Safe SVG - Version 2.0.1

Version Description

2022-04-19 =
Changed: Documentation updates (props @jeffpaul, @peterwilsoncc).
Fixed: Ensure our height and width attributes are set before using them (props @dkotter, @r8r, @jerturowetz, @cadic).
Fixed: Support for installing via packagist.org (props @roborourke, @peterwilsoncc).

Release Info

Developer	10up
Plugin	Safe SVG
Version	2.0.1
Comparing to
See all releases

Code changes from version 2.0.0 to 2.0.1

Files changed (10) hide show

readme.txt +6 -1
safe-svg.php +19 -7
vendor/autoload.php +6 -1
vendor/composer/InstalledVersions.php +2 -0
vendor/composer/autoload_classmap.php +1 -1
vendor/composer/autoload_namespaces.php +1 -1
vendor/composer/autoload_psr4.php +1 -1
vendor/composer/autoload_real.php +7 -26
vendor/composer/autoload_static.php +4 -4
vendor/composer/installed.php +6 -6

readme.txt CHANGED Viewed

	@@ -3,7 +3,7 @@ Contributors: 10up, enshrined
3	Tags: svg, sanitize, upload, sanitise, security, svg upload, image, vector, file, graphic, media, mime
4	Requires at least: 4.7
5	Tested up to: 5.9
6	- Stable tag: 2.0.0
7	Requires PHP: 7.0
8	License: GPLv2 or later
9	License URI: http://www.gnu.org/licenses/gpl-2.0.html
	@@ -66,6 +66,11 @@ They take one argument that must be returned. See below for examples:
66
67	== Changelog ==
68





69	= 2.0.0 - 2022-04-06 =
70	* Added: New filter, `safe_svg_use_width_height_attributes`, that can be used to change the order of attributes we use to determine the SVG dimensions (props [@dkotter](https://github.com/dkotter), [@peterwilsoncc](https://github.com/peterwilsoncc)).
71	* Changed: Documentation updates (props [@j-hoffmann](https://github.com/j-hoffmann), [@jeffpaul](https://github.com/jeffpaul), [@Zodiac1978](https://github.com/Zodiac1978)).


3	Tags: svg, sanitize, upload, sanitise, security, svg upload, image, vector, file, graphic, media, mime
4	Requires at least: 4.7
5	Tested up to: 5.9
6	+ Stable tag: 2.0.1
7	Requires PHP: 7.0
8	License: GPLv2 or later
9	License URI: http://www.gnu.org/licenses/gpl-2.0.html

66
67	== Changelog ==
68
69	+ = 2.0.1 - 2022-04-19 =
70	+ * Changed: Documentation updates (props [@jeffpaul](https://github.com/jeffpaul), [@peterwilsoncc](https://github.com/peterwilsoncc)).
71	+ * Fixed: Ensure our height and width attributes are set before using them (props [@dkotter](https://github.com/dkotter), [@r8r](https://github.com/r8r), [@jerturowetz](https://github.com/jerturowetz), [@cadic](https://github.com/cadic)).
72	+ * Fixed: Support for installing via packagist.org (props [@roborourke](https://github.com/roborourke), [@peterwilsoncc](https://github.com/peterwilsoncc)).
73	+
74	= 2.0.0 - 2022-04-06 =
75	* Added: New filter, `safe_svg_use_width_height_attributes`, that can be used to change the order of attributes we use to determine the SVG dimensions (props [@dkotter](https://github.com/dkotter), [@peterwilsoncc](https://github.com/peterwilsoncc)).
76	* Changed: Documentation updates (props [@j-hoffmann](https://github.com/j-hoffmann), [@jeffpaul](https://github.com/jeffpaul), [@Zodiac1978](https://github.com/Zodiac1978)).

safe-svg.php CHANGED Viewed

	@@ -3,7 +3,7 @@
3	* Plugin Name: Safe SVG
4	* Plugin URI: https://wordpress.org/plugins/safe-svg/
5	* Description: Enable SVG uploads and sanitize them to stop XML/SVG vulnerabilities in your WordPress website
6	- * Version: 2.0.0
7	* Requires at least: 4.7
8	* Requires PHP: 7.0
9	* Author: 10up
	@@ -19,7 +19,7 @@ defined( 'ABSPATH' ) or die( 'Really?' );
19	// Try and include our autoloader.
20	if ( is_readable( __DIR__ . '/vendor/autoload.php' ) ) {
21	require __DIR__ . '/vendor/autoload.php';
22	- } ~~else~~ {
23	add_action(
24	'admin_notices',
25	function() {
	@@ -500,12 +500,24 @@ if ( ! class_exists( 'safe_svg' ) ) {
500	*
501	* @return {bool} If we should use the width & height attributes first or not.
502	*/
503	- if ( (bool) apply_filters( 'safe_svg_use_width_height_attributes', false, $svg ) ~~) {~~
504	- ~~$width = $attr_width;~~
505	- $~~height~~ = ~~$attr_height;~~







506	} else {
507	- $~~width =~~ $~~viewbox_width;~~
508	- $~~height~~ = $~~viewbox_height~~;





509	}
510
511	if ( ! $width && ! $height ) {


3	* Plugin Name: Safe SVG
4	* Plugin URI: https://wordpress.org/plugins/safe-svg/
5	* Description: Enable SVG uploads and sanitize them to stop XML/SVG vulnerabilities in your WordPress website
6	+ * Version: 2.0.1
7	* Requires at least: 4.7
8	* Requires PHP: 7.0
9	* Author: 10up

19	// Try and include our autoloader.
20	if ( is_readable( __DIR__ . '/vendor/autoload.php' ) ) {
21	require __DIR__ . '/vendor/autoload.php';
22	+ } elseif ( ! class_exists( 'enshrined\\svgSanitize\\Sanitizer' ) ) {
23	add_action(
24	'admin_notices',
25	function() {

500	*
501	* @return {bool} If we should use the width & height attributes first or not.
502	*/
503	+ $use_width_height = (bool) apply_filters( 'safe_svg_use_width_height_attributes', false, $svg );
504	+
505	+ if ( $use_width_height ) {
506	+ if ( isset( $attr_width, $attr_height ) ) {
507	+ $width = $attr_width;
508	+ $height = $attr_height;
509	+ } elseif ( isset( $viewbox_width, $viewbox_height ) ) {
510	+ $width = $viewbox_width;
511	+ $height = $viewbox_height;
512	+ }
513	} else {
514	+ if ( isset( $viewbox_width, $viewbox_height ) ) {
515	+ $width = $viewbox_width;
516	+ $height = $viewbox_height;
517	+ } elseif ( isset( $attr_width, $attr_height ) ) {
518	+ $width = $attr_width;
519	+ $height = $attr_height;
520	+ }
521	}
522
523	if ( ! $width && ! $height ) {

vendor/autoload.php CHANGED Viewed

	@@ -2,6 +2,11 @@
2
3	// autoload.php @generated by Composer
4





5	require_once __DIR__ . '/composer/autoload_real.php';
6
7	- return ~~ComposerAutoloaderInitb84937dca53879c3884a3634f19a0f23~~::getLoader();


2
3	// autoload.php @generated by Composer
4
5	+ if (PHP_VERSION_ID < 50600) {
6	+ echo 'Composer 2.3.0 dropped support for autoloading on PHP <5.6 and you are running '.PHP_VERSION.', please upgrade PHP or use Composer 2.2 LTS via "composer self-update --2.2". Aborting.'.PHP_EOL;
7	+ exit(1);
8	+ }
9	+
10	require_once __DIR__ . '/composer/autoload_real.php';
11
12	+ return ComposerAutoloaderInitaab37f24cfa6fb727890885ea1b25d41::getLoader();

vendor/composer/InstalledVersions.php CHANGED Viewed

	@@ -21,6 +21,8 @@ use Composer\Semver\VersionParser;
21	* See also https://getcomposer.org/doc/07-runtime.md#installed-versions
22	*
23	* To require its presence, you can require `composer-runtime-api ^2.0`


24	*/
25	class InstalledVersions
26	{


21	* See also https://getcomposer.org/doc/07-runtime.md#installed-versions
22	*
23	* To require its presence, you can require `composer-runtime-api ^2.0`
24	+ *
25	+ * @final
26	*/
27	class InstalledVersions
28	{

vendor/composer/autoload_classmap.php CHANGED Viewed

	@@ -2,7 +2,7 @@
2
3	// autoload_classmap.php @generated by Composer
4
5	- $vendorDir = dirname(~~dirname(__FILE__~~));
6	$baseDir = dirname($vendorDir);
7
8	return array(


2
3	// autoload_classmap.php @generated by Composer
4
5	+ $vendorDir = dirname(__DIR__);
6	$baseDir = dirname($vendorDir);
7
8	return array(

vendor/composer/autoload_namespaces.php CHANGED Viewed

	@@ -2,7 +2,7 @@
2
3	// autoload_namespaces.php @generated by Composer
4
5	- $vendorDir = dirname(~~dirname(__FILE__~~));
6	$baseDir = dirname($vendorDir);
7
8	return array(


2
3	// autoload_namespaces.php @generated by Composer
4
5	+ $vendorDir = dirname(__DIR__);
6	$baseDir = dirname($vendorDir);
7
8	return array(

vendor/composer/autoload_psr4.php CHANGED Viewed

	@@ -2,7 +2,7 @@
2
3	// autoload_psr4.php @generated by Composer
4
5	- $vendorDir = dirname(~~dirname(__FILE__~~));
6	$baseDir = dirname($vendorDir);
7
8	return array(


2
3	// autoload_psr4.php @generated by Composer
4
5	+ $vendorDir = dirname(__DIR__);
6	$baseDir = dirname($vendorDir);
7
8	return array(

vendor/composer/autoload_real.php CHANGED Viewed

@@ -2,7 +2,7 @@
             // autoload_real.php @generated by Composer
-            -
            class ComposerAutoloaderInitb84937dca53879c3884a3634f19a0f23
+            {
                 private static $loader;
@@ -24,31 +24,12 @@ class ComposerAutoloaderInitb84937dca53879c3884a3634f19a0f23
                     require __DIR__ . '/platform_check.php';
-            -
                    spl_autoload_register(array('ComposerAutoloaderInitb84937dca53879c3884a3634f19a0f23', 'loadClassLoader'), true, true);
-            -
                    self::$loader = $loader = new \Composer\Autoload\ClassLoader(\dirname(\dirname(__FILE__)));
-            -
                    spl_autoload_unregister(array('ComposerAutoloaderInitb84937dca53879c3884a3634f19a0f23', 'loadClassLoader'));
-            -
-            -
                    $useStaticLoader = PHP_VERSION_ID >= 50600 && !defined('HHVM_VERSION') && (!function_exists('zend_loader_file_encoded') || !zend_loader_file_encoded());
-            -
                    if ($useStaticLoader) {
-            -
                        require __DIR__ . '/autoload_static.php';
-            -
-            -
                        call_user_func(\Composer\Autoload\ComposerStaticInitb84937dca53879c3884a3634f19a0f23::getInitializer($loader));
-            -
                    } else {
-            -
                        $map = require __DIR__ . '/autoload_namespaces.php';
-            -
                        foreach ($map as $namespace => $path) {
-            -
                            $loader->set($namespace, $path);
-            -
                        }
-            -
-            -
                        $map = require __DIR__ . '/autoload_psr4.php';
-            -
                        foreach ($map as $namespace => $path) {
-            -
                            $loader->setPsr4($namespace, $path);
-            -
                        }
-            -
-            -
                        $classMap = require __DIR__ . '/autoload_classmap.php';
-            -
                        if ($classMap) {
-            -
                            $loader->addClassMap($classMap);
-            -
                        }
-            -
                    }
                     $loader->register(true);


2
3	// autoload_real.php @generated by Composer
4
5	+ class ComposerAutoloaderInitaab37f24cfa6fb727890885ea1b25d41
6	{
7	private static $loader;
8

24
25	require __DIR__ . '/platform_check.php';
26
27	+ spl_autoload_register(array('ComposerAutoloaderInitaab37f24cfa6fb727890885ea1b25d41', 'loadClassLoader'), true, true);
28	+ self::$loader = $loader = new \Composer\Autoload\ClassLoader(\dirname(__DIR__));
29	+ spl_autoload_unregister(array('ComposerAutoloaderInitaab37f24cfa6fb727890885ea1b25d41', 'loadClassLoader'));
30	+
31	+ require __DIR__ . '/autoload_static.php';
32	+ call_user_func(\Composer\Autoload\ComposerStaticInitaab37f24cfa6fb727890885ea1b25d41::getInitializer($loader));



















33
34	$loader->register(true);
35

vendor/composer/autoload_static.php CHANGED Viewed

	@@ -4,7 +4,7 @@
4
5	namespace Composer\Autoload;
6
7	- class ~~ComposerStaticInitb84937dca53879c3884a3634f19a0f23~~
8	{
9	public static $prefixLengthsPsr4 = array (
10	'e' =>
	@@ -27,9 +27,9 @@ class ComposerStaticInitb84937dca53879c3884a3634f19a0f23
27	public static function getInitializer(ClassLoader $loader)
28	{
29	return \Closure::bind(function () use ($loader) {
30	- $loader->prefixLengthsPsr4 = ~~ComposerStaticInitb84937dca53879c3884a3634f19a0f23~~::$prefixLengthsPsr4;
31	- $loader->prefixDirsPsr4 = ~~ComposerStaticInitb84937dca53879c3884a3634f19a0f23~~::$prefixDirsPsr4;
32	- $loader->classMap = ~~ComposerStaticInitb84937dca53879c3884a3634f19a0f23~~::$classMap;
33
34	}, null, ClassLoader::class);
35	}


4
5	namespace Composer\Autoload;
6
7	+ class ComposerStaticInitaab37f24cfa6fb727890885ea1b25d41
8	{
9	public static $prefixLengthsPsr4 = array (
10	'e' =>

27	public static function getInitializer(ClassLoader $loader)
28	{
29	return \Closure::bind(function () use ($loader) {
30	+ $loader->prefixLengthsPsr4 = ComposerStaticInitaab37f24cfa6fb727890885ea1b25d41::$prefixLengthsPsr4;
31	+ $loader->prefixDirsPsr4 = ComposerStaticInitaab37f24cfa6fb727890885ea1b25d41::$prefixDirsPsr4;
32	+ $loader->classMap = ComposerStaticInitaab37f24cfa6fb727890885ea1b25d41::$classMap;
33
34	}, null, ClassLoader::class);
35	}

vendor/composer/installed.php CHANGED Viewed

	@@ -1,22 +1,22 @@
1	<?php return array(
2	'root' => array(
3	- 'pretty_version' => '2.0.0',
4	- 'version' => '2.0.0.0',
5	'type' => 'wordpress-plugin',
6	'install_path' => __DIR__ . '/../../',
7	'aliases' => array(),
8	- 'reference' => '~~03e7bf5f8b26dbbdd3b80df6ce8b1400b2e46699~~',
9	'name' => 'darylldoyle/safe-svg',
10	'dev' => true,
11	),
12	'versions' => array(
13	'darylldoyle/safe-svg' => array(
14	- 'pretty_version' => '2.0.0',
15	- 'version' => '2.0.0.0',
16	'type' => 'wordpress-plugin',
17	'install_path' => __DIR__ . '/../../',
18	'aliases' => array(),
19	- 'reference' => '~~03e7bf5f8b26dbbdd3b80df6ce8b1400b2e46699~~',
20	'dev_requirement' => false,
21	),
22	'enshrined/svg-sanitize' => array(


1	<?php return array(
2	'root' => array(
3	+ 'pretty_version' => '2.0.1',
4	+ 'version' => '2.0.1.0',
5	'type' => 'wordpress-plugin',
6	'install_path' => __DIR__ . '/../../',
7	'aliases' => array(),
8	+ 'reference' => 'd82abb46925ce2656d93ba595c58705183af3cbe',
9	'name' => 'darylldoyle/safe-svg',
10	'dev' => true,
11	),
12	'versions' => array(
13	'darylldoyle/safe-svg' => array(
14	+ 'pretty_version' => '2.0.1',
15	+ 'version' => '2.0.1.0',
16	'type' => 'wordpress-plugin',
17	'install_path' => __DIR__ . '/../../',
18	'aliases' => array(),
19	+ 'reference' => 'd82abb46925ce2656d93ba595c58705183af3cbe',
20	'dev_requirement' => false,
21	),
22	'enshrined/svg-sanitize' => array(