From 4e1ec9f83737a667c78b2351433baacefc225a60 Mon Sep 17 00:00:00 2001 From: Darin Kotter Date: Wed, 16 Aug 2023 16:11:42 -0600 Subject: [PATCH 1/3] Fix some spacing issues. Adjust some docblocks --- includes/optimizer.php | 38 +++++++++++++++++++++++++++++++++++--- safe-svg.php | 1 + 2 files changed, 36 insertions(+), 3 deletions(-) diff --git a/includes/optimizer.php b/includes/optimizer.php index b02e5dc4..3449794d 100644 --- a/includes/optimizer.php +++ b/includes/optimizer.php @@ -10,22 +10,26 @@ use enshrined\svgSanitize\Sanitizer; if ( ! class_exists( '\SafeSVG\Optimizer' ) ) { + /** * Class \SafeSVG\Optimizer */ class Optimizer { + /** * The name of the nonce to send with the AJAX call. * * @var string */ private $nonce_name = 'safe-svg-optimizer'; + /** * The class constructor. */ public function __construct() { add_action( 'init', [ $this, 'init' ] ); } + /** * Initialize actions. * @@ -35,9 +39,11 @@ public function init() { if ( true !== $this->is_enabled() ) { return; } + add_action( 'admin_enqueue_scripts', [ $this, 'enqueues' ] ); add_action( 'wp_ajax_safe_svg_optimize', [ $this, 'optimize' ] ); } + /** * Checks if the Optimizer is enabled. * @@ -46,22 +52,34 @@ public function init() { public function is_enabled(): bool { $has_svg_allowed_tags = has_filter( 'svg_allowed_tags' ); $has_svg_allowed_attributes = has_filter( 'svg_allowed_attributes' ); + /** - * If a dev has added allowed tags or attributes, we should not optimize the SVGs, because the optimizer will not respect their exclusions. + * If a dev has added allowed tags or attributes, we should not + * optimize the SVGs, because the optimizer will not respect their exclusions. */ if ( $has_svg_allowed_tags || $has_svg_allowed_attributes ) { return false; } + $params = $this->svgo_params(); return ( ! empty( $params ) && is_array( $params ) ); } + /** - * The SVGO parameters. Developers can use this filter to pass additional parameters or completely disable the optimizer by passing: - * add_filter( 'safe_svg_svgo_params', '__return_false' ); + * The SVGO parameters. * * @return mixed|null */ public function svgo_params() { + /** + * Filter the params we pass to SVGO. + * + * @since 2.2.0 + * @hook safe_svg_svgo_params + * + * @param array $params The params we pass to SVGO. + * @return array + */ return apply_filters( 'safe_svg_svgo_params', [ @@ -69,6 +87,7 @@ public function svgo_params() { ] ); } + /** * Enqueue the necessary scripts. * @@ -84,9 +103,11 @@ public function enqueues( $hook ) { 'upload.php', 'media-new.php', ]; + if ( ! in_array( $hook, $allowed_hooks, true ) ) { return; } + wp_enqueue_script( 'safe-svg-admin-scripts', SAFE_SVG_PLUGIN_URL . '/dist/safe-svg-admin.js', @@ -94,6 +115,7 @@ public function enqueues( $hook ) { SAFE_SVG_VERSION, true ); + $params = wp_json_encode( [ 'ajaxUrl' => esc_url_raw( admin_url( 'admin-ajax.php' ) ), @@ -112,6 +134,7 @@ public function enqueues( $hook ) { 'before' ); } + /** * Optimize the SVG file. * @@ -121,23 +144,32 @@ public function optimize() { $svg_url = filter_input( INPUT_GET, 'svg_url', FILTER_SANITIZE_URL ); $svg_id = filter_input( INPUT_GET, 'svg_id', FILTER_SANITIZE_NUMBER_INT ); $attachment_id = ! empty( $svg_id ) ? $svg_id : attachment_url_to_postid( $svg_url ); + if ( empty( $attachment_id ) || ! current_user_can( 'edit_post', $attachment_id ) ) { return; } + check_ajax_referer( $this->nonce_name, 'svg_nonce' ); + $svg_path = get_attached_file( $attachment_id ); if ( empty( $svg_path ) ) { return; } + $maybe_dirty = $_GET['optimized_svg']; $sanitizer = new Sanitizer(); $sanitizer->minify( true ); $sanitized = $sanitizer->sanitize( stripcslashes( $maybe_dirty ) ); + if ( empty( $sanitized ) ) { return; } + file_put_contents( $svg_path, $sanitized ); // phpcs:ignore WordPress.WP.AlternativeFunctions.file_system_read_file_put_contents + wp_die(); } + } + } diff --git a/safe-svg.php b/safe-svg.php index 7566d64d..22848a82 100644 --- a/safe-svg.php +++ b/safe-svg.php @@ -104,6 +104,7 @@ function() { require __DIR__ . '/includes/safe-svg-settings.php'; require __DIR__ . '/includes/blocks.php'; require __DIR__ . '/includes/optimizer.php'; + new \SafeSVG\Optimizer(); if ( ! class_exists( 'SafeSvg\\safe_svg' ) ) { From 1700cd01e443c2967f22dc4e470b44479f6bfa9e Mon Sep 17 00:00:00 2001 From: Darin Kotter Date: Wed, 16 Aug 2023 16:12:25 -0600 Subject: [PATCH 2/3] Add new filter that disables optimization by default and can be used to turn it on, instead of relying on the params filter --- includes/optimizer.php | 14 ++++++++++++-- 1 file changed, 12 insertions(+), 2 deletions(-) diff --git a/includes/optimizer.php b/includes/optimizer.php index 3449794d..3f00eadf 100644 --- a/includes/optimizer.php +++ b/includes/optimizer.php @@ -61,8 +61,18 @@ public function is_enabled(): bool { return false; } - $params = $this->svgo_params(); - return ( ! empty( $params ) && is_array( $params ) ); + /** + * Filter to enable the optimizer. + * + * Note: this feature is disabled by default. + * + * @since 2.2.0 + * @hook safe_svg_optimizer_enabled + * + * @param bool $enabled Whether the optimizer is enabled. + * @return bool + */ + return apply_filters( 'safe_svg_optimizer_enabled', false ); } /** From a43b943fe39ebc55fcb4c135bbc790bf8bee48cd Mon Sep 17 00:00:00 2001 From: Darin Kotter Date: Wed, 16 Aug 2023 16:12:39 -0600 Subject: [PATCH 3/3] Remove extra slash in script URL --- includes/optimizer.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/includes/optimizer.php b/includes/optimizer.php index 3f00eadf..e795e6e2 100644 --- a/includes/optimizer.php +++ b/includes/optimizer.php @@ -120,7 +120,7 @@ public function enqueues( $hook ) { wp_enqueue_script( 'safe-svg-admin-scripts', - SAFE_SVG_PLUGIN_URL . '/dist/safe-svg-admin.js', + SAFE_SVG_PLUGIN_URL . 'dist/safe-svg-admin.js', [ 'wp-data', 'utils' ], SAFE_SVG_VERSION, true