WordPress.org
Get WordPress

Plugin Directory

Changeset 3005674


Ignore:
Timestamp:
12/05/2023 12:43:51 PM (2 years ago)
Author:
ashikcse
Message:

Fixed SVG Sanitize Issue.

Location:
cits-support-svg-webp-media-upload/trunk
Files:
452 added
2 edited

Legend:

Unmodified
Added
Removed

  • cits-support-svg-webp-media-upload/trunk/init.php

    r2967898 r3005674  
    77Description:  Enhance your WordPress media capabilities with "Active the Plugin and Enjoy." This plugin extends your media library to support not only SVG and WebP images but also TTF, OTF, EOT, and WOFF font files. Safety is our top priority; that's why we've included an SVG sanitization feature to keep your site secure while you enjoy broader media upload options. Take control of your media and start uploading without errors today!
    88Tags: svg support, safe svg, webp support, support webp, cits support svg, cits support webp, CITS Support svg, webp media upload, font file upload support, ttf upload, otf upload, eot upload, woff upload.
    9 Version: 3.0
    10 Requires at least:5.0
    11 Tested up to: 6.3.1
     9Version: 4.0
     10Requires at least: 5.0
     11Tested up to: 6.4.1
    1212Requires PHP version: 7.0
    1313License: GPL2
    1414*/
    15 class CITS_SUPPORT_SVG_WEBP_MEDIA{
    16     public function __construct(){
    17         add_filter('upload_mimes', array($this,'cits_upload_media_mimes'));
    18         add_filter('file_is_displayable_image', array($this,'cits_is_displayable_webp'), 10, 2);
    19         // svg response
    20         add_filter( 'wp_prepare_attachment_for_js', array($this,'cits_response_for_svg'), 10, 3 );
    21         add_filter( 'wp_check_filetype_and_ext', array($this,'cits_check_types'), 10, 4 );
    22         add_filter( 'wp_check_filetype_and_ext', array($this,'cits_allow_svg_upload'), 10, 4 );
    23         add_filter( 'wp_handle_upload_prefilter', array($this,'cits_sanitize_svg')); 
    24     }
    25    
    26     function cits_upload_media_mimes($cits_mimes) {
    27         $cits_mimes['webp'] = 'image/webp';
    28         $cits_mimes['svg'] = 'image/svg+xml';
    29         $cits_mimes['svgz'] = 'image/svg+xml';
    30         $cits_mimes['ttf'] = 'application/x-font-ttf';
    31         $cits_mimes['otf'] = 'application/x-font-otf';
    32         $cits_mimes['eot'] = 'application/x-font-eot';
    33         $cits_mimes['woff'] = 'application/x-font-woff';
    34         $cits_mimes['woff2'] = 'application/x-font-woff2';
    35         return $cits_mimes;
    36     }
    3715
    38     function cits_is_displayable_webp($result, $path) {
    39         if ($result === false) {
    40             $image_types = array( IMAGETYPE_WEBP );
    41             $info = @getimagesize( $path );
    42             if (empty($info)) {
    43                 $result = false;
    44             } elseif (!in_array($info[2], $image_types)) {
    45                 $result = false;
    46             } else {
    47                 $result = true;
    48             }
    49         }
     16require_once __DIR__ . '/vendor/autoload.php';
    5017
    51         return $result;
    52     }
    53     // Check Types
    54     function cits_check_types( $checked, $file, $filename, $mimes ) {
     18class CITS_SUPPORT_SVG_WEBP_MEDIA {
     19    public function __construct() {
     20        add_filter('upload_mimes', array($this, 'cits_upload_media_mimes'));
     21        add_filter('file_is_displayable_image', array($this, 'cits_is_displayable_webp'), 10, 2);
     22        add_filter('wp_prepare_attachment_for_js', array($this, 'cits_response_for_svg'), 10, 3);
     23        add_filter('wp_check_filetype_and_ext', array($this, 'cits_check_types'), 10, 4);
     24        add_filter('wp_handle_upload_prefilter', array($this, 'cits_sanitize_svg')); 
     25    }
     26   
     27    function cits_upload_media_mimes($cits_mimes) {
     28        $cits_mimes['webp'] = 'image/webp';
     29        $cits_mimes['svg'] = 'image/svg+xml';
     30        $cits_mimes['svgz'] = 'image/svg+xml';
     31        $cits_mimes['ttf'] = 'application/x-font-ttf';
     32        $cits_mimes['otf'] = 'application/x-font-otf';
     33        $cits_mimes['eot'] = 'application/x-font-eot';
     34        $cits_mimes['woff'] = 'application/x-font-woff';
     35        $cits_mimes['woff2'] = 'application/x-font-woff2';
     36        return $cits_mimes;
     37    }
    5538
    56         if ( ! $checked['type'] ) {
    57             $check_filetype     = wp_check_filetype( $filename, $mimes );
    58             $ext                = $check_filetype['ext'];
    59             $type               = $check_filetype['type'];
    60             $proper_filename    = $filename;
    61             if ( $type && 0 === strpos( $type, 'image/' ) && $ext !== 'svg' ) {
    62                 $ext = $type = false;
    63             }
    64             $checked = compact( 'ext','type','proper_filename' );
    65         }
    66         return $checked;
    67     }
    68     function cits_allow_svg_upload( $data, $file, $filename, $mimes ) {
    69         global $wpversion;
    70         if ( $wpversion !== '4.7.1' || $wpversion !== '4.7.2' ) {
    71             return $data;
    72         }
    73         $filetype = wp_check_filetype( $filename, $mimes );
    74         return [
    75             'ext'               => $filetype['ext'],
    76             'type'              => $filetype['type'],
    77             'proper_filename'   => $data['proper_filename']
    78         ];
    79     }
    80     // Response
    81     function cits_response_for_svg( $response, $attachment, $meta ) {
    82         if ( $response['mime'] == 'image/svg+xml' && empty( $response['sizes'] ) ) {
    83             $svg_path = get_attached_file( $attachment->ID );
    84             if ( ! file_exists( $svg_path ) ) {
    85                 $svg_path = $response['url'];
    86             }
    87             $dimensions = $this->cits_get_dimensions( $svg_path );
    88             $response['sizes'] = array(
    89                 'full' => array(
    90                     'url' => $response['url'],
    91                     'width' => $dimensions->width,
    92                     'height' => $dimensions->height,
    93                     'orientation' => $dimensions->width > $dimensions->height ? 'landscape' : 'portrait'
    94                 )
    95             );
    96         }
    97         return $response;
    98     }
    99     function cits_get_dimensions( $svg ) {
    100         $svg = simplexml_load_file( $svg );
    101         if ( $svg === FALSE ) {
    102             $width = '0';
    103             $height = '0';
    104         } else {
    105             $attributes = $svg->attributes();
    106             $width = (string) $attributes->width;
    107             $height = (string) $attributes->height;
     39    function cits_is_displayable_webp($result, $path) {
     40        if ($result === false) {
     41            $image_types = array(IMAGETYPE_WEBP);
     42            $info = @getimagesize($path);
     43            if (empty($info)) {
     44                $result = false;
     45            } elseif (!in_array($info[2], $image_types)) {
     46                $result = false;
     47            } else {
     48                $result = true;
     49            }
     50        }
     51        return $result;
     52    }
    10853
    109         }
    110         return (object) array( 'width' => $width, 'height' => $height );
    111     }
    112     function cits_sanitize_svg($file) {
    113         // Check if file is SVG
    114         if($file['type'] === 'image/svg+xml') {
    115             $file_content = file_get_contents($file['tmp_name']);
    116             $dom = new DOMDocument();
    117             $dom->loadXML($file_content, LIBXML_NONET);
     54    function cits_check_types($checked, $file, $filename, $mimes) {
     55        if (!$checked['type']) {
     56            $check_filetype = wp_check_filetype($filename, $mimes);
     57            $ext = $check_filetype['ext'];
     58            $type = $check_filetype['type'];
     59            $proper_filename = $filename;
     60            if ($type && 0 === strpos($type, 'image/') && $ext !== 'svg') {
     61                $ext = $type = false;
     62            }
     63            $checked = compact('ext', 'type', 'proper_filename');
     64        }
     65        return $checked;
     66    }
    11867
    119             // Remove script elements
    120             $scripts = $dom->getElementsByTagName('script');
    121             $length = $scripts->length;
    122             for ($i = 0; $i < $length; $i++) {
    123                 $scripts->item($i)->parentNode->removeChild($scripts->item($i));
    124             }
    125            
    126             // Save the cleaned-up SVG content back to the temporary file
    127             file_put_contents($file['tmp_name'], $dom->saveXML());
    128         }
    129         return $file;
    130     }
     68    function cits_response_for_svg($response, $attachment, $meta) {
     69        if ($response['mime'] == 'image/svg+xml' && empty($response['sizes'])) {
     70            $svg_path = get_attached_file($attachment->ID);
     71            if (!file_exists($svg_path)) {
     72                $svg_path = $response['url'];
     73            }
     74            $dimensions = $this->cits_get_dimensions($svg_path);
     75            $response['sizes'] = array(
     76                'full' => array(
     77                    'url' => $response['url'],
     78                    'width' => $dimensions->width,
     79                    'height' => $dimensions->height,
     80                    'orientation' => $dimensions->width > $dimensions->height ? 'landscape' : 'portrait'
     81                )
     82            );
     83        }
     84        return $response;
     85    }
    13186
     87    function cits_get_dimensions($svg) {
     88        $svg = simplexml_load_file($svg);
     89        if ($svg === FALSE) {
     90            $width = '0';
     91            $height = '0';
     92        } else {
     93            $attributes = $svg->attributes();
     94            $width = (string) $attributes->width;
     95            $height = (string) $attributes->height;
     96        }
     97        return (object) array('width' => $width, 'height' => $height);
     98    }
     99
     100    function cits_sanitize_svg($file) {
     101        if ($file['type'] === 'image/svg+xml') {
     102            $dirty = file_get_contents($file['tmp_name']);
     103
     104            // Create a new sanitizer instance
     105            $sanitizer = new \enshrined\svgSanitize\Sanitizer();
     106
     107            // Configure the sanitizer as needed
     108            $sanitizer->minify(true);
     109
     110            // Sanitize the SVG
     111            $clean = $sanitizer->sanitize($dirty);
     112
     113            if (false === $clean) {
     114                // Handle the error appropriately
     115                $file['error'] = 'Error sanitizing SVG file.';
     116                return $file;
     117            }
     118
     119            // Save the cleaned-up SVG content back to the temporary file
     120            file_put_contents($file['tmp_name'], $clean);
     121        }
     122        return $file;
     123    }
    132124}
     125
    133126new CITS_SUPPORT_SVG_WEBP_MEDIA();

  • cits-support-svg-webp-media-upload/trunk/readme.txt

    r2967898 r3005674  
    44Requires at least: 5.0
    55Stable tag: 1.0.0
    6 Tested up to: 6.3.1
     6Tested up to: 6.4.1
    77Requires PHP: 7.0
    8 Version: 3.0
     8Version: 4.0
    99License: GPLv2 or later
    1010License URI: https://www.gnu.org/licenses/gpl-2.0.html
Note: See TracChangeset for help on using the changeset viewer.