WebP Express - Version 0.14.17

Version Description

(released: 28 jun 2019)

Relaxed abspath sanity check on Windows
Fixed updating password for Remote WebP Express

Release Info

Developer	rosell.dk
Plugin	WebP Express
Version	0.14.17
Comparing to
See all releases

Code changes from version 0.14.16 to 0.14.17

Files changed (6) hide show

README.txt +15 -2
lib/classes/ConvertHelperIndependent.php +1 -1
lib/classes/SanityCheck.php +33 -2
lib/options/js/0.14.9/converters.js +2 -1
lib/options/submit.php +1 -1
webp-express.php +1 -1

README.txt CHANGED Viewed

	@@ -4,7 +4,7 @@ Donate link: https://ko-fi.com/rosell
4	Tags: webp, images, performance
5	Requires at least: 4.0
6	Tested up to: 5.2
7	- Stable tag: 0.14.16
8	Requires PHP: 5.6
9	License: GPLv3
10	License URI: https://www.gnu.org/licenses/gpl-3.0.html
	@@ -15,9 +15,13 @@ Serve autogenerated WebP images instead of jpeg/png to browsers that supports We
15
16	Almost 4 out of 5 mobile users use a browser that is able to display webp images. Yet, on most websites, they are served jpeg images, which are typically double the size of webp images for a given quality. What a waste of bandwidth! This plugin was created to help remedy that situation. With little effort, Wordpress admins can have their site serving autogenerated webp images to browsers that supports it, while still serving jpeg and png files to browsers that does not support webp.
17
18	- ~~Security~~ ~~notice~~
19	Security issues has recently been found and fixed. I urge you to upgrade to the latest release (at least 0.14.11, but go with 0.14.15, as there are important bug fixes)
20




21	### The image converter
22	The plugin uses the [WebP Convert](https://github.com/rosell-dk/webp-convert) library to convert images to webp. WebP Convert is able to convert images using multiple methods. There are the "local" conversion methods: `cwebp`, `gd`, `imagick`. If none of these works on your host, there are the cloud alternatives: `ewww` (paid) or connecting to a Wordpress site where you got WebP Express installed and you enabled the "web service" functionality.
23
	@@ -608,6 +612,12 @@ Easy enough! - [Go here!](https://ko-fi.com/rosell). Or [here](https://buymeacof
608
609	== Changelog ==
610






611	= 0.14.16 =
612	(released: 26 jun 2019)
613
	@@ -891,6 +901,9 @@ For older releases, check out changelog.txt
891
892	== Upgrade Notice ==
893



894	= 0.14.16 =
895	* Fixed more errors on systems with symlinked folders
896


4	Tags: webp, images, performance
5	Requires at least: 4.0
6	Tested up to: 5.2
7	+ Stable tag: 0.14.17
8	Requires PHP: 5.6
9	License: GPLv3
10	License URI: https://www.gnu.org/licenses/gpl-3.0.html

15
16	Almost 4 out of 5 mobile users use a browser that is able to display webp images. Yet, on most websites, they are served jpeg images, which are typically double the size of webp images for a given quality. What a waste of bandwidth! This plugin was created to help remedy that situation. With little effort, Wordpress admins can have their site serving autogenerated webp images to browsers that supports it, while still serving jpeg and png files to browsers that does not support webp.
17
18	+ !! SECURITY NOTICE !!
19	Security issues has recently been found and fixed. I urge you to upgrade to the latest release (at least 0.14.11, but go with 0.14.15, as there are important bug fixes)
20
21	+ Vacation notice
22	+ The maintainer is on vacation most between June the 30th and end July. Please help each other out. In case something cannot wait, remember that this library is open source. You can find it on github, fork it and fix it (or have someone do it for you).
23	+
24	+
25	### The image converter
26	The plugin uses the [WebP Convert](https://github.com/rosell-dk/webp-convert) library to convert images to webp. WebP Convert is able to convert images using multiple methods. There are the "local" conversion methods: `cwebp`, `gd`, `imagick`. If none of these works on your host, there are the cloud alternatives: `ewww` (paid) or connecting to a Wordpress site where you got WebP Express installed and you enabled the "web service" functionality.
27

612
613	== Changelog ==
614
615	+ = 0.14.17 =
616	+ (released: 28 jun 2019)
617	+
618	+ * Relaxed abspath sanity check on Windows
619	+ * Fixed updating password for Remote WebP Express
620	+
621	= 0.14.16 =
622	(released: 26 jun 2019)
623

901
902	== Upgrade Notice ==
903
904	+ = 0.14.17 =
905	+ * Relaxed abspath sanity check on Windows and fixed updating password for Remote WebP Express
906	+
907	= 0.14.16 =
908	* Fixed more errors on systems with symlinked folders
909

lib/classes/ConvertHelperIndependent.php CHANGED Viewed

	@@ -329,7 +329,7 @@ APACHE
329
330	$text = preg_replace('#' . preg_quote($_SERVER["DOCUMENT_ROOT"]) . '#', '[doc-root]', $text);
331
332	- $text = 'WebP Express 0.14.16. ' . $msgTop . ', ' . date("Y-m-d H:i:s") . "\n\r\n\r" . $text;
333
334	$logFile = self::getLogFilename($source, $logDir);
335


329
330	$text = preg_replace('#' . preg_quote($_SERVER["DOCUMENT_ROOT"]) . '#', '[doc-root]', $text);
331
332	+ $text = 'WebP Express 0.14.17. ' . $msgTop . ', ' . date("Y-m-d H:i:s") . "\n\r\n\r" . $text;
333
334	$logFile = self::getLogFilename($source, $logDir);
335

lib/classes/SanityCheck.php CHANGED Viewed

@@ -115,14 +115,45 @@ class SanityCheck
                     return $input;
+                }
                 public static function absPath($input, $errorMsg = 'Not an absolute path')
+                {
                     if ((strpos($input, '/') !== 0)) {
-            -
                        throw new SanityException($errorMsg . $input);
+                    }
                     return self::path($input);
+                }
-            -
                 private static function findClosestExistingFolderSymLinksExpanded($input) {
                     // Get closest existing folder with symlinks expanded.
                     // this is a bit complicated, as the input path may not yet exist.


115	return $input;
116	}
117
118	+ public static function absPathMicrosoftStyle($input, $errorMsg = 'Not an fully qualified Windows path')
119	+ {
120	+ // On microsoft we allow [drive letter]:\
121	+ if (!preg_match("#^[A-Z]:\\\\\|/#", $input)) {
122	+ throw new SanityException($errorMsg . ':' . $input);
123	+ }
124	+ return $input;
125	+ }
126	+
127	public static function absPath($input, $errorMsg = 'Not an absolute path')
128	{
129	if ((strpos($input, '/') !== 0)) {
130	+ // On microsoft, allow
131	+
132	+ $onMicrosoft = false;
133	+ if (isset($_SERVER['SERVER_SOFTWARE'])) {
134	+ if (strpos(strtolower($_SERVER['SERVER_SOFTWARE']), 'microsoft') !== false) {
135	+ $onMicrosoft = true;
136	+ }
137	+ }
138	+ switch (PHP_OS) {
139	+ case "WINNT":
140	+ case "WIN32":
141	+ case "INTERIX":
142	+ case "UWIN":
143	+ case "UWIN-W7":
144	+ $onMicrosoft = true;
145	+ break;
146	+ }
147	+
148	+ if (!$onMicrosoft) {
149	+ throw new SanityException($errorMsg . ':' . $input);
150	+ }
151	+ self::absPathMicrosoftStyle($input);
152	+
153	}
154	return self::path($input);
155	}
156	+
157	private static function findClosestExistingFolderSymLinksExpanded($input) {
158	// Get closest existing folder with symlinks expanded.
159	// this is a bit complicated, as the input path may not yet exist.

lib/options/js/0.14.9/converters.js CHANGED Viewed

	@@ -229,12 +229,13 @@ function configureConverter(id) {
229	There is no need to differentiate. between never set and empty
230	If set to something, we show a link "Change"
231
232	- in ~~page.php~~, we remove the api key from javascript array.
233	if api key is non-empty, a "_api-key-non-empty" field is set.
234	*/
235
236	document.getElementById('wpc_new_api_key').value = '';
237

238	if (getConverterOption(converter, '_api-key-non-empty', false)) {
239	// api key is set to something...
240	document.getElementById('wpc_change_api_key').style.display = 'inline';


229	There is no need to differentiate. between never set and empty
230	If set to something, we show a link "Change"
231
232	+ In Config::getConfigForOptionsPage, we remove the api key from javascript array.
233	if api key is non-empty, a "_api-key-non-empty" field is set.
234	*/
235
236	document.getElementById('wpc_new_api_key').value = '';
237
238	+
239	if (getConverterOption(converter, '_api-key-non-empty', false)) {
240	// api key is set to something...
241	document.getElementById('wpc_change_api_key').style.display = 'inline';

lib/options/submit.php CHANGED Viewed

	@@ -218,7 +218,7 @@ function webpexpress_getSanitizedConverters() {
218	"api-url" => 'string',
219	"api-version" => 'integer',
220	"crypt-api-key-in-transfer" => 'boolean',
221	- "api-key" => 'string',
222	];
223
224	// check that it is an accepted option name


218	"api-url" => 'string',
219	"api-version" => 'integer',
220	"crypt-api-key-in-transfer" => 'boolean',
221	+ "new-api-key" => 'string',
222	];
223
224	// check that it is an accepted option name

webp-express.php CHANGED Viewed

	@@ -3,7 +3,7 @@
3	* Plugin Name: WebP Express
4	* Plugin URI: https://github.com/rosell-dk/webp-express
5	* Description: Serve autogenerated WebP images instead of jpeg/png to browsers that supports WebP. Works on anything (media library images, galleries, theme images etc).
6	- * Version: 0.14.16
7	* Author: Bjørn Rosell
8	* Author URI: https://www.bitwise-it.dk
9	* License: GPL2


3	* Plugin Name: WebP Express
4	* Plugin URI: https://github.com/rosell-dk/webp-express
5	* Description: Serve autogenerated WebP images instead of jpeg/png to browsers that supports WebP. Works on anything (media library images, galleries, theme images etc).
6	+ * Version: 0.14.17
7	* Author: Bjørn Rosell
8	* Author URI: https://www.bitwise-it.dk
9	* License: GPL2