Version Description
- 2022-04-06 =
-
Added: New filter,
safe_svg_use_width_height_attributes
, that can be used to change the order of attributes we use to determine the SVG dimensions (props @dkotter, @peterwilsoncc). - Changed: Documentation updates (props @j-hoffmann, @jeffpaul, @Zodiac1978).
-
Fixed: Use the
viewBox
attributes first for image dimensions. Ensure we don't use image dimensions that end with percent signs (props @dkotter, @peterwilsoncc). - Fixed: Make sure we use the full size SVG dimensions rather than the requested size, to avoid wrong sizes being used and duplicate height and width attributes (props @dkotter, @cadic).
-
Fixed: Ensure the
tmp_name
andname
properties exist before we use them (props @dkotter, @aksld).
Download this release
Release Info
Developer | 10up |
Plugin | Safe SVG |
Version | 2.0.0 |
Comparing to | |
See all releases |
Code changes from version 1.9.10 to 2.0.0
- readme.txt +44 -37
- safe-svg.php +85 -40
- vendor/autoload.php +1 -1
- vendor/composer/autoload_real.php +4 -4
- vendor/composer/autoload_static.php +4 -4
- vendor/composer/installed.php +6 -6
readme.txt
CHANGED
@@ -3,7 +3,7 @@ Contributors: 10up, enshrined
|
|
3 |
Tags: svg, sanitize, upload, sanitise, security, svg upload, image, vector, file, graphic, media, mime
|
4 |
Requires at least: 4.7
|
5 |
Tested up to: 5.9
|
6 |
-
Stable tag:
|
7 |
Requires PHP: 7.0
|
8 |
License: GPLv2 or later
|
9 |
License URI: http://www.gnu.org/licenses/gpl-2.0.html
|
@@ -66,12 +66,19 @@ They take one argument that must be returned. See below for examples:
|
|
66 |
|
67 |
== Changelog ==
|
68 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
69 |
= 1.9.10 - 2022-02-23 =
|
70 |
**Note that this release bumps the WordPress minimum version from 4.0 to 4.7 and the PHP minimum version from 5.6 to 7.0.**
|
71 |
|
72 |
* **Changed:** Bump WordPress minimum version from 4.0 to 4.7 (props [@cadic](https://github.com/cadic)).
|
73 |
* **Changed:** Bump PHP minimum version from 5.6 to 7.0 (props [@mehidi258](https://github.com/mehidi258), [@iamdharmesh](https://github.com/iamdharmesh), [@amdd-tim](https://github.com/amdd-tim), [@darylldoyle](https://github.com/darylldoyle), [@jeffpaul](https://github.com/jeffpaul)).
|
74 |
-
* **Changed:** Update `enshrined/svg-sanitize` from 0.13.3 to 0.
|
75 |
* **Changed:** Bump WordPress version "tested up to" 5.9 (props [@BBerg10up](https://github.com/BBerg10up), [@jeffpaul](https://github.com/jeffpaul), [@cadic](https://github.com/cadic)).
|
76 |
* **Changed:** Updated library location and added a new build step (props [@darylldoyle](https://github.com/darylldoyle), [@dkotter](https://github.com/dkotter)).
|
77 |
* **Changed:** Updated plugin assets and added docs and repo management workflows via GitHub Actions (props [Brooke Campbell](https://www.linkedin.com/in/brookecampbelldesign/), [@jeffpaul](https://github.com/jeffpaul)).
|
@@ -80,120 +87,120 @@ They take one argument that must be returned. See below for examples:
|
|
80 |
* **Fixed:** Use calculated size for SVGs instead of using `false` (props [@dkotter](https://github.com/dkotter), [@darylldoyle](https://github.com/darylldoyle), [@fritteli](https://github.com/fritteli)).
|
81 |
* **Fixed:** Add better file type checking when looking for SVG files (props [@davidhamann](https://github.com/davidhamann), [@dkotter](https://github.com/dkotter), [@darylldoyle](https://github.com/darylldoyle)).
|
82 |
|
83 |
-
= 1.9.9 - 2020-05-07=
|
84 |
* **Fixed:** Issue where 100% width is accidentally converted to 100px width (props [@joehoyle](https://github.com/joehoyle)).
|
85 |
|
86 |
-
= 1.9.8 - 2020-05-07=
|
87 |
* **Changed:** Underlying library update.
|
88 |
|
89 |
-
= 1.9.7 - 2019-12-10=
|
90 |
* **Changed:** Underlying library update.
|
91 |
|
92 |
-
= 1.9.6 - 2019-11-07=
|
93 |
* **Security:** Underlying library update that fixes a security issue.
|
94 |
|
95 |
-
= 1.9.5 - 2019-11-04=
|
96 |
* **Security:** Underlying library update that fixes some security issues.
|
97 |
|
98 |
-
= 1.9.4 - 2019-08-21=
|
99 |
* **Fixed:** Bug causing lots of error log output to do with `safe_svg::fix_direct_image_output()`.
|
100 |
|
101 |
-
= 1.9.3 - 2019-02-19=
|
102 |
* **Fixed:** Bug causing 0 height and width SVGs.
|
103 |
|
104 |
-
= 1.9.2 - 2019-02-14=
|
105 |
* **Fixed:** Warning about an Illegal string offset.
|
106 |
* **Fixed:** Issue if something other than a WP_Post object is passed in via the `wp_get_attachment_image_attributes` filter.
|
107 |
|
108 |
-
= 1.9.1 - 2019-01-29=
|
109 |
* **Fixed:** Warning that was being generated by a change made in 1.9.0.
|
110 |
|
111 |
-
= 1.9.0 - 2019-01-03=
|
112 |
* **Changed:** If an image is the correct ratio, allow skipping of the crop popup when setting header/logo images with SVGs.
|
113 |
|
114 |
-
= 1.8.1 - 2018-11-22=
|
115 |
* **Changed:** Don't let errors break upload if uploading an empty file
|
116 |
* **Fixed:** Featured image display in Gutenberg. Props [@dmhendricks](https://github.com/dmhendricks) :)
|
117 |
|
118 |
-
= 1.8.0 - 2018-11-04=
|
119 |
* **Added:** Pull SVG dimensions from the width/height or viewbox attributes of the SVG.
|
120 |
* **Added:** role="img" attribute to SVGs.
|
121 |
|
122 |
-
= 1.7.1 - 2018-10-01=
|
123 |
* **Changed:** Underlying lib and added new filters for filtering allowed tags and attributes.
|
124 |
|
125 |
-
= 1.7.0 - 2018-10-01=
|
126 |
* **Added:** Allow devs to filter tags and attrs within WordPress.
|
127 |
|
128 |
-
= 1.6.1 - 2018-03-17=
|
129 |
* **Changed:** Images will now use the size chosen when inserted into the page rather than default to 2000px everytime.
|
130 |
|
131 |
-
= 1.6.0 - 2017-12-20=
|
132 |
* **Added:** Fairly big new feature - The library now allows `<use>` elements as long as they don't reference external files!
|
133 |
* **Fixed:** You can now also embed safe image types within the SVG and not have them stripped (PNG, GIF, JPG).
|
134 |
|
135 |
-
= 1.5.3 - 2017-11-16=
|
136 |
* **Fixed:** 1.5.2 introduced an issue that can freeze the media library. This fixes that issue. Sorry!
|
137 |
|
138 |
-
= 1.5.2 - 2017-11-15=
|
139 |
* **Changed:** Tested with 4.9.0.
|
140 |
* **Fixed:** Issue with SVGs when regenerating media.
|
141 |
|
142 |
-
= 1.5.1 - 2017-08-21=
|
143 |
* **Fixed:** PHP strict standards warning.
|
144 |
|
145 |
-
= 1.5.0 - 2017-06-20=
|
146 |
* **Changed:** Library update.
|
147 |
* **Changed:** role, aria- and data- attributes are now whitelisted to improve accessibility.
|
148 |
|
149 |
-
= 1.4.5 - 2017-06-18=
|
150 |
* **Changed:** Library update.
|
151 |
* **Fixed:** some issues with defining the size of an SVG.
|
152 |
|
153 |
-
= 1.4.4 - 2017-06-07=
|
154 |
* **Fixed:** SVGs now display as featured images in the admin area.
|
155 |
|
156 |
-
= 1.4.3 - 2017-03-06=
|
157 |
* **Added:** WordPress 4.7.3 Compatibility.
|
158 |
* **Changed:** Expanded SVG previews in media library.
|
159 |
|
160 |
-
= 1.4.2 - 2017-02-26=
|
161 |
* **Added:** Check / fix for when mb_* functions are not available.
|
162 |
|
163 |
-
= 1.4.1 - 2017-02-23=
|
164 |
* **Changed:** Underlying library to allow attributes/tags in all case variations.
|
165 |
|
166 |
-
= 1.4.0 - 2017-02-21=
|
167 |
* **Added:** Ability to preview SVG on both grid and list view in the wp-admin media area
|
168 |
* **Changed:** Underlying library version.
|
169 |
|
170 |
-
= 1.3.4 - 2017-02-20=
|
171 |
* **Fixed:** SVGZ uploads failing and not sanitising correctly.
|
172 |
|
173 |
-
= 1.3.3 - 2017-02-15=
|
174 |
* **Changed:** Allow SVGZ uploads.
|
175 |
|
176 |
-
= 1.3.2 - 2017-01-27=
|
177 |
* **Fixed:** Mime type issue in 4.7.1. Mad props to [@LewisCowles1986](https://github.com/LewisCowles1986).
|
178 |
|
179 |
-
= 1.3.1 - 2016-12-01=
|
180 |
* **Changed:** Underlying library version.
|
181 |
|
182 |
-
= 1.3.0 - 2016-10-10=
|
183 |
* **Changed:** Minify SVGs after cleaning so they can be loaded correctly through `file_get_contents`.
|
184 |
|
185 |
-
= 1.2.0 - 2016-02-27=
|
186 |
* **Added:** Support for camel case attributes such as viewBox.
|
187 |
|
188 |
-
= 1.1.1 - 2016-07-06=
|
189 |
* **Fixed:** Issue with empty svg elements self-closing.
|
190 |
|
191 |
-
= 1.1.0 - 2015-07-04=
|
192 |
* **Added:** I18n.
|
193 |
* **Added:** da, de ,en, es, fr, nl and ru translations.
|
194 |
* **Fixed:** Issue with filename not being pulled over on failed uploads.
|
195 |
|
196 |
-
= 1.0.0 - 2015-07-03=
|
197 |
* Initial Release.
|
198 |
|
199 |
== Upgrade Notice ==
|
3 |
Tags: svg, sanitize, upload, sanitise, security, svg upload, image, vector, file, graphic, media, mime
|
4 |
Requires at least: 4.7
|
5 |
Tested up to: 5.9
|
6 |
+
Stable tag: 2.0.0
|
7 |
Requires PHP: 7.0
|
8 |
License: GPLv2 or later
|
9 |
License URI: http://www.gnu.org/licenses/gpl-2.0.html
|
66 |
|
67 |
== Changelog ==
|
68 |
|
69 |
+
= 2.0.0 - 2022-04-06 =
|
70 |
+
* **Added:** New filter, `safe_svg_use_width_height_attributes`, that can be used to change the order of attributes we use to determine the SVG dimensions (props [@dkotter](https://github.com/dkotter), [@peterwilsoncc](https://github.com/peterwilsoncc)).
|
71 |
+
* **Changed:** Documentation updates (props [@j-hoffmann](https://github.com/j-hoffmann), [@jeffpaul](https://github.com/jeffpaul), [@Zodiac1978](https://github.com/Zodiac1978)).
|
72 |
+
* **Fixed:** Use the `viewBox` attributes first for image dimensions. Ensure we don't use image dimensions that end with percent signs (props [@dkotter](https://github.com/dkotter), [@peterwilsoncc](https://github.com/peterwilsoncc)).
|
73 |
+
* **Fixed:** Make sure we use the full size SVG dimensions rather than the requested size, to avoid wrong sizes being used and duplicate height and width attributes (props [@dkotter](https://github.com/dkotter), [@cadic](https://github.com/cadic)).
|
74 |
+
* **Fixed:** Ensure the `tmp_name` and `name` properties exist before we use them (props [@dkotter](https://github.com/dkotter), [@aksld](https://github.com/aksld)).
|
75 |
+
|
76 |
= 1.9.10 - 2022-02-23 =
|
77 |
**Note that this release bumps the WordPress minimum version from 4.0 to 4.7 and the PHP minimum version from 5.6 to 7.0.**
|
78 |
|
79 |
* **Changed:** Bump WordPress minimum version from 4.0 to 4.7 (props [@cadic](https://github.com/cadic)).
|
80 |
* **Changed:** Bump PHP minimum version from 5.6 to 7.0 (props [@mehidi258](https://github.com/mehidi258), [@iamdharmesh](https://github.com/iamdharmesh), [@amdd-tim](https://github.com/amdd-tim), [@darylldoyle](https://github.com/darylldoyle), [@jeffpaul](https://github.com/jeffpaul)).
|
81 |
+
* **Changed:** Update `enshrined/svg-sanitize` from 0.13.3 to 0.15.2 (props [@mehidi258](https://github.com/mehidi258), [@iamdharmesh](https://github.com/iamdharmesh), [@amdd-tim](https://github.com/amdd-tim), [@darylldoyle](https://github.com/darylldoyle), [@jeffpaul](https://github.com/jeffpaul), [@cadic](https://github.com/cadic)).
|
82 |
* **Changed:** Bump WordPress version "tested up to" 5.9 (props [@BBerg10up](https://github.com/BBerg10up), [@jeffpaul](https://github.com/jeffpaul), [@cadic](https://github.com/cadic)).
|
83 |
* **Changed:** Updated library location and added a new build step (props [@darylldoyle](https://github.com/darylldoyle), [@dkotter](https://github.com/dkotter)).
|
84 |
* **Changed:** Updated plugin assets and added docs and repo management workflows via GitHub Actions (props [Brooke Campbell](https://www.linkedin.com/in/brookecampbelldesign/), [@jeffpaul](https://github.com/jeffpaul)).
|
87 |
* **Fixed:** Use calculated size for SVGs instead of using `false` (props [@dkotter](https://github.com/dkotter), [@darylldoyle](https://github.com/darylldoyle), [@fritteli](https://github.com/fritteli)).
|
88 |
* **Fixed:** Add better file type checking when looking for SVG files (props [@davidhamann](https://github.com/davidhamann), [@dkotter](https://github.com/dkotter), [@darylldoyle](https://github.com/darylldoyle)).
|
89 |
|
90 |
+
= 1.9.9 - 2020-05-07 =
|
91 |
* **Fixed:** Issue where 100% width is accidentally converted to 100px width (props [@joehoyle](https://github.com/joehoyle)).
|
92 |
|
93 |
+
= 1.9.8 - 2020-05-07 =
|
94 |
* **Changed:** Underlying library update.
|
95 |
|
96 |
+
= 1.9.7 - 2019-12-10 =
|
97 |
* **Changed:** Underlying library update.
|
98 |
|
99 |
+
= 1.9.6 - 2019-11-07 =
|
100 |
* **Security:** Underlying library update that fixes a security issue.
|
101 |
|
102 |
+
= 1.9.5 - 2019-11-04 =
|
103 |
* **Security:** Underlying library update that fixes some security issues.
|
104 |
|
105 |
+
= 1.9.4 - 2019-08-21 =
|
106 |
* **Fixed:** Bug causing lots of error log output to do with `safe_svg::fix_direct_image_output()`.
|
107 |
|
108 |
+
= 1.9.3 - 2019-02-19 =
|
109 |
* **Fixed:** Bug causing 0 height and width SVGs.
|
110 |
|
111 |
+
= 1.9.2 - 2019-02-14 =
|
112 |
* **Fixed:** Warning about an Illegal string offset.
|
113 |
* **Fixed:** Issue if something other than a WP_Post object is passed in via the `wp_get_attachment_image_attributes` filter.
|
114 |
|
115 |
+
= 1.9.1 - 2019-01-29 =
|
116 |
* **Fixed:** Warning that was being generated by a change made in 1.9.0.
|
117 |
|
118 |
+
= 1.9.0 - 2019-01-03 =
|
119 |
* **Changed:** If an image is the correct ratio, allow skipping of the crop popup when setting header/logo images with SVGs.
|
120 |
|
121 |
+
= 1.8.1 - 2018-11-22 =
|
122 |
* **Changed:** Don't let errors break upload if uploading an empty file
|
123 |
* **Fixed:** Featured image display in Gutenberg. Props [@dmhendricks](https://github.com/dmhendricks) :)
|
124 |
|
125 |
+
= 1.8.0 - 2018-11-04 =
|
126 |
* **Added:** Pull SVG dimensions from the width/height or viewbox attributes of the SVG.
|
127 |
* **Added:** role="img" attribute to SVGs.
|
128 |
|
129 |
+
= 1.7.1 - 2018-10-01 =
|
130 |
* **Changed:** Underlying lib and added new filters for filtering allowed tags and attributes.
|
131 |
|
132 |
+
= 1.7.0 - 2018-10-01 =
|
133 |
* **Added:** Allow devs to filter tags and attrs within WordPress.
|
134 |
|
135 |
+
= 1.6.1 - 2018-03-17 =
|
136 |
* **Changed:** Images will now use the size chosen when inserted into the page rather than default to 2000px everytime.
|
137 |
|
138 |
+
= 1.6.0 - 2017-12-20 =
|
139 |
* **Added:** Fairly big new feature - The library now allows `<use>` elements as long as they don't reference external files!
|
140 |
* **Fixed:** You can now also embed safe image types within the SVG and not have them stripped (PNG, GIF, JPG).
|
141 |
|
142 |
+
= 1.5.3 - 2017-11-16 =
|
143 |
* **Fixed:** 1.5.2 introduced an issue that can freeze the media library. This fixes that issue. Sorry!
|
144 |
|
145 |
+
= 1.5.2 - 2017-11-15 =
|
146 |
* **Changed:** Tested with 4.9.0.
|
147 |
* **Fixed:** Issue with SVGs when regenerating media.
|
148 |
|
149 |
+
= 1.5.1 - 2017-08-21 =
|
150 |
* **Fixed:** PHP strict standards warning.
|
151 |
|
152 |
+
= 1.5.0 - 2017-06-20 =
|
153 |
* **Changed:** Library update.
|
154 |
* **Changed:** role, aria- and data- attributes are now whitelisted to improve accessibility.
|
155 |
|
156 |
+
= 1.4.5 - 2017-06-18 =
|
157 |
* **Changed:** Library update.
|
158 |
* **Fixed:** some issues with defining the size of an SVG.
|
159 |
|
160 |
+
= 1.4.4 - 2017-06-07 =
|
161 |
* **Fixed:** SVGs now display as featured images in the admin area.
|
162 |
|
163 |
+
= 1.4.3 - 2017-03-06 =
|
164 |
* **Added:** WordPress 4.7.3 Compatibility.
|
165 |
* **Changed:** Expanded SVG previews in media library.
|
166 |
|
167 |
+
= 1.4.2 - 2017-02-26 =
|
168 |
* **Added:** Check / fix for when mb_* functions are not available.
|
169 |
|
170 |
+
= 1.4.1 - 2017-02-23 =
|
171 |
* **Changed:** Underlying library to allow attributes/tags in all case variations.
|
172 |
|
173 |
+
= 1.4.0 - 2017-02-21 =
|
174 |
* **Added:** Ability to preview SVG on both grid and list view in the wp-admin media area
|
175 |
* **Changed:** Underlying library version.
|
176 |
|
177 |
+
= 1.3.4 - 2017-02-20 =
|
178 |
* **Fixed:** SVGZ uploads failing and not sanitising correctly.
|
179 |
|
180 |
+
= 1.3.3 - 2017-02-15 =
|
181 |
* **Changed:** Allow SVGZ uploads.
|
182 |
|
183 |
+
= 1.3.2 - 2017-01-27 =
|
184 |
* **Fixed:** Mime type issue in 4.7.1. Mad props to [@LewisCowles1986](https://github.com/LewisCowles1986).
|
185 |
|
186 |
+
= 1.3.1 - 2016-12-01 =
|
187 |
* **Changed:** Underlying library version.
|
188 |
|
189 |
+
= 1.3.0 - 2016-10-10 =
|
190 |
* **Changed:** Minify SVGs after cleaning so they can be loaded correctly through `file_get_contents`.
|
191 |
|
192 |
+
= 1.2.0 - 2016-02-27 =
|
193 |
* **Added:** Support for camel case attributes such as viewBox.
|
194 |
|
195 |
+
= 1.1.1 - 2016-07-06 =
|
196 |
* **Fixed:** Issue with empty svg elements self-closing.
|
197 |
|
198 |
+
= 1.1.0 - 2015-07-04 =
|
199 |
* **Added:** I18n.
|
200 |
* **Added:** da, de ,en, es, fr, nl and ru translations.
|
201 |
* **Fixed:** Issue with filename not being pulled over on failed uploads.
|
202 |
|
203 |
+
= 1.0.0 - 2015-07-03 =
|
204 |
* Initial Release.
|
205 |
|
206 |
== Upgrade Notice ==
|
safe-svg.php
CHANGED
@@ -1,9 +1,9 @@
|
|
1 |
<?php
|
2 |
/*
|
3 |
* Plugin Name: Safe SVG
|
4 |
-
* Plugin URI: https://
|
5 |
-
* Description:
|
6 |
-
* Version:
|
7 |
* Requires at least: 4.7
|
8 |
* Requires PHP: 7.0
|
9 |
* Author: 10up
|
@@ -78,7 +78,7 @@ if ( ! class_exists( 'safe_svg' ) ) {
|
|
78 |
add_filter( 'wp_generate_attachment_metadata', array( $this, 'skip_svg_regeneration' ), 10, 2 );
|
79 |
add_filter( 'plugin_action_links_' . plugin_basename( __FILE__ ), array( $this, 'add_upgrade_link' ) );
|
80 |
add_filter( 'wp_get_attachment_metadata', array( $this, 'metadata_error_fix' ), 10, 2 );
|
81 |
-
add_filter( '
|
82 |
}
|
83 |
|
84 |
/**
|
@@ -133,7 +133,13 @@ if ( ! class_exists( 'safe_svg' ) ) {
|
|
133 |
*/
|
134 |
public function check_for_svg( $file ) {
|
135 |
|
136 |
-
|
|
|
|
|
|
|
|
|
|
|
|
|
137 |
$type = ! empty( $wp_filetype['type'] ) ? $wp_filetype['type'] : '';
|
138 |
|
139 |
if ( $type === 'image/svg+xml' ) {
|
@@ -270,11 +276,13 @@ if ( ! class_exists( 'safe_svg' ) ) {
|
|
270 |
*/
|
271 |
public function one_pixel_fix( $image, $attachment_id, $size, $icon ) {
|
272 |
if ( get_post_mime_type( $attachment_id ) === 'image/svg+xml' ) {
|
273 |
-
|
274 |
-
$image[1] = 100;
|
275 |
-
}
|
276 |
|
277 |
-
if (
|
|
|
|
|
|
|
|
|
278 |
$image[2] = 100;
|
279 |
}
|
280 |
}
|
@@ -454,7 +462,7 @@ if ( ! class_exists( 'safe_svg' ) ) {
|
|
454 |
/**
|
455 |
* Get SVG size from the width/height or viewport.
|
456 |
*
|
457 |
-
* @param $svg
|
458 |
*
|
459 |
* @return array|bool
|
460 |
*/
|
@@ -464,16 +472,43 @@ if ( ! class_exists( 'safe_svg' ) ) {
|
|
464 |
$height = 0;
|
465 |
if ( $svg ) {
|
466 |
$attributes = $svg->attributes();
|
467 |
-
|
468 |
-
|
469 |
-
$height = floatval( $attributes->height );
|
470 |
-
} elseif ( isset( $attributes->viewBox ) ) {
|
471 |
$sizes = explode( ' ', $attributes->viewBox );
|
472 |
if ( isset( $sizes[2], $sizes[3] ) ) {
|
473 |
-
$
|
474 |
-
$
|
475 |
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
476 |
} else {
|
|
|
|
|
|
|
|
|
|
|
477 |
return false;
|
478 |
}
|
479 |
}
|
@@ -486,39 +521,49 @@ if ( ! class_exists( 'safe_svg' ) ) {
|
|
486 |
}
|
487 |
|
488 |
/**
|
489 |
-
*
|
|
|
|
|
|
|
|
|
490 |
*
|
491 |
-
*
|
492 |
-
*
|
493 |
-
*
|
494 |
-
*
|
|
|
495 |
*/
|
496 |
-
public function
|
497 |
-
|
498 |
-
|
499 |
-
// @see https://wordpress.org/support/topic/notice-trying-to-get-property-id/
|
500 |
-
if ( ! $attachment instanceof WP_Post ) {
|
501 |
-
return $attr;
|
502 |
}
|
503 |
|
504 |
-
|
505 |
-
|
506 |
-
$default_height = 100;
|
507 |
-
$default_width = 100;
|
508 |
-
|
509 |
-
$dimensions = $this->svg_dimensions( get_attached_file( $attachment->ID ) );
|
510 |
|
511 |
-
|
512 |
-
|
513 |
-
|
514 |
-
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
515 |
|
516 |
-
|
517 |
-
|
518 |
}
|
519 |
|
520 |
-
|
|
|
521 |
}
|
|
|
522 |
}
|
523 |
}
|
524 |
|
1 |
<?php
|
2 |
/*
|
3 |
* Plugin Name: Safe SVG
|
4 |
+
* Plugin URI: https://wordpress.org/plugins/safe-svg/
|
5 |
+
* Description: Enable SVG uploads and sanitize them to stop XML/SVG vulnerabilities in your WordPress website
|
6 |
+
* Version: 2.0.0
|
7 |
* Requires at least: 4.7
|
8 |
* Requires PHP: 7.0
|
9 |
* Author: 10up
|
78 |
add_filter( 'wp_generate_attachment_metadata', array( $this, 'skip_svg_regeneration' ), 10, 2 );
|
79 |
add_filter( 'plugin_action_links_' . plugin_basename( __FILE__ ), array( $this, 'add_upgrade_link' ) );
|
80 |
add_filter( 'wp_get_attachment_metadata', array( $this, 'metadata_error_fix' ), 10, 2 );
|
81 |
+
add_filter( 'wp_calculate_image_srcset_meta', array( $this, 'disable_srcset' ), 10, 4 );
|
82 |
}
|
83 |
|
84 |
/**
|
133 |
*/
|
134 |
public function check_for_svg( $file ) {
|
135 |
|
136 |
+
// Ensure we have a proper file path before processing
|
137 |
+
if ( ! isset( $file['tmp_name'] ) ) {
|
138 |
+
return $file;
|
139 |
+
}
|
140 |
+
|
141 |
+
$file_name = isset( $file['name'] ) ? $file['name'] : '';
|
142 |
+
$wp_filetype = wp_check_filetype_and_ext( $file['tmp_name'], $file_name );
|
143 |
$type = ! empty( $wp_filetype['type'] ) ? $wp_filetype['type'] : '';
|
144 |
|
145 |
if ( $type === 'image/svg+xml' ) {
|
276 |
*/
|
277 |
public function one_pixel_fix( $image, $attachment_id, $size, $icon ) {
|
278 |
if ( get_post_mime_type( $attachment_id ) === 'image/svg+xml' ) {
|
279 |
+
$dimensions = $this->svg_dimensions( get_attached_file( $attachment_id ) );
|
|
|
|
|
280 |
|
281 |
+
if ( $dimensions ) {
|
282 |
+
$image[1] = $dimensions['width'];
|
283 |
+
$image[2] = $dimensions['height'];
|
284 |
+
} else {
|
285 |
+
$image[1] = 100;
|
286 |
$image[2] = 100;
|
287 |
}
|
288 |
}
|
462 |
/**
|
463 |
* Get SVG size from the width/height or viewport.
|
464 |
*
|
465 |
+
* @param string|false $svg The file path to where the SVG file should be, false otherwise.
|
466 |
*
|
467 |
* @return array|bool
|
468 |
*/
|
472 |
$height = 0;
|
473 |
if ( $svg ) {
|
474 |
$attributes = $svg->attributes();
|
475 |
+
|
476 |
+
if ( isset( $attributes->viewBox ) ) {
|
|
|
|
|
477 |
$sizes = explode( ' ', $attributes->viewBox );
|
478 |
if ( isset( $sizes[2], $sizes[3] ) ) {
|
479 |
+
$viewbox_width = floatval( $sizes[2] );
|
480 |
+
$viewbox_height = floatval( $sizes[3] );
|
481 |
}
|
482 |
+
}
|
483 |
+
|
484 |
+
if ( isset( $attributes->width, $attributes->height ) && is_numeric( (float) $attributes->width ) && is_numeric( (float) $attributes->height ) && ! $this->str_ends_with( (string) $attributes->width, '%' ) && ! $this->str_ends_with( (string) $attributes->height, '%' ) ) {
|
485 |
+
$attr_width = floatval( $attributes->width );
|
486 |
+
$attr_height = floatval( $attributes->height );
|
487 |
+
}
|
488 |
+
|
489 |
+
/**
|
490 |
+
* Decide which attributes of the SVG we use first for image tag dimensions.
|
491 |
+
*
|
492 |
+
* We default to using the parameters in the viewbox attribute but
|
493 |
+
* that can be overridden using this filter if you'd prefer to use
|
494 |
+
* the width and height attributes.
|
495 |
+
*
|
496 |
+
* @hook safe_svg_use_width_height_attributes
|
497 |
+
*
|
498 |
+
* @param {bool} $false If the width & height attributes should be used first. Default false.
|
499 |
+
* @param {string} $svg The file path to the SVG.
|
500 |
+
*
|
501 |
+
* @return {bool} If we should use the width & height attributes first or not.
|
502 |
+
*/
|
503 |
+
if ( (bool) apply_filters( 'safe_svg_use_width_height_attributes', false, $svg ) ) {
|
504 |
+
$width = $attr_width;
|
505 |
+
$height = $attr_height;
|
506 |
} else {
|
507 |
+
$width = $viewbox_width;
|
508 |
+
$height = $viewbox_height;
|
509 |
+
}
|
510 |
+
|
511 |
+
if ( ! $width && ! $height ) {
|
512 |
return false;
|
513 |
}
|
514 |
}
|
521 |
}
|
522 |
|
523 |
/**
|
524 |
+
* Disable the creation of srcset on SVG images.
|
525 |
+
*
|
526 |
+
* @param array $image_meta The image meta data.
|
527 |
+
* @param int[] $size_array {
|
528 |
+
* An array of requested width and height values.
|
529 |
*
|
530 |
+
* @type int $0 The width in pixels.
|
531 |
+
* @type int $1 The height in pixels.
|
532 |
+
* }
|
533 |
+
* @param string $image_src The 'src' of the image.
|
534 |
+
* @param int $attachment_id The image attachment ID.
|
535 |
*/
|
536 |
+
public function disable_srcset( $image_meta, $size_array, $image_src, $attachment_id ) {
|
537 |
+
if ( $attachment_id && 'image/svg+xml' === get_post_mime_type( $attachment_id ) ) {
|
538 |
+
$image_meta['sizes'] = array();
|
|
|
|
|
|
|
539 |
}
|
540 |
|
541 |
+
return $image_meta;
|
542 |
+
}
|
|
|
|
|
|
|
|
|
543 |
|
544 |
+
/**
|
545 |
+
* Polyfill for `str_ends_with()` function added in PHP 8.0.
|
546 |
+
*
|
547 |
+
* Performs a case-sensitive check indicating if
|
548 |
+
* the haystack ends with needle.
|
549 |
+
*
|
550 |
+
* @param string $haystack The string to search in.
|
551 |
+
* @param string $needle The substring to search for in the `$haystack`.
|
552 |
+
* @return bool True if `$haystack` ends with `$needle`, otherwise false.
|
553 |
+
*/
|
554 |
+
protected function str_ends_with( $haystack, $needle ) {
|
555 |
+
if ( function_exists( 'str_ends_with' ) ) {
|
556 |
+
return str_ends_with( $haystack, $needle );
|
557 |
+
}
|
558 |
|
559 |
+
if ( '' === $haystack && '' !== $needle ) {
|
560 |
+
return false;
|
561 |
}
|
562 |
|
563 |
+
$len = strlen( $needle );
|
564 |
+
return 0 === substr_compare( $haystack, $needle, -$len, $len );
|
565 |
}
|
566 |
+
|
567 |
}
|
568 |
}
|
569 |
|
vendor/autoload.php
CHANGED
@@ -4,4 +4,4 @@
|
|
4 |
|
5 |
require_once __DIR__ . '/composer/autoload_real.php';
|
6 |
|
7 |
-
return
|
4 |
|
5 |
require_once __DIR__ . '/composer/autoload_real.php';
|
6 |
|
7 |
+
return ComposerAutoloaderInitb84937dca53879c3884a3634f19a0f23::getLoader();
|
vendor/composer/autoload_real.php
CHANGED
@@ -2,7 +2,7 @@
|
|
2 |
|
3 |
// autoload_real.php @generated by Composer
|
4 |
|
5 |
-
class
|
6 |
{
|
7 |
private static $loader;
|
8 |
|
@@ -24,15 +24,15 @@ class ComposerAutoloaderInit456e88198049a13916306da77f4bd5eb
|
|
24 |
|
25 |
require __DIR__ . '/platform_check.php';
|
26 |
|
27 |
-
spl_autoload_register(array('
|
28 |
self::$loader = $loader = new \Composer\Autoload\ClassLoader(\dirname(\dirname(__FILE__)));
|
29 |
-
spl_autoload_unregister(array('
|
30 |
|
31 |
$useStaticLoader = PHP_VERSION_ID >= 50600 && !defined('HHVM_VERSION') && (!function_exists('zend_loader_file_encoded') || !zend_loader_file_encoded());
|
32 |
if ($useStaticLoader) {
|
33 |
require __DIR__ . '/autoload_static.php';
|
34 |
|
35 |
-
call_user_func(\Composer\Autoload\
|
36 |
} else {
|
37 |
$map = require __DIR__ . '/autoload_namespaces.php';
|
38 |
foreach ($map as $namespace => $path) {
|
2 |
|
3 |
// autoload_real.php @generated by Composer
|
4 |
|
5 |
+
class ComposerAutoloaderInitb84937dca53879c3884a3634f19a0f23
|
6 |
{
|
7 |
private static $loader;
|
8 |
|
24 |
|
25 |
require __DIR__ . '/platform_check.php';
|
26 |
|
27 |
+
spl_autoload_register(array('ComposerAutoloaderInitb84937dca53879c3884a3634f19a0f23', 'loadClassLoader'), true, true);
|
28 |
self::$loader = $loader = new \Composer\Autoload\ClassLoader(\dirname(\dirname(__FILE__)));
|
29 |
+
spl_autoload_unregister(array('ComposerAutoloaderInitb84937dca53879c3884a3634f19a0f23', 'loadClassLoader'));
|
30 |
|
31 |
$useStaticLoader = PHP_VERSION_ID >= 50600 && !defined('HHVM_VERSION') && (!function_exists('zend_loader_file_encoded') || !zend_loader_file_encoded());
|
32 |
if ($useStaticLoader) {
|
33 |
require __DIR__ . '/autoload_static.php';
|
34 |
|
35 |
+
call_user_func(\Composer\Autoload\ComposerStaticInitb84937dca53879c3884a3634f19a0f23::getInitializer($loader));
|
36 |
} else {
|
37 |
$map = require __DIR__ . '/autoload_namespaces.php';
|
38 |
foreach ($map as $namespace => $path) {
|
vendor/composer/autoload_static.php
CHANGED
@@ -4,7 +4,7 @@
|
|
4 |
|
5 |
namespace Composer\Autoload;
|
6 |
|
7 |
-
class
|
8 |
{
|
9 |
public static $prefixLengthsPsr4 = array (
|
10 |
'e' =>
|
@@ -27,9 +27,9 @@ class ComposerStaticInit456e88198049a13916306da77f4bd5eb
|
|
27 |
public static function getInitializer(ClassLoader $loader)
|
28 |
{
|
29 |
return \Closure::bind(function () use ($loader) {
|
30 |
-
$loader->prefixLengthsPsr4 =
|
31 |
-
$loader->prefixDirsPsr4 =
|
32 |
-
$loader->classMap =
|
33 |
|
34 |
}, null, ClassLoader::class);
|
35 |
}
|
4 |
|
5 |
namespace Composer\Autoload;
|
6 |
|
7 |
+
class ComposerStaticInitb84937dca53879c3884a3634f19a0f23
|
8 |
{
|
9 |
public static $prefixLengthsPsr4 = array (
|
10 |
'e' =>
|
27 |
public static function getInitializer(ClassLoader $loader)
|
28 |
{
|
29 |
return \Closure::bind(function () use ($loader) {
|
30 |
+
$loader->prefixLengthsPsr4 = ComposerStaticInitb84937dca53879c3884a3634f19a0f23::$prefixLengthsPsr4;
|
31 |
+
$loader->prefixDirsPsr4 = ComposerStaticInitb84937dca53879c3884a3634f19a0f23::$prefixDirsPsr4;
|
32 |
+
$loader->classMap = ComposerStaticInitb84937dca53879c3884a3634f19a0f23::$classMap;
|
33 |
|
34 |
}, null, ClassLoader::class);
|
35 |
}
|
vendor/composer/installed.php
CHANGED
@@ -1,22 +1,22 @@
|
|
1 |
<?php return array(
|
2 |
'root' => array(
|
3 |
-
'pretty_version' => '
|
4 |
-
'version' => '
|
5 |
'type' => 'wordpress-plugin',
|
6 |
'install_path' => __DIR__ . '/../../',
|
7 |
'aliases' => array(),
|
8 |
-
'reference' => '
|
9 |
'name' => 'darylldoyle/safe-svg',
|
10 |
'dev' => true,
|
11 |
),
|
12 |
'versions' => array(
|
13 |
'darylldoyle/safe-svg' => array(
|
14 |
-
'pretty_version' => '
|
15 |
-
'version' => '
|
16 |
'type' => 'wordpress-plugin',
|
17 |
'install_path' => __DIR__ . '/../../',
|
18 |
'aliases' => array(),
|
19 |
-
'reference' => '
|
20 |
'dev_requirement' => false,
|
21 |
),
|
22 |
'enshrined/svg-sanitize' => array(
|
1 |
<?php return array(
|
2 |
'root' => array(
|
3 |
+
'pretty_version' => '2.0.0',
|
4 |
+
'version' => '2.0.0.0',
|
5 |
'type' => 'wordpress-plugin',
|
6 |
'install_path' => __DIR__ . '/../../',
|
7 |
'aliases' => array(),
|
8 |
+
'reference' => '03e7bf5f8b26dbbdd3b80df6ce8b1400b2e46699',
|
9 |
'name' => 'darylldoyle/safe-svg',
|
10 |
'dev' => true,
|
11 |
),
|
12 |
'versions' => array(
|
13 |
'darylldoyle/safe-svg' => array(
|
14 |
+
'pretty_version' => '2.0.0',
|
15 |
+
'version' => '2.0.0.0',
|
16 |
'type' => 'wordpress-plugin',
|
17 |
'install_path' => __DIR__ . '/../../',
|
18 |
'aliases' => array(),
|
19 |
+
'reference' => '03e7bf5f8b26dbbdd3b80df6ce8b1400b2e46699',
|
20 |
'dev_requirement' => false,
|
21 |
),
|
22 |
'enshrined/svg-sanitize' => array(
|