523 lines
15 KiB
PHP
523 lines
15 KiB
PHP
<?php
|
|
/**
|
|
* SVG Support in attachment modal
|
|
*
|
|
* This file contains functions to manage and manipulate SVG attachments in WordPress.
|
|
* It includes functionality for displaying SVGs in the attachment modal, generating metadata,
|
|
* sanitizing SVG files, and handling specific SVG-related scenarios.
|
|
*/
|
|
|
|
if ( ! defined( 'ABSPATH' ) ) {
|
|
exit; // Exit if accessed directly
|
|
}
|
|
|
|
/**
|
|
* Add SVG dimensions and other details to the response for displaying in the attachment modal.
|
|
*
|
|
* @param array $response The prepared attachment response data.
|
|
* @param object $attachment The attachment object.
|
|
* @param array $meta The attachment meta data.
|
|
*
|
|
* @return array Modified response with SVG dimensions and URL.
|
|
*/
|
|
function bodhi_svgs_response_for_svg( $response, $attachment, $meta ) {
|
|
|
|
if ( $response['mime'] == 'image/svg+xml' && empty( $response['sizes'] ) ) {
|
|
|
|
$svg_path = get_attached_file( $attachment->ID );
|
|
|
|
if ( ! file_exists( $svg_path ) ) {
|
|
// If SVG is external, use the URL instead of the path
|
|
$svg_path = $response['url'];
|
|
}
|
|
|
|
$dimensions = bodhi_svgs_get_dimensions( $svg_path );
|
|
|
|
$response['sizes'] = array(
|
|
'full' => array(
|
|
'url' => $response['url'],
|
|
'width' => $dimensions->width,
|
|
'height' => $dimensions->height,
|
|
'orientation' => $dimensions->width > $dimensions->height ? 'landscape' : 'portrait'
|
|
)
|
|
);
|
|
|
|
}
|
|
|
|
return $response;
|
|
|
|
}
|
|
add_filter( 'wp_prepare_attachment_for_js', 'bodhi_svgs_response_for_svg', 10, 3 );
|
|
|
|
/**
|
|
* Get the dimensions of an SVG file.
|
|
*
|
|
* This function checks if the SVG is a local file or a remote URL, retrieves its content, and
|
|
* parses the width and height from the SVG attributes.
|
|
*
|
|
* @param string $svg The file path or URL of the SVG.
|
|
*
|
|
* @return object An object containing the width and height of the SVG.
|
|
*/
|
|
function bodhi_svgs_get_dimensions( $svg ) {
|
|
|
|
$svg_content = '';
|
|
|
|
// Check if $svg is a URL or a local file path
|
|
if ( filter_var( $svg, FILTER_VALIDATE_URL ) ) {
|
|
// For remote SVGs, use wp_remote_get()
|
|
$response = wp_remote_get( $svg );
|
|
if ( is_wp_error( $response ) ) {
|
|
return (object) array( 'width' => 0, 'height' => 0 );
|
|
}
|
|
$svg_content = wp_remote_retrieve_body( $response );
|
|
} else {
|
|
// For local files, use WP_Filesystem to read the file content
|
|
if ( ! function_exists( 'WP_Filesystem' ) ) {
|
|
require_once ABSPATH . 'wp-admin/includes/file.php';
|
|
}
|
|
global $wp_filesystem;
|
|
WP_Filesystem();
|
|
$svg_content = $wp_filesystem->get_contents( $svg );
|
|
}
|
|
|
|
if ( empty( $svg_content ) ) {
|
|
return (object) array( 'width' => 0, 'height' => 0 );
|
|
}
|
|
|
|
$svg = simplexml_load_string( $svg_content );
|
|
|
|
if ( $svg === FALSE ) {
|
|
$width = '0';
|
|
$height = '0';
|
|
} else {
|
|
$attributes = $svg->attributes();
|
|
$width = (string) $attributes->width;
|
|
$height = (string) $attributes->height;
|
|
}
|
|
|
|
return (object) array( 'width' => $width, 'height' => $height );
|
|
|
|
}
|
|
|
|
/**
|
|
* Generate attachment metadata for SVGs. (Thanks @surml)
|
|
*
|
|
* This function generates metadata for SVG attachments, including dimensions and file path.
|
|
* It is used to fix warnings related to missing width and height metadata for SVGs.
|
|
*
|
|
* @param array $metadata The attachment metadata.
|
|
* @param int $attachment_id The attachment ID.
|
|
*
|
|
* @return array Modified metadata including SVG dimensions.
|
|
*/
|
|
function bodhi_svgs_generate_svg_attachment_metadata( $metadata, $attachment_id ) {
|
|
|
|
$mime = get_post_mime_type( $attachment_id );
|
|
|
|
if ( $mime == 'image/svg+xml' ) {
|
|
|
|
$svg_path = get_attached_file( $attachment_id );
|
|
$upload_dir = wp_upload_dir();
|
|
// Get the path relative to /uploads/
|
|
$relative_path = str_replace($upload_dir['basedir'], '', $svg_path);
|
|
$filename = basename( $svg_path );
|
|
|
|
$dimensions = bodhi_svgs_get_dimensions( $svg_path );
|
|
|
|
$metadata = array(
|
|
'width' => intval($dimensions->width),
|
|
'height' => intval($dimensions->height),
|
|
'file' => $filename
|
|
);
|
|
|
|
$height = intval($dimensions->height);
|
|
$width = intval($dimensions->width);
|
|
|
|
// Generate sizes array for future implementations, if needed
|
|
$sizes = array();
|
|
foreach ( get_intermediate_image_sizes() as $s ) {
|
|
|
|
$sizes[$s] = array( 'width' => '', 'height' => '', 'crop' => false );
|
|
|
|
if ( $width !== 0 && $height !== 0 ) {
|
|
|
|
if ( isset( $_wp_additional_image_sizes[$s]['width'] ) ) {
|
|
$width_current_size = intval( $_wp_additional_image_sizes[$s]['width'] );
|
|
} else {
|
|
$width_current_size = get_option( "{$s}_size_w" );
|
|
}
|
|
|
|
if ( $width > $height ) {
|
|
$ratio = round($width / $height, 2);
|
|
$new_height = round($width_current_size / $ratio);
|
|
} else {
|
|
$ratio = round($height / $width, 2);
|
|
$new_height = round($width_current_size * $ratio);
|
|
}
|
|
|
|
$sizes[$s]['width'] = $width_current_size;
|
|
$sizes[$s]['height'] = $new_height;
|
|
|
|
$sizes[$s]['crop'] = false;
|
|
|
|
} else {
|
|
|
|
if ( isset( $_wp_additional_image_sizes[$s]['width'] ) ) {
|
|
$sizes[$s]['width'] = intval( $_wp_additional_image_sizes[$s]['width'] );
|
|
} else {
|
|
$sizes[$s]['width'] = get_option( "{$s}_size_w" );
|
|
}
|
|
|
|
if ( isset( $_wp_additional_image_sizes[$s]['height'] ) ) {
|
|
$sizes[$s]['height'] = intval( $_wp_additional_image_sizes[$s]['height'] );
|
|
} else {
|
|
$sizes[$s]['height'] = get_option( "{$s}_size_h" );
|
|
}
|
|
|
|
if ( isset( $_wp_additional_image_sizes[$s]['crop'] ) ) {
|
|
$sizes[$s]['crop'] = intval( $_wp_additional_image_sizes[$s]['crop'] );
|
|
} else {
|
|
$sizes[$s]['crop'] = get_option( "{$s}_crop" );
|
|
}
|
|
|
|
}
|
|
|
|
$sizes[$s]['file'] = $filename;
|
|
$sizes[$s]['mime-type'] = 'image/svg+xml';
|
|
|
|
}
|
|
|
|
$metadata['sizes'] = $sizes;
|
|
|
|
}
|
|
|
|
return $metadata;
|
|
|
|
}
|
|
add_filter( 'wp_generate_attachment_metadata', 'bodhi_svgs_generate_svg_attachment_metadata', 10, 3 );
|
|
|
|
/**
|
|
* Sanitize SVG files.
|
|
*
|
|
* This function sanitizes SVG files by removing potentially harmful elements and attributes.
|
|
* It also optionally minifies the SVG content and re-encodes it if it was originally gzipped.
|
|
*
|
|
* @param string $file The file path of the SVG to sanitize.
|
|
*
|
|
* @return bool True if the file was successfully sanitized, false otherwise.
|
|
*/
|
|
function bodhi_svgs_sanitize( $file ){
|
|
|
|
global $sanitizer;
|
|
|
|
$sanitizer->setAllowedTags( new bodhi_svg_tags() );
|
|
$sanitizer->setAllowedAttrs( new bodhi_svg_attributes() );
|
|
|
|
$dirty = '';
|
|
|
|
// Using WP_Filesystem to read the SVG file content
|
|
if ( ! function_exists( 'WP_Filesystem' ) ) {
|
|
require_once ABSPATH . 'wp-admin/includes/file.php';
|
|
}
|
|
global $wp_filesystem;
|
|
WP_Filesystem();
|
|
$dirty = $wp_filesystem->get_contents( $file );
|
|
|
|
// Try to decode if gzipped is enabled
|
|
if ( $is_zipped = bodhi_svgs_is_gzipped( $dirty ) ) {
|
|
|
|
$dirty = gzdecode( $dirty );
|
|
|
|
// Return on failure, since we can't read file
|
|
if ( $dirty === false ) {
|
|
return false;
|
|
}
|
|
|
|
}
|
|
|
|
// Remove remote references since they are dangerous and lead to injection
|
|
$sanitizer->removeRemoteReferences(true);
|
|
|
|
// Enable minify in library if its enabled in admin panel
|
|
bodhi_svgs_minify();
|
|
|
|
$clean = $sanitizer->sanitize( $dirty );
|
|
|
|
if ( $clean === false ) {
|
|
return false;
|
|
}
|
|
|
|
// If the file was gzipped, we need to re-zip it
|
|
if ( $is_zipped ) {
|
|
$clean = gzencode( $clean );
|
|
}
|
|
|
|
// Use WP_Filesystem to write the sanitized content back
|
|
if ( ! $wp_filesystem->put_contents( $file, $clean, FS_CHMOD_FILE ) ) {
|
|
return false;
|
|
}
|
|
|
|
return true;
|
|
|
|
}
|
|
|
|
/**
|
|
* Enable minification for SVG files.
|
|
*
|
|
* This function enables minification for SVG files if the option is set in the plugin settings.
|
|
*/
|
|
function bodhi_svgs_minify() {
|
|
|
|
global $bodhi_svgs_options;
|
|
global $sanitizer;
|
|
|
|
if ( !empty($bodhi_svgs_options['minify_svg']) && $bodhi_svgs_options['minify_svg'] === 'on' ) {
|
|
$sanitizer->minify(true);
|
|
}
|
|
|
|
}
|
|
|
|
/**
|
|
* Check if a string is gzipped.
|
|
*
|
|
* @param string $contents The contents to check.
|
|
*
|
|
* @return bool True if the contents are gzipped, false otherwise.
|
|
*/
|
|
function bodhi_svgs_is_gzipped( $contents ) {
|
|
|
|
if ( function_exists( 'mb_strpos' ) ) {
|
|
return 0 === mb_strpos( $contents, "\x1f" . "\x8b" . "\x08" );
|
|
} else {
|
|
return 0 === strpos( $contents, "\x1f" . "\x8b" . "\x08" );
|
|
}
|
|
|
|
}
|
|
|
|
// /**
|
|
// * Pre-filter for handling SVG uploads.
|
|
// *
|
|
// * This function checks if the uploaded file is an SVG and applies sanitization if required.
|
|
// *
|
|
// * @param array $file The uploaded file data.
|
|
// *
|
|
// * @return array The modified file data.
|
|
// */
|
|
// function bodhi_svgs_sanitize_svg($file) {
|
|
// global $bodhi_svgs_options;
|
|
|
|
// $file_path = $file['tmp_name'];
|
|
// $file_name = $file['name'];
|
|
|
|
// // Check if the file has a .svg extension
|
|
// $is_svg_extension = strtolower(pathinfo($file_name, PATHINFO_EXTENSION)) === 'svg';
|
|
|
|
// // Check if the file contains SVG content
|
|
// $is_svg_content = false;
|
|
// if ($is_svg_extension && file_exists($file_path)) {
|
|
// // Use file_get_contents to read the file contents
|
|
// $file_content = file_get_contents($file_path);
|
|
|
|
// if ($file_content === false) {
|
|
// $file['error'] = __("There was an error reading the SVG file for sanitization.", 'svg-support');
|
|
// return $file;
|
|
// }
|
|
|
|
// $is_svg_content = preg_match('/<svg[^>]*xmlns="http:\/\/www\.w3\.org\/2000\/svg"/', $file_content);
|
|
// }
|
|
|
|
// // If the file is an SVG based on extension or content
|
|
// if ($is_svg_extension || $is_svg_content) {
|
|
// // Get the roles that do not require SVG sanitization
|
|
// $sanitize_on_upload_roles_array = (array) $bodhi_svgs_options['sanitize_on_upload_roles'];
|
|
// $user = wp_get_current_user();
|
|
// $current_user_roles = (array) $user->roles;
|
|
|
|
// // Check if the current user's roles intersect with the roles that do not need sanitization
|
|
// $no_sanitize_needed = array_intersect($sanitize_on_upload_roles_array, $current_user_roles);
|
|
|
|
// // Check if the user has the capability to upload SVGs
|
|
// $can_upload_files = current_user_can('upload_files');
|
|
|
|
// // Force sanitize unless user is in roles that bypass sanitization
|
|
// if ($can_upload_files && empty($no_sanitize_needed)) {
|
|
// if (!bodhi_svgs_sanitize($file_path)) {
|
|
// $file['error'] = __("Sorry, this file couldn't be sanitized for security reasons and wasn't uploaded.", 'svg-support');
|
|
// return $file;
|
|
// }
|
|
// }
|
|
|
|
// return $file;
|
|
// }
|
|
|
|
// return $file;
|
|
// }
|
|
// // Add filter to handle upload pre-filtering for sanitization
|
|
// add_filter('wp_handle_upload_prefilter', 'bodhi_svgs_sanitize_svg');
|
|
|
|
/**
|
|
* Pre-filter for handling SVG uploads.
|
|
*
|
|
* This function checks if the uploaded file is an SVG and applies sanitization if required.
|
|
*
|
|
* @param array $file The uploaded file data.
|
|
*
|
|
* @return array The modified file data.
|
|
*/
|
|
function bodhi_svgs_sanitize_svg($file) {
|
|
global $bodhi_svgs_options;
|
|
|
|
$file_path = $file['tmp_name'];
|
|
$file_name = $file['name'];
|
|
|
|
// Check if the file has a .svg extension
|
|
$is_svg_extension = strtolower(pathinfo($file_name, PATHINFO_EXTENSION)) === 'svg';
|
|
|
|
// Check if the file contains SVG content
|
|
$is_svg_content = false;
|
|
if ($is_svg_extension && file_exists($file_path)) {
|
|
// Check if the file is remote or local
|
|
if (filter_var($file_path, FILTER_VALIDATE_URL)) {
|
|
// For remote files, use wp_remote_get
|
|
$response = wp_remote_get($file_path);
|
|
if (is_wp_error($response)) {
|
|
$file['error'] = __("There was an error reading the SVG file for sanitization.", 'svg-support');
|
|
return $file;
|
|
}
|
|
$file_content = wp_remote_retrieve_body($response);
|
|
} else {
|
|
// For local files, use WP_Filesystem
|
|
if (!function_exists('WP_Filesystem')) {
|
|
require_once ABSPATH . 'wp-admin/includes/file.php';
|
|
}
|
|
global $wp_filesystem;
|
|
WP_Filesystem();
|
|
$file_content = $wp_filesystem->get_contents($file_path);
|
|
}
|
|
|
|
if ($file_content === false || empty($file_content)) {
|
|
$file['error'] = __("There was an error reading the SVG file for sanitization.", 'svg-support');
|
|
return $file;
|
|
}
|
|
|
|
$is_svg_content = preg_match('/<svg[^>]*xmlns="http:\/\/www\.w3\.org\/2000\/svg"/', $file_content);
|
|
}
|
|
|
|
// If the file is an SVG based on extension or content
|
|
if ($is_svg_extension || $is_svg_content) {
|
|
// Get the roles that do not require SVG sanitization
|
|
$sanitize_on_upload_roles_array = (array) $bodhi_svgs_options['sanitize_on_upload_roles'];
|
|
$user = wp_get_current_user();
|
|
$current_user_roles = (array) $user->roles;
|
|
|
|
// Check if the current user's roles intersect with the roles that do not need sanitization
|
|
$no_sanitize_needed = array_intersect($sanitize_on_upload_roles_array, $current_user_roles);
|
|
|
|
// Check if the user has the capability to upload SVGs
|
|
$can_upload_files = current_user_can('upload_files');
|
|
|
|
// Force sanitize unless user is in roles that bypass sanitization
|
|
if ($can_upload_files && empty($no_sanitize_needed)) {
|
|
if (!bodhi_svgs_sanitize($file_path)) {
|
|
$file['error'] = __("Sorry, this file couldn't be sanitized for security reasons and wasn't uploaded.", 'svg-support');
|
|
return $file;
|
|
}
|
|
}
|
|
|
|
return $file;
|
|
}
|
|
|
|
return $file;
|
|
}
|
|
// Add filter to handle upload pre-filtering for sanitization
|
|
add_filter('wp_handle_upload_prefilter', 'bodhi_svgs_sanitize_svg');
|
|
|
|
/**
|
|
* Fix for image widget PHP warnings related to metadata.
|
|
*
|
|
* @param array $data The attachment metadata.
|
|
*
|
|
* @return array|false The modified metadata or false if invalid.
|
|
*/
|
|
function bodhi_svgs_get_attachment_metadata( $data ) {
|
|
|
|
$res = $data;
|
|
|
|
if ( !isset( $data['width'] ) || !isset( $data['height'] ) ) {
|
|
$res = false;
|
|
}
|
|
|
|
return $res;
|
|
|
|
}
|
|
// add_filter( 'wp_get_attachment_metadata' , 'bodhi_svgs_get_attachment_metadata' );
|
|
// Commented this out 20200307 because it was stripping metadata from other attachments as well. Need to make this target only SVG attachments.
|
|
|
|
/**
|
|
* Remove srcset attribute for SVG images.
|
|
*
|
|
* @param array $sources The sources array for the image.
|
|
*
|
|
* @return array The modified sources array.
|
|
*/
|
|
function bodhi_svgs_disable_srcset( $sources ) {
|
|
|
|
$first_element = reset($sources);
|
|
if ( isset($first_element) && !empty($first_element['url']) ) {
|
|
|
|
$ext = pathinfo(reset($sources)['url'], PATHINFO_EXTENSION);
|
|
|
|
if ( $ext == 'svg' ) {
|
|
|
|
// return empty array
|
|
$sources = array();
|
|
|
|
return $sources;
|
|
|
|
} else {
|
|
|
|
return $sources;
|
|
|
|
}
|
|
|
|
} else {
|
|
|
|
return $sources;
|
|
|
|
}
|
|
|
|
}
|
|
add_filter( 'wp_calculate_image_srcset', 'bodhi_svgs_disable_srcset' );
|
|
|
|
/**
|
|
* Fix for division by zero error for SVGs. (Proposed by @starsis)
|
|
*
|
|
* This function ensures that SVGs do not cause division by zero errors by providing default
|
|
* dimensions if they are missing.
|
|
*
|
|
* @param array $image The image data.
|
|
* @param int $attachment_id The attachment ID.
|
|
* @param string $size The requested image size.
|
|
* @param bool $icon Whether the image is an icon.
|
|
*
|
|
* @return array The modified image data.
|
|
*/
|
|
function bodhi_svgs_dimension_fallback( $image, $attachment_id, $size, $icon ) {
|
|
|
|
// only manipulate for svgs
|
|
if ( get_post_mime_type($attachment_id) == 'image/svg+xml' ) {
|
|
|
|
if ( isset($image[1]) && $image[1] === 0 ) {
|
|
$image[1] = 1;
|
|
}
|
|
if ( isset($image[2]) && $image[2] === 0 ) {
|
|
$image[2] = 1;
|
|
}
|
|
|
|
}
|
|
|
|
return $image;
|
|
|
|
}
|
|
add_filter( 'wp_get_attachment_image_src', 'bodhi_svgs_dimension_fallback', 10, 4 ); |