Safe SVG - Version 2.0.0

Version Description

  • 2022-04-06 =
  • Added: New filter, safe_svg_use_width_height_attributes, that can be used to change the order of attributes we use to determine the SVG dimensions (props @dkotter, @peterwilsoncc).
  • Changed: Documentation updates (props @j-hoffmann, @jeffpaul, @Zodiac1978).
  • Fixed: Use the viewBox attributes first for image dimensions. Ensure we don't use image dimensions that end with percent signs (props @dkotter, @peterwilsoncc).
  • Fixed: Make sure we use the full size SVG dimensions rather than the requested size, to avoid wrong sizes being used and duplicate height and width attributes (props @dkotter, @cadic).
  • Fixed: Ensure the tmp_name and name properties exist before we use them (props @dkotter, @aksld).
Download this release

Release Info

Developer 10up
Plugin Icon 128x128 Safe SVG
Version 2.0.0
Comparing to
See all releases

Code changes from version 1.9.10 to 2.0.0

readme.txt CHANGED
@@ -3,7 +3,7 @@ Contributors: 10up, enshrined
3
  Tags: svg, sanitize, upload, sanitise, security, svg upload, image, vector, file, graphic, media, mime
4
  Requires at least: 4.7
5
  Tested up to: 5.9
6
- Stable tag: 1.9.10
7
  Requires PHP: 7.0
8
  License: GPLv2 or later
9
  License URI: http://www.gnu.org/licenses/gpl-2.0.html
@@ -66,12 +66,19 @@ They take one argument that must be returned. See below for examples:
66
 
67
  == Changelog ==
68
 
 
 
 
 
 
 
 
69
  = 1.9.10 - 2022-02-23 =
70
  **Note that this release bumps the WordPress minimum version from 4.0 to 4.7 and the PHP minimum version from 5.6 to 7.0.**
71
 
72
  * **Changed:** Bump WordPress minimum version from 4.0 to 4.7 (props [@cadic](https://github.com/cadic)).
73
  * **Changed:** Bump PHP minimum version from 5.6 to 7.0 (props [@mehidi258](https://github.com/mehidi258), [@iamdharmesh](https://github.com/iamdharmesh), [@amdd-tim](https://github.com/amdd-tim), [@darylldoyle](https://github.com/darylldoyle), [@jeffpaul](https://github.com/jeffpaul)).
74
- * **Changed:** Update `enshrined/svg-sanitize` from 0.13.3 to 0.5.2 (props [@mehidi258](https://github.com/mehidi258), [@iamdharmesh](https://github.com/iamdharmesh), [@amdd-tim](https://github.com/amdd-tim), [@darylldoyle](https://github.com/darylldoyle), [@jeffpaul](https://github.com/jeffpaul), [@cadic](https://github.com/cadic)).
75
  * **Changed:** Bump WordPress version "tested up to" 5.9 (props [@BBerg10up](https://github.com/BBerg10up), [@jeffpaul](https://github.com/jeffpaul), [@cadic](https://github.com/cadic)).
76
  * **Changed:** Updated library location and added a new build step (props [@darylldoyle](https://github.com/darylldoyle), [@dkotter](https://github.com/dkotter)).
77
  * **Changed:** Updated plugin assets and added docs and repo management workflows via GitHub Actions (props [Brooke Campbell](https://www.linkedin.com/in/brookecampbelldesign/), [@jeffpaul](https://github.com/jeffpaul)).
@@ -80,120 +87,120 @@ They take one argument that must be returned. See below for examples:
80
  * **Fixed:** Use calculated size for SVGs instead of using `false` (props [@dkotter](https://github.com/dkotter), [@darylldoyle](https://github.com/darylldoyle), [@fritteli](https://github.com/fritteli)).
81
  * **Fixed:** Add better file type checking when looking for SVG files (props [@davidhamann](https://github.com/davidhamann), [@dkotter](https://github.com/dkotter), [@darylldoyle](https://github.com/darylldoyle)).
82
 
83
- = 1.9.9 - 2020-05-07=
84
  * **Fixed:** Issue where 100% width is accidentally converted to 100px width (props [@joehoyle](https://github.com/joehoyle)).
85
 
86
- = 1.9.8 - 2020-05-07=
87
  * **Changed:** Underlying library update.
88
 
89
- = 1.9.7 - 2019-12-10=
90
  * **Changed:** Underlying library update.
91
 
92
- = 1.9.6 - 2019-11-07=
93
  * **Security:** Underlying library update that fixes a security issue.
94
 
95
- = 1.9.5 - 2019-11-04=
96
  * **Security:** Underlying library update that fixes some security issues.
97
 
98
- = 1.9.4 - 2019-08-21=
99
  * **Fixed:** Bug causing lots of error log output to do with `safe_svg::fix_direct_image_output()`.
100
 
101
- = 1.9.3 - 2019-02-19=
102
  * **Fixed:** Bug causing 0 height and width SVGs.
103
 
104
- = 1.9.2 - 2019-02-14=
105
  * **Fixed:** Warning about an Illegal string offset.
106
  * **Fixed:** Issue if something other than a WP_Post object is passed in via the `wp_get_attachment_image_attributes` filter.
107
 
108
- = 1.9.1 - 2019-01-29=
109
  * **Fixed:** Warning that was being generated by a change made in 1.9.0.
110
 
111
- = 1.9.0 - 2019-01-03=
112
  * **Changed:** If an image is the correct ratio, allow skipping of the crop popup when setting header/logo images with SVGs.
113
 
114
- = 1.8.1 - 2018-11-22=
115
  * **Changed:** Don't let errors break upload if uploading an empty file
116
  * **Fixed:** Featured image display in Gutenberg. Props [@dmhendricks](https://github.com/dmhendricks) :)
117
 
118
- = 1.8.0 - 2018-11-04=
119
  * **Added:** Pull SVG dimensions from the width/height or viewbox attributes of the SVG.
120
  * **Added:** role="img" attribute to SVGs.
121
 
122
- = 1.7.1 - 2018-10-01=
123
  * **Changed:** Underlying lib and added new filters for filtering allowed tags and attributes.
124
 
125
- = 1.7.0 - 2018-10-01=
126
  * **Added:** Allow devs to filter tags and attrs within WordPress.
127
 
128
- = 1.6.1 - 2018-03-17=
129
  * **Changed:** Images will now use the size chosen when inserted into the page rather than default to 2000px everytime.
130
 
131
- = 1.6.0 - 2017-12-20=
132
  * **Added:** Fairly big new feature - The library now allows `<use>` elements as long as they don't reference external files!
133
  * **Fixed:** You can now also embed safe image types within the SVG and not have them stripped (PNG, GIF, JPG).
134
 
135
- = 1.5.3 - 2017-11-16=
136
  * **Fixed:** 1.5.2 introduced an issue that can freeze the media library. This fixes that issue. Sorry!
137
 
138
- = 1.5.2 - 2017-11-15=
139
  * **Changed:** Tested with 4.9.0.
140
  * **Fixed:** Issue with SVGs when regenerating media.
141
 
142
- = 1.5.1 - 2017-08-21=
143
  * **Fixed:** PHP strict standards warning.
144
 
145
- = 1.5.0 - 2017-06-20=
146
  * **Changed:** Library update.
147
  * **Changed:** role, aria- and data- attributes are now whitelisted to improve accessibility.
148
 
149
- = 1.4.5 - 2017-06-18=
150
  * **Changed:** Library update.
151
  * **Fixed:** some issues with defining the size of an SVG.
152
 
153
- = 1.4.4 - 2017-06-07=
154
  * **Fixed:** SVGs now display as featured images in the admin area.
155
 
156
- = 1.4.3 - 2017-03-06=
157
  * **Added:** WordPress 4.7.3 Compatibility.
158
  * **Changed:** Expanded SVG previews in media library.
159
 
160
- = 1.4.2 - 2017-02-26=
161
  * **Added:** Check / fix for when mb_* functions are not available.
162
 
163
- = 1.4.1 - 2017-02-23=
164
  * **Changed:** Underlying library to allow attributes/tags in all case variations.
165
 
166
- = 1.4.0 - 2017-02-21=
167
  * **Added:** Ability to preview SVG on both grid and list view in the wp-admin media area
168
  * **Changed:** Underlying library version.
169
 
170
- = 1.3.4 - 2017-02-20=
171
  * **Fixed:** SVGZ uploads failing and not sanitising correctly.
172
 
173
- = 1.3.3 - 2017-02-15=
174
  * **Changed:** Allow SVGZ uploads.
175
 
176
- = 1.3.2 - 2017-01-27=
177
  * **Fixed:** Mime type issue in 4.7.1. Mad props to [@LewisCowles1986](https://github.com/LewisCowles1986).
178
 
179
- = 1.3.1 - 2016-12-01=
180
  * **Changed:** Underlying library version.
181
 
182
- = 1.3.0 - 2016-10-10=
183
  * **Changed:** Minify SVGs after cleaning so they can be loaded correctly through `file_get_contents`.
184
 
185
- = 1.2.0 - 2016-02-27=
186
  * **Added:** Support for camel case attributes such as viewBox.
187
 
188
- = 1.1.1 - 2016-07-06=
189
  * **Fixed:** Issue with empty svg elements self-closing.
190
 
191
- = 1.1.0 - 2015-07-04=
192
  * **Added:** I18n.
193
  * **Added:** da, de ,en, es, fr, nl and ru translations.
194
  * **Fixed:** Issue with filename not being pulled over on failed uploads.
195
 
196
- = 1.0.0 - 2015-07-03=
197
  * Initial Release.
198
 
199
  == Upgrade Notice ==
3
  Tags: svg, sanitize, upload, sanitise, security, svg upload, image, vector, file, graphic, media, mime
4
  Requires at least: 4.7
5
  Tested up to: 5.9
6
+ Stable tag: 2.0.0
7
  Requires PHP: 7.0
8
  License: GPLv2 or later
9
  License URI: http://www.gnu.org/licenses/gpl-2.0.html
66
 
67
  == Changelog ==
68
 
69
+ = 2.0.0 - 2022-04-06 =
70
+ * **Added:** New filter, `safe_svg_use_width_height_attributes`, that can be used to change the order of attributes we use to determine the SVG dimensions (props [@dkotter](https://github.com/dkotter), [@peterwilsoncc](https://github.com/peterwilsoncc)).
71
+ * **Changed:** Documentation updates (props [@j-hoffmann](https://github.com/j-hoffmann), [@jeffpaul](https://github.com/jeffpaul), [@Zodiac1978](https://github.com/Zodiac1978)).
72
+ * **Fixed:** Use the `viewBox` attributes first for image dimensions. Ensure we don't use image dimensions that end with percent signs (props [@dkotter](https://github.com/dkotter), [@peterwilsoncc](https://github.com/peterwilsoncc)).
73
+ * **Fixed:** Make sure we use the full size SVG dimensions rather than the requested size, to avoid wrong sizes being used and duplicate height and width attributes (props [@dkotter](https://github.com/dkotter), [@cadic](https://github.com/cadic)).
74
+ * **Fixed:** Ensure the `tmp_name` and `name` properties exist before we use them (props [@dkotter](https://github.com/dkotter), [@aksld](https://github.com/aksld)).
75
+
76
  = 1.9.10 - 2022-02-23 =
77
  **Note that this release bumps the WordPress minimum version from 4.0 to 4.7 and the PHP minimum version from 5.6 to 7.0.**
78
 
79
  * **Changed:** Bump WordPress minimum version from 4.0 to 4.7 (props [@cadic](https://github.com/cadic)).
80
  * **Changed:** Bump PHP minimum version from 5.6 to 7.0 (props [@mehidi258](https://github.com/mehidi258), [@iamdharmesh](https://github.com/iamdharmesh), [@amdd-tim](https://github.com/amdd-tim), [@darylldoyle](https://github.com/darylldoyle), [@jeffpaul](https://github.com/jeffpaul)).
81
+ * **Changed:** Update `enshrined/svg-sanitize` from 0.13.3 to 0.15.2 (props [@mehidi258](https://github.com/mehidi258), [@iamdharmesh](https://github.com/iamdharmesh), [@amdd-tim](https://github.com/amdd-tim), [@darylldoyle](https://github.com/darylldoyle), [@jeffpaul](https://github.com/jeffpaul), [@cadic](https://github.com/cadic)).
82
  * **Changed:** Bump WordPress version "tested up to" 5.9 (props [@BBerg10up](https://github.com/BBerg10up), [@jeffpaul](https://github.com/jeffpaul), [@cadic](https://github.com/cadic)).
83
  * **Changed:** Updated library location and added a new build step (props [@darylldoyle](https://github.com/darylldoyle), [@dkotter](https://github.com/dkotter)).
84
  * **Changed:** Updated plugin assets and added docs and repo management workflows via GitHub Actions (props [Brooke Campbell](https://www.linkedin.com/in/brookecampbelldesign/), [@jeffpaul](https://github.com/jeffpaul)).
87
  * **Fixed:** Use calculated size for SVGs instead of using `false` (props [@dkotter](https://github.com/dkotter), [@darylldoyle](https://github.com/darylldoyle), [@fritteli](https://github.com/fritteli)).
88
  * **Fixed:** Add better file type checking when looking for SVG files (props [@davidhamann](https://github.com/davidhamann), [@dkotter](https://github.com/dkotter), [@darylldoyle](https://github.com/darylldoyle)).
89
 
90
+ = 1.9.9 - 2020-05-07 =
91
  * **Fixed:** Issue where 100% width is accidentally converted to 100px width (props [@joehoyle](https://github.com/joehoyle)).
92
 
93
+ = 1.9.8 - 2020-05-07 =
94
  * **Changed:** Underlying library update.
95
 
96
+ = 1.9.7 - 2019-12-10 =
97
  * **Changed:** Underlying library update.
98
 
99
+ = 1.9.6 - 2019-11-07 =
100
  * **Security:** Underlying library update that fixes a security issue.
101
 
102
+ = 1.9.5 - 2019-11-04 =
103
  * **Security:** Underlying library update that fixes some security issues.
104
 
105
+ = 1.9.4 - 2019-08-21 =
106
  * **Fixed:** Bug causing lots of error log output to do with `safe_svg::fix_direct_image_output()`.
107
 
108
+ = 1.9.3 - 2019-02-19 =
109
  * **Fixed:** Bug causing 0 height and width SVGs.
110
 
111
+ = 1.9.2 - 2019-02-14 =
112
  * **Fixed:** Warning about an Illegal string offset.
113
  * **Fixed:** Issue if something other than a WP_Post object is passed in via the `wp_get_attachment_image_attributes` filter.
114
 
115
+ = 1.9.1 - 2019-01-29 =
116
  * **Fixed:** Warning that was being generated by a change made in 1.9.0.
117
 
118
+ = 1.9.0 - 2019-01-03 =
119
  * **Changed:** If an image is the correct ratio, allow skipping of the crop popup when setting header/logo images with SVGs.
120
 
121
+ = 1.8.1 - 2018-11-22 =
122
  * **Changed:** Don't let errors break upload if uploading an empty file
123
  * **Fixed:** Featured image display in Gutenberg. Props [@dmhendricks](https://github.com/dmhendricks) :)
124
 
125
+ = 1.8.0 - 2018-11-04 =
126
  * **Added:** Pull SVG dimensions from the width/height or viewbox attributes of the SVG.
127
  * **Added:** role="img" attribute to SVGs.
128
 
129
+ = 1.7.1 - 2018-10-01 =
130
  * **Changed:** Underlying lib and added new filters for filtering allowed tags and attributes.
131
 
132
+ = 1.7.0 - 2018-10-01 =
133
  * **Added:** Allow devs to filter tags and attrs within WordPress.
134
 
135
+ = 1.6.1 - 2018-03-17 =
136
  * **Changed:** Images will now use the size chosen when inserted into the page rather than default to 2000px everytime.
137
 
138
+ = 1.6.0 - 2017-12-20 =
139
  * **Added:** Fairly big new feature - The library now allows `<use>` elements as long as they don't reference external files!
140
  * **Fixed:** You can now also embed safe image types within the SVG and not have them stripped (PNG, GIF, JPG).
141
 
142
+ = 1.5.3 - 2017-11-16 =
143
  * **Fixed:** 1.5.2 introduced an issue that can freeze the media library. This fixes that issue. Sorry!
144
 
145
+ = 1.5.2 - 2017-11-15 =
146
  * **Changed:** Tested with 4.9.0.
147
  * **Fixed:** Issue with SVGs when regenerating media.
148
 
149
+ = 1.5.1 - 2017-08-21 =
150
  * **Fixed:** PHP strict standards warning.
151
 
152
+ = 1.5.0 - 2017-06-20 =
153
  * **Changed:** Library update.
154
  * **Changed:** role, aria- and data- attributes are now whitelisted to improve accessibility.
155
 
156
+ = 1.4.5 - 2017-06-18 =
157
  * **Changed:** Library update.
158
  * **Fixed:** some issues with defining the size of an SVG.
159
 
160
+ = 1.4.4 - 2017-06-07 =
161
  * **Fixed:** SVGs now display as featured images in the admin area.
162
 
163
+ = 1.4.3 - 2017-03-06 =
164
  * **Added:** WordPress 4.7.3 Compatibility.
165
  * **Changed:** Expanded SVG previews in media library.
166
 
167
+ = 1.4.2 - 2017-02-26 =
168
  * **Added:** Check / fix for when mb_* functions are not available.
169
 
170
+ = 1.4.1 - 2017-02-23 =
171
  * **Changed:** Underlying library to allow attributes/tags in all case variations.
172
 
173
+ = 1.4.0 - 2017-02-21 =
174
  * **Added:** Ability to preview SVG on both grid and list view in the wp-admin media area
175
  * **Changed:** Underlying library version.
176
 
177
+ = 1.3.4 - 2017-02-20 =
178
  * **Fixed:** SVGZ uploads failing and not sanitising correctly.
179
 
180
+ = 1.3.3 - 2017-02-15 =
181
  * **Changed:** Allow SVGZ uploads.
182
 
183
+ = 1.3.2 - 2017-01-27 =
184
  * **Fixed:** Mime type issue in 4.7.1. Mad props to [@LewisCowles1986](https://github.com/LewisCowles1986).
185
 
186
+ = 1.3.1 - 2016-12-01 =
187
  * **Changed:** Underlying library version.
188
 
189
+ = 1.3.0 - 2016-10-10 =
190
  * **Changed:** Minify SVGs after cleaning so they can be loaded correctly through `file_get_contents`.
191
 
192
+ = 1.2.0 - 2016-02-27 =
193
  * **Added:** Support for camel case attributes such as viewBox.
194
 
195
+ = 1.1.1 - 2016-07-06 =
196
  * **Fixed:** Issue with empty svg elements self-closing.
197
 
198
+ = 1.1.0 - 2015-07-04 =
199
  * **Added:** I18n.
200
  * **Added:** da, de ,en, es, fr, nl and ru translations.
201
  * **Fixed:** Issue with filename not being pulled over on failed uploads.
202
 
203
+ = 1.0.0 - 2015-07-03 =
204
  * Initial Release.
205
 
206
  == Upgrade Notice ==
safe-svg.php CHANGED
@@ -1,9 +1,9 @@
1
  <?php
2
  /*
3
  * Plugin Name: Safe SVG
4
- * Plugin URI: https://wpsvg.com/
5
- * Description: Allows SVG uploads into WordPress and sanitizes the SVG before saving it
6
- * Version: 1.9.10
7
  * Requires at least: 4.7
8
  * Requires PHP: 7.0
9
  * Author: 10up
@@ -78,7 +78,7 @@ if ( ! class_exists( 'safe_svg' ) ) {
78
  add_filter( 'wp_generate_attachment_metadata', array( $this, 'skip_svg_regeneration' ), 10, 2 );
79
  add_filter( 'plugin_action_links_' . plugin_basename( __FILE__ ), array( $this, 'add_upgrade_link' ) );
80
  add_filter( 'wp_get_attachment_metadata', array( $this, 'metadata_error_fix' ), 10, 2 );
81
- add_filter( 'wp_get_attachment_image_attributes', array( $this, 'fix_direct_image_output' ), 10, 3 );
82
  }
83
 
84
  /**
@@ -133,7 +133,13 @@ if ( ! class_exists( 'safe_svg' ) ) {
133
  */
134
  public function check_for_svg( $file ) {
135
 
136
- $wp_filetype = wp_check_filetype_and_ext( $file['tmp_name'], $file['name'] );
 
 
 
 
 
 
137
  $type = ! empty( $wp_filetype['type'] ) ? $wp_filetype['type'] : '';
138
 
139
  if ( $type === 'image/svg+xml' ) {
@@ -270,11 +276,13 @@ if ( ! class_exists( 'safe_svg' ) ) {
270
  */
271
  public function one_pixel_fix( $image, $attachment_id, $size, $icon ) {
272
  if ( get_post_mime_type( $attachment_id ) === 'image/svg+xml' ) {
273
- if ( empty( $image[1] ) ) {
274
- $image[1] = 100;
275
- }
276
 
277
- if ( empty( $image[2] ) ) {
 
 
 
 
278
  $image[2] = 100;
279
  }
280
  }
@@ -454,7 +462,7 @@ if ( ! class_exists( 'safe_svg' ) ) {
454
  /**
455
  * Get SVG size from the width/height or viewport.
456
  *
457
- * @param $svg
458
  *
459
  * @return array|bool
460
  */
@@ -464,16 +472,43 @@ if ( ! class_exists( 'safe_svg' ) ) {
464
  $height = 0;
465
  if ( $svg ) {
466
  $attributes = $svg->attributes();
467
- if ( isset( $attributes->width, $attributes->height ) && is_numeric( (float)$attributes->width ) && is_numeric( (float)$attributes->height ) ) {
468
- $width = floatval( $attributes->width );
469
- $height = floatval( $attributes->height );
470
- } elseif ( isset( $attributes->viewBox ) ) {
471
  $sizes = explode( ' ', $attributes->viewBox );
472
  if ( isset( $sizes[2], $sizes[3] ) ) {
473
- $width = floatval( $sizes[2] );
474
- $height = floatval( $sizes[3] );
475
  }
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
476
  } else {
 
 
 
 
 
477
  return false;
478
  }
479
  }
@@ -486,39 +521,49 @@ if ( ! class_exists( 'safe_svg' ) ) {
486
  }
487
 
488
  /**
489
- * Fix the output of images using wp_get_attachment_image
 
 
 
 
490
  *
491
- * @param array $attr Attributes for the image markup.
492
- * @param WP_Post $attachment Image attachment post.
493
- * @param string|array $size Requested size. Image size or array of width and height values
494
- * (in that order). Default 'thumbnail'.
 
495
  */
496
- public function fix_direct_image_output( $attr, $attachment, $size = 'thumbnail' ) {
497
-
498
- // If we're not getting a WP_Post object, bail early.
499
- // @see https://wordpress.org/support/topic/notice-trying-to-get-property-id/
500
- if ( ! $attachment instanceof WP_Post ) {
501
- return $attr;
502
  }
503
 
504
- $mime = get_post_mime_type( $attachment->ID );
505
- if ( 'image/svg+xml' === $mime ) {
506
- $default_height = 100;
507
- $default_width = 100;
508
-
509
- $dimensions = $this->svg_dimensions( get_attached_file( $attachment->ID ) );
510
 
511
- if ( $dimensions ) {
512
- $default_height = $dimensions['height'];
513
- $default_width = $dimensions['width'];
514
- }
 
 
 
 
 
 
 
 
 
 
515
 
516
- $attr['height'] = $default_height;
517
- $attr['width'] = $default_width;
518
  }
519
 
520
- return $attr;
 
521
  }
 
522
  }
523
  }
524
 
1
  <?php
2
  /*
3
  * Plugin Name: Safe SVG
4
+ * Plugin URI: https://wordpress.org/plugins/safe-svg/
5
+ * Description: Enable SVG uploads and sanitize them to stop XML/SVG vulnerabilities in your WordPress website
6
+ * Version: 2.0.0
7
  * Requires at least: 4.7
8
  * Requires PHP: 7.0
9
  * Author: 10up
78
  add_filter( 'wp_generate_attachment_metadata', array( $this, 'skip_svg_regeneration' ), 10, 2 );
79
  add_filter( 'plugin_action_links_' . plugin_basename( __FILE__ ), array( $this, 'add_upgrade_link' ) );
80
  add_filter( 'wp_get_attachment_metadata', array( $this, 'metadata_error_fix' ), 10, 2 );
81
+ add_filter( 'wp_calculate_image_srcset_meta', array( $this, 'disable_srcset' ), 10, 4 );
82
  }
83
 
84
  /**
133
  */
134
  public function check_for_svg( $file ) {
135
 
136
+ // Ensure we have a proper file path before processing
137
+ if ( ! isset( $file['tmp_name'] ) ) {
138
+ return $file;
139
+ }
140
+
141
+ $file_name = isset( $file['name'] ) ? $file['name'] : '';
142
+ $wp_filetype = wp_check_filetype_and_ext( $file['tmp_name'], $file_name );
143
  $type = ! empty( $wp_filetype['type'] ) ? $wp_filetype['type'] : '';
144
 
145
  if ( $type === 'image/svg+xml' ) {
276
  */
277
  public function one_pixel_fix( $image, $attachment_id, $size, $icon ) {
278
  if ( get_post_mime_type( $attachment_id ) === 'image/svg+xml' ) {
279
+ $dimensions = $this->svg_dimensions( get_attached_file( $attachment_id ) );
 
 
280
 
281
+ if ( $dimensions ) {
282
+ $image[1] = $dimensions['width'];
283
+ $image[2] = $dimensions['height'];
284
+ } else {
285
+ $image[1] = 100;
286
  $image[2] = 100;
287
  }
288
  }
462
  /**
463
  * Get SVG size from the width/height or viewport.
464
  *
465
+ * @param string|false $svg The file path to where the SVG file should be, false otherwise.
466
  *
467
  * @return array|bool
468
  */
472
  $height = 0;
473
  if ( $svg ) {
474
  $attributes = $svg->attributes();
475
+
476
+ if ( isset( $attributes->viewBox ) ) {
 
 
477
  $sizes = explode( ' ', $attributes->viewBox );
478
  if ( isset( $sizes[2], $sizes[3] ) ) {
479
+ $viewbox_width = floatval( $sizes[2] );
480
+ $viewbox_height = floatval( $sizes[3] );
481
  }
482
+ }
483
+
484
+ if ( isset( $attributes->width, $attributes->height ) && is_numeric( (float) $attributes->width ) && is_numeric( (float) $attributes->height ) && ! $this->str_ends_with( (string) $attributes->width, '%' ) && ! $this->str_ends_with( (string) $attributes->height, '%' ) ) {
485
+ $attr_width = floatval( $attributes->width );
486
+ $attr_height = floatval( $attributes->height );
487
+ }
488
+
489
+ /**
490
+ * Decide which attributes of the SVG we use first for image tag dimensions.
491
+ *
492
+ * We default to using the parameters in the viewbox attribute but
493
+ * that can be overridden using this filter if you'd prefer to use
494
+ * the width and height attributes.
495
+ *
496
+ * @hook safe_svg_use_width_height_attributes
497
+ *
498
+ * @param {bool} $false If the width & height attributes should be used first. Default false.
499
+ * @param {string} $svg The file path to the SVG.
500
+ *
501
+ * @return {bool} If we should use the width & height attributes first or not.
502
+ */
503
+ if ( (bool) apply_filters( 'safe_svg_use_width_height_attributes', false, $svg ) ) {
504
+ $width = $attr_width;
505
+ $height = $attr_height;
506
  } else {
507
+ $width = $viewbox_width;
508
+ $height = $viewbox_height;
509
+ }
510
+
511
+ if ( ! $width && ! $height ) {
512
  return false;
513
  }
514
  }
521
  }
522
 
523
  /**
524
+ * Disable the creation of srcset on SVG images.
525
+ *
526
+ * @param array $image_meta The image meta data.
527
+ * @param int[] $size_array {
528
+ * An array of requested width and height values.
529
  *
530
+ * @type int $0 The width in pixels.
531
+ * @type int $1 The height in pixels.
532
+ * }
533
+ * @param string $image_src The 'src' of the image.
534
+ * @param int $attachment_id The image attachment ID.
535
  */
536
+ public function disable_srcset( $image_meta, $size_array, $image_src, $attachment_id ) {
537
+ if ( $attachment_id && 'image/svg+xml' === get_post_mime_type( $attachment_id ) ) {
538
+ $image_meta['sizes'] = array();
 
 
 
539
  }
540
 
541
+ return $image_meta;
542
+ }
 
 
 
 
543
 
544
+ /**
545
+ * Polyfill for `str_ends_with()` function added in PHP 8.0.
546
+ *
547
+ * Performs a case-sensitive check indicating if
548
+ * the haystack ends with needle.
549
+ *
550
+ * @param string $haystack The string to search in.
551
+ * @param string $needle The substring to search for in the `$haystack`.
552
+ * @return bool True if `$haystack` ends with `$needle`, otherwise false.
553
+ */
554
+ protected function str_ends_with( $haystack, $needle ) {
555
+ if ( function_exists( 'str_ends_with' ) ) {
556
+ return str_ends_with( $haystack, $needle );
557
+ }
558
 
559
+ if ( '' === $haystack && '' !== $needle ) {
560
+ return false;
561
  }
562
 
563
+ $len = strlen( $needle );
564
+ return 0 === substr_compare( $haystack, $needle, -$len, $len );
565
  }
566
+
567
  }
568
  }
569
 
vendor/autoload.php CHANGED
@@ -4,4 +4,4 @@
4
 
5
  require_once __DIR__ . '/composer/autoload_real.php';
6
 
7
- return ComposerAutoloaderInit456e88198049a13916306da77f4bd5eb::getLoader();
4
 
5
  require_once __DIR__ . '/composer/autoload_real.php';
6
 
7
+ return ComposerAutoloaderInitb84937dca53879c3884a3634f19a0f23::getLoader();
vendor/composer/autoload_real.php CHANGED
@@ -2,7 +2,7 @@
2
 
3
  // autoload_real.php @generated by Composer
4
 
5
- class ComposerAutoloaderInit456e88198049a13916306da77f4bd5eb
6
  {
7
  private static $loader;
8
 
@@ -24,15 +24,15 @@ class ComposerAutoloaderInit456e88198049a13916306da77f4bd5eb
24
 
25
  require __DIR__ . '/platform_check.php';
26
 
27
- spl_autoload_register(array('ComposerAutoloaderInit456e88198049a13916306da77f4bd5eb', 'loadClassLoader'), true, true);
28
  self::$loader = $loader = new \Composer\Autoload\ClassLoader(\dirname(\dirname(__FILE__)));
29
- spl_autoload_unregister(array('ComposerAutoloaderInit456e88198049a13916306da77f4bd5eb', 'loadClassLoader'));
30
 
31
  $useStaticLoader = PHP_VERSION_ID >= 50600 && !defined('HHVM_VERSION') && (!function_exists('zend_loader_file_encoded') || !zend_loader_file_encoded());
32
  if ($useStaticLoader) {
33
  require __DIR__ . '/autoload_static.php';
34
 
35
- call_user_func(\Composer\Autoload\ComposerStaticInit456e88198049a13916306da77f4bd5eb::getInitializer($loader));
36
  } else {
37
  $map = require __DIR__ . '/autoload_namespaces.php';
38
  foreach ($map as $namespace => $path) {
2
 
3
  // autoload_real.php @generated by Composer
4
 
5
+ class ComposerAutoloaderInitb84937dca53879c3884a3634f19a0f23
6
  {
7
  private static $loader;
8
 
24
 
25
  require __DIR__ . '/platform_check.php';
26
 
27
+ spl_autoload_register(array('ComposerAutoloaderInitb84937dca53879c3884a3634f19a0f23', 'loadClassLoader'), true, true);
28
  self::$loader = $loader = new \Composer\Autoload\ClassLoader(\dirname(\dirname(__FILE__)));
29
+ spl_autoload_unregister(array('ComposerAutoloaderInitb84937dca53879c3884a3634f19a0f23', 'loadClassLoader'));
30
 
31
  $useStaticLoader = PHP_VERSION_ID >= 50600 && !defined('HHVM_VERSION') && (!function_exists('zend_loader_file_encoded') || !zend_loader_file_encoded());
32
  if ($useStaticLoader) {
33
  require __DIR__ . '/autoload_static.php';
34
 
35
+ call_user_func(\Composer\Autoload\ComposerStaticInitb84937dca53879c3884a3634f19a0f23::getInitializer($loader));
36
  } else {
37
  $map = require __DIR__ . '/autoload_namespaces.php';
38
  foreach ($map as $namespace => $path) {
vendor/composer/autoload_static.php CHANGED
@@ -4,7 +4,7 @@
4
 
5
  namespace Composer\Autoload;
6
 
7
- class ComposerStaticInit456e88198049a13916306da77f4bd5eb
8
  {
9
  public static $prefixLengthsPsr4 = array (
10
  'e' =>
@@ -27,9 +27,9 @@ class ComposerStaticInit456e88198049a13916306da77f4bd5eb
27
  public static function getInitializer(ClassLoader $loader)
28
  {
29
  return \Closure::bind(function () use ($loader) {
30
- $loader->prefixLengthsPsr4 = ComposerStaticInit456e88198049a13916306da77f4bd5eb::$prefixLengthsPsr4;
31
- $loader->prefixDirsPsr4 = ComposerStaticInit456e88198049a13916306da77f4bd5eb::$prefixDirsPsr4;
32
- $loader->classMap = ComposerStaticInit456e88198049a13916306da77f4bd5eb::$classMap;
33
 
34
  }, null, ClassLoader::class);
35
  }
4
 
5
  namespace Composer\Autoload;
6
 
7
+ class ComposerStaticInitb84937dca53879c3884a3634f19a0f23
8
  {
9
  public static $prefixLengthsPsr4 = array (
10
  'e' =>
27
  public static function getInitializer(ClassLoader $loader)
28
  {
29
  return \Closure::bind(function () use ($loader) {
30
+ $loader->prefixLengthsPsr4 = ComposerStaticInitb84937dca53879c3884a3634f19a0f23::$prefixLengthsPsr4;
31
+ $loader->prefixDirsPsr4 = ComposerStaticInitb84937dca53879c3884a3634f19a0f23::$prefixDirsPsr4;
32
+ $loader->classMap = ComposerStaticInitb84937dca53879c3884a3634f19a0f23::$classMap;
33
 
34
  }, null, ClassLoader::class);
35
  }
vendor/composer/installed.php CHANGED
@@ -1,22 +1,22 @@
1
  <?php return array(
2
  'root' => array(
3
- 'pretty_version' => '1.9.10',
4
- 'version' => '1.9.10.0',
5
  'type' => 'wordpress-plugin',
6
  'install_path' => __DIR__ . '/../../',
7
  'aliases' => array(),
8
- 'reference' => '2e3c5bd22d90169006413cf74ec3f4cc5baeaa7c',
9
  'name' => 'darylldoyle/safe-svg',
10
  'dev' => true,
11
  ),
12
  'versions' => array(
13
  'darylldoyle/safe-svg' => array(
14
- 'pretty_version' => '1.9.10',
15
- 'version' => '1.9.10.0',
16
  'type' => 'wordpress-plugin',
17
  'install_path' => __DIR__ . '/../../',
18
  'aliases' => array(),
19
- 'reference' => '2e3c5bd22d90169006413cf74ec3f4cc5baeaa7c',
20
  'dev_requirement' => false,
21
  ),
22
  'enshrined/svg-sanitize' => array(
1
  <?php return array(
2
  'root' => array(
3
+ 'pretty_version' => '2.0.0',
4
+ 'version' => '2.0.0.0',
5
  'type' => 'wordpress-plugin',
6
  'install_path' => __DIR__ . '/../../',
7
  'aliases' => array(),
8
+ 'reference' => '03e7bf5f8b26dbbdd3b80df6ce8b1400b2e46699',
9
  'name' => 'darylldoyle/safe-svg',
10
  'dev' => true,
11
  ),
12
  'versions' => array(
13
  'darylldoyle/safe-svg' => array(
14
+ 'pretty_version' => '2.0.0',
15
+ 'version' => '2.0.0.0',
16
  'type' => 'wordpress-plugin',
17
  'install_path' => __DIR__ . '/../../',
18
  'aliases' => array(),
19
+ 'reference' => '03e7bf5f8b26dbbdd3b80df6ce8b1400b2e46699',
20
  'dev_requirement' => false,
21
  ),
22
  'enshrined/svg-sanitize' => array(