diff --git a/CHANGELOG.md b/CHANGELOG.md index 78a2bd4c..b8a1b874 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -4,6 +4,33 @@ All notable changes to this project will be documented in this file, per [the Ke ## [Unreleased] - TBD +## [2.2.0] - 2023-08-21 +### Added +- New settings that give the ability to select which user roles can upload SVG files (props [@dhanendran](https://github.com/dhanendran), [@csloisel](https://github.com/csloisel), [@faisal-alvi](https://github.com/faisal-alvi), [@dkotter](https://github.com/dkotter) via [#76](https://github.com/10up/safe-svg/pull/76)). +- SVG optimization during upload via SVGO. Feature is disabled by default but can be enabled using the `safe_svg_optimizer_enabled` filter (props [@gsarig](https://github.com/gsarig), [@peterwilsoncc](https://github.com/peterwilsoncc), [@Sidsector9](https://github.com/Sidsector9), [@darylldoyle](https://github.com/darylldoyle), [@faisal-alvi](https://github.com/faisal-alvi), [@dkotter](https://github.com/dkotter), [@ravinderk](https://github.com/ravinderk) via [#79](https://github.com/10up/safe-svg/pull/79), [#145](https://github.com/10up/safe-svg/pull/145)). +- Spacing and color controls added to SVG block (props [@bmarshall511](https://github.com/bmarshall511), [@iamdharmesh](https://github.com/iamdharmesh) via [#135](https://github.com/10up/safe-svg/pull/135)). +- Mochawesome reporter added for Cypress test report (props [@jayedul](https://github.com/jayedul), [@peterwilsoncc](https://github.com/peterwilsoncc) via [#124](https://github.com/10up/safe-svg/pull/124)). + +### Changed +- Update [Support Level](https://github.com/10up/safe-svg#support-level) from `Active` to `Stable` (props [@Sidsector9](https://github.com/Sidsector9), [@iamdharmesh](https://github.com/iamdharmesh) via [#100](https://github.com/10up/safe-svg/pull/100)). +- Update name of SVG block from Safe SVG Icon to Inline SVG (props [@bmarshall511](https://github.com/bmarshall511), [@iamdharmesh](https://github.com/iamdharmesh) via [#135](https://github.com/10up/safe-svg/pull/135)). +- Bump WordPress "tested up to" version 6.3 (props [@dkotter](https://github.com/dkotter), [@jeffpaul](https://github.com/jeffpaul) via [#144](https://github.com/10up/safe-svg/pull/144)). +- Update the Dependency Review GitHub Action (props [@jeffpaul](https://github.com/jeffpaul), [@Sidsector9](https://github.com/Sidsector9) via [#128](https://github.com/10up/safe-svg/pull/128)). + +### Fixed +- Add namespace to the `class_exists` check (props [@szepeviktor](https://github.com/szepeviktor), [@iamdharmesh](https://github.com/iamdharmesh) via [#120](https://github.com/10up/safe-svg/pull/120)). +- Ensure Sanitizer class is properly imported (props [@szepeviktor](https://github.com/szepeviktor), [@iamdharmesh](https://github.com/iamdharmesh) via [#121](https://github.com/10up/safe-svg/pull/121)). +- Remove an unneeded global (props [@szepeviktor](https://github.com/szepeviktor), [@iamdharmesh](https://github.com/iamdharmesh) via [#122](https://github.com/10up/safe-svg/pull/122)). +- Use absolute path in require (props [@szepeviktor](https://github.com/szepeviktor), [@iamdharmesh](https://github.com/iamdharmesh) via [#123](https://github.com/10up/safe-svg/pull/123)). +- Ensure custom classname added to SVG block is output on the front-end (props [@bmarshall511](https://github.com/bmarshall511), [@Sidsector9](https://github.com/Sidsector9), [@dkotter](https://github.com/dkotter) via [#130](https://github.com/10up/safe-svg/pull/130)). +- Ensure `SimpleXML` exists before using it (props [@sdmtt](https://github.com/sdmtt), [@faisal-alvi](https://github.com/faisal-alvi) via [#140](https://github.com/10up/safe-svg/pull/140)). +- Fix markdown issues in the readme (props [@szepeviktor](https://github.com/szepeviktor), [@iamdharmesh](https://github.com/iamdharmesh) via [#119](https://github.com/10up/safe-svg/pull/119)). + +### Security +- Bump `semver` from 5.7.1 to 5.7.2 (props [@dependabot](https://github.com/apps/dependabot) via [#134](https://github.com/10up/safe-svg/pull/134)). +- Bump `word-wrap` from 1.2.3 to 1.2.5 (props [@dependabot](https://github.com/apps/dependabot) via [#141](https://github.com/10up/safe-svg/pull/141)). +- Bump `tough-cookie` from 4.1.2 to 4.1.3 and `@cypress/request` from 2.88.10 to 2.88.12 (props [@dependabot](https://github.com/apps/dependabot) via [#146](https://github.com/10up/safe-svg/pull/146)). + ## [2.1.1] - 2023-04-05 ### Changed - Upgrade `@wordpress` npm package dependencies (props [@ggutenberg](https://github.com/ggutenberg), [@Sidsector9](https://github.com/Sidsector9) via [#108](https://github.com/10up/safe-svg/pull/108)). @@ -259,6 +286,7 @@ All notable changes to this project will be documented in this file, per [the Ke - Initial Release. [Unreleased]: https://github.com/10up/safe-svg/compare/trunk...develop +[2.2.0]: https://github.com/10up/safe-svg/compare/2.1.1...2.2.0 [2.1.1]: https://github.com/10up/safe-svg/compare/2.1.0...2.1.1 [2.1.0]: https://github.com/10up/safe-svg/compare/2.0.3...2.1.0 [2.0.3]: https://github.com/10up/safe-svg/compare/2.0.2...2.0.3 diff --git a/CREDITS.md b/CREDITS.md index 8ee21b1d..584e7077 100644 --- a/CREDITS.md +++ b/CREDITS.md @@ -12,7 +12,7 @@ The following individuals are responsible for curating the list of issues, respo Thank you to all the people who have already contributed to this repository via bug reports, code, design, ideas, project management, translation, testing, etc. -[Daryll Doyle (@darylldoyle)](https://github.com/darylldoyle), [Lewis Cowles (@LewisCowles1986)](https://github.com/LewisCowles1986), [Daniel M. Hendricks (@dmhendricks)](https://github.com/dmhendricks), [Dan Pock (@mallardduck)](https://github.com/mallardduck), [K. Adam White (@kadamwhite)](https://github.com/kadamwhite), [Joe Hoyle (@joehoyle)](https://github.com/joehoyle), [Jeffrey Paul (@jeffpaul)](https://github.com/jeffpaul), [Brandon Berg (@BBerg10up)](https://github.com/BBerg10up), [Max Lyuchin (@cadic)](https://github.com/cadic), [Mehidi Hassan (@mehidi258)](https://github.com/mehidi258), [Dharmesh Patel (@iamdharmesh)](https://github.com/iamdharmesh), [Timothy Decker (@amdd-tim)](https://github.com/amdd-tim), [Brooke Campbell](https://www.linkedin.com/in/brookecampbelldesign/), [Mehul Kaklotar (@mehulkaklotar)](https://github.com/mehulkaklotar), [@smerriman](https://github.com/smerriman), [Darin Kotter (@dkotter)](https://github.com/dkotter), [Manuel Friedli (@fritteli)](https://github.com/fritteli), [David Hamann (@davidhamann)](https://github.com/davidhamann), [@j-hoffmann](https://github.com/j-hoffmann), [Peter Wilson (@peterwilsoncc)](https://github.com/peterwilsoncc), [Torsten Landsiedel (@Zodiac1978)](https://github.com/Zodiac1978), [Axel DUCORON (@aksld)](https://github.com/aksld), [Mario Rader (@r8r)](https://github.com/r8r), [Jeremy Turowetz (@jerturowetz)](https://github.com/jerturowetz), [Robert O'Rourke (@roborourke)](https://github.com/roborourke), [Dominik Schilling (@ocean90)](https://github.com/ocean90), [Adam Wills (@AdamWills)](https://github.com/AdamWills), [Faisal Alvi (@faisal-alvi)](https://github.com/faisal-alvi), [Siddharth Thevaril (@Sidsector9)](https://github.com/Sidsector9), [Cory Hughart (@cr0ybot)](https://github.com/cr0ybot), [Cory Birdsong (@cbirdsong)](https://github.com/cbirdsong), [Vikram Moparthy (@vikrampm1)](https://github.com/vikrampm1), [Garth Gutenberg (@ggutenberg)](https://github.com/ggutenberg), [Jayedul Kabir (@jayedul)](https://github.com/jayedul), [Marcel Freinbichler (@freinbichler)](https://github.com/freinbichler), [IanDelMar (@IanDelMar)](https://github.com/IanDelMar), [Ravinder Kumar (@ravinderk)](https://github.com/ravinderk). +[Daryll Doyle (@darylldoyle)](https://github.com/darylldoyle), [Lewis Cowles (@LewisCowles1986)](https://github.com/LewisCowles1986), [Daniel M. Hendricks (@dmhendricks)](https://github.com/dmhendricks), [Dan Pock (@mallardduck)](https://github.com/mallardduck), [K. Adam White (@kadamwhite)](https://github.com/kadamwhite), [Joe Hoyle (@joehoyle)](https://github.com/joehoyle), [Jeffrey Paul (@jeffpaul)](https://github.com/jeffpaul), [Brandon Berg (@BBerg10up)](https://github.com/BBerg10up), [Max Lyuchin (@cadic)](https://github.com/cadic), [Mehidi Hassan (@mehidi258)](https://github.com/mehidi258), [Dharmesh Patel (@iamdharmesh)](https://github.com/iamdharmesh), [Timothy Decker (@amdd-tim)](https://github.com/amdd-tim), [Brooke Campbell](https://www.linkedin.com/in/brookecampbelldesign/), [Mehul Kaklotar (@mehulkaklotar)](https://github.com/mehulkaklotar), [@smerriman](https://github.com/smerriman), [Darin Kotter (@dkotter)](https://github.com/dkotter), [Manuel Friedli (@fritteli)](https://github.com/fritteli), [David Hamann (@davidhamann)](https://github.com/davidhamann), [@j-hoffmann](https://github.com/j-hoffmann), [Peter Wilson (@peterwilsoncc)](https://github.com/peterwilsoncc), [Torsten Landsiedel (@Zodiac1978)](https://github.com/Zodiac1978), [Axel DUCORON (@aksld)](https://github.com/aksld), [Mario Rader (@r8r)](https://github.com/r8r), [Jeremy Turowetz (@jerturowetz)](https://github.com/jerturowetz), [Robert O'Rourke (@roborourke)](https://github.com/roborourke), [Dominik Schilling (@ocean90)](https://github.com/ocean90), [Adam Wills (@AdamWills)](https://github.com/AdamWills), [Faisal Alvi (@faisal-alvi)](https://github.com/faisal-alvi), [Siddharth Thevaril (@Sidsector9)](https://github.com/Sidsector9), [Cory Hughart (@cr0ybot)](https://github.com/cr0ybot), [Cory Birdsong (@cbirdsong)](https://github.com/cbirdsong), [Vikram Moparthy (@vikrampm1)](https://github.com/vikrampm1), [Garth Gutenberg (@ggutenberg)](https://github.com/ggutenberg), [Jayedul Kabir (@jayedul)](https://github.com/jayedul), [Marcel Freinbichler (@freinbichler)](https://github.com/freinbichler), [IanDelMar (@IanDelMar)](https://github.com/IanDelMar), [Ravinder Kumar (@ravinderk)](https://github.com/ravinderk), [GitHub Dependabot (@dependabot)](https://github.com/apps/dependabot), [Santiago Dimattia (@sdmtt)](https://github.com/sdmtt), [Ben Marshall (@bmarshall511)](https://github.com/bmarshall511), [Viktor Szépe (@szepeviktor)](https://github.com/szepeviktor), [Dhanendran Rajagopal (@dhanendran)](https://github.com/dhanendran), [Curtis Loisel (@csloisel)](https://github.com/csloisel), [Giorgos Sarigiannidis (@gsarig)](https://github.com/gsarig). ## Libraries diff --git a/README.md b/README.md index fb41a314..b35a740b 100644 --- a/README.md +++ b/README.md @@ -21,7 +21,7 @@ It gives you the ability to allow SVG uploads whilst making sure that they're sa ### Current Features * **Sanitised SVGs** - Don't open up security holes in your WordPress site by allowing uploads of unsanitised files. -* **SVGO Optimisation** - Runs your SVGs through the SVGO tool on upload to save you space. +* **SVGO Optimisation** - Runs your SVGs through the SVGO tool on upload to save you space. This feature is disabled by default but can be enabled by adding the following code: `add_filter( 'safe_svg_optimizer_enabled', '__return_true' );` * **View SVGs in the Media Library** - Gone are the days of guessing which SVG is the correct one, we'll enable SVG previews in the WordPress media library. * **Choose Who Can Upload** - Restrict SVG uploads to certain users on your WordPress site or allow anyone to upload. diff --git a/package-lock.json b/package-lock.json index d1390524..46ecdeb4 100644 --- a/package-lock.json +++ b/package-lock.json @@ -1,12 +1,12 @@ { "name": "@10up/safe-svg", - "version": "2.1.1", + "version": "2.2.0", "lockfileVersion": 2, "requires": true, "packages": { "": { "name": "@10up/safe-svg", - "version": "2.1.1", + "version": "2.2.0", "license": "GPL-2.0-or-later", "dependencies": { "cypress-mochawesome-reporter": "^3.4.0", diff --git a/package.json b/package.json index 7d56a588..d2635d7a 100644 --- a/package.json +++ b/package.json @@ -1,6 +1,6 @@ { "name": "@10up/safe-svg", - "version": "2.1.1", + "version": "2.2.0", "description": "Enable SVG uploads and sanitize them to stop XML/SVG vulnerabilities in your WordPress website", "homepage": "https://github.com/10up/safe-svg#readme", "license": "GPL-2.0-or-later", diff --git a/readme.txt b/readme.txt index ca10264f..60eb04bf 100644 --- a/readme.txt +++ b/readme.txt @@ -3,7 +3,7 @@ Contributors: 10up, enshrined, jeffpaul Tags: svg, sanitize, upload, sanitise, security, svg upload, image, vector, file, graphic, media, mime Requires at least: 5.7 Tested up to: 6.3 -Stable tag: 2.1.1 +Stable tag: 2.2.0 Requires PHP: 7.4 License: GPLv2 or later License URI: http://www.gnu.org/licenses/gpl-2.0.html @@ -18,7 +18,7 @@ It gives you the ability to allow SVG uploads whilst making sure that they're sa #### Current Features * **Sanitised SVGs** - Don't open up security holes in your WordPress site by allowing uploads of unsanitised files. -* **SVGO Optimisation** - Runs your SVGs through the SVGO tool on upload to save you space. +* **SVGO Optimisation** - Runs your SVGs through the SVGO tool on upload to save you space. This feature is disabled by default but can be enabled by adding the following code: `add_filter( 'safe_svg_optimizer_enabled', '__return_true' );` * **View SVGs in the Media Library** - Gone are the days of guessing which SVG is the correct one, we'll enable SVG previews in the WordPress media library. * **Choose Who Can Upload** - Restrict SVG uploads to certain users on your WordPress site or allow anyone to upload. @@ -66,6 +66,26 @@ They take one argument that must be returned. See below for examples: == Changelog == += 2.2.0 - 2023-08-21 = +* **Added:** New settings that give the ability to select which user roles can upload SVG files (props [@dhanendran](https://github.com/dhanendran), [@csloisel](https://github.com/csloisel), [@faisal-alvi](https://github.com/faisal-alvi), [@dkotter](https://github.com/dkotter) via [#76](https://github.com/10up/safe-svg/pull/76)). +* **Added:** SVG optimization during upload via SVGO. Feature is disabled by default but can be enabled using the `safe_svg_optimizer_enabled` filter (props [@gsarig](https://github.com/gsarig), [@peterwilsoncc](https://github.com/peterwilsoncc), [@Sidsector9](https://github.com/Sidsector9), [@darylldoyle](https://github.com/darylldoyle), [@faisal-alvi](https://github.com/faisal-alvi), [@dkotter](https://github.com/dkotter), [@ravinderk](https://github.com/ravinderk) via [#79](https://github.com/10up/safe-svg/pull/79), [#145](https://github.com/10up/safe-svg/pull/145)). +* **Added:** Spacing and color controls added to SVG block (props [@bmarshall511](https://github.com/bmarshall511), [@iamdharmesh](https://github.com/iamdharmesh) via [#135](https://github.com/10up/safe-svg/pull/135)). +* **Added:** Mochawesome reporter added for Cypress test report (props [@jayedul](https://github.com/jayedul), [@peterwilsoncc](https://github.com/peterwilsoncc) via [#124](https://github.com/10up/safe-svg/pull/124)). +* **Changed:** Update [Support Level](https://github.com/10up/safe-svg#support-level) from `Active` to `Stable` (props [@Sidsector9](https://github.com/Sidsector9), [@iamdharmesh](https://github.com/iamdharmesh) via [#100](https://github.com/10up/safe-svg/pull/100)). +* **Changed:** Update name of SVG block from Safe SVG Icon to Inline SVG (props [@bmarshall511](https://github.com/bmarshall511), [@iamdharmesh](https://github.com/iamdharmesh) via [#135](https://github.com/10up/safe-svg/pull/135)). +* **Changed:** Bump WordPress "tested up to" version 6.3 (props [@dkotter](https://github.com/dkotter), [@jeffpaul](https://github.com/jeffpaul) via [#144](https://github.com/10up/safe-svg/pull/144)). +* **Changed:** Update the Dependency Review GitHub Action (props [@jeffpaul](https://github.com/jeffpaul), [@Sidsector9](https://github.com/Sidsector9) via [#128](https://github.com/10up/safe-svg/pull/128)). +* **Fixed:** Add namespace to the `class_exists` check (props [@szepeviktor](https://github.com/szepeviktor), [@iamdharmesh](https://github.com/iamdharmesh) via [#120](https://github.com/10up/safe-svg/pull/120)). +* **Fixed:** Ensure Sanitizer class is properly imported (props [@szepeviktor](https://github.com/szepeviktor), [@iamdharmesh](https://github.com/iamdharmesh) via [#121](https://github.com/10up/safe-svg/pull/121)). +* **Fixed:** Remove an unneeded global (props [@szepeviktor](https://github.com/szepeviktor), [@iamdharmesh](https://github.com/iamdharmesh) via [#122](https://github.com/10up/safe-svg/pull/122)). +* **Fixed:** Use absolute path in require (props [@szepeviktor](https://github.com/szepeviktor), [@iamdharmesh](https://github.com/iamdharmesh) via [#123](https://github.com/10up/safe-svg/pull/123)). +* **Fixed:** Ensure custom classname added to SVG block is output on the front-end (props [@bmarshall511](https://github.com/bmarshall511), [@Sidsector9](https://github.com/Sidsector9), [@dkotter](https://github.com/dkotter) via [#130](https://github.com/10up/safe-svg/pull/130)). +* **Fixed:** Ensure `SimpleXML` exists before using it (props [@sdmtt](https://github.com/sdmtt), [@faisal-alvi](https://github.com/faisal-alvi) via [#140](https://github.com/10up/safe-svg/pull/140)). +* **Fixed:** Fix markdown issues in the readme (props [@szepeviktor](https://github.com/szepeviktor), [@iamdharmesh](https://github.com/iamdharmesh) via [#119](https://github.com/10up/safe-svg/pull/119)). +* **Security:** Bump `semver` from 5.7.1 to 5.7.2 (props [@dependabot](https://github.com/apps/dependabot) via [#134](https://github.com/10up/safe-svg/pull/134)). +* **Security:** Bump `word-wrap` from 1.2.3 to 1.2.5 (props [@dependabot](https://github.com/apps/dependabot) via [#141](https://github.com/10up/safe-svg/pull/141)). +* **Security:** Bump `tough-cookie` from 4.1.2 to 4.1.3 and `@cypress/request` from 2.88.10 to 2.88.12 (props [@dependabot](https://github.com/apps/dependabot) via [#146](https://github.com/10up/safe-svg/pull/146)). + = 2.1.1 - 2023-04-05 = * **Changed:** Upgrade `@wordpress` npm package dependencies (props [@ggutenberg](https://github.com/ggutenberg), [@Sidsector9](https://github.com/Sidsector9) via [#108](https://github.com/10up/safe-svg/pull/108)). * **Changed:** Bump WordPress "tested up to" version 6.2 (props [@ggutenberg](https://github.com/ggutenberg), [@Sidsector9](https://github.com/Sidsector9) via [#108](https://github.com/10up/safe-svg/pull/108)). diff --git a/safe-svg.php b/safe-svg.php index 22848a82..c1602c2a 100644 --- a/safe-svg.php +++ b/safe-svg.php @@ -3,7 +3,7 @@ * Plugin Name: Safe SVG * Plugin URI: https://wordpress.org/plugins/safe-svg/ * Description: Enable SVG uploads and sanitize them to stop XML/SVG vulnerabilities in your WordPress website - * Version: 2.1.1 + * Version: 2.2.0 * Requires at least: 5.7 * Requires PHP: 7.4 * Author: 10up @@ -24,7 +24,7 @@ exit; // Exit if accessed directly. } -define( 'SAFE_SVG_VERSION', '2.1.1' ); +define( 'SAFE_SVG_VERSION', '2.2.0' ); define( 'SAFE_SVG_PLUGIN_DIR', __DIR__ ); define( 'SAFE_SVG_PLUGIN_URL', plugin_dir_url( __FILE__ ) );