PluginProbe ʕ •ᴥ•ʔ
Safe SVG / 2.0.1
Safe SVG v2.0.1
trunk 1.0.0 1.1.0 1.1.1 1.2.0 1.3.0 1.3.1 1.3.2 1.3.3 1.3.4 1.4.0 1.4.1 1.4.2 1.4.3 1.4.4 1.4.5 1.5.0 1.5.1 1.5.2 1.5.3 1.6.0 1.6.1 1.7.1 1.8.0 1.8.1 1.9.0 1.9.1 1.9.10 1.9.2 1.9.3 1.9.4 1.9.5 1.9.6 1.9.7 1.9.8 1.9.9 2.0.0 2.0.1 2.0.2 2.0.3 2.1.0 2.1.1 2.2.0 2.2.1 2.2.2 2.2.3 2.2.4 2.2.5 2.2.6 2.3.0 2.3.1 2.3.2 2.3.3 2.4.0
safe-svg / readme.txt
safe-svg Last commit date
assets 7 years ago includes 7 years ago languages 10 years ago vendor 4 years ago readme.txt 4 years ago safe-svg.php 4 years ago
readme.txt
214 lines
1 === Safe SVG ===
2 Contributors: 10up, enshrined
3 Tags: svg, sanitize, upload, sanitise, security, svg upload, image, vector, file, graphic, media, mime
4 Requires at least: 4.7
5 Tested up to: 5.9
6 Stable tag: 2.0.1
7 Requires PHP: 7.0
8 License: GPLv2 or later
9 License URI: http://www.gnu.org/licenses/gpl-2.0.html
10
11 Enable SVG uploads and sanitize them to stop XML/SVG vulnerabilities in your WordPress website
12
13 == Description ==
14
15 Safe SVG is the best way to Allow SVG Uploads in WordPress!
16
17 It gives you the ability to allow SVG uploads whilst making sure that they're sanitized to stop SVG/XML vulnerabilities affecting your site. It also gives you the ability to preview your uploaded SVGs in the media library in all views.
18
19 #### Current Features
20 * **Sanitised SVGs** - Don't open up security holes in your WordPress site by allowing uploads of unsanitised files.
21 * **View SVGs in the Media Library** - Gone are the days of guessing which SVG is the correct one, we'll enable SVG previews in the WordPress media library.
22
23 #### Features on the Roadmap
24 * **SVGO Optimisation** - You'll have the option to run your SVGs through our SVGO server on upload to save you space.
25 * **Choose Who Can Upload** - Restrict SVG uploads to certain users on your WordPress site or allow anyone to upload.
26
27 Initially a proof of concept for [#24251](https://core.trac.wordpress.org/ticket/24251).
28
29 SVG Sanitization is done through the following library: [https://github.com/darylldoyle/svg-sanitizer](https://github.com/darylldoyle/svg-sanitizer).
30
31 == Installation ==
32
33 Install through the WordPress directory or download, unzip and upload the files to your `/wp-content/plugins/` directory
34
35 == Frequently Asked Questions ==
36
37 = Can we change the allowed attributes and tags? =
38
39 Yes, this can be done using the `svg_allowed_attributes` and `svg_allowed_tags` filters.
40 They take one argument that must be returned. See below for examples:
41
42 add_filter( 'svg_allowed_attributes', function ( $attributes ) {
43
44 // Do what you want here...
45
46 // This should return an array so add your attributes to
47 // to the $attributes array before returning it. E.G.
48
49 $attributes[] = 'target'; // This would allow the target="" attribute.
50
51 return $attributes;
52 } );
53
54
55 add_filter( 'svg_allowed_tags', function ( $tags ) {
56
57 // Do what you want here...
58
59 // This should return an array so add your tags to
60 // to the $tags array before returning it. E.G.
61
62 $tags[] = 'use'; // This would allow the <use> element.
63
64 return $tags;
65 } );
66
67 == Changelog ==
68
69 = 2.0.1 - 2022-04-19 =
70 * **Changed:** Documentation updates (props [@jeffpaul](https://github.com/jeffpaul), [@peterwilsoncc](https://github.com/peterwilsoncc)).
71 * **Fixed:** Ensure our height and width attributes are set before using them (props [@dkotter](https://github.com/dkotter), [@r8r](https://github.com/r8r), [@jerturowetz](https://github.com/jerturowetz), [@cadic](https://github.com/cadic)).
72 * **Fixed:** Support for installing via packagist.org (props [@roborourke](https://github.com/roborourke), [@peterwilsoncc](https://github.com/peterwilsoncc)).
73
74 = 2.0.0 - 2022-04-06 =
75 * **Added:** New filter, `safe_svg_use_width_height_attributes`, that can be used to change the order of attributes we use to determine the SVG dimensions (props [@dkotter](https://github.com/dkotter), [@peterwilsoncc](https://github.com/peterwilsoncc)).
76 * **Changed:** Documentation updates (props [@j-hoffmann](https://github.com/j-hoffmann), [@jeffpaul](https://github.com/jeffpaul), [@Zodiac1978](https://github.com/Zodiac1978)).
77 * **Fixed:** Use the `viewBox` attributes first for image dimensions. Ensure we don't use image dimensions that end with percent signs (props [@dkotter](https://github.com/dkotter), [@peterwilsoncc](https://github.com/peterwilsoncc)).
78 * **Fixed:** Make sure we use the full size SVG dimensions rather than the requested size, to avoid wrong sizes being used and duplicate height and width attributes (props [@dkotter](https://github.com/dkotter), [@cadic](https://github.com/cadic)).
79 * **Fixed:** Ensure the `tmp_name` and `name` properties exist before we use them (props [@dkotter](https://github.com/dkotter), [@aksld](https://github.com/aksld)).
80
81 = 1.9.10 - 2022-02-23 =
82 **Note that this release bumps the WordPress minimum version from 4.0 to 4.7 and the PHP minimum version from 5.6 to 7.0.**
83
84 * **Changed:** Bump WordPress minimum version from 4.0 to 4.7 (props [@cadic](https://github.com/cadic)).
85 * **Changed:** Bump PHP minimum version from 5.6 to 7.0 (props [@mehidi258](https://github.com/mehidi258), [@iamdharmesh](https://github.com/iamdharmesh), [@amdd-tim](https://github.com/amdd-tim), [@darylldoyle](https://github.com/darylldoyle), [@jeffpaul](https://github.com/jeffpaul)).
86 * **Changed:** Update `enshrined/svg-sanitize` from 0.13.3 to 0.15.2 (props [@mehidi258](https://github.com/mehidi258), [@iamdharmesh](https://github.com/iamdharmesh), [@amdd-tim](https://github.com/amdd-tim), [@darylldoyle](https://github.com/darylldoyle), [@jeffpaul](https://github.com/jeffpaul), [@cadic](https://github.com/cadic)).
87 * **Changed:** Bump WordPress version "tested up to" 5.9 (props [@BBerg10up](https://github.com/BBerg10up), [@jeffpaul](https://github.com/jeffpaul), [@cadic](https://github.com/cadic)).
88 * **Changed:** Updated library location and added a new build step (props [@darylldoyle](https://github.com/darylldoyle), [@dkotter](https://github.com/dkotter)).
89 * **Changed:** Updated plugin assets and added docs and repo management workflows via GitHub Actions (props [Brooke Campbell](https://www.linkedin.com/in/brookecampbelldesign/), [@jeffpaul](https://github.com/jeffpaul)).
90 * **Fixed:** Double slash being added in SVG file URL for newer uploads (props [@mehulkaklotar](https://github.com/mehulkaklotar), [@smerriman](https://github.com/smerriman)).
91 * **Fixed:** Float value casting for SVGs when fetching width and height (props [@mehulkaklotar](https://github.com/mehulkaklotar), [@smerriman](https://github.com/smerriman)).
92 * **Fixed:** Use calculated size for SVGs instead of using `false` (props [@dkotter](https://github.com/dkotter), [@darylldoyle](https://github.com/darylldoyle), [@fritteli](https://github.com/fritteli)).
93 * **Fixed:** Add better file type checking when looking for SVG files (props [@davidhamann](https://github.com/davidhamann), [@dkotter](https://github.com/dkotter), [@darylldoyle](https://github.com/darylldoyle)).
94
95 = 1.9.9 - 2020-05-07 =
96 * **Fixed:** Issue where 100% width is accidentally converted to 100px width (props [@joehoyle](https://github.com/joehoyle)).
97
98 = 1.9.8 - 2020-05-07 =
99 * **Changed:** Underlying library update.
100
101 = 1.9.7 - 2019-12-10 =
102 * **Changed:** Underlying library update.
103
104 = 1.9.6 - 2019-11-07 =
105 * **Security:** Underlying library update that fixes a security issue.
106
107 = 1.9.5 - 2019-11-04 =
108 * **Security:** Underlying library update that fixes some security issues.
109
110 = 1.9.4 - 2019-08-21 =
111 * **Fixed:** Bug causing lots of error log output to do with `safe_svg::fix_direct_image_output()`.
112
113 = 1.9.3 - 2019-02-19 =
114 * **Fixed:** Bug causing 0 height and width SVGs.
115
116 = 1.9.2 - 2019-02-14 =
117 * **Fixed:** Warning about an Illegal string offset.
118 * **Fixed:** Issue if something other than a WP_Post object is passed in via the `wp_get_attachment_image_attributes` filter.
119
120 = 1.9.1 - 2019-01-29 =
121 * **Fixed:** Warning that was being generated by a change made in 1.9.0.
122
123 = 1.9.0 - 2019-01-03 =
124 * **Changed:** If an image is the correct ratio, allow skipping of the crop popup when setting header/logo images with SVGs.
125
126 = 1.8.1 - 2018-11-22 =
127 * **Changed:** Don't let errors break upload if uploading an empty file
128 * **Fixed:** Featured image display in Gutenberg. Props [@dmhendricks](https://github.com/dmhendricks) :)
129
130 = 1.8.0 - 2018-11-04 =
131 * **Added:** Pull SVG dimensions from the width/height or viewbox attributes of the SVG.
132 * **Added:** role="img" attribute to SVGs.
133
134 = 1.7.1 - 2018-10-01 =
135 * **Changed:** Underlying lib and added new filters for filtering allowed tags and attributes.
136
137 = 1.7.0 - 2018-10-01 =
138 * **Added:** Allow devs to filter tags and attrs within WordPress.
139
140 = 1.6.1 - 2018-03-17 =
141 * **Changed:** Images will now use the size chosen when inserted into the page rather than default to 2000px everytime.
142
143 = 1.6.0 - 2017-12-20 =
144 * **Added:** Fairly big new feature - The library now allows `<use>` elements as long as they don't reference external files!
145 * **Fixed:** You can now also embed safe image types within the SVG and not have them stripped (PNG, GIF, JPG).
146
147 = 1.5.3 - 2017-11-16 =
148 * **Fixed:** 1.5.2 introduced an issue that can freeze the media library. This fixes that issue. Sorry!
149
150 = 1.5.2 - 2017-11-15 =
151 * **Changed:** Tested with 4.9.0.
152 * **Fixed:** Issue with SVGs when regenerating media.
153
154 = 1.5.1 - 2017-08-21 =
155 * **Fixed:** PHP strict standards warning.
156
157 = 1.5.0 - 2017-06-20 =
158 * **Changed:** Library update.
159 * **Changed:** role, aria- and data- attributes are now whitelisted to improve accessibility.
160
161 = 1.4.5 - 2017-06-18 =
162 * **Changed:** Library update.
163 * **Fixed:** some issues with defining the size of an SVG.
164
165 = 1.4.4 - 2017-06-07 =
166 * **Fixed:** SVGs now display as featured images in the admin area.
167
168 = 1.4.3 - 2017-03-06 =
169 * **Added:** WordPress 4.7.3 Compatibility.
170 * **Changed:** Expanded SVG previews in media library.
171
172 = 1.4.2 - 2017-02-26 =
173 * **Added:** Check / fix for when mb_* functions are not available.
174
175 = 1.4.1 - 2017-02-23 =
176 * **Changed:** Underlying library to allow attributes/tags in all case variations.
177
178 = 1.4.0 - 2017-02-21 =
179 * **Added:** Ability to preview SVG on both grid and list view in the wp-admin media area
180 * **Changed:** Underlying library version.
181
182 = 1.3.4 - 2017-02-20 =
183 * **Fixed:** SVGZ uploads failing and not sanitising correctly.
184
185 = 1.3.3 - 2017-02-15 =
186 * **Changed:** Allow SVGZ uploads.
187
188 = 1.3.2 - 2017-01-27 =
189 * **Fixed:** Mime type issue in 4.7.1. Mad props to [@LewisCowles1986](https://github.com/LewisCowles1986).
190
191 = 1.3.1 - 2016-12-01 =
192 * **Changed:** Underlying library version.
193
194 = 1.3.0 - 2016-10-10 =
195 * **Changed:** Minify SVGs after cleaning so they can be loaded correctly through `file_get_contents`.
196
197 = 1.2.0 - 2016-02-27 =
198 * **Added:** Support for camel case attributes such as viewBox.
199
200 = 1.1.1 - 2016-07-06 =
201 * **Fixed:** Issue with empty svg elements self-closing.
202
203 = 1.1.0 - 2015-07-04 =
204 * **Added:** I18n.
205 * **Added:** da, de ,en, es, fr, nl and ru translations.
206 * **Fixed:** Issue with filename not being pulled over on failed uploads.
207
208 = 1.0.0 - 2015-07-03 =
209 * Initial Release.
210
211 == Upgrade Notice ==
212 = 1.9.10 =
213 * Important: bumped the WordPress minimum version from 4.0 to 4.7 and the PHP minimum version from 5.6 to 7.0.
214