Safe SVG - Version 2.0.0

Version Description

2022-04-06 =
Added: New filter, safe_svg_use_width_height_attributes, that can be used to change the order of attributes we use to determine the SVG dimensions (props @dkotter, @peterwilsoncc).
Changed: Documentation updates (props @j-hoffmann, @jeffpaul, @Zodiac1978).
Fixed: Use the viewBox attributes first for image dimensions. Ensure we don't use image dimensions that end with percent signs (props @dkotter, @peterwilsoncc).
Fixed: Make sure we use the full size SVG dimensions rather than the requested size, to avoid wrong sizes being used and duplicate height and width attributes (props @dkotter, @cadic).
Fixed: Ensure the tmp_name and name properties exist before we use them (props @dkotter, @aksld).

Release Info

Developer	10up
Plugin	Safe SVG
Version	2.0.0
Comparing to
See all releases

Code changes from version 1.9.10 to 2.0.0

Files changed (6) hide show

readme.txt +44 -37
safe-svg.php +85 -40
vendor/autoload.php +1 -1
vendor/composer/autoload_real.php +4 -4
vendor/composer/autoload_static.php +4 -4
vendor/composer/installed.php +6 -6

readme.txt CHANGED Viewed

	@@ -3,7 +3,7 @@ Contributors: 10up, enshrined
3	Tags: svg, sanitize, upload, sanitise, security, svg upload, image, vector, file, graphic, media, mime
4	Requires at least: 4.7
5	Tested up to: 5.9
6	- Stable tag: 1.9.10
7	Requires PHP: 7.0
8	License: GPLv2 or later
9	License URI: http://www.gnu.org/licenses/gpl-2.0.html
	@@ -66,12 +66,19 @@ They take one argument that must be returned. See below for examples:
66
67	== Changelog ==
68







69	= 1.9.10 - 2022-02-23 =
70	Note that this release bumps the WordPress minimum version from 4.0 to 4.7 and the PHP minimum version from 5.6 to 7.0.
71
72	* Changed: Bump WordPress minimum version from 4.0 to 4.7 (props [@cadic](https://github.com/cadic)).
73	* Changed: Bump PHP minimum version from 5.6 to 7.0 (props [@mehidi258](https://github.com/mehidi258), [@iamdharmesh](https://github.com/iamdharmesh), [@amdd-tim](https://github.com/amdd-tim), [@darylldoyle](https://github.com/darylldoyle), [@jeffpaul](https://github.com/jeffpaul)).
74	- * Changed: Update `enshrined/svg-sanitize` from 0.13.3 to 0.5.2 (props [@mehidi258](https://github.com/mehidi258), [@iamdharmesh](https://github.com/iamdharmesh), [@amdd-tim](https://github.com/amdd-tim), [@darylldoyle](https://github.com/darylldoyle), [@jeffpaul](https://github.com/jeffpaul), [@cadic](https://github.com/cadic)).
75	* Changed: Bump WordPress version "tested up to" 5.9 (props [@BBerg10up](https://github.com/BBerg10up), [@jeffpaul](https://github.com/jeffpaul), [@cadic](https://github.com/cadic)).
76	* Changed: Updated library location and added a new build step (props [@darylldoyle](https://github.com/darylldoyle), [@dkotter](https://github.com/dkotter)).
77	* Changed: Updated plugin assets and added docs and repo management workflows via GitHub Actions (props [Brooke Campbell](https://www.linkedin.com/in/brookecampbelldesign/), [@jeffpaul](https://github.com/jeffpaul)).
	@@ -80,120 +87,120 @@ They take one argument that must be returned. See below for examples:
80	* Fixed: Use calculated size for SVGs instead of using `false` (props [@dkotter](https://github.com/dkotter), [@darylldoyle](https://github.com/darylldoyle), [@fritteli](https://github.com/fritteli)).
81	* Fixed: Add better file type checking when looking for SVG files (props [@davidhamann](https://github.com/davidhamann), [@dkotter](https://github.com/dkotter), [@darylldoyle](https://github.com/darylldoyle)).
82
83	- = 1.9.9 - 2020-05-07=
84	* Fixed: Issue where 100% width is accidentally converted to 100px width (props [@joehoyle](https://github.com/joehoyle)).
85
86	- = 1.9.8 - 2020-05-07=
87	* Changed: Underlying library update.
88
89	- = 1.9.7 - 2019-12-10=
90	* Changed: Underlying library update.
91
92	- = 1.9.6 - 2019-11-07=
93	* Security: Underlying library update that fixes a security issue.
94
95	- = 1.9.5 - 2019-11-04=
96	* Security: Underlying library update that fixes some security issues.
97
98	- = 1.9.4 - 2019-08-21=
99	* Fixed: Bug causing lots of error log output to do with `safe_svg::fix_direct_image_output()`.
100
101	- = 1.9.3 - 2019-02-19=
102	* Fixed: Bug causing 0 height and width SVGs.
103
104	- = 1.9.2 - 2019-02-14=
105	* Fixed: Warning about an Illegal string offset.
106	* Fixed: Issue if something other than a WP_Post object is passed in via the `wp_get_attachment_image_attributes` filter.
107
108	- = 1.9.1 - 2019-01-29=
109	* Fixed: Warning that was being generated by a change made in 1.9.0.
110
111	- = 1.9.0 - 2019-01-03=
112	* Changed: If an image is the correct ratio, allow skipping of the crop popup when setting header/logo images with SVGs.
113
114	- = 1.8.1 - 2018-11-22=
115	* Changed: Don't let errors break upload if uploading an empty file
116	* Fixed: Featured image display in Gutenberg. Props [@dmhendricks](https://github.com/dmhendricks) :)
117
118	- = 1.8.0 - 2018-11-04=
119	* Added: Pull SVG dimensions from the width/height or viewbox attributes of the SVG.
120	* Added: role="img" attribute to SVGs.
121
122	- = 1.7.1 - 2018-10-01=
123	* Changed: Underlying lib and added new filters for filtering allowed tags and attributes.
124
125	- = 1.7.0 - 2018-10-01=
126	* Added: Allow devs to filter tags and attrs within WordPress.
127
128	- = 1.6.1 - 2018-03-17=
129	* Changed: Images will now use the size chosen when inserted into the page rather than default to 2000px everytime.
130
131	- = 1.6.0 - 2017-12-20=
132	* Added: Fairly big new feature - The library now allows `<use>` elements as long as they don't reference external files!
133	* Fixed: You can now also embed safe image types within the SVG and not have them stripped (PNG, GIF, JPG).
134
135	- = 1.5.3 - 2017-11-16=
136	* Fixed: 1.5.2 introduced an issue that can freeze the media library. This fixes that issue. Sorry!
137
138	- = 1.5.2 - 2017-11-15=
139	* Changed: Tested with 4.9.0.
140	* Fixed: Issue with SVGs when regenerating media.
141
142	- = 1.5.1 - 2017-08-21=
143	* Fixed: PHP strict standards warning.
144
145	- = 1.5.0 - 2017-06-20=
146	* Changed: Library update.
147	* Changed: role, aria- and data- attributes are now whitelisted to improve accessibility.
148
149	- = 1.4.5 - 2017-06-18=
150	* Changed: Library update.
151	* Fixed: some issues with defining the size of an SVG.
152
153	- = 1.4.4 - 2017-06-07=
154	* Fixed: SVGs now display as featured images in the admin area.
155
156	- = 1.4.3 - 2017-03-06=
157	* Added: WordPress 4.7.3 Compatibility.
158	* Changed: Expanded SVG previews in media library.
159
160	- = 1.4.2 - 2017-02-26=
161	* Added: Check / fix for when mb_* functions are not available.
162
163	- = 1.4.1 - 2017-02-23=
164	* Changed: Underlying library to allow attributes/tags in all case variations.
165
166	- = 1.4.0 - 2017-02-21=
167	* Added: Ability to preview SVG on both grid and list view in the wp-admin media area
168	* Changed: Underlying library version.
169
170	- = 1.3.4 - 2017-02-20=
171	* Fixed: SVGZ uploads failing and not sanitising correctly.
172
173	- = 1.3.3 - 2017-02-15=
174	* Changed: Allow SVGZ uploads.
175
176	- = 1.3.2 - 2017-01-27=
177	* Fixed: Mime type issue in 4.7.1. Mad props to [@LewisCowles1986](https://github.com/LewisCowles1986).
178
179	- = 1.3.1 - 2016-12-01=
180	* Changed: Underlying library version.
181
182	- = 1.3.0 - 2016-10-10=
183	* Changed: Minify SVGs after cleaning so they can be loaded correctly through `file_get_contents`.
184
185	- = 1.2.0 - 2016-02-27=
186	* Added: Support for camel case attributes such as viewBox.
187
188	- = 1.1.1 - 2016-07-06=
189	* Fixed: Issue with empty svg elements self-closing.
190
191	- = 1.1.0 - 2015-07-04=
192	* Added: I18n.
193	* Added: da, de ,en, es, fr, nl and ru translations.
194	* Fixed: Issue with filename not being pulled over on failed uploads.
195
196	- = 1.0.0 - 2015-07-03=
197	* Initial Release.
198
199	== Upgrade Notice ==


3	Tags: svg, sanitize, upload, sanitise, security, svg upload, image, vector, file, graphic, media, mime
4	Requires at least: 4.7
5	Tested up to: 5.9
6	+ Stable tag: 2.0.0
7	Requires PHP: 7.0
8	License: GPLv2 or later
9	License URI: http://www.gnu.org/licenses/gpl-2.0.html

66
67	== Changelog ==
68
69	+ = 2.0.0 - 2022-04-06 =
70	+ * Added: New filter, `safe_svg_use_width_height_attributes`, that can be used to change the order of attributes we use to determine the SVG dimensions (props [@dkotter](https://github.com/dkotter), [@peterwilsoncc](https://github.com/peterwilsoncc)).
71	+ * Changed: Documentation updates (props [@j-hoffmann](https://github.com/j-hoffmann), [@jeffpaul](https://github.com/jeffpaul), [@Zodiac1978](https://github.com/Zodiac1978)).
72	+ * Fixed: Use the `viewBox` attributes first for image dimensions. Ensure we don't use image dimensions that end with percent signs (props [@dkotter](https://github.com/dkotter), [@peterwilsoncc](https://github.com/peterwilsoncc)).
73	+ * Fixed: Make sure we use the full size SVG dimensions rather than the requested size, to avoid wrong sizes being used and duplicate height and width attributes (props [@dkotter](https://github.com/dkotter), [@cadic](https://github.com/cadic)).
74	+ * Fixed: Ensure the `tmp_name` and `name` properties exist before we use them (props [@dkotter](https://github.com/dkotter), [@aksld](https://github.com/aksld)).
75	+
76	= 1.9.10 - 2022-02-23 =
77	Note that this release bumps the WordPress minimum version from 4.0 to 4.7 and the PHP minimum version from 5.6 to 7.0.
78
79	* Changed: Bump WordPress minimum version from 4.0 to 4.7 (props [@cadic](https://github.com/cadic)).
80	* Changed: Bump PHP minimum version from 5.6 to 7.0 (props [@mehidi258](https://github.com/mehidi258), [@iamdharmesh](https://github.com/iamdharmesh), [@amdd-tim](https://github.com/amdd-tim), [@darylldoyle](https://github.com/darylldoyle), [@jeffpaul](https://github.com/jeffpaul)).
81	+ * Changed: Update `enshrined/svg-sanitize` from 0.13.3 to 0.15.2 (props [@mehidi258](https://github.com/mehidi258), [@iamdharmesh](https://github.com/iamdharmesh), [@amdd-tim](https://github.com/amdd-tim), [@darylldoyle](https://github.com/darylldoyle), [@jeffpaul](https://github.com/jeffpaul), [@cadic](https://github.com/cadic)).
82	* Changed: Bump WordPress version "tested up to" 5.9 (props [@BBerg10up](https://github.com/BBerg10up), [@jeffpaul](https://github.com/jeffpaul), [@cadic](https://github.com/cadic)).
83	* Changed: Updated library location and added a new build step (props [@darylldoyle](https://github.com/darylldoyle), [@dkotter](https://github.com/dkotter)).
84	* Changed: Updated plugin assets and added docs and repo management workflows via GitHub Actions (props [Brooke Campbell](https://www.linkedin.com/in/brookecampbelldesign/), [@jeffpaul](https://github.com/jeffpaul)).

87	* Fixed: Use calculated size for SVGs instead of using `false` (props [@dkotter](https://github.com/dkotter), [@darylldoyle](https://github.com/darylldoyle), [@fritteli](https://github.com/fritteli)).
88	* Fixed: Add better file type checking when looking for SVG files (props [@davidhamann](https://github.com/davidhamann), [@dkotter](https://github.com/dkotter), [@darylldoyle](https://github.com/darylldoyle)).
89
90	+ = 1.9.9 - 2020-05-07 =
91	* Fixed: Issue where 100% width is accidentally converted to 100px width (props [@joehoyle](https://github.com/joehoyle)).
92
93	+ = 1.9.8 - 2020-05-07 =
94	* Changed: Underlying library update.
95
96	+ = 1.9.7 - 2019-12-10 =
97	* Changed: Underlying library update.
98
99	+ = 1.9.6 - 2019-11-07 =
100	* Security: Underlying library update that fixes a security issue.
101
102	+ = 1.9.5 - 2019-11-04 =
103	* Security: Underlying library update that fixes some security issues.
104
105	+ = 1.9.4 - 2019-08-21 =
106	* Fixed: Bug causing lots of error log output to do with `safe_svg::fix_direct_image_output()`.
107
108	+ = 1.9.3 - 2019-02-19 =
109	* Fixed: Bug causing 0 height and width SVGs.
110
111	+ = 1.9.2 - 2019-02-14 =
112	* Fixed: Warning about an Illegal string offset.
113	* Fixed: Issue if something other than a WP_Post object is passed in via the `wp_get_attachment_image_attributes` filter.
114
115	+ = 1.9.1 - 2019-01-29 =
116	* Fixed: Warning that was being generated by a change made in 1.9.0.
117
118	+ = 1.9.0 - 2019-01-03 =
119	* Changed: If an image is the correct ratio, allow skipping of the crop popup when setting header/logo images with SVGs.
120
121	+ = 1.8.1 - 2018-11-22 =
122	* Changed: Don't let errors break upload if uploading an empty file
123	* Fixed: Featured image display in Gutenberg. Props [@dmhendricks](https://github.com/dmhendricks) :)
124
125	+ = 1.8.0 - 2018-11-04 =
126	* Added: Pull SVG dimensions from the width/height or viewbox attributes of the SVG.
127	* Added: role="img" attribute to SVGs.
128
129	+ = 1.7.1 - 2018-10-01 =
130	* Changed: Underlying lib and added new filters for filtering allowed tags and attributes.
131
132	+ = 1.7.0 - 2018-10-01 =
133	* Added: Allow devs to filter tags and attrs within WordPress.
134
135	+ = 1.6.1 - 2018-03-17 =
136	* Changed: Images will now use the size chosen when inserted into the page rather than default to 2000px everytime.
137
138	+ = 1.6.0 - 2017-12-20 =
139	* Added: Fairly big new feature - The library now allows `<use>` elements as long as they don't reference external files!
140	* Fixed: You can now also embed safe image types within the SVG and not have them stripped (PNG, GIF, JPG).
141
142	+ = 1.5.3 - 2017-11-16 =
143	* Fixed: 1.5.2 introduced an issue that can freeze the media library. This fixes that issue. Sorry!
144
145	+ = 1.5.2 - 2017-11-15 =
146	* Changed: Tested with 4.9.0.
147	* Fixed: Issue with SVGs when regenerating media.
148
149	+ = 1.5.1 - 2017-08-21 =
150	* Fixed: PHP strict standards warning.
151
152	+ = 1.5.0 - 2017-06-20 =
153	* Changed: Library update.
154	* Changed: role, aria- and data- attributes are now whitelisted to improve accessibility.
155
156	+ = 1.4.5 - 2017-06-18 =
157	* Changed: Library update.
158	* Fixed: some issues with defining the size of an SVG.
159
160	+ = 1.4.4 - 2017-06-07 =
161	* Fixed: SVGs now display as featured images in the admin area.
162
163	+ = 1.4.3 - 2017-03-06 =
164	* Added: WordPress 4.7.3 Compatibility.
165	* Changed: Expanded SVG previews in media library.
166
167	+ = 1.4.2 - 2017-02-26 =
168	* Added: Check / fix for when mb_* functions are not available.
169
170	+ = 1.4.1 - 2017-02-23 =
171	* Changed: Underlying library to allow attributes/tags in all case variations.
172
173	+ = 1.4.0 - 2017-02-21 =
174	* Added: Ability to preview SVG on both grid and list view in the wp-admin media area
175	* Changed: Underlying library version.
176
177	+ = 1.3.4 - 2017-02-20 =
178	* Fixed: SVGZ uploads failing and not sanitising correctly.
179
180	+ = 1.3.3 - 2017-02-15 =
181	* Changed: Allow SVGZ uploads.
182
183	+ = 1.3.2 - 2017-01-27 =
184	* Fixed: Mime type issue in 4.7.1. Mad props to [@LewisCowles1986](https://github.com/LewisCowles1986).
185
186	+ = 1.3.1 - 2016-12-01 =
187	* Changed: Underlying library version.
188
189	+ = 1.3.0 - 2016-10-10 =
190	* Changed: Minify SVGs after cleaning so they can be loaded correctly through `file_get_contents`.
191
192	+ = 1.2.0 - 2016-02-27 =
193	* Added: Support for camel case attributes such as viewBox.
194
195	+ = 1.1.1 - 2016-07-06 =
196	* Fixed: Issue with empty svg elements self-closing.
197
198	+ = 1.1.0 - 2015-07-04 =
199	* Added: I18n.
200	* Added: da, de ,en, es, fr, nl and ru translations.
201	* Fixed: Issue with filename not being pulled over on failed uploads.
202
203	+ = 1.0.0 - 2015-07-03 =
204	* Initial Release.
205
206	== Upgrade Notice ==

safe-svg.php CHANGED Viewed

@@ -1,9 +1,9 @@
             <?php
             /*
              * Plugin Name:       Safe SVG
-            -
             * Plugin URI:        https://wpsvg.com/
-            -
             * Description:       Allows SVG uploads into WordPress and sanitizes the SVG before saving it
-            -
             * Version:           1.9.10
              * Requires at least: 4.7
              * Requires PHP:      7.0
              * Author:            10up
@@ -78,7 +78,7 @@ if ( ! class_exists( 'safe_svg' ) ) {
                         add_filter( 'wp_generate_attachment_metadata', array( $this, 'skip_svg_regeneration' ), 10, 2 );
                         add_filter( 'plugin_action_links_' . plugin_basename( __FILE__ ), array( $this, 'add_upgrade_link' ) );
                         add_filter( 'wp_get_attachment_metadata', array( $this, 'metadata_error_fix' ), 10, 2 );
-            -
                        add_filter( 'wp_get_attachment_image_attributes', array( $this, 'fix_direct_image_output' ), 10, 3 );
+                    }
                     /**
@@ -133,7 +133,13 @@ if ( ! class_exists( 'safe_svg' ) ) {
                      */
                     public function check_for_svg( $file ) {
-            -
                        $wp_filetype = wp_check_filetype_and_ext( $file['tmp_name'], $file['name'] );
                         $type        = ! empty( $wp_filetype['type'] ) ? $wp_filetype['type'] : '';
                         if ( $type === 'image/svg+xml' ) {
@@ -270,11 +276,13 @@ if ( ! class_exists( 'safe_svg' ) ) {
                      */
                     public function one_pixel_fix( $image, $attachment_id, $size, $icon ) {
                         if ( get_post_mime_type( $attachment_id ) === 'image/svg+xml' ) {
-            -
                            if ( empty( $image[1] ) ) {
-            -
                                $image[1] = 100;
-            -
                            }
-            -
                            if ( empty( $image[2] ) ) {
                                 $image[2] = 100;
+                            }
+                        }
@@ -454,7 +462,7 @@ if ( ! class_exists( 'safe_svg' ) ) {
                     /**
                      * Get SVG size from the width/height or viewport.
+                     *
-            -
                     * @param $svg
+                     *
                      * @return array|bool
                      */
@@ -464,16 +472,43 @@ if ( ! class_exists( 'safe_svg' ) ) {
                         $height = 0;
                         if ( $svg ) {
                             $attributes = $svg->attributes();
-            -
                            if ( isset( $attributes->width, $attributes->height ) && is_numeric( (float)$attributes->width ) && is_numeric( (float)$attributes->height ) ) {
-            -
                                $width  = floatval( $attributes->width );
-            -
                                $height = floatval( $attributes->height );
-            -
                            } elseif ( isset( $attributes->viewBox ) ) {
                                 $sizes = explode( ' ', $attributes->viewBox );
                                 if ( isset( $sizes[2], $sizes[3] ) ) {
-            -
                                    $width  = floatval( $sizes[2] );
-            -
                                    $height = floatval( $sizes[3] );
+                                }
                             } else {
                                 return false;
+                            }
+                        }
@@ -486,39 +521,49 @@ if ( ! class_exists( 'safe_svg' ) ) {
+                    }
                     /**
-            -
                     * Fix the output of images using wp_get_attachment_image
+                     *
-            -
                     * @param array $attr Attributes for the image markup.
-            -
                     * @param WP_Post $attachment Image attachment post.
-            -
                     * @param string|array $size Requested size. Image size or array of width and height values
-            -
                     *                                 (in that order). Default 'thumbnail'.
                      */
-            -
                    public function fix_direct_image_output( $attr, $attachment, $size = 'thumbnail' ) {
-            -
-            -
                        // If we're not getting a WP_Post object, bail early.
-            -
                        // @see https://wordpress.org/support/topic/notice-trying-to-get-property-id/
-            -
                        if ( ! $attachment instanceof WP_Post ) {
-            -
                            return $attr;
+                        }
-            -
                        $mime = get_post_mime_type( $attachment->ID );
-            -
                        if ( 'image/svg+xml' === $mime ) {
-            -
                            $default_height = 100;
-            -
                            $default_width  = 100;
-            -
-            -
                            $dimensions = $this->svg_dimensions( get_attached_file( $attachment->ID ) );
-            -
                            if ( $dimensions ) {
-            -
                                $default_height = $dimensions['height'];
-            -
                                $default_width  = $dimensions['width'];
-            -
                            }
-            -
                            $attr['height'] = $default_height;
-            -
                            $attr['width']  = $default_width;
+                        }
-            -
                        return $attr;
+                    }
+                }
+            }


1	<?php
2	/*
3	* Plugin Name: Safe SVG
4	+ * Plugin URI: https://wordpress.org/plugins/safe-svg/
5	+ * Description: Enable SVG uploads and sanitize them to stop XML/SVG vulnerabilities in your WordPress website
6	+ * Version: 2.0.0
7	* Requires at least: 4.7
8	* Requires PHP: 7.0
9	* Author: 10up

78	add_filter( 'wp_generate_attachment_metadata', array( $this, 'skip_svg_regeneration' ), 10, 2 );
79	add_filter( 'plugin_action_links_' . plugin_basename( __FILE__ ), array( $this, 'add_upgrade_link' ) );
80	add_filter( 'wp_get_attachment_metadata', array( $this, 'metadata_error_fix' ), 10, 2 );
81	+ add_filter( 'wp_calculate_image_srcset_meta', array( $this, 'disable_srcset' ), 10, 4 );
82	}
83
84	/**

133	*/
134	public function check_for_svg( $file ) {
135
136	+ // Ensure we have a proper file path before processing
137	+ if ( ! isset( $file['tmp_name'] ) ) {
138	+ return $file;
139	+ }
140	+
141	+ $file_name = isset( $file['name'] ) ? $file['name'] : '';
142	+ $wp_filetype = wp_check_filetype_and_ext( $file['tmp_name'], $file_name );
143	$type = ! empty( $wp_filetype['type'] ) ? $wp_filetype['type'] : '';
144
145	if ( $type === 'image/svg+xml' ) {

276	*/
277	public function one_pixel_fix( $image, $attachment_id, $size, $icon ) {
278	if ( get_post_mime_type( $attachment_id ) === 'image/svg+xml' ) {
279	+ $dimensions = $this->svg_dimensions( get_attached_file( $attachment_id ) );


280
281	+ if ( $dimensions ) {
282	+ $image[1] = $dimensions['width'];
283	+ $image[2] = $dimensions['height'];
284	+ } else {
285	+ $image[1] = 100;
286	$image[2] = 100;
287	}
288	}

462	/**
463	* Get SVG size from the width/height or viewport.
464	*
465	+ * @param string\|false $svg The file path to where the SVG file should be, false otherwise.
466	*
467	* @return array\|bool
468	*/

472	$height = 0;
473	if ( $svg ) {
474	$attributes = $svg->attributes();
475	+
476	+ if ( isset( $attributes->viewBox ) ) {


477	$sizes = explode( ' ', $attributes->viewBox );
478	if ( isset( $sizes[2], $sizes[3] ) ) {
479	+ $viewbox_width = floatval( $sizes[2] );
480	+ $viewbox_height = floatval( $sizes[3] );
481	}
482	+ }
483	+
484	+ if ( isset( $attributes->width, $attributes->height ) && is_numeric( (float) $attributes->width ) && is_numeric( (float) $attributes->height ) && ! $this->str_ends_with( (string) $attributes->width, '%' ) && ! $this->str_ends_with( (string) $attributes->height, '%' ) ) {
485	+ $attr_width = floatval( $attributes->width );
486	+ $attr_height = floatval( $attributes->height );
487	+ }
488	+
489	+ /**
490	+ * Decide which attributes of the SVG we use first for image tag dimensions.
491	+ *
492	+ * We default to using the parameters in the viewbox attribute but
493	+ * that can be overridden using this filter if you'd prefer to use
494	+ * the width and height attributes.
495	+ *
496	+ * @hook safe_svg_use_width_height_attributes
497	+ *
498	+ * @param {bool} $false If the width & height attributes should be used first. Default false.
499	+ * @param {string} $svg The file path to the SVG.
500	+ *
501	+ * @return {bool} If we should use the width & height attributes first or not.
502	+ */
503	+ if ( (bool) apply_filters( 'safe_svg_use_width_height_attributes', false, $svg ) ) {
504	+ $width = $attr_width;
505	+ $height = $attr_height;
506	} else {
507	+ $width = $viewbox_width;
508	+ $height = $viewbox_height;
509	+ }
510	+
511	+ if ( ! $width && ! $height ) {
512	return false;
513	}
514	}

521	}
522
523	/**
524	+ * Disable the creation of srcset on SVG images.
525	+ *
526	+ * @param array $image_meta The image meta data.
527	+ * @param int[] $size_array {
528	+ * An array of requested width and height values.
529	*
530	+ * @type int $0 The width in pixels.
531	+ * @type int $1 The height in pixels.
532	+ * }
533	+ * @param string $image_src The 'src' of the image.
534	+ * @param int $attachment_id The image attachment ID.
535	*/
536	+ public function disable_srcset( $image_meta, $size_array, $image_src, $attachment_id ) {
537	+ if ( $attachment_id && 'image/svg+xml' === get_post_mime_type( $attachment_id ) ) {
538	+ $image_meta['sizes'] = array();



539	}
540
541	+ return $image_meta;
542	+ }




543
544	+ /**
545	+ * Polyfill for `str_ends_with()` function added in PHP 8.0.
546	+ *
547	+ * Performs a case-sensitive check indicating if
548	+ * the haystack ends with needle.
549	+ *
550	+ * @param string $haystack The string to search in.
551	+ * @param string $needle The substring to search for in the `$haystack`.
552	+ * @return bool True if `$haystack` ends with `$needle`, otherwise false.
553	+ */
554	+ protected function str_ends_with( $haystack, $needle ) {
555	+ if ( function_exists( 'str_ends_with' ) ) {
556	+ return str_ends_with( $haystack, $needle );
557	+ }
558
559	+ if ( '' === $haystack && '' !== $needle ) {
560	+ return false;
561	}
562
563	+ $len = strlen( $needle );
564	+ return 0 === substr_compare( $haystack, $needle, -$len, $len );
565	}
566	+
567	}
568	}
569

vendor/autoload.php CHANGED Viewed

	@@ -4,4 +4,4 @@
4
5	require_once __DIR__ . '/composer/autoload_real.php';
6
7	- return ~~ComposerAutoloaderInit456e88198049a13916306da77f4bd5eb~~::getLoader();


4
5	require_once __DIR__ . '/composer/autoload_real.php';
6
7	+ return ComposerAutoloaderInitb84937dca53879c3884a3634f19a0f23::getLoader();

vendor/composer/autoload_real.php CHANGED Viewed

	@@ -2,7 +2,7 @@
2
3	// autoload_real.php @generated by Composer
4
5	- class ~~ComposerAutoloaderInit456e88198049a13916306da77f4bd5eb~~
6	{
7	private static $loader;
8
	@@ -24,15 +24,15 @@ class ComposerAutoloaderInit456e88198049a13916306da77f4bd5eb
24
25	require __DIR__ . '/platform_check.php';
26
27	- spl_autoload_register(array('~~ComposerAutoloaderInit456e88198049a13916306da77f4bd5eb~~', 'loadClassLoader'), true, true);
28	self::$loader = $loader = new \Composer\Autoload\ClassLoader(\dirname(\dirname(__FILE__)));
29	- spl_autoload_unregister(array('~~ComposerAutoloaderInit456e88198049a13916306da77f4bd5eb~~', 'loadClassLoader'));
30
31	$useStaticLoader = PHP_VERSION_ID >= 50600 && !defined('HHVM_VERSION') && (!function_exists('zend_loader_file_encoded') \|\| !zend_loader_file_encoded());
32	if ($useStaticLoader) {
33	require __DIR__ . '/autoload_static.php';
34
35	- call_user_func(\Composer\Autoload\~~ComposerStaticInit456e88198049a13916306da77f4bd5eb~~::getInitializer($loader));
36	} else {
37	$map = require __DIR__ . '/autoload_namespaces.php';
38	foreach ($map as $namespace => $path) {


2
3	// autoload_real.php @generated by Composer
4
5	+ class ComposerAutoloaderInitb84937dca53879c3884a3634f19a0f23
6	{
7	private static $loader;
8

24
25	require __DIR__ . '/platform_check.php';
26
27	+ spl_autoload_register(array('ComposerAutoloaderInitb84937dca53879c3884a3634f19a0f23', 'loadClassLoader'), true, true);
28	self::$loader = $loader = new \Composer\Autoload\ClassLoader(\dirname(\dirname(__FILE__)));
29	+ spl_autoload_unregister(array('ComposerAutoloaderInitb84937dca53879c3884a3634f19a0f23', 'loadClassLoader'));
30
31	$useStaticLoader = PHP_VERSION_ID >= 50600 && !defined('HHVM_VERSION') && (!function_exists('zend_loader_file_encoded') \|\| !zend_loader_file_encoded());
32	if ($useStaticLoader) {
33	require __DIR__ . '/autoload_static.php';
34
35	+ call_user_func(\Composer\Autoload\ComposerStaticInitb84937dca53879c3884a3634f19a0f23::getInitializer($loader));
36	} else {
37	$map = require __DIR__ . '/autoload_namespaces.php';
38	foreach ($map as $namespace => $path) {

vendor/composer/autoload_static.php CHANGED Viewed

	@@ -4,7 +4,7 @@
4
5	namespace Composer\Autoload;
6
7	- class ~~ComposerStaticInit456e88198049a13916306da77f4bd5eb~~
8	{
9	public static $prefixLengthsPsr4 = array (
10	'e' =>
	@@ -27,9 +27,9 @@ class ComposerStaticInit456e88198049a13916306da77f4bd5eb
27	public static function getInitializer(ClassLoader $loader)
28	{
29	return \Closure::bind(function () use ($loader) {
30	- $loader->prefixLengthsPsr4 = ~~ComposerStaticInit456e88198049a13916306da77f4bd5eb~~::$prefixLengthsPsr4;
31	- $loader->prefixDirsPsr4 = ~~ComposerStaticInit456e88198049a13916306da77f4bd5eb~~::$prefixDirsPsr4;
32	- $loader->classMap = ~~ComposerStaticInit456e88198049a13916306da77f4bd5eb~~::$classMap;
33
34	}, null, ClassLoader::class);
35	}


4
5	namespace Composer\Autoload;
6
7	+ class ComposerStaticInitb84937dca53879c3884a3634f19a0f23
8	{
9	public static $prefixLengthsPsr4 = array (
10	'e' =>

27	public static function getInitializer(ClassLoader $loader)
28	{
29	return \Closure::bind(function () use ($loader) {
30	+ $loader->prefixLengthsPsr4 = ComposerStaticInitb84937dca53879c3884a3634f19a0f23::$prefixLengthsPsr4;
31	+ $loader->prefixDirsPsr4 = ComposerStaticInitb84937dca53879c3884a3634f19a0f23::$prefixDirsPsr4;
32	+ $loader->classMap = ComposerStaticInitb84937dca53879c3884a3634f19a0f23::$classMap;
33
34	}, null, ClassLoader::class);
35	}

vendor/composer/installed.php CHANGED Viewed

	@@ -1,22 +1,22 @@
1	<?php return array(
2	'root' => array(
3	- 'pretty_version' => '1.9.10',
4	- 'version' => '1.9.10.0',
5	'type' => 'wordpress-plugin',
6	'install_path' => __DIR__ . '/../../',
7	'aliases' => array(),
8	- 'reference' => '~~2e3c5bd22d90169006413cf74ec3f4cc5baeaa7c~~',
9	'name' => 'darylldoyle/safe-svg',
10	'dev' => true,
11	),
12	'versions' => array(
13	'darylldoyle/safe-svg' => array(
14	- 'pretty_version' => '1.9.10',
15	- 'version' => '1.9.10.0',
16	'type' => 'wordpress-plugin',
17	'install_path' => __DIR__ . '/../../',
18	'aliases' => array(),
19	- 'reference' => '~~2e3c5bd22d90169006413cf74ec3f4cc5baeaa7c~~',
20	'dev_requirement' => false,
21	),
22	'enshrined/svg-sanitize' => array(


1	<?php return array(
2	'root' => array(
3	+ 'pretty_version' => '2.0.0',
4	+ 'version' => '2.0.0.0',
5	'type' => 'wordpress-plugin',
6	'install_path' => __DIR__ . '/../../',
7	'aliases' => array(),
8	+ 'reference' => '03e7bf5f8b26dbbdd3b80df6ce8b1400b2e46699',
9	'name' => 'darylldoyle/safe-svg',
10	'dev' => true,
11	),
12	'versions' => array(
13	'darylldoyle/safe-svg' => array(
14	+ 'pretty_version' => '2.0.0',
15	+ 'version' => '2.0.0.0',
16	'type' => 'wordpress-plugin',
17	'install_path' => __DIR__ . '/../../',
18	'aliases' => array(),
19	+ 'reference' => '03e7bf5f8b26dbbdd3b80df6ce8b1400b2e46699',
20	'dev_requirement' => false,
21	),
22	'enshrined/svg-sanitize' => array(