From dc116d804508956f306167b58489effa97e9a4af Mon Sep 17 00:00:00 2001 From: Darin Kotter Date: Wed, 17 Apr 2024 11:49:57 -0600 Subject: [PATCH 01/16] Add a filter around the return value from our current_user_can_upload_svg method, allowing others to modify which users can or can not upload --- safe-svg.php | 17 ++++++++++++++--- 1 file changed, 14 insertions(+), 3 deletions(-) diff --git a/safe-svg.php b/safe-svg.php index 68e8a079..6a9ad4c2 100644 --- a/safe-svg.php +++ b/safe-svg.php @@ -153,13 +153,24 @@ public function __construct() { */ public function current_user_can_upload_svg() { $upload_roles = get_option( 'safe_svg_upload_roles', [] ); + $can_upload = false; - // Fallback to upload_files check for backwards compatibility. if ( empty( $upload_roles ) ) { - return current_user_can( 'upload_files' ); + // Fallback to upload_files check for backwards compatibility. + $can_upload = current_user_can( 'upload_files' ); + } else { + // Use our custom capability if some upload roles are set. + $can_upload = current_user_can( 'safe_svg_upload_svg' ); } - return current_user_can( 'safe_svg_upload_svg' ); + /** + * Determine if the current user can upload an svg. + * + * @param bool $can_upload Can the current user upload an svg? + * + * @return bool + */ + return (bool) apply_filters( 'safe_svg_current_user_can_upload', $can_upload ); } /** From 67be2100de8c10bc1fe0fadac22c73a8841c20f4 Mon Sep 17 00:00:00 2001 From: Konstantinos Galanakis Date: Thu, 25 Apr 2024 18:10:17 +0300 Subject: [PATCH 02/16] Fix fatal error when "admin_post_thumbnail_html" filter is applied with null "$thumbnail_id" param --- safe-svg.php | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/safe-svg.php b/safe-svg.php index 68e8a079..5e4e33ab 100644 --- a/safe-svg.php +++ b/safe-svg.php @@ -401,13 +401,13 @@ public function one_pixel_fix( $image, $attachment_id, $size, $icon ) { /** * If the featured image is an SVG we wrap it in an SVG class so we can apply our CSS fix. * - * @param string $content Admin post thumbnail HTML markup. - * @param int $post_id Post ID. - * @param int $thumbnail_id Thumbnail ID. + * @param string $content Admin post thumbnail HTML markup. + * @param int $post_id Post ID. + * @param int|null $thumbnail_id Thumbnail attachment ID, or null if there isn't one. * * @return string */ - public function featured_image_fix( $content, $post_id, $thumbnail_id ) { + public function featured_image_fix( $content, $post_id, $thumbnail_id = null ) { $mime = get_post_mime_type( $thumbnail_id ); if ( 'image/svg+xml' === $mime ) { From 81bb90e97a60366c015959afac38669c4bd345c3 Mon Sep 17 00:00:00 2001 From: Darin Kotter Date: Thu, 25 Apr 2024 12:02:02 -0600 Subject: [PATCH 03/16] Add unit test --- tests/unit/test-safe-svg.php | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/tests/unit/test-safe-svg.php b/tests/unit/test-safe-svg.php index 4b52f6e5..061c175b 100644 --- a/tests/unit/test-safe-svg.php +++ b/tests/unit/test-safe-svg.php @@ -341,5 +341,16 @@ public function test_featured_image_fix() { $response = $this->instance->featured_image_fix( 'test', 1, 1 ); $this->assertSame( 'test', $response ); + + \WP_Mock::userFunction( + 'get_post_mime_type', + array( + 'args' => null, + 'return' => false, + ) + ); + + $response = $this->instance->featured_image_fix( 'test', 1 ); + $this->assertSame( 'test', $response ); } } From 6a35aa8cf75f47d10f0771ce3e2153be5fda37bc Mon Sep 17 00:00:00 2001 From: Konstantinos Galanakis Date: Fri, 26 Apr 2024 09:44:05 +0300 Subject: [PATCH 04/16] Add "Testing" section to the "CONTRIBUTING.md" file --- CONTRIBUTING.md | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index 455ddb64..4f975846 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -22,6 +22,10 @@ Pull requests represent a proposed solution to a specified problem. They should For more on how 10up writes and manages code, check out our [10up Engineering Best Practices](https://10up.github.io/Engineering-Best-Practices/). +### Testing + +Helping to test an open source project and provide feedback on success or failure of those tests is also a helpful contribution. You can find details on the Critical Flows and Test Cases in the respective GitHub Wiki as well as details on our overall approach to [Critical Flows and Test Cases in our Open Source Best Practices](https://10up.github.io/Open-Source-Best-Practices/testing/#critial-flows). Submitting the results of testing via our Critical Flows as a comment on a Pull Request of a specific feature or as an Issue when testing the entire project is the best approach for providing testing results. + ## Workflow The `develop` branch is the development branch which means it contains the next version to be released. `trunk` contains the latest released version as reflected in the WordPress.org plugin repository. Always work on the `develop` branch and open up PRs against `develop`. From 15fdd4d5ee6a4462da874cc859736a9e62ad5654 Mon Sep 17 00:00:00 2001 From: Jeffrey Paul Date: Thu, 2 May 2024 14:01:42 -0500 Subject: [PATCH 05/16] Update CONTRIBUTING.md --- CONTRIBUTING.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index 4f975846..efce040c 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -24,7 +24,7 @@ For more on how 10up writes and manages code, check out our [10up Engineering Be ### Testing -Helping to test an open source project and provide feedback on success or failure of those tests is also a helpful contribution. You can find details on the Critical Flows and Test Cases in the respective GitHub Wiki as well as details on our overall approach to [Critical Flows and Test Cases in our Open Source Best Practices](https://10up.github.io/Open-Source-Best-Practices/testing/#critial-flows). Submitting the results of testing via our Critical Flows as a comment on a Pull Request of a specific feature or as an Issue when testing the entire project is the best approach for providing testing results. +Helping to test an open source project and provide feedback on success or failure of those tests is also a helpful contribution. You can find details on the Critical Flows and Test Cases in [this project's GitHub Wiki](https://github.com/10up/safe-svg/wiki) as well as details on our overall approach to [Critical Flows and Test Cases in our Open Source Best Practices](https://10up.github.io/Open-Source-Best-Practices/testing/#critial-flows). Submitting the results of testing via our Critical Flows as a comment on a Pull Request of a specific feature or as an Issue when testing the entire project is the best approach for providing testing results. ## Workflow From 1b651d2efeeeda19534cde1c7a52b14c400171e2 Mon Sep 17 00:00:00 2001 From: Dharmesh Patel Date: Fri, 3 May 2024 22:11:21 +0530 Subject: [PATCH 06/16] Add Repo Automator GitHub Action --- .github/workflows/repo-automator.yml | 32 ++++++++++++++++++++++++++++ 1 file changed, 32 insertions(+) create mode 100644 .github/workflows/repo-automator.yml diff --git a/.github/workflows/repo-automator.yml b/.github/workflows/repo-automator.yml new file mode 100644 index 00000000..73d25640 --- /dev/null +++ b/.github/workflows/repo-automator.yml @@ -0,0 +1,32 @@ +name: 'Repo Automator' +on: + issues: + types: + - opened + push: + branches: + - develop + pull_request: + types: + - opened + - edited + - synchronize + - converted_to_draft + - ready_for_review + branches: + - develop + +jobs: + Validate: + runs-on: ubuntu-latest + steps: + - uses: 10up/action-repo-automator@trunk + with: + fail-label: needs:feedback + pass-label: needs:code-review + conflict-label: needs:refresh + reviewers: | + darylldoyle + team:open-source-practice + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} From a9a7c6989669b678e610e9be43df621bd7c3d973 Mon Sep 17 00:00:00 2001 From: Jeffrey Paul Date: Tue, 14 May 2024 16:43:19 -0500 Subject: [PATCH 07/16] Update CONTRIBUTING.md --- CONTRIBUTING.md | 1 + 1 file changed, 1 insertion(+) diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index efce040c..810db496 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -42,6 +42,7 @@ The `develop` branch is the development branch which means it contains the next 1. Push: Push your `trunk` branch to GitHub (e.g. `git push origin trunk`). 1. [Compare](https://github.com/10up/safe-svg/compare/trunk...develop) `trunk` to `develop` to ensure no additional changes were missed. 1. Test the pre-release ZIP locally by [downloading](https://github.com/10up/safe-svg/actions/workflows/build-release-zip.yml) it from the Build release zip action artifact and installing it locally. Ensure this zip has all the files we expect, that it installs and activates correctly and that all basic functionality is working. +1. Either perform a regression testing utilizing the available [Critical Flows](https://10up.github.io/Open-Source-Best-Practices/testing/#critical-flows) and Test Cases or if [end-to-end tests](https://10up.github.io/Open-Source-Best-Practices/testing/#e2e-testing) cover a significant portion of those Critical Flows then run e2e tests. Only proceed if everything tests successfully. 1. Release: Create a [new release](https://github.com/10up/safe-svg/releases/new), naming the tag and the release with the new version number, and targeting the `trunk` branch. Paste the changelog from `CHANGELOG.md` into the body of the release and include a link to the [closed issues on the milestone](https://github.com/10up/safe-svg/milestone/#?closed=1). 1. SVN: Wait for the [GitHub Action](https://github.com/10up/safe-svg/actions/workflows/wordpress-plugin-deploy.yml) to finish deploying to the WordPress.org repository. If all goes well, users with SVN commit access for that plugin will receive an emailed diff of changes. 1. Check WordPress.org: Ensure that the changes are live on [WordPress.org](https://wordpress.org/plugins/safe-svg/). This may take a few minutes. From dbd0f508a70fbf8e86de47f1ccad41e5c317bd1e Mon Sep 17 00:00:00 2001 From: Konstantinos Galanakis Date: Thu, 16 May 2024 16:47:42 +0300 Subject: [PATCH 08/16] Prevent fatal error when filtered block categories array is null. --- includes/blocks.php | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/includes/blocks.php b/includes/blocks.php index e87f3042..fd2f9f00 100644 --- a/includes/blocks.php +++ b/includes/blocks.php @@ -43,6 +43,10 @@ function register_blocks() { * @return array Filtered categories. */ function blocks_categories( $categories ) { + if ( ! is_array( $categories ) ) { + $categories = []; + } + return array_merge( $categories, array( From 3cc8bcc86d6942375ca243beb2277e1e2cd6fa2e Mon Sep 17 00:00:00 2001 From: faisal-alvi Date: Fri, 14 Jun 2024 20:35:12 +0530 Subject: [PATCH 09/16] Fix/194 PHP Deprecated Warning --- safe-svg.php | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/safe-svg.php b/safe-svg.php index 2b6b1bc3..b43e990b 100644 --- a/safe-svg.php +++ b/safe-svg.php @@ -699,6 +699,10 @@ protected function svg_dimensions( $attachment_id ) { */ public function disable_srcset( $image_meta, $size_array, $image_src, $attachment_id ) { if ( $attachment_id && 'image/svg+xml' === get_post_mime_type( $attachment_id ) ) { + // Convert to array if not already to avoid PHP warnings. + if ( ! is_array( $image_meta ) ) { + $image_meta = array(); + } $image_meta['sizes'] = array(); } From 7d4e730d83712655910feee3344acafe6cee8237 Mon Sep 17 00:00:00 2001 From: faisal-alvi Date: Fri, 14 Jun 2024 22:26:07 +0530 Subject: [PATCH 10/16] Update in logic --- safe-svg.php | 6 +----- 1 file changed, 1 insertion(+), 5 deletions(-) diff --git a/safe-svg.php b/safe-svg.php index b43e990b..3dd2dbdf 100644 --- a/safe-svg.php +++ b/safe-svg.php @@ -698,11 +698,7 @@ protected function svg_dimensions( $attachment_id ) { * @param int $attachment_id The image attachment ID. */ public function disable_srcset( $image_meta, $size_array, $image_src, $attachment_id ) { - if ( $attachment_id && 'image/svg+xml' === get_post_mime_type( $attachment_id ) ) { - // Convert to array if not already to avoid PHP warnings. - if ( ! is_array( $image_meta ) ) { - $image_meta = array(); - } + if ( $attachment_id && 'image/svg+xml' === get_post_mime_type( $attachment_id ) && is_array( $image_meta ) ) { $image_meta['sizes'] = array(); } From cb7a69e2ba1f16d1a5c46920b3b280ed47866435 Mon Sep 17 00:00:00 2001 From: Jeffrey Paul Date: Wed, 26 Jun 2024 08:48:14 -0500 Subject: [PATCH 11/16] Update readme.txt --- readme.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/readme.txt b/readme.txt index 82c7dc2a..f2360f98 100644 --- a/readme.txt +++ b/readme.txt @@ -1,6 +1,6 @@ === Safe SVG === Contributors: 10up, enshrined, jeffpaul -Tags: svg, sanitize, upload, sanitise, security, svg upload, image, vector, file, graphic, media, mime +Tags: svg, security, media, vector, mime Requires at least: 5.7 Tested up to: 6.5 Stable tag: 2.2.4 From 2de556c231e6e54dcdb9a36a9eae01a86174c1ba Mon Sep 17 00:00:00 2001 From: Jeffrey Paul Date: Wed, 26 Jun 2024 16:15:00 -0500 Subject: [PATCH 12/16] version bump to 2.2.5 --- package-lock.json | 4 ++-- package.json | 2 +- readme.txt | 2 +- safe-svg.php | 4 ++-- 4 files changed, 6 insertions(+), 6 deletions(-) diff --git a/package-lock.json b/package-lock.json index 0c92e813..74f5febf 100644 --- a/package-lock.json +++ b/package-lock.json @@ -1,12 +1,12 @@ { "name": "@10up/safe-svg", - "version": "2.2.4", + "version": "2.2.5", "lockfileVersion": 3, "requires": true, "packages": { "": { "name": "@10up/safe-svg", - "version": "2.2.4", + "version": "2.2.5", "license": "GPL-2.0-or-later", "dependencies": { "cypress-mochawesome-reporter": "^3.4.0", diff --git a/package.json b/package.json index b9f4a90e..f28438e4 100644 --- a/package.json +++ b/package.json @@ -1,6 +1,6 @@ { "name": "@10up/safe-svg", - "version": "2.2.4", + "version": "2.2.5", "description": "Enable SVG uploads and sanitize them to stop XML/SVG vulnerabilities in your WordPress website", "homepage": "https://github.com/10up/safe-svg#readme", "license": "GPL-2.0-or-later", diff --git a/readme.txt b/readme.txt index f2360f98..3909cc81 100644 --- a/readme.txt +++ b/readme.txt @@ -3,7 +3,7 @@ Contributors: 10up, enshrined, jeffpaul Tags: svg, security, media, vector, mime Requires at least: 5.7 Tested up to: 6.5 -Stable tag: 2.2.4 +Stable tag: 2.2.5 Requires PHP: 7.4 License: GPLv2 or later License URI: http://www.gnu.org/licenses/gpl-2.0.html diff --git a/safe-svg.php b/safe-svg.php index 3dd2dbdf..0026f3c2 100644 --- a/safe-svg.php +++ b/safe-svg.php @@ -3,7 +3,7 @@ * Plugin Name: Safe SVG * Plugin URI: https://wordpress.org/plugins/safe-svg/ * Description: Enable SVG uploads and sanitize them to stop XML/SVG vulnerabilities in your WordPress website - * Version: 2.2.4 + * Version: 2.2.5 * Requires at least: 5.7 * Requires PHP: 7.4 * Author: 10up @@ -24,7 +24,7 @@ exit; // Exit if accessed directly. } -define( 'SAFE_SVG_VERSION', '2.2.4' ); +define( 'SAFE_SVG_VERSION', '2.2.5' ); define( 'SAFE_SVG_PLUGIN_DIR', __DIR__ ); define( 'SAFE_SVG_PLUGIN_URL', plugin_dir_url( __FILE__ ) ); From 761873b353c51f61ac39aa5ee60a0948a4711fea Mon Sep 17 00:00:00 2001 From: Jeffrey Paul Date: Wed, 26 Jun 2024 16:17:45 -0500 Subject: [PATCH 13/16] fix GPL-2.0-or-later license identifier --- README.md | 2 +- readme.txt | 6 ++---- safe-svg.php | 4 ++-- 3 files changed, 5 insertions(+), 7 deletions(-) diff --git a/README.md b/README.md index b35a740b..cdfb8e61 100644 --- a/README.md +++ b/README.md @@ -5,7 +5,7 @@ [![Support Level](https://img.shields.io/badge/support-stable-blue.svg)](#support-level) [![Release Version](https://img.shields.io/github/release/10up/safe-svg.svg)](https://github.com/10up/safe-svg/releases/latest) ![WordPress tested up to version](https://img.shields.io/wordpress/plugin/tested/safe-svg?label=WordPress) -[![GPLv2 License](https://img.shields.io/github/license/10up/safe-svg.svg)](https://github.com/10up/safe-svg/blob/develop/LICENSE.md) +[![GPL-2.0-or-later License](https://img.shields.io/github/license/10up/safe-svg.svg)](https://github.com/10up/safe-svg/blob/develop/LICENSE.md) [![Dependency Review](https://github.com/10up/safe-svg/actions/workflows/dependency-review.yml/badge.svg)](https://github.com/10up/safe-svg/actions/workflows/dependency-review.yml) [![E2E test](https://github.com/10up/safe-svg/actions/workflows/cypress.yml/badge.svg)](https://github.com/10up/safe-svg/actions/workflows/cypress.yml) [![PHP Compatibility](https://github.com/10up/safe-svg/actions/workflows/php-compatibility.yml/badge.svg)](https://github.com/10up/safe-svg/actions/workflows/php-compatibility.yml) diff --git a/readme.txt b/readme.txt index 3909cc81..bac068e6 100644 --- a/readme.txt +++ b/readme.txt @@ -1,12 +1,10 @@ === Safe SVG === Contributors: 10up, enshrined, jeffpaul Tags: svg, security, media, vector, mime -Requires at least: 5.7 Tested up to: 6.5 Stable tag: 2.2.5 -Requires PHP: 7.4 -License: GPLv2 or later -License URI: http://www.gnu.org/licenses/gpl-2.0.html +License: GPL-2.0-or-later +License URI: https://spdx.org/licenses/GPL-2.0-or-later.html Enable SVG uploads and sanitize them to stop XML/SVG vulnerabilities in your WordPress website diff --git a/safe-svg.php b/safe-svg.php index 0026f3c2..d0d8e8b3 100644 --- a/safe-svg.php +++ b/safe-svg.php @@ -8,8 +8,8 @@ * Requires PHP: 7.4 * Author: 10up * Author URI: https://10up.com - * License: GPL v2 or later - * License URI: https://www.gnu.org/licenses/gpl-2.0.html + * License: GPL-2.0-or-later + * License URI: https://spdx.org/licenses/GPL-2.0-or-later.html * Text Domain: safe-svg * Domain Path: /languages * From 9b71f3d1b9b3a5814c8a7210034c3179315e0001 Mon Sep 17 00:00:00 2001 From: Jeffrey Paul Date: Wed, 26 Jun 2024 16:29:40 -0500 Subject: [PATCH 14/16] add 2.2.5 items to changelogs --- CHANGELOG.md | 14 ++++++++++++++ readme.txt | 37 ++++++++----------------------------- 2 files changed, 22 insertions(+), 29 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index ddb7a511..e60b3ae4 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -4,6 +4,19 @@ All notable changes to this project will be documented in this file, per [the Ke ## [Unreleased] - TBD +## [2.2.5] - 2024-06-27 +### Added +- New filter, `safe_svg_current_user_can_upload`, allowing more control over who can upload SVG files (props [@dkotter](https://github.com/dkotter), [@iamdharmesh](https://github.com/iamdharmesh) via [#193](https://github.com/10up/safe-svg/pull/193)). + +### Fixed +- Fatal error when applying the `admin_post_thumbnail_html` filter with just two arguments (props [@kmgalanakis](https://github.com/kmgalanakis), [@dkotter](https://github.com/dkotter), [@liz1kiweno](https://github.com/liz1kiweno) via [#196](https://github.com/10up/safe-svg/pull/196)). +- Prevent PHP fatal error when the value of the filtered block categories is not an array (props [@kmgalanakis](https://github.com/kmgalanakis), [@dkotter](https://github.com/dkotter), [@cguidog](https://github.com/cguidog) via [#200](https://github.com/10up/safe-svg/pull/200)). +- Handled PHP warning when the `$image_meta` is not an array (props [@faisal-alvi](https://github.com/faisal-alvi), [@dkotter](https://github.com/dkotter), [@drazenbebic](https://github.com/drazenbebic), [@kirtangajjar](https://github.com/kirtangajjar) via [#203](https://github.com/10up/safe-svg/pull/203)). + +### Developer +- Added a "Testing" section in the `CONTRIBUTING.md` file (props [@kmgalanakis](https://github.com/kmgalanakis), [@jeffpaul](https://github.com/jeffpaul) via [#197](https://github.com/10up/safe-svg/pull/197)). +- Added the Repo Automator GitHub Action (props [@iamdharmesh](https://github.com/iamdharmesh), [@jeffpaul](https://github.com/jeffpaul) via [#198](https://github.com/10up/safe-svg/pull/198)). + ## [2.2.4] - 2024-03-28 ### Changed - Upgrade the `download-artifact` from v3 to v4 (props [@iamdharmesh](https://github.com/iamdharmesh), [@jeffpaul](https://github.com/jeffpaul) via [#181](https://github.com/10up/safe-svg/pull/181)). @@ -334,6 +347,7 @@ All notable changes to this project will be documented in this file, per [the Ke - Initial Release. [Unreleased]: https://github.com/10up/safe-svg/compare/trunk...develop +[2.2.5]: https://github.com/10up/safe-svg/compare/2.2.4...2.2.5 [2.2.4]: https://github.com/10up/safe-svg/compare/2.2.3...2.2.4 [2.2.3]: https://github.com/10up/safe-svg/compare/2.2.2...2.2.3 [2.2.2]: https://github.com/10up/safe-svg/compare/2.2.1...2.2.2 diff --git a/readme.txt b/readme.txt index bac068e6..74fe2f98 100644 --- a/readme.txt +++ b/readme.txt @@ -6,7 +6,7 @@ Stable tag: 2.2.5 License: GPL-2.0-or-later License URI: https://spdx.org/licenses/GPL-2.0-or-later.html -Enable SVG uploads and sanitize them to stop XML/SVG vulnerabilities in your WordPress website +Enable SVG uploads and sanitize them to stop XML/SVG vulnerabilities in your WordPress website. == Description == @@ -64,6 +64,12 @@ They take one argument that must be returned. See below for examples: == Changelog == += 2.2.5 - 2024-06-27 = +* **Added:** New filter, `safe_svg_current_user_can_upload`, allowing more control over who can upload SVG files (props [@dkotter](https://github.com/dkotter), [@iamdharmesh](https://github.com/iamdharmesh) via [#193](https://github.com/10up/safe-svg/pull/193)). +* **Fixed:** Fatal error when applying the `admin_post_thumbnail_html` filter with just two arguments (props [@kmgalanakis](https://github.com/kmgalanakis), [@dkotter](https://github.com/dkotter), [@liz1kiweno](https://github.com/liz1kiweno) via [#196](https://github.com/10up/safe-svg/pull/196)). +* **Fixed:** Prevent PHP fatal error when the value of the filtered block categories is not an array (props [@kmgalanakis](https://github.com/kmgalanakis), [@dkotter](https://github.com/dkotter), [@cguidog](https://github.com/cguidog) via [#200](https://github.com/10up/safe-svg/pull/200)). +* **Fixed:** Handled PHP warning when the `$image_meta` is not an array (props [@faisal-alvi](https://github.com/faisal-alvi), [@dkotter](https://github.com/dkotter), [@drazenbebic](https://github.com/drazenbebic), [@kirtangajjar](https://github.com/kirtangajjar) via [#203](https://github.com/10up/safe-svg/pull/203)). + = 2.2.4 - 2024-03-28 = * **Changed:** Upgrade the `download-artifact` from v3 to v4 (props [@iamdharmesh](https://github.com/iamdharmesh), [@jeffpaul](https://github.com/jeffpaul) via [#181](https://github.com/10up/safe-svg/pull/181)). * **Changed:** Replaced `lee-dohm/no-response` with `actions/stale` to help with closing no-response/stale issues (props [@jeffpaul](https://github.com/jeffpaul), [@dkotter](https://github.com/dkotter) via [#183](https://github.com/10up/safe-svg/pull/183)). @@ -112,34 +118,7 @@ They take one argument that must be returned. See below for examples: * **Security:** Bump `word-wrap` from 1.2.3 to 1.2.5 (props [@dependabot](https://github.com/apps/dependabot) via [#141](https://github.com/10up/safe-svg/pull/141)). * **Security:** Bump `tough-cookie` from 4.1.2 to 4.1.3 and `@cypress/request` from 2.88.10 to 2.88.12 (props [@dependabot](https://github.com/apps/dependabot) via [#146](https://github.com/10up/safe-svg/pull/146)). -= 2.1.1 - 2023-04-05 = -* **Changed:** Upgrade `@wordpress` npm package dependencies (props [@ggutenberg](https://github.com/ggutenberg), [@Sidsector9](https://github.com/Sidsector9) via [#108](https://github.com/10up/safe-svg/pull/108)). -* **Changed:** Bump WordPress "tested up to" version 6.2 (props [@ggutenberg](https://github.com/ggutenberg), [@Sidsector9](https://github.com/Sidsector9) via [#108](https://github.com/10up/safe-svg/pull/108)). -* **Changed:** Run our E2E tests on the zip generated by "Build release zip" action (props [@jayedul](https://github.com/jayedul), [@dkotter](https://github.com/dkotter) via [#106](https://github.com/10up/safe-svg/pull/106)). -* **Fixed:** Only load our block CSS if a page has the SVG block in it and remove an extra slash in the CSS file path. Remove an unneeded JS block file (props [@dkotter](https://github.com/dkotter), [@freinbichler](https://github.com/freinbichler), [@IanDelMar](https://github.com/IanDelMar), [@ocean90](https://github.com/ocean90), [@Sidsector9](https://github.com/Sidsector9) via [#112](https://github.com/10up/safe-svg/pull/112)). -* **Fixed:** Better error handling for environments that don't match our minimum PHP version (props [@dkotter](https://github.com/dkotter), [@ravinderk](https://github.com/ravinderk) via [#111](https://github.com/10up/safe-svg/pull/111)). - -= 2.1.0 - 2023-03-22 = -* **Added:** An SVG Gutenberg Block (props [@faisal-alvi](https://github.com/faisal-alvi), [@Sidsector9](https://github.com/Sidsector9), [@cr0ybot](https://github.com/cr0ybot), [@darylldoyle](https://github.com/darylldoyle), [@cbirdsong](https://github.com/cbirdsong), [@jeffpaul](https://github.com/jeffpaul) via [#80](https://github.com/10up/safe-svg/pull/80)). -* **Added:** "Build release zip" GitHub Action (props [@iamdharmesh](https://github.com/iamdharmesh), [@dkotter](https://github.com/dkotter), [@faisal-alvi](https://github.com/faisal-alvi) via [#87](https://github.com/10up/safe-svg/pull/87)). -* **Changed:** Bump minimum PHP version from 7.0 to 7.4 (props [@iamdharmesh](https://github.com/iamdharmesh), [@peterwilsoncc](https://github.com/peterwilsoncc), [@vikrampm1](https://github.com/vikrampm1) via [#82](https://github.com/10up/safe-svg/pull/82)). -* **Changed:** Bump minimum WordPress version from 4.7 to 5.7 (props [@iamdharmesh](https://github.com/iamdharmesh), [@peterwilsoncc](https://github.com/peterwilsoncc), [@vikrampm1](https://github.com/vikrampm1) via [#82](https://github.com/10up/safe-svg/pull/82)). -* **Changed:** Bump WordPress "tested up to" version 6.1 (props [@iamdharmesh](https://github.com/iamdharmesh), [@peterwilsoncc](https://github.com/peterwilsoncc) via [#85](https://github.com/10up/safe-svg/pull/85)). -* **Security:** Updates the underlying sanitisation library to pull in a security fix (props [@darylldoyle](https://github.com/darylldoyle), [@faisal-alvi](https://github.com/faisal-alvi), [@Cyxow](https://github.com/Cyxow) via [#105](https://github.com/10up/safe-svg/pull/105)). -* **Security:** Bump `got` from 10.7.0 to 11.8.5 (props [@dependabot](https://github.com/apps/dependabot) via [#83](https://github.com/10up/safe-svg/pull/83)). -* **Security:** Bump `@wordpress/env from` 4.9.0 to 5.6.0 (props [@dependabot](https://github.com/apps/dependabot) via [#83](https://github.com/10up/safe-svg/pull/83)). -* **Security:** Bump `simple-git` from 3.9.0 to 3.16.0 (props [@dependabot](https://github.com/apps/dependabot) via [#88](https://github.com/10up/safe-svg/pull/88), [#99](https://github.com/10up/safe-svg/pull/99)). -* **Security:** Bump `loader-utils` from 2.0.2 to 2.0.4 (props [@dependabot](https://github.com/apps/dependabot) via [#92](https://github.com/10up/safe-svg/pull/92)). -* **Security:** Bump `json5` from 1.0.1 to 1.0.2 (props [@dependabot](https://github.com/apps/dependabot) via [#91](https://github.com/10up/safe-svg/pull/91)). -* **Security:** Bump `decode-uri-component` from 0.2.0 to 0.2.2 (props [@dependabot](https://github.com/apps/dependabot) via [#93](https://github.com/10up/safe-svg/pull/93)). -* **Security:** Bump `markdown-it` from 12.0.4 to 12.3.2 (props [@dependabot](https://github.com/apps/dependabot), [@peterwilsoncc](https://github.com/peterwilsoncc) via [#94](https://github.com/10up/safe-svg/pull/94)). -* **Security:** Bump `@wordpress/scripts` from 19.2.4 to 25.1.0 (props [@dependabot](https://github.com/apps/dependabot), [@peterwilsoncc](https://github.com/peterwilsoncc) via [#94](https://github.com/10up/safe-svg/pull/94)). -* **Security:** Bump `http-cache-semantics` from 4.1.0 to 4.1.1 (props [@dependabot](https://github.com/apps/dependabot), [@peterwilsoncc](https://github.com/peterwilsoncc) via [#101](https://github.com/10up/safe-svg/pull/101)). -* **Security:** Bump `webpack` from 5.75.0 to 5.76.1 (props [@dependabot](https://github.com/apps/dependabot), [@faisal-alvi](https://github.com/faisal-alvi) via [#103](https://github.com/10up/safe-svg/pull/103)). -* **Security:** Bump `svg-sanitizer` from 0.15.2 to 0.16.0 (props [@darylldoyle](https://github.com/darylldoyle), [@faisal-alvi](https://github.com/faisal-alvi), [@Cyxow](https://github.com/Cyxow) via [#105](https://github.com/10up/safe-svg/pull/105)). - -= Earlier versions = -For the changelog of earlier versions, please refer to the [changelog on github.com](https://github.com/10up/safe-svg/blob/develop/CHANGELOG.md). +[View historical changelog details here](https://github.com/10up/safe-svg/blob/develop/CHANGELOG.md). == Upgrade Notice == = 1.9.10 = From 1d4230cd9c40888bc55f06d1455d8e76ec8b28d0 Mon Sep 17 00:00:00 2001 From: Jeffrey Paul Date: Wed, 26 Jun 2024 16:34:38 -0500 Subject: [PATCH 15/16] Update CREDITS.md --- CREDITS.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/CREDITS.md b/CREDITS.md index f4daf1f5..a80d3aca 100644 --- a/CREDITS.md +++ b/CREDITS.md @@ -12,7 +12,7 @@ The following individuals are responsible for curating the list of issues, respo Thank you to all the people who have already contributed to this repository via bug reports, code, design, ideas, project management, translation, testing, etc. -[Daryll Doyle (@darylldoyle)](https://github.com/darylldoyle), [Lewis Cowles (@LewisCowles1986)](https://github.com/LewisCowles1986), [Daniel M. Hendricks (@dmhendricks)](https://github.com/dmhendricks), [Dan Pock (@mallardduck)](https://github.com/mallardduck), [K. Adam White (@kadamwhite)](https://github.com/kadamwhite), [Joe Hoyle (@joehoyle)](https://github.com/joehoyle), [Jeffrey Paul (@jeffpaul)](https://github.com/jeffpaul), [Brandon Berg (@BBerg10up)](https://github.com/BBerg10up), [Max Lyuchin (@cadic)](https://github.com/cadic), [Mehidi Hassan (@mehidi258)](https://github.com/mehidi258), [Dharmesh Patel (@iamdharmesh)](https://github.com/iamdharmesh), [Timothy Decker (@amdd-tim)](https://github.com/amdd-tim), [Brooke Campbell](https://www.linkedin.com/in/brookecampbelldesign/), [Mehul Kaklotar (@mehulkaklotar)](https://github.com/mehulkaklotar), [@smerriman](https://github.com/smerriman), [Darin Kotter (@dkotter)](https://github.com/dkotter), [Manuel Friedli (@fritteli)](https://github.com/fritteli), [David Hamann (@davidhamann)](https://github.com/davidhamann), [@j-hoffmann](https://github.com/j-hoffmann), [Peter Wilson (@peterwilsoncc)](https://github.com/peterwilsoncc), [Torsten Landsiedel (@Zodiac1978)](https://github.com/Zodiac1978), [Axel DUCORON (@aksld)](https://github.com/aksld), [Mario Rader (@r8r)](https://github.com/r8r), [Jeremy Turowetz (@jerturowetz)](https://github.com/jerturowetz), [Robert O'Rourke (@roborourke)](https://github.com/roborourke), [Dominik Schilling (@ocean90)](https://github.com/ocean90), [Adam Wills (@AdamWills)](https://github.com/AdamWills), [Faisal Alvi (@faisal-alvi)](https://github.com/faisal-alvi), [Siddharth Thevaril (@Sidsector9)](https://github.com/Sidsector9), [Cory Hughart (@cr0ybot)](https://github.com/cr0ybot), [Cory Birdsong (@cbirdsong)](https://github.com/cbirdsong), [Vikram Moparthy (@vikrampm1)](https://github.com/vikrampm1), [Garth Gutenberg (@ggutenberg)](https://github.com/ggutenberg), [Jayedul Kabir (@jayedul)](https://github.com/jayedul), [Marcel Freinbichler (@freinbichler)](https://github.com/freinbichler), [IanDelMar (@IanDelMar)](https://github.com/IanDelMar), [Ravinder Kumar (@ravinderk)](https://github.com/ravinderk), [GitHub Dependabot (@dependabot)](https://github.com/apps/dependabot), [Santiago Dimattia (@sdmtt)](https://github.com/sdmtt), [Ben Marshall (@bmarshall511)](https://github.com/bmarshall511), [Viktor Szépe (@szepeviktor)](https://github.com/szepeviktor), [Dhanendran Rajagopal (@dhanendran)](https://github.com/dhanendran), [Curtis Loisel (@csloisel)](https://github.com/csloisel), [Giorgos Sarigiannidis (@gsarig)](https://github.com/gsarig), [Fabian Kägy (@fabiankaegy)](https://github.com/fabiankaegy), [Quamruz Zaman (@zamanq)](https://github.com/zamanq), [Sumit Bagthariya (@qasumitbagthariya)](https://github.com/qasumitbagthariya), [Toby Schrapel (@tobeycodes)](https://github.com/tobeycodes), [Shazahan Kabir Saju (@sksaju)](https://github.com/sksaju), [Chris Abraham (@cjyabraham)](https://github.com/cjyabraham), [Hercilio Martins Ortiz (@Hercilio1)](https://github.com/Hercilio1), [Peter Sorensen (@psorensen)](https://github.com/psorensen), [Dave Adams (@tictag)](https://github.com/tictag), [Cormac Nicholson (@metashield-ie)](https://github.com/metashield-ie). +[Daryll Doyle (@darylldoyle)](https://github.com/darylldoyle), [Lewis Cowles (@LewisCowles1986)](https://github.com/LewisCowles1986), [Daniel M. Hendricks (@dmhendricks)](https://github.com/dmhendricks), [Dan Pock (@mallardduck)](https://github.com/mallardduck), [K. Adam White (@kadamwhite)](https://github.com/kadamwhite), [Joe Hoyle (@joehoyle)](https://github.com/joehoyle), [Jeffrey Paul (@jeffpaul)](https://github.com/jeffpaul), [Brandon Berg (@BBerg10up)](https://github.com/BBerg10up), [Max Lyuchin (@cadic)](https://github.com/cadic), [Mehidi Hassan (@mehidi258)](https://github.com/mehidi258), [Dharmesh Patel (@iamdharmesh)](https://github.com/iamdharmesh), [Timothy Decker (@amdd-tim)](https://github.com/amdd-tim), [Brooke Campbell](https://www.linkedin.com/in/brookecampbelldesign/), [Mehul Kaklotar (@mehulkaklotar)](https://github.com/mehulkaklotar), [@smerriman](https://github.com/smerriman), [Darin Kotter (@dkotter)](https://github.com/dkotter), [Manuel Friedli (@fritteli)](https://github.com/fritteli), [David Hamann (@davidhamann)](https://github.com/davidhamann), [@j-hoffmann](https://github.com/j-hoffmann), [Peter Wilson (@peterwilsoncc)](https://github.com/peterwilsoncc), [Torsten Landsiedel (@Zodiac1978)](https://github.com/Zodiac1978), [Axel DUCORON (@aksld)](https://github.com/aksld), [Mario Rader (@r8r)](https://github.com/r8r), [Jeremy Turowetz (@jerturowetz)](https://github.com/jerturowetz), [Robert O'Rourke (@roborourke)](https://github.com/roborourke), [Dominik Schilling (@ocean90)](https://github.com/ocean90), [Adam Wills (@AdamWills)](https://github.com/AdamWills), [Faisal Alvi (@faisal-alvi)](https://github.com/faisal-alvi), [Siddharth Thevaril (@Sidsector9)](https://github.com/Sidsector9), [Cory Hughart (@cr0ybot)](https://github.com/cr0ybot), [Cory Birdsong (@cbirdsong)](https://github.com/cbirdsong), [Vikram Moparthy (@vikrampm1)](https://github.com/vikrampm1), [Garth Gutenberg (@ggutenberg)](https://github.com/ggutenberg), [Jayedul Kabir (@jayedul)](https://github.com/jayedul), [Marcel Freinbichler (@freinbichler)](https://github.com/freinbichler), [IanDelMar (@IanDelMar)](https://github.com/IanDelMar), [Ravinder Kumar (@ravinderk)](https://github.com/ravinderk), [GitHub Dependabot (@dependabot)](https://github.com/apps/dependabot), [Santiago Dimattia (@sdmtt)](https://github.com/sdmtt), [Ben Marshall (@bmarshall511)](https://github.com/bmarshall511), [Viktor Szépe (@szepeviktor)](https://github.com/szepeviktor), [Dhanendran Rajagopal (@dhanendran)](https://github.com/dhanendran), [Curtis Loisel (@csloisel)](https://github.com/csloisel), [Giorgos Sarigiannidis (@gsarig)](https://github.com/gsarig), [Fabian Kägy (@fabiankaegy)](https://github.com/fabiankaegy), [Quamruz Zaman (@zamanq)](https://github.com/zamanq), [Sumit Bagthariya (@qasumitbagthariya)](https://github.com/qasumitbagthariya), [Toby Schrapel (@tobeycodes)](https://github.com/tobeycodes), [Shazahan Kabir Saju (@sksaju)](https://github.com/sksaju), [Chris Abraham (@cjyabraham)](https://github.com/cjyabraham), [Hercilio Martins Ortiz (@Hercilio1)](https://github.com/Hercilio1), [Peter Sorensen (@psorensen)](https://github.com/psorensen), [Dave Adams (@tictag)](https://github.com/tictag), [Cormac Nicholson (@metashield-ie)](https://github.com/metashield-ie), [Konstantinos Galanakis (@kmgalanakis)](https://github.com/kmgalanakis), [(@liz1kiweno)](https://github.com/liz1kiweno), [Carlos G. (@cguidog)](https://github.com/cguidog), [Drazen Bebic (@drazenbebic)](https://github.com/drazenbebic), [Kirtan Gajjar (@kirtangajjar)](https://github.com/kirtangajjar). ## Libraries From 7740cce5748fa6ffdf42d66f900e0f5403a69085 Mon Sep 17 00:00:00 2001 From: Jeffrey Paul Date: Wed, 26 Jun 2024 16:35:56 -0500 Subject: [PATCH 16/16] Update readme.txt --- readme.txt | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/readme.txt b/readme.txt index 74fe2f98..e8600fc3 100644 --- a/readme.txt +++ b/readme.txt @@ -121,5 +121,6 @@ They take one argument that must be returned. See below for examples: [View historical changelog details here](https://github.com/10up/safe-svg/blob/develop/CHANGELOG.md). == Upgrade Notice == + = 1.9.10 = -* Important: bumped the WordPress minimum version from 4.0 to 4.7 and the PHP minimum version from 5.6 to 7.0. +Important: bumped the WordPress minimum version from 4.0 to 4.7 and the PHP minimum version from 5.6 to 7.0.