WebP Express - Version 0.14.6

Version Description

(released: 20 jun 2019)

  • Various fixes
Download this release

Release Info

Developer rosell.dk
Plugin Icon 128x128 WebP Express
Version 0.14.6
Comparing to
See all releases

Code changes from version 0.14.5 to 0.14.6

Files changed (5) hide show
  1. README.txt +9 -1
  2. lib/classes/ConvertHelperIndependent.php +1 -1
  3. lib/options/submit.php +22 -10
  4. vendor/rosell-dk/webp-convert/tests/images/{with%20space.jpg → with space.jpg} +0 -0
  5. webp-express.php +1 -1
README.txt CHANGED
@@ -4,7 +4,7 @@ Donate link: https://ko-fi.com/rosell
4
  Tags: webp, images, performance
5
  Requires at least: 4.0
6
  Tested up to: 5.2
7
- Stable tag: 0.14.5
8
  Requires PHP: 5.6
9
  License: GPLv3
10
  License URI: https://www.gnu.org/licenses/gpl-3.0.html
@@ -605,6 +605,11 @@ Easy enough! - [Go here!](https://ko-fi.com/rosell). Or [here](https://buymeacof
605
 
606
  == Changelog ==
607
 
 
 
 
 
 
608
  = 0.14.5 =
609
  *(released: 20 jun 2019)*
610
 
@@ -824,6 +829,9 @@ For older releases, check out changelog.txt
824
 
825
  == Upgrade Notice ==
826
 
 
 
 
827
  = 0.14.5 =
828
  Various fixes
829
 
4
  Tags: webp, images, performance
5
  Requires at least: 4.0
6
  Tested up to: 5.2
7
+ Stable tag: 0.14.6
8
  Requires PHP: 5.6
9
  License: GPLv3
10
  License URI: https://www.gnu.org/licenses/gpl-3.0.html
605
 
606
  == Changelog ==
607
 
608
+ = 0.14.6 =
609
+ *(released: 20 jun 2019)*
610
+
611
+ * Various fixes
612
+
613
  = 0.14.5 =
614
  *(released: 20 jun 2019)*
615
 
829
 
830
  == Upgrade Notice ==
831
 
832
+ = 0.14.6 =
833
+ Various fixes
834
+
835
  = 0.14.5 =
836
  Various fixes
837
 
lib/classes/ConvertHelperIndependent.php CHANGED
@@ -272,7 +272,7 @@ APACHE
272
 
273
  $text = preg_replace('#' . preg_quote($_SERVER["DOCUMENT_ROOT"]) . '#', '[doc-root]', $text);
274
 
275
- $text = 'WebP Express 0.14.5. ' . $msgTop . ', ' . date("Y-m-d H:i:s") . "\n\r\n\r" . $text;
276
 
277
  $logFile = self::getLogFilename($source, $logDir);
278
 
272
 
273
  $text = preg_replace('#' . preg_quote($_SERVER["DOCUMENT_ROOT"]) . '#', '[doc-root]', $text);
274
 
275
+ $text = 'WebP Express 0.14.6. ' . $msgTop . ', ' . date("Y-m-d H:i:s") . "\n\r\n\r" . $text;
276
 
277
  $logFile = self::getLogFilename($source, $logDir);
278
 
lib/options/submit.php CHANGED
@@ -33,7 +33,7 @@ $oldConfig = $config;
33
 
34
  // Set options that are available in all operation modes
35
  $config = array_merge($config, [
36
- 'operation-mode' => $_POST['operation-mode'],
37
 
38
  // redirection rules
39
  'image-types' => sanitize_text_field($_POST['image-types']),
@@ -82,8 +82,8 @@ if ($_POST['operation-mode'] != 'no-conversion') {
82
  $config['alter-html']['only-for-webps-that-exists'] = true;
83
  }
84
 
85
- $config['alter-html']['replacement'] = $_POST['alter-html-replacement'];
86
- $config['alter-html']['hooks'] = $_POST['alter-html-hooks'];
87
 
88
 
89
  // Set options that are available in all operation modes, except the "no-conversion" mode
@@ -167,8 +167,20 @@ if ($_POST['operation-mode'] != 'no-conversion') {
167
 
168
  // Converters
169
  // -------------
 
 
 
 
 
 
 
 
 
 
 
 
170
 
171
- $config['converters'] = json_decode(wp_unslash($_POST['converters']), true); // holy moly! - https://stackoverflow.com/questions/2496455/why-are-post-variables-getting-escaped-in-php
172
 
173
  // remove converter ids
174
  foreach ($config['converters'] as &$converter) {
@@ -211,15 +223,15 @@ switch ($_POST['operation-mode']) {
211
  break;
212
  case 'cdn-friendly':
213
  $config = array_merge($config, [
214
- 'destination-folder' => $_POST['destination-folder'],
215
- 'destination-extension' => (($_POST['destination-folder'] == 'mingled') ? $_POST['destination-extension'] : 'append'),
216
  'enable-redirection-to-converter' => isset($_POST['enable-redirection-to-converter']), // PS: its called "autoconvert" in this mode
217
  ]);
218
  break;
219
  case 'no-conversion':
220
  $config = array_merge($config, [
221
  'redirect-to-existing-in-htaccess' => isset($_POST['redirect-to-existing-in-htaccess']),
222
- 'destination-extension' => $_POST['destination-extension'],
223
  ]);
224
  break;
225
  case 'tweaked':
@@ -229,8 +241,8 @@ switch ($_POST['operation-mode']) {
229
  'only-redirect-to-converter-on-cache-miss' => isset($_POST['only-redirect-to-converter-on-cache-miss']),
230
  'do-not-pass-source-in-query-string' => isset($_POST['do-not-pass-source-in-query-string']),
231
  'redirect-to-existing-in-htaccess' => isset($_POST['redirect-to-existing-in-htaccess']),
232
- 'destination-folder' => $_POST['destination-folder'],
233
- 'destination-extension' => (($_POST['destination-folder'] == 'mingled') ? $_POST['destination-extension'] : 'append'),
234
  'fail' => sanitize_text_field($_POST['fail']),
235
  'success-response' => sanitize_text_field($_POST['success-response']),
236
  ]);
@@ -241,7 +253,7 @@ switch ($_POST['operation-mode']) {
241
  if ($_POST['operation-mode'] != $_POST['change-operation-mode']) {
242
 
243
  // Operation mode changed!
244
- $config['operation-mode'] = $_POST['change-operation-mode'];
245
  $config = Config::applyOperationMode($config);
246
 
247
  if ($config['operation-mode'] == 'varied-image-responses') {
33
 
34
  // Set options that are available in all operation modes
35
  $config = array_merge($config, [
36
+ 'operation-mode' => sanitize_text_field($_POST['operation-mode']),
37
 
38
  // redirection rules
39
  'image-types' => sanitize_text_field($_POST['image-types']),
82
  $config['alter-html']['only-for-webps-that-exists'] = true;
83
  }
84
 
85
+ $config['alter-html']['replacement'] = sanitize_text_field($_POST['alter-html-replacement']);
86
+ $config['alter-html']['hooks'] = sanitize_text_field($_POST['alter-html-hooks']);
87
 
88
 
89
  // Set options that are available in all operation modes, except the "no-conversion" mode
167
 
168
  // Converters
169
  // -------------
170
+ $convertersPosted = json_decode(wp_unslash($_POST['converters']), true); // holy moly! - https://stackoverflow.com/questions/2496455/why-are-post-variables-getting-escaped-in-php
171
+
172
+ // Sanitize converters
173
+ foreach ($convertersPosted as &$converter) {
174
+ if (!isset($converter['options'])) continue;
175
+ foreach ($converter['options'] as $optionName => $optionValue) {
176
+ if (gettype($optionValue) == 'string') {
177
+ $converter['options'][$optionName] = sanitize_text_field($optionValue);
178
+ }
179
+ }
180
+ }
181
+
182
 
183
+ $config['converters'] = $convertersPosted;
184
 
185
  // remove converter ids
186
  foreach ($config['converters'] as &$converter) {
223
  break;
224
  case 'cdn-friendly':
225
  $config = array_merge($config, [
226
+ 'destination-folder' => sanitize_text_field($_POST['destination-folder']),
227
+ 'destination-extension' => (($_POST['destination-folder'] == 'mingled') ? sanitize_text_field($_POST['destination-extension']) : 'append'),
228
  'enable-redirection-to-converter' => isset($_POST['enable-redirection-to-converter']), // PS: its called "autoconvert" in this mode
229
  ]);
230
  break;
231
  case 'no-conversion':
232
  $config = array_merge($config, [
233
  'redirect-to-existing-in-htaccess' => isset($_POST['redirect-to-existing-in-htaccess']),
234
+ 'destination-extension' => sanitize_text_field($_POST['destination-extension']),
235
  ]);
236
  break;
237
  case 'tweaked':
241
  'only-redirect-to-converter-on-cache-miss' => isset($_POST['only-redirect-to-converter-on-cache-miss']),
242
  'do-not-pass-source-in-query-string' => isset($_POST['do-not-pass-source-in-query-string']),
243
  'redirect-to-existing-in-htaccess' => isset($_POST['redirect-to-existing-in-htaccess']),
244
+ 'destination-folder' => sanitize_text_field($_POST['destination-folder']),
245
+ 'destination-extension' => (($_POST['destination-folder'] == 'mingled') ? sanitize_text_field($_POST['destination-extension']) : 'append'),
246
  'fail' => sanitize_text_field($_POST['fail']),
247
  'success-response' => sanitize_text_field($_POST['success-response']),
248
  ]);
253
  if ($_POST['operation-mode'] != $_POST['change-operation-mode']) {
254
 
255
  // Operation mode changed!
256
+ $config['operation-mode'] = sanitize_text_field($_POST['change-operation-mode']);
257
  $config = Config::applyOperationMode($config);
258
 
259
  if ($config['operation-mode'] == 'varied-image-responses') {
vendor/rosell-dk/webp-convert/tests/images/{with%20space.jpg → with space.jpg} RENAMED
File without changes
webp-express.php CHANGED
@@ -3,7 +3,7 @@
3
  * Plugin Name: WebP Express
4
  * Plugin URI: https://github.com/rosell-dk/webp-express
5
  * Description: Serve autogenerated WebP images instead of jpeg/png to browsers that supports WebP. Works on anything (media library images, galleries, theme images etc).
6
- * Version: 0.14.5
7
  * Author: Bjørn Rosell
8
  * Author URI: https://www.bitwise-it.dk
9
  * License: GPL2
3
  * Plugin Name: WebP Express
4
  * Plugin URI: https://github.com/rosell-dk/webp-express
5
  * Description: Serve autogenerated WebP images instead of jpeg/png to browsers that supports WebP. Works on anything (media library images, galleries, theme images etc).
6
+ * Version: 0.14.6
7
  * Author: Bjørn Rosell
8
  * Author URI: https://www.bitwise-it.dk
9
  * License: GPL2