Skip to content

Commit

Permalink
Merge pull request #145 from 10up/feature/disable-optimizer-by-default
Browse files Browse the repository at this point in the history
Disable SVG optimization by default
  • Loading branch information
dkotter authored Aug 17, 2023
2 parents a88ee38 + 46faecf commit aa2caf5
Show file tree
Hide file tree
Showing 2 changed files with 49 additions and 6 deletions.
54 changes: 48 additions & 6 deletions includes/optimizer.php
Original file line number Diff line number Diff line change
Expand Up @@ -10,22 +10,26 @@
use enshrined\svgSanitize\Sanitizer;

if ( ! class_exists( '\SafeSVG\Optimizer' ) ) {

/**
* Class \SafeSVG\Optimizer
*/
class Optimizer {

/**
* The name of the nonce to send with the AJAX call.
*
* @var string
*/
private $nonce_name = 'safe-svg-optimizer';

/**
* The class constructor.
*/
public function __construct() {
add_action( 'init', [ $this, 'init' ] );
}

/**
* Initialize actions.
*
Expand All @@ -35,9 +39,11 @@ public function init() {
if ( true !== $this->is_enabled() ) {
return;
}

add_action( 'admin_enqueue_scripts', [ $this, 'enqueues' ] );
add_action( 'wp_ajax_safe_svg_optimize', [ $this, 'optimize' ] );
}

/**
* Checks if the Optimizer is enabled.
*
Expand All @@ -46,29 +52,52 @@ public function init() {
public function is_enabled(): bool {
$has_svg_allowed_tags = has_filter( 'svg_allowed_tags' );
$has_svg_allowed_attributes = has_filter( 'svg_allowed_attributes' );

/**
* If a dev has added allowed tags or attributes, we should not optimize the SVGs, because the optimizer will not respect their exclusions.
* If a dev has added allowed tags or attributes, we should not
* optimize the SVGs, because the optimizer will not respect their exclusions.
*/
if ( $has_svg_allowed_tags || $has_svg_allowed_attributes ) {
return false;
}
$params = $this->svgo_params();
return ( ! empty( $params ) && is_array( $params ) );

/**
* Filter to enable the optimizer.
*
* Note: this feature is disabled by default.
*
* @since 2.2.0
* @hook safe_svg_optimizer_enabled
*
* @param bool $enabled Whether the optimizer is enabled.
* @return bool
*/
return apply_filters( 'safe_svg_optimizer_enabled', false );
}

/**
* The SVGO parameters. Developers can use this filter to pass additional parameters or completely disable the optimizer by passing:
* add_filter( 'safe_svg_svgo_params', '__return_false' );
* The SVGO parameters.
*
* @return mixed|null
*/
public function svgo_params() {
/**
* Filter the params we pass to SVGO.
*
* @since 2.2.0
* @hook safe_svg_svgo_params
*
* @param array $params The params we pass to SVGO.
* @return array
*/
return apply_filters(
'safe_svg_svgo_params',
[
'multipass' => true,
]
);
}

/**
* Enqueue the necessary scripts.
*
Expand All @@ -84,16 +113,19 @@ public function enqueues( $hook ) {
'upload.php',
'media-new.php',
];

if ( ! in_array( $hook, $allowed_hooks, true ) ) {
return;
}

wp_enqueue_script(
'safe-svg-admin-scripts',
SAFE_SVG_PLUGIN_URL . '/dist/safe-svg-admin.js',
SAFE_SVG_PLUGIN_URL . 'dist/safe-svg-admin.js',
[ 'wp-data', 'utils' ],
SAFE_SVG_VERSION,
true
);

$params = wp_json_encode(
[
'ajaxUrl' => esc_url_raw( admin_url( 'admin-ajax.php' ) ),
Expand All @@ -112,6 +144,7 @@ public function enqueues( $hook ) {
'before'
);
}

/**
* Optimize the SVG file.
*
Expand All @@ -121,23 +154,32 @@ public function optimize() {
$svg_url = filter_input( INPUT_GET, 'svg_url', FILTER_SANITIZE_URL );
$svg_id = filter_input( INPUT_GET, 'svg_id', FILTER_SANITIZE_NUMBER_INT );
$attachment_id = ! empty( $svg_id ) ? $svg_id : attachment_url_to_postid( $svg_url );

if ( empty( $attachment_id ) || ! current_user_can( 'edit_post', $attachment_id ) ) {
return;
}

check_ajax_referer( $this->nonce_name, 'svg_nonce' );

$svg_path = get_attached_file( $attachment_id );
if ( empty( $svg_path ) ) {
return;
}

$maybe_dirty = $_GET['optimized_svg'];
$sanitizer = new Sanitizer();
$sanitizer->minify( true );
$sanitized = $sanitizer->sanitize( stripcslashes( $maybe_dirty ) );

if ( empty( $sanitized ) ) {
return;
}

file_put_contents( $svg_path, $sanitized ); // phpcs:ignore WordPress.WP.AlternativeFunctions.file_system_read_file_put_contents

wp_die();
}

}

}
1 change: 1 addition & 0 deletions safe-svg.php
Original file line number Diff line number Diff line change
Expand Up @@ -104,6 +104,7 @@ function() {
require __DIR__ . '/includes/safe-svg-settings.php';
require __DIR__ . '/includes/blocks.php';
require __DIR__ . '/includes/optimizer.php';

new \SafeSVG\Optimizer();

if ( ! class_exists( 'SafeSvg\\safe_svg' ) ) {
Expand Down

0 comments on commit aa2caf5

Please sign in to comment.