WordPress.org
Get WordPress

Plugin Directory

Changeset 3165218


Ignore:
Timestamp:
10/08/2024 07:35:34 PM (18 months ago)
Author:
Petrichorpost
Message:

Fixed critical error.

Location:
svgplus
Files:
3 edited

Legend:

Unmodified
Added
Removed

  • svgplus/tags/1.0.9/svgplus.php

    r3165214 r3165218  
    120120
    121121// Sanitize SVG files upon upload
    122 function svgplus_sanitize_uploaded_svg($data, $file, $filename, $mimes) {
    123     if ($data['type'] === 'image/svg+xml') {
    124         $svg_content = file_get_contents($file['tmp_name']);
     122function svgplus_sanitize_uploaded_svg($upload) {
     123    $filetype = wp_check_filetype($upload['file']);
     124
     125    if ($filetype['ext'] === 'svg' && $filetype['type'] === 'image/svg+xml') {
     126        $svg_content = file_get_contents($upload['file']);
    125127        $sanitized_svg = SVGPlus_Sanitizer::sanitize_svg($svg_content);
    126128
    127129        if ($sanitized_svg === false) {
    128             $data['error'] = 'Unable to sanitize SVG file.';
     130            $upload['error'] = __('Unable to sanitize SVG file.', 'svgplus');
     131            return $upload;
    129132        } else {
    130             file_put_contents($file['tmp_name'], $sanitized_svg);
     133            // Overwrite the uploaded file with the sanitized content
     134            file_put_contents($upload['file'], $sanitized_svg);
    131135        }
    132136    }
    133137
    134     return $data;
     138    return $upload;
    135139}
    136 add_filter('wp_check_filetype_and_ext', 'svgplus_sanitize_uploaded_svg', 10, 4);
     140add_filter('wp_handle_upload', 'svgplus_sanitize_uploaded_svg');
    137141
    138142// Enqueue custom CSS

  • svgplus/trunk/readme.txt

    r3165213 r3165218  
    44Requires at least: 5.0
    55Tested up to: 6.6
    6 Stable tag: 1.0.9
     6Stable tag: 1.0.10
    77License: GPLv2 or later
    88License URI: http://www.gnu.org/licenses/gpl-2.0.html
     
    116116== Upgrade Notice ==
    117117
    118 = 1.0.9 =
     118= 1.0.10 =
    119119
    120120Please update to this version to benefit from improved SVG sanitization and functionality enhancements.

  • svgplus/trunk/svgplus.php

    r3165213 r3165218  
    33 * Plugin Name: SVGPlus
    44 * Description: Upload, sanitize, and display SVG files securely in WordPress.
    5  * Version: 1.0.9
     5 * Version: 1.0.10
    66 * Author: Rizonepress
    77 * License: GPL2
     
    7171    $roles = get_editable_roles();
    7272
     73    // Ensure 'allowed_roles' is an array
     74    if (!isset($settings['allowed_roles']) || !is_array($settings['allowed_roles'])) {
     75        $settings['allowed_roles'] = ['administrator', 'editor', 'author'];
     76    }
     77
    7378    ?>
    7479    <div class="wrap">
     
    107112function svgplus_upload_mimes($mimes) {
    108113    $settings = get_option('svgplus_settings', svgplus_default_settings());
    109     $allowed_roles = isset($settings['allowed_roles']) ? $settings['allowed_roles'] : ['administrator', 'editor', 'author'];
     114    $allowed_roles = isset($settings['allowed_roles']) && is_array($settings['allowed_roles']) ? $settings['allowed_roles'] : ['administrator', 'editor', 'author'];
    110115    $user = wp_get_current_user();
    111116
     
    120125
    121126// Sanitize SVG files upon upload
    122 function svgplus_sanitize_uploaded_svg($data, $file, $filename, $mimes) {
    123     if ($data['type'] === 'image/svg+xml') {
    124         $svg_content = file_get_contents($file['tmp_name']);
     127function svgplus_sanitize_uploaded_svg($upload) {
     128    $filetype = wp_check_filetype($upload['file']);
     129
     130    if ($filetype['ext'] === 'svg' && $filetype['type'] === 'image/svg+xml') {
     131        $svg_content = file_get_contents($upload['file']);
    125132        $sanitized_svg = SVGPlus_Sanitizer::sanitize_svg($svg_content);
    126133
    127134        if ($sanitized_svg === false) {
    128             $data['error'] = 'Unable to sanitize SVG file.';
     135            $upload['error'] = __('Unable to sanitize SVG file.', 'svgplus');
     136            return $upload;
    129137        } else {
    130             file_put_contents($file['tmp_name'], $sanitized_svg);
     138            // Overwrite the uploaded file with the sanitized content
     139            file_put_contents($upload['file'], $sanitized_svg);
    131140        }
    132141    }
    133142
    134     return $data;
     143    return $upload;
    135144}
    136 add_filter('wp_check_filetype_and_ext', 'svgplus_sanitize_uploaded_svg', 10, 4);
     145add_filter('wp_handle_upload', 'svgplus_sanitize_uploaded_svg');
    137146
    138147// Enqueue custom CSS
     
    147156}
    148157add_action('wp_enqueue_scripts', 'svgplus_enqueue_custom_css');
    149 
    150158?>
Note: See TracChangeset for help on using the changeset viewer.