "https://api.github.com/repos/darylldoyle/svg-sanitizer/zipball/59abb58f5cf68e55be5bfb93574c0e055c2a577d",
21
+ "reference": "59abb58f5cf68e55be5bfb93574c0e055c2a577d",
22
  "shasum": ""
23
  },
24
  "require-dev": {
42
  }
43
  ],
44
  "description": "An SVG sanitizer for PHP",
45
+ "time": "2017-02-23 17:42:17"
46
  }
47
  ],
48
  "packages-dev": [],
lib/vendor/composer/installed.json CHANGED
@@ -1,24 +1,24 @@
1
  [
2
  {
3
  "name": "enshrined/svg-sanitize",
4
- "version": "0.4.1",
5
- "version_normalized": "0.4.1.0",
6
  "source": {
7
  "type": "git",
8
  "url": "https://github.com/darylldoyle/svg-sanitizer.git",
9
- "reference": "7a1e99504b54698607f039b4384f626d13222aeb"
10
  },
11
  "dist": {
12
  "type": "zip",
13
- "url": "https://api.github.com/repos/darylldoyle/svg-sanitizer/zipball/7a1e99504b54698607f039b4384f626d13222aeb",
14
- "reference": "7a1e99504b54698607f039b4384f626d13222aeb",
15
  "shasum": ""
16
  },
17
  "require-dev": {
18
  "codeclimate/php-test-reporter": "^0.1.2",
19
  "phpunit/phpunit": "^4.7"
20
  },
21
- "time": "2016-12-01 23:15:52",
22
  "type": "library",
23
  "installation-source": "dist",
24
  "autoload": {
1
  [
2
  {
3
  "name": "enshrined/svg-sanitize",
4
+ "version": "0.5.2",
5
+ "version_normalized": "0.5.2.0",
6
  "source": {
7
  "type": "git",
8
  "url": "https://github.com/darylldoyle/svg-sanitizer.git",
9
+ "reference": "59abb58f5cf68e55be5bfb93574c0e055c2a577d"
10
  },
11
  "dist": {
12
  "type": "zip",
13
+ "url": "https://api.github.com/repos/darylldoyle/svg-sanitizer/zipball/59abb58f5cf68e55be5bfb93574c0e055c2a577d",
14
+ "reference": "59abb58f5cf68e55be5bfb93574c0e055c2a577d",
15
  "shasum": ""
16
  },
17
  "require-dev": {
18
  "codeclimate/php-test-reporter": "^0.1.2",
19
  "phpunit/phpunit": "^4.7"
20
  },
21
+ "time": "2017-02-23 17:42:17",
22
  "type": "library",
23
  "installation-source": "dist",
24
  "autoload": {
lib/vendor/enshrined/svg-sanitize/.gitignore CHANGED
@@ -1 +1,2 @@
1
- /vendor
 
1
+ /vendor
2
+ /build
lib/vendor/enshrined/svg-sanitize/.travis.yml CHANGED
@@ -4,6 +4,7 @@ php:
4
  - 5.4
5
  - 5.5
6
  - 5.6
 
7
  - hhvm
8
 
9
  before_script:
4
  - 5.4
5
  - 5.5
6
  - 5.6
7
+ - 7.0
8
  - hhvm
9
 
10
  before_script:
lib/vendor/enshrined/svg-sanitize/README.md CHANGED
@@ -40,6 +40,14 @@ You may pass your own whitelist of tags and attributes by using the `Sanitizer::
40
 
41
  These methods require that you implement the `enshrined\svgSanitize\data\TagInterface` or `enshrined\svgSanitize\data\AttributeInterface`.
42
 
 
 
 
 
 
 
 
 
43
  ## Minification
44
 
45
  You can minify the XML output by calling `$sanitiser->minify(true);`.
40
 
41
  These methods require that you implement the `enshrined\svgSanitize\data\TagInterface` or `enshrined\svgSanitize\data\AttributeInterface`.
42
 
43
+ ## Remove remote references
44
+
45
+ You have the option to remove attributes that reference remote files, this will stop HTTP leaks but will add an overhead to the sanitiser.
46
+
47
+ This defaults to false, set to true to remove references.
48
+
49
+ `$sanitizer->removeRemoteReferences(true);`
50
+
51
  ## Minification
52
 
53
  You can minify the XML output by calling `$sanitiser->minify(true);`.
lib/vendor/enshrined/svg-sanitize/src/Sanitizer.php CHANGED
@@ -23,6 +23,11 @@ class Sanitizer
23
  */
24
  const SCRIPT_REGEX = '/(?:\w+script|data):/xi';
25
 
 
 
 
 
 
26
  /**
27
  * @var DOMDocument
28
  */
@@ -48,6 +53,11 @@ class Sanitizer
48
  */
49
  protected $minifyXML = false;
50
 
 
 
 
 
 
51
  /**
52
  *
53
  */
@@ -116,6 +126,16 @@ class Sanitizer
116
  $this->allowedAttrs = $allowedAttrs::getAttributes();
117
  }
118
 
 
 
 
 
 
 
 
 
 
 
119
  /**
120
  * Sanitize the passed string
121
  *
@@ -212,7 +232,7 @@ class Sanitizer
212
  $currentElement = $elements->item($i);
213
 
214
  // If the tag isn't in the whitelist, remove it and continue with next iteration
215
- if (!in_array($currentElement->tagName, $this->allowedTags)) {
216
  $currentElement->parentNode->removeChild($currentElement);
217
  continue;
218
  }
@@ -237,9 +257,17 @@ class Sanitizer
237
  $attrName = $element->attributes->item($x)->name;
238
 
239
  // Remove attribute if not in whitelist
240
- if (!in_array($attrName, $this->allowedAttrs)) {
241
  $element->removeAttribute($attrName);
242
  }
 
 
 
 
 
 
 
 
243
  }
244
  }
245
 
@@ -269,6 +297,21 @@ class Sanitizer
269
  }
270
  }
271
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
272
  /**
273
  * Should we minify the output?
274
  *
23
  */
24
  const SCRIPT_REGEX = '/(?:\w+script|data):/xi';
25
 
26
+ /**
27
+ * Regex to test for remote URLs in linked assets
28
+ */
29
+ const REMOTE_REFERENCE_REGEX = '/url\(([\'"]?(?:http|https):)[\'"]?([^\'"\)]*)[\'"]?\)/xi';
30
+
31
  /**
32
  * @var DOMDocument
33
  */
53
  */
54
  protected $minifyXML = false;
55
 
56
+ /**
57
+ * @var bool
58
+ */
59
+ protected $removeRemoteReferences = false;
60
+
61
  /**
62
  *
63
  */
126
  $this->allowedAttrs = $allowedAttrs::getAttributes();
127
  }
128
 
129
+ /**
130
+ * Should we remove references to remote files?
131
+ *
132
+ * @param bool $removeRemoteRefs
133
+ */
134
+ public function removeRemoteReferences($removeRemoteRefs = false)
135
+ {
136
+ $this->removeRemoteReferences = $removeRemoteRefs;
137
+ }
138
+
139
  /**
140
  * Sanitize the passed string
141
  *
232
  $currentElement = $elements->item($i);
233
 
234
  // If the tag isn't in the whitelist, remove it and continue with next iteration
235
+ if (!in_array(strtolower($currentElement->tagName), $this->allowedTags)) {
236
  $currentElement->parentNode->removeChild($currentElement);
237
  continue;
238
  }
257
  $attrName = $element->attributes->item($x)->name;
258
 
259
  // Remove attribute if not in whitelist
260
+ if (!in_array(strtolower($attrName), $this->allowedAttrs)) {
261
  $element->removeAttribute($attrName);
262
  }
263
+
264
+ // Do we want to strip remote references?
265
+ if($this->removeRemoteReferences) {
266
+ // Remove attribute if it has a remote reference
267
+ if (isset($element->attributes->item($x)->value) && $this->hasRemoteReference($element->attributes->item($x)->value)) {
268
+ $element->removeAttribute($attrName);
269
+ }
270
+ }
271
  }
272
  }
273
 
297
  }
298
  }
299
 
300
+ /**
301
+ * Does this attribute value have a remote reference?
302
+ *
303
+ * @param $value
304
+ * @return bool
305
+ */
306
+ protected function hasRemoteReference($value)
307
+ {
308
+ if (preg_match(self::REMOTE_REFERENCE_REGEX, $value) === 1) {
309
+ return true;
310
+ }
311
+
312
+ return false;
313
+ }
314
+
315
  /**
316
  * Should we minify the output?
317
  *
lib/vendor/enshrined/svg-sanitize/src/data/AllowedAttributes.php CHANGED
@@ -68,19 +68,19 @@ class AllowedAttributes implements AttributeInterface
68
 
69
 
70
  // Camel Case
71
- "allowReorder", "attributeName", "attributeType", "autoReverse", "baseFrequency",
72
- "baseProfile", "calcMode", "clipPathUnits", "contentScriptType", "contentStyleType",
73
- "diffuseConstant", "edgeMode", "externalResourcesRequired", "filterRes",
74
- "filterUnits", "glyphRef", "gradientTransform", "gradientUnits", "kernelMatrix",
75
- "kernelUnitLength", "keyPoints", "keySplines", "keyTimes", "lengthAdjust",
76
- "limitingConeAngle", "markerHeight", "markerUnits", "markerWidth", "maskContentUnits",
77
- "maskUnits", "numOctaves", "pathLength", "patternContentUnits", "patternTransform",
78
- "patternUnits", "pointsAtX", "pointsAtY", "pointsAtZ", "preserveAlpha",
79
- "preserveAspectRatio", "primitiveUnits", "refX", "refY", "repeatCount",
80
- "repeatDur", "requiredExtensions", "requiredFeatures", "specularConstant",
81
- "specularExponent", "spreadMethod", "startOffset", "stdDeviation", "stitchTiles",
82
- "surfaceScale", "systemLanguage", "tableValues", "targetX", "targetY", "textLength",
83
- "viewBox", "viewTarget", "xChannelSelector", "yChannelSelector", "zoomAndPan",
84
  );
85
  }
86
  }
68
 
69
 
70
  // Camel Case
71
+ "allowreorder", "attributename", "attributetype", "autoreverse", "basefrequency",
72
+ "baseprofile", "calcmode", "clippathunits", "contentscripttype", "contentstyletype",
73
+ "diffuseconstant", "edgemode", "externalresourcesrequired", "filterres",
74
+ "filterunits", "glyphref", "gradienttransform", "gradientunits", "kernelmatrix",
75
+ "kernelunitlength", "keypoints", "keysplines", "keytimes", "lengthadjust",
76
+ "limitingconeangle", "markerheight", "markerunits", "markerwidth", "maskcontentunits",
77
+ "maskunits", "numoctaves", "pathlength", "patterncontentunits", "patterntransform",
78
+ "patternunits", "pointsatx", "pointsaty", "pointsatz", "preservealpha",
79
+ "preserveaspectratio", "primitiveunits", "refx", "refy", "repeatcount",
80
+ "repeatdur", "requiredextensions", "requiredfeatures", "specularconstant",
81
+ "specularexponent", "spreadmethod", "startoffset", "stddeviation", "stitchtiles",
82
+ "surfacescale", "systemlanguage", "tablevalues", "targetx", "targety", "textlength",
83
+ "viewbox", "viewtarget", "xchannelselector", "ychannelselector", "zoomandpan",
84
  );
85
  }
86
  }
lib/vendor/enshrined/svg-sanitize/src/data/AllowedTags.php CHANGED
@@ -38,18 +38,25 @@ class AllowedTags implements TagInterface
38
  // SVG
39
  'svg','altglyph','altglyphdef','altglyphitem','animatecolor',
40
  'animatemotion','animatetransform','circle','clippath','defs','desc',
41
- 'ellipse','font','g','glyph','glyphref','hkern','image','line',
42
  'lineargradient','marker','mask','metadata','mpath','path','pattern',
43
  'polygon','polyline','radialgradient','rect','stop','switch','symbol',
44
  'text','textpath','title','tref','tspan','view','vkern',
45
 
 
 
 
 
 
 
 
46
  //MathML
47
  'math','menclose','merror','mfenced','mfrac','mglyph','mi','mlabeledtr',
48
  'mmuliscripts','mn','mo','mover','mpadded','mphantom','mroot','mrow',
49
  'ms','mpspace','msqrt','mystyle','msub','msup','msubsup','mtable','mtd',
50
  'mtext','mtr','munder','munderover',
51
 
52
- //Text
53
  '#text'
54
  );
55
  }
38
  // SVG
39
  'svg','altglyph','altglyphdef','altglyphitem','animatecolor',
40
  'animatemotion','animatetransform','circle','clippath','defs','desc',
41
+ 'ellipse','filter','font','g','glyph','glyphref','hkern','image','line',
42
  'lineargradient','marker','mask','metadata','mpath','path','pattern',
43
  'polygon','polyline','radialgradient','rect','stop','switch','symbol',
44
  'text','textpath','title','tref','tspan','view','vkern',
45
 
46
+ // SVG Filters
47
+ 'feblend','fecolormatrix','fecomponenttransfer','fecomposite',
48
+ 'feconvolvematrix','fediffuselighting','fedisplacementmap',
49
+ 'feflood','fefunca','fefuncb','fefuncg','fefuncr','fegaussianblur',
50
+ 'femerge','femergenode','femorphology','feoffset',
51
+ 'fespecularlighting','fetile','feturbulence',
52
+
53
  //MathML
54
  'math','menclose','merror','mfenced','mfrac','mglyph','mi','mlabeledtr',
55
  'mmuliscripts','mn','mo','mover','mpadded','mphantom','mroot','mrow',
56
  'ms','mpspace','msqrt','mystyle','msub','msup','msubsup','mtable','mtd',
57
  'mtext','mtr','munder','munderover',
58
 
59
+ //text
60
  '#text'
61
  );
62
  }
lib/vendor/enshrined/svg-sanitize/tests/SanitizerTest.php CHANGED
@@ -118,4 +118,34 @@ class SanitizerTest extends PHPUnit_Framework_TestCase
118
 
119
  $this->assertXmlStringEqualsXmlString($expected, $cleanData);
120
  }
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
121
  }
118
 
119
  $this->assertXmlStringEqualsXmlString($expected, $cleanData);
120
  }
121
+
122
+ /**
123
+ * Make sure that external references get sanitized correctly
124
+ */
125
+ public function testSanitizeExternal()
126
+ {
127
+ $initialData = file_get_contents('tests/data/externalTest.svg');
128
+ $expected = file_get_contents('tests/data/externalClean.svg');
129
+
130
+ $this->class->removeRemoteReferences(true);
131
+ $cleanData = $this->class->sanitize($initialData);
132
+ $this->class->removeRemoteReferences(false);
133
+
134
+ $this->assertXmlStringEqualsXmlString($expected, $cleanData);
135
+ }
136
+
137
+ /**
138
+ * Test that minification of an SVG works
139
+ */
140
+ public function testSanitizeAndMinifiySVGDoc()
141
+ {
142
+ $initialData = file_get_contents('tests/data/svgTestOne.svg');
143
+ $expected = file_get_contents('tests/data/svgCleanOneMinified.svg');
144
+
145
+ $this->class->minify(true);
146
+ $cleanData = $this->class->sanitize($initialData);
147
+ $this->class->minify(false);
148
+
149
+ $this->assertXmlStringEqualsXmlString($expected, $cleanData);
150
+ }
151
  }
lib/vendor/enshrined/svg-sanitize/tests/data/externalClean.svg ADDED
@@ -0,0 +1,6 @@
 
 
 
 
 
 
1
+ <svg xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" xml:space="preserve">
2
+ <rect x="0" y="0" width="1000" height="1000"></rect>
3
+ <rect x="0" y="0" width="1000" height="1000"></rect>
4
+ <rect fill="url('/benis.svg')" x="0" y="0" width="1000" height="1000"></rect>
5
+ <rect fill="url('#benis.svg')" x="0" y="0" width="1000" height="1000"></rect>
6
+ </svg>
lib/vendor/enshrined/svg-sanitize/tests/data/externalTest.svg ADDED
@@ -0,0 +1,8 @@
 
 
 
 
 
 
 
 
1
+ <?xml version="1.0" encoding="utf-8" ?>
2
+ <!DOCTYPE svg PUBLIC "-//W3C//DTD SVG 1.1//EN" "http://www.w3.org/Graphics/SVG/1.1/DTD/svg11.dtd">
3
+ <svg version="1.1" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" xml:space="preserve">
4
+ <rect fill="url('http://example.com/benis.svg')" x="0" y="0" width="1000" height="1000"></rect>
5
+ <rect fill="url('https://example.com/benis.svg')" x="0" y="0" width="1000" height="1000"></rect>
6
+ <rect fill="url('/benis.svg')" x="0" y="0" width="1000" height="1000"></rect>
7
+ <rect fill="url('#benis.svg')" x="0" y="0" width="1000" height="1000"></rect>
8
+ </svg>
lib/vendor/enshrined/svg-sanitize/tests/data/svgCleanOneMinified.svg ADDED
@@ -0,0 +1 @@
 
1
+ <svg xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" id="Layer_1" x="0px" y="0px" width="600px" height="600px" viewBox="0 0 600 600" xml:space="preserve"> <line fill="none" stroke="#000000" stroke-miterlimit="10" x1="119" y1="84.5" x2="454" y2="84.5"></line> <line fill="none" stroke="#000000" stroke-miterlimit="10" x1="111.212" y1="102.852" x2="112.032" y2="476.623"></line> <line fill="none" stroke="#000000" stroke-miterlimit="10" x1="198.917" y1="510.229" x2="486.622" y2="501.213"></line> <line fill="none" stroke="#000000" stroke-miterlimit="10" x1="484.163" y1="442.196" x2="89.901" y2="60.229"></line> <line fill="none" stroke="#000000" stroke-miterlimit="10" x1="101.376" y1="478.262" x2="443.18" y2="75.803"></line> <line fill="none" stroke="#000000" stroke-miterlimit="10" x1="457.114" y1="126.623" x2="458.753" y2="363.508"></line> <line fill="none" stroke="#000000" stroke-miterlimit="10" x1="541.54" y1="299.573" x2="543.179" y2="536.458"></line> </svg>
readme.txt CHANGED
@@ -4,7 +4,7 @@ Donate link: http://enshrined.co.uk
4
  Tags: svg, sanitize, uploads, sanitise, security, svg upload
5
  Requires at least: 4.0
6
  Tested up to: 4.7.2
7
- Stable tag: 1.3.4
8
  License: GPLv2 or later
9
  License URI: http://www.gnu.org/licenses/gpl-2.0.html
10
 
@@ -24,31 +24,38 @@ Install through the WordPress directory or download, unzip and upload the files
24
 
25
  == Changelog ==
26
 
27
- = 1.0.0 =
28
- * Initial Release
29
 
30
- = 1.1.0 =
31
- * Added i18n
32
- * Added da, de ,en, es, fr, nl and ru translations
33
- * Fixed an issue with filename not being pulled over on failed uploads
34
 
35
- = 1.1.1 =
36
- * Fixed an issue with empty svg elements self-closing
37
 
38
- = 1.2.0 =
39
- * Added support for camel case attributes such as viewBox
40
 
41
- = 1.3.0 =
42
- * Minify SVGs after cleaning so they can be loaded correctly through file_get_contents
43
 
44
  = 1.3.1 =
45
  * Updated underlying library version
46
 
47
- = 1.3.2 =
48
- * Fix for the mime type issue in 4.7.1. Mad props to @lewiscowles
49
 
50
- = 1.3.3 =
51
- * Allow SVGZ uploads
52
 
53
- = 1.3.4 =
54
- * A fix for SVGZ uploads failing and not sanitising correctly
 
 
 
 
 
 
 
 
4
  Tags: svg, sanitize, uploads, sanitise, security, svg upload
5
  Requires at least: 4.0
6
  Tested up to: 4.7.2
7
+ Stable tag: 1.4.1
8
  License: GPLv2 or later
9
  License URI: http://www.gnu.org/licenses/gpl-2.0.html
10
 
24
 
25
  == Changelog ==
26
 
27
+ = 1.4.1 =
28
+ * Updated underlying library to allow attributes/tags in all case variations
29
 
30
+ = 1.4.0 =
31
+ * Added ability to preview SVG on both grid and list view in the wp-admin media area
32
+ * Updated underlying library version
 
33
 
34
+ = 1.3.4 =
35
+ * A fix for SVGZ uploads failing and not sanitising correctly
36
 
37
+ = 1.3.3 =
38
+ * Allow SVGZ uploads
39
 
40
+ = 1.3.2 =
41
+ * Fix for the mime type issue in 4.7.1. Mad props to @lewiscowles
42
 
43
  = 1.3.1 =
44
  * Updated underlying library version
45
 
46
+ = 1.3.0 =
47
+ * Minify SVGs after cleaning so they can be loaded correctly through file_get_contents
48
 
49
+ = 1.2.0 =
50
+ * Added support for camel case attributes such as viewBox
51
 
52
+ = 1.1.1 =
53
+ * Fixed an issue with empty svg elements self-closing
54
+
55
+ = 1.1.0 =
56
+ * Added i18n
57
+ * Added da, de ,en, es, fr, nl and ru translations
58
+ * Fixed an issue with filename not being pulled over on failed uploads
59
+
60
+ = 1.0.0 =
61
+ * Initial Release
safe-svg.php CHANGED
@@ -3,7 +3,7 @@
3
  Plugin Name: Safe SVG
4
  Plugin URI: https://wordpress.org/plugins/safe-svg/
5
  Description: Allows SVG uploads into WordPress and sanitizes the SVG before saving it
6
- Version: 1.3.4
7
  Author: Daryll Doyle
8
  Author URI: http://enshrined.co.uk
9
  Text Domain: safe-svg
@@ -38,6 +38,8 @@ if ( ! class_exists( 'safe_svg' ) ) {
38
  add_filter( 'upload_mimes', array( $this, 'allow_svg' ) );
39
  add_filter( 'wp_handle_upload_prefilter', array( $this, 'check_for_svg' ) );
40
  add_filter( 'wp_check_filetype_and_ext', array( $this, 'fix_mime_type_svg' ), 75, 4 );
 
 
41
  }
42
 
43
  /**
@@ -135,19 +137,76 @@ if ( ! class_exists( 'safe_svg' ) ) {
135
  file_put_contents( $file, $clean );
136
 
137
  return true;
138
- }
139
 
140
- /**
141
- * Check if the contents are gzipped
142
- * @see http://www.gzip.org/zlib/rfc-gzip.html#member-format
143
- *
144
- * @param $contents
145
- *
146
- * @return bool
147
- */
148
- protected function is_gzipped( $contents ) {
149
  return 0 === mb_strpos( $contents , "\x1f" . "\x8b" . "\x08" );
150
  }
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
151
  }
152
  }
153
 
3
  Plugin Name: Safe SVG
4
  Plugin URI: https://wordpress.org/plugins/safe-svg/
5
  Description: Allows SVG uploads into WordPress and sanitizes the SVG before saving it
6
+ Version: 1.4.1
7
  Author: Daryll Doyle
8
  Author URI: http://enshrined.co.uk
9
  Text Domain: safe-svg
38
  add_filter( 'upload_mimes', array( $this, 'allow_svg' ) );
39
  add_filter( 'wp_handle_upload_prefilter', array( $this, 'check_for_svg' ) );
40
  add_filter( 'wp_check_filetype_and_ext', array( $this, 'fix_mime_type_svg' ), 75, 4 );
41
+ add_filter( 'wp_prepare_attachment_for_js', array( $this, 'fix_admin_preview' ), 10, 3 );
42
+ add_filter( 'wp_get_attachment_image_src', array( $this, 'one_pixel_fix' ), 10, 4 );
43
  }
44
 
45
  /**
137
  file_put_contents( $file, $clean );
138
 
139
  return true;
140
+ }
141
 
142
+ /**
143
+ * Check if the contents are gzipped
144
+ * @see http://www.gzip.org/zlib/rfc-gzip.html#member-format
145
+ *
146
+ * @param $contents
147
+ *
148
+ * @return bool
149
+ */
150
+ protected function is_gzipped( $contents ) {
151
  return 0 === mb_strpos( $contents , "\x1f" . "\x8b" . "\x08" );
152
  }
153
+
154
+ /**
155
+ * Filters the attachment data prepared for JavaScript to add the sizes array to the response
156
+ *
157
+ * @param array $response Array of prepared attachment data.
158
+ * @param int|object $attachment Attachment ID or object.
159
+ * @param array $meta Array of attachment meta data.
160
+ *
161
+ * @return array
162
+ */
163
+ public function fix_admin_preview( $response, $attachment, $meta ) {
164
+
165
+ if ( $response['mime'] == 'image/svg+xml' ) {
166
+ $possible_sizes = apply_filters( 'image_size_names_choose', array(
167
+ 'thumbnail' => __( 'Thumbnail' ),
168
+ 'medium' => __( 'Medium' ),
169
+ 'large' => __( 'Large' ),
170
+ 'full' => __( 'Full Size' ),
171
+ ) );
172
+
173
+ $sizes = array();
174
+
175
+ foreach ( $possible_sizes as $size ) {
176
+ $sizes[ $size ] = array(
177
+ 'height' => 2000,
178
+ 'width' => 2000,
179
+ 'url' => $response['url'],
180
+ 'orientation' => 'portrait',
181
+ );
182
+ }
183
+
184
+ $response['sizes'] = $sizes;
185
+ }
186
+
187
+ return $response;
188
+ }
189
+
190
+ /**
191
+ * Filters the image src result.
192
+ * Here we're gonna spoof the image size and set it to 100 width and height
193
+ *
194
+ * @param array|false $image Either array with src, width & height, icon src, or false.
195
+ * @param int $attachment_id Image attachment ID.
196
+ * @param string|array $size Size of image. Image size or array of width and height values
197
+ * (in that order). Default 'thumbnail'.
198
+ * @param bool $icon Whether the image should be treated as an icon. Default false.
199
+ *
200
+ * @return array
201
+ */
202
+ public function one_pixel_fix( $image, $attachment_id, $size, $icon ) {
203
+ if ( get_post_mime_type( $attachment_id ) == 'image/svg+xml' ) {
204
+ $image['1'] = 100;
205
+ $image['2'] = 100;
206
+ }
207
+
208
+ return $image;
209
+ }
210
  }
211
  }
212