Context Navigation

← Previous Changeset
Next Changeset →

Changeset 3192812

Timestamp:

11/20/2024 07:00:11 AM (4 months ago)

Author:

Petrichorpost

Message:

Release version 1.2.2: Added blocks support, improved security and logging

Location:

svgplus

Files:

: 127 added
: 8 edited

tags/1.2.2 (added)
tags/1.2.2/assets (added)
tags/1.2.2/assets/css (added)
tags/1.2.2/assets/css/svgplus-admin.css (added)
tags/1.2.2/assets/css/svgplus.css (added)
tags/1.2.2/assets/js (added)
tags/1.2.2/assets/js/svgplus-admin.js (added)
tags/1.2.2/assets/js/svgplus.js (added)
tags/1.2.2/blocks (added)
tags/1.2.2/blocks/svg-block (added)
tags/1.2.2/blocks/svg-block/block.json (added)
tags/1.2.2/blocks/svg-block/build (added)
tags/1.2.2/blocks/svg-block/build/index.asset.php (added)
tags/1.2.2/blocks/svg-block/build/index.js (added)
tags/1.2.2/blocks/svg-block/build/style-style.css (added)
tags/1.2.2/blocks/svg-block/build/style.asset.php (added)
tags/1.2.2/blocks/svg-block/build/style.js (added)
tags/1.2.2/blocks/svg-block/src (added)
tags/1.2.2/blocks/svg-block/src/index.js (added)
tags/1.2.2/blocks/svg-block/src/style.scss (added)
tags/1.2.2/composer.json (added)
tags/1.2.2/composer.lock (added)
tags/1.2.2/icon.svg (added)
tags/1.2.2/includes (added)
tags/1.2.2/includes/class-svgplus-logger.php (added)
tags/1.2.2/includes/class-svgplus-render.php (added)
tags/1.2.2/includes/class-svgplus-sanitizer.php (added)
tags/1.2.2/includes/class-svgplus-security.php (added)
tags/1.2.2/includes/class-svgplus-settings.php (added)
tags/1.2.2/includes/class-svgplus-shortcode.php (added)
tags/1.2.2/includes/class-svgplus-upload.php (added)
tags/1.2.2/readme.txt (added)
tags/1.2.2/svgplus.php (added)
tags/1.2.2/vendor (added)
tags/1.2.2/vendor/DOMPurify (added)
tags/1.2.2/vendor/DOMPurify/DOMPurify.js (added)
tags/1.2.2/vendor/DOMPurify/DOMPurify.min.js (added)
tags/1.2.2/vendor/autoload.php (added)
tags/1.2.2/vendor/composer (added)
tags/1.2.2/vendor/composer/ClassLoader.php (added)
tags/1.2.2/vendor/composer/InstalledVersions.php (added)
tags/1.2.2/vendor/composer/LICENSE (added)
tags/1.2.2/vendor/composer/autoload_classmap.php (added)
tags/1.2.2/vendor/composer/autoload_namespaces.php (added)
tags/1.2.2/vendor/composer/autoload_psr4.php (added)
tags/1.2.2/vendor/composer/autoload_real.php (added)
tags/1.2.2/vendor/composer/autoload_static.php (added)
tags/1.2.2/vendor/composer/installed.json (added)
tags/1.2.2/vendor/composer/installed.php (added)
tags/1.2.2/vendor/composer/platform_check.php (added)
tags/1.2.2/vendor/enshrined (added)
tags/1.2.2/vendor/enshrined/svg-sanitize (added)
tags/1.2.2/vendor/enshrined/svg-sanitize/.github (added)
tags/1.2.2/vendor/enshrined/svg-sanitize/.github/workflows (added)
tags/1.2.2/vendor/enshrined/svg-sanitize/.github/workflows/tests.yml (added)
tags/1.2.2/vendor/enshrined/svg-sanitize/.gitignore (added)
tags/1.2.2/vendor/enshrined/svg-sanitize/.travis.yml (added)
tags/1.2.2/vendor/enshrined/svg-sanitize/LICENSE (added)
tags/1.2.2/vendor/enshrined/svg-sanitize/README.html (added)
tags/1.2.2/vendor/enshrined/svg-sanitize/README.md (added)
tags/1.2.2/vendor/enshrined/svg-sanitize/composer.json (added)
tags/1.2.2/vendor/enshrined/svg-sanitize/phpunit.xml (added)
tags/1.2.2/vendor/enshrined/svg-sanitize/src (added)
tags/1.2.2/vendor/enshrined/svg-sanitize/src/ElementReference (added)
tags/1.2.2/vendor/enshrined/svg-sanitize/src/ElementReference/Resolver.php (added)
tags/1.2.2/vendor/enshrined/svg-sanitize/src/ElementReference/Subject.php (added)
tags/1.2.2/vendor/enshrined/svg-sanitize/src/ElementReference/Usage.php (added)
tags/1.2.2/vendor/enshrined/svg-sanitize/src/Exceptions (added)
tags/1.2.2/vendor/enshrined/svg-sanitize/src/Exceptions/NestingException.php (added)
tags/1.2.2/vendor/enshrined/svg-sanitize/src/Helper.php (added)
tags/1.2.2/vendor/enshrined/svg-sanitize/src/Sanitizer.php (added)
tags/1.2.2/vendor/enshrined/svg-sanitize/src/data (added)
tags/1.2.2/vendor/enshrined/svg-sanitize/src/data/AllowedAttributes.php (added)
tags/1.2.2/vendor/enshrined/svg-sanitize/src/data/AllowedTags.php (added)
tags/1.2.2/vendor/enshrined/svg-sanitize/src/data/AttributeInterface.php (added)
tags/1.2.2/vendor/enshrined/svg-sanitize/src/data/TagInterface.php (added)
tags/1.2.2/vendor/enshrined/svg-sanitize/src/data/XPath.php (added)
tags/1.2.2/vendor/enshrined/svg-sanitize/src/svg-scanner.php (added)
tags/1.2.2/vendor/enshrined/svg-sanitize/tests (added)
tags/1.2.2/vendor/enshrined/svg-sanitize/tests/AllowedAttributesTest.php (added)
tags/1.2.2/vendor/enshrined/svg-sanitize/tests/AllowedTagsTest.php (added)
tags/1.2.2/vendor/enshrined/svg-sanitize/tests/Fixtures (added)
tags/1.2.2/vendor/enshrined/svg-sanitize/tests/Fixtures/TestAllowedAttributes.php (added)
tags/1.2.2/vendor/enshrined/svg-sanitize/tests/Fixtures/TestAllowedTags.php (added)
tags/1.2.2/vendor/enshrined/svg-sanitize/tests/SanitizerTest.php (added)
tags/1.2.2/vendor/enshrined/svg-sanitize/tests/SubjectTest.php (added)
tags/1.2.2/vendor/enshrined/svg-sanitize/tests/data (added)
tags/1.2.2/vendor/enshrined/svg-sanitize/tests/data/ariaDataClean.svg (added)
tags/1.2.2/vendor/enshrined/svg-sanitize/tests/data/ariaDataTest.svg (added)
tags/1.2.2/vendor/enshrined/svg-sanitize/tests/data/badXmlTestOne.svg (added)
tags/1.2.2/vendor/enshrined/svg-sanitize/tests/data/entityClean.svg (added)
tags/1.2.2/vendor/enshrined/svg-sanitize/tests/data/entityTest.svg (added)
tags/1.2.2/vendor/enshrined/svg-sanitize/tests/data/externalClean.svg (added)
tags/1.2.2/vendor/enshrined/svg-sanitize/tests/data/externalTest.svg (added)
tags/1.2.2/vendor/enshrined/svg-sanitize/tests/data/hrefCleanOne.svg (added)
tags/1.2.2/vendor/enshrined/svg-sanitize/tests/data/hrefCleanTwo.svg (added)
tags/1.2.2/vendor/enshrined/svg-sanitize/tests/data/hrefTestOne.svg (added)
tags/1.2.2/vendor/enshrined/svg-sanitize/tests/data/hrefTestTwo.svg (added)
tags/1.2.2/vendor/enshrined/svg-sanitize/tests/data/svgCleanOne.svg (added)
tags/1.2.2/vendor/enshrined/svg-sanitize/tests/data/svgCleanOneMinified.svg (added)
tags/1.2.2/vendor/enshrined/svg-sanitize/tests/data/svgTestOne.svg (added)
tags/1.2.2/vendor/enshrined/svg-sanitize/tests/data/useClean.svg (added)
tags/1.2.2/vendor/enshrined/svg-sanitize/tests/data/useDosClean.svg (added)
tags/1.2.2/vendor/enshrined/svg-sanitize/tests/data/useDosCleanTwo.svg (added)
tags/1.2.2/vendor/enshrined/svg-sanitize/tests/data/useDosTest.svg (added)
tags/1.2.2/vendor/enshrined/svg-sanitize/tests/data/useDosTestTwo.svg (added)
tags/1.2.2/vendor/enshrined/svg-sanitize/tests/data/useTest.svg (added)
tags/1.2.2/vendor/enshrined/svg-sanitize/tests/data/xlinkLaughsClean.svg (added)
tags/1.2.2/vendor/enshrined/svg-sanitize/tests/data/xlinkLaughsTest.svg (added)
tags/1.2.2/vendor/enshrined/svg-sanitize/tests/data/xlinkLoopClean.svg (added)
tags/1.2.2/vendor/enshrined/svg-sanitize/tests/data/xlinkLoopTest.svg (added)
tags/1.2.2/vendor/enshrined/svg-sanitize/tests/data/xmlCleanOne.xml (added)
tags/1.2.2/vendor/enshrined/svg-sanitize/tests/data/xmlTestOne.xml (added)
trunk/assets/css/svgplus.css (modified) (1 diff)
trunk/assets/js/svgplus.js (modified) (1 diff)
trunk/blocks (added)
trunk/blocks/svg-block (added)
trunk/blocks/svg-block/block.json (added)
trunk/blocks/svg-block/build (added)
trunk/blocks/svg-block/build/index.asset.php (added)
trunk/blocks/svg-block/build/index.js (added)
trunk/blocks/svg-block/build/style-style.css (added)
trunk/blocks/svg-block/build/style.asset.php (added)
trunk/blocks/svg-block/build/style.js (added)
trunk/blocks/svg-block/src (added)
trunk/blocks/svg-block/src/index.js (added)
trunk/blocks/svg-block/src/style.scss (added)
trunk/composer.json (modified) (1 diff)
trunk/includes/class-svgplus-logger.php (added)
trunk/includes/class-svgplus-sanitizer.php (modified) (1 diff)
trunk/includes/class-svgplus-security.php (added)
trunk/includes/class-svgplus-settings.php (modified) (4 diffs)
trunk/includes/class-svgplus-upload.php (modified) (1 diff)
trunk/readme.txt (modified) (1 diff)
trunk/svgplus.php (modified) (1 diff)

Legend:

: Unmodified
: Added
: Removed

svgplus/trunk/assets/css/svgplus.css

-                      r3165060
+                      r3192812
 .svgplus-widget {
     display: block !important; /* Ensure it is displayed */
     width: 100%; /* Adjust as necessary */
+    display: inline-block !important; /* Change to inline-block */
+    max-width: 100%; /* Use max-width instead of width */
     height: auto; /* Maintain aspect ratio */
+    position: relative; /* For resize handles */
+}
+.svgplus-widget img {
+    display: block; /* Remove any inline spacing */
+    width: 100%;
+    height: auto;
+    object-fit: contain; /* Maintain aspect ratio */
+}
+/* SVG Resize Handles */
+.svgplus-resize-wrapper {
+    position: relative;
+    display: inline-block;
+}
+.svgplus-resize-handles {
+    position: absolute;
+    top: 0;
+    left: 0;
+    right: 0;
+    bottom: 0;
+    pointer-events: none;
+}
+.svgplus-handle {
+    position: absolute;
+    width: 10px;
+    height: 10px;
+    background: #fff;
+    border: 1px solid #007cba;
+    pointer-events: all;
+    z-index: 1000;
+}
+/* Position the handles */
+.svgplus-handle.nw { top: -5px; left: -5px; cursor: nw-resize; }
+.svgplus-handle.ne { top: -5px; right: -5px; cursor: ne-resize; }
+.svgplus-handle.sw { bottom: -5px; left: -5px; cursor: sw-resize; }
+.svgplus-handle.se { bottom: -5px; right: -5px; cursor: se-resize; }
+.svgplus-handle.n { top: -5px; left: 50%; margin-left: -5px; cursor: n-resize; }
+.svgplus-handle.s { bottom: -5px; left: 50%; margin-left: -5px; cursor: s-resize; }
+.svgplus-handle.e { right: -5px; top: 50%; margin-top: -5px; cursor: e-resize; }
+.svgplus-handle.w { left: -5px; top: 50%; margin-top: -5px; cursor: w-resize; }
 /* Animation on hover */

svgplus/trunk/assets/js/svgplus.js

-                      r3165060
+                      r3192812
 // SVGPlus Plugin JavaScript
+jQuery(document).ready(function($) {
+    'use strict';
+// Currently no additional JavaScript functionality is required.
+// Future enhancements can add interactivity here.
+    // Initialize SVG Plus
+    var SVGPlus = {
+        init: function() {
+            this.initResizeHandles();
+            this.bindEvents();
+        },
+jQuery(document).ready(function($){
+    // Example: Handle click events on SVG images
+    $('.svgplus-widget img').on('click', function(){
+        // Placeholder for future interactivity
+        console.log('SVG clicked:', $(this).attr('src'));
+        initResizeHandles: function() {
+            $('.svgplus-widget').each(function() {
+                if (!$(this).find('.svgplus-resize-handles').length) {
+                    $(this).wrap('<div class="svgplus-resize-wrapper"></div>');
+                    var handles = '<div class="svgplus-resize-handles">' +
+                        '<div class="svgplus-handle nw"></div>' +
+                        '<div class="svgplus-handle n"></div>' +
+                        '<div class="svgplus-handle ne"></div>' +
+                        '<div class="svgplus-handle w"></div>' +
+                        '<div class="svgplus-handle e"></div>' +
+                        '<div class="svgplus-handle sw"></div>' +
+                        '<div class="svgplus-handle s"></div>' +
+                        '<div class="svgplus-handle se"></div>' +
+                        '</div>';
+                    $(this).after(handles);
+                }
+            });
+        },
+        bindEvents: function() {
+            var self = this;
+            // Handle resize events
+            $('.svgplus-handle').on('mousedown', function(e) {
+                e.preventDefault();
+                var $handle = $(this);
+                var $wrapper = $handle.closest('.svgplus-resize-wrapper');
+                var $svg = $wrapper.find('.svgplus-widget');
+                var direction = self.getResizeDirection($handle);
+                var startX = e.pageX;
+                var startY = e.pageY;
+                var startWidth = $svg.width();
+                var startHeight = $svg.height();
+                var aspectRatio = startWidth / startHeight;
+                $(document).on('mousemove.svgResize', function(e) {
+                    var deltaX = e.pageX - startX;
+                    var deltaY = e.pageY - startY;
+                    var newWidth, newHeight;
+                    // Calculate new dimensions based on direction
+                    switch(direction) {
+                        case 'nw':
+                        case 'se':
+                            newWidth = startWidth + deltaX;
+                            newHeight = newWidth / aspectRatio;
+                            break;
+                        case 'ne':
+                        case 'sw':
+                            newWidth = startWidth - deltaX;
+                            newHeight = newWidth / aspectRatio;
+                            break;
+                        case 'n':
+                        case 's':
+                            newHeight = startHeight + deltaY;
+                            newWidth = newHeight * aspectRatio;
+                            break;
+                        case 'e':
+                        case 'w':
+                            newWidth = startWidth + deltaX;
+                            newHeight = newWidth / aspectRatio;
+                            break;
+                    }
+                    // Ensure minimum dimensions
+                    newWidth = Math.max(50, newWidth);
+                    newHeight = Math.max(50, newHeight);
+                    // Update dimensions
+                    $svg.css({
+                        width: newWidth + 'px',
+                        height: newHeight + 'px'
+                    });
+                    // Update WordPress media data
+                    if ($svg.closest('.media-frame').length) {
+                        var attachment = wp.media.frame.state().get('selection').first();
+                        if (attachment) {
+                            attachment.set({
+                                width: Math.round(newWidth),
+                                height: Math.round(newHeight)
+                            });
+                        }
+                    }
+                });
+                $(document).on('mouseup.svgResize', function() {
+                    $(document).off('mousemove.svgResize mouseup.svgResize');
+                });
+            });
+        },
+        getResizeDirection: function($handle) {
+            var classes = $handle.attr('class').split(' ');
+            for (var i = 0; i < classes.length; i++) {
+                if (['nw', 'n', 'ne', 'e', 'se', 's', 'sw', 'w'].indexOf(classes[i]) !== -1) {
+                    return classes[i];
+                }
+            }
+            return '';
+        }
+    };
+    // Initialize when document is ready
+    SVGPlus.init();
+    // Re-initialize when new content is added (for dynamically loaded content)
+    $(document).on('ajaxComplete', function() {
+        SVGPlus.init();
     });
 });

svgplus/trunk/composer.json

-                      r3165214
+                      r3192812
     "name": "derickpayne/svgplus",
     "description": "A WordPress plugin to securely upload and display SVG files.",
     "type": "library",
+    "type": "wordpress-plugin",
     "license": "GPL-2.0-or-later",
-    "minimum-stability": "stable",
     "require": {
         "enshrined/svg-sanitize": "^0.20.0"
+        "php": ">=7.4"
+    }
+}

svgplus/trunk/includes/class-svgplus-sanitizer.php

-                      r3168748
+                      r3192812
+}
-use enshrined\svgSanitize\Sanitizer;
 class SVGPlus_Sanitizer {
     /**
+     * Sanitizes the uploaded SVG content using the enshrined/svg-sanitize library.
+     * List of allowed SVG tags
+     */
+    public static function get_allowed_tags() {
+        return array(
+            // Structure
+            'svg', 'g', 'defs', 'use', 'symbol', 'mask', 'clipPath',
+            // Shapes
+            'path', 'rect', 'circle', 'ellipse', 'line', 'polyline', 'polygon',
+            // Text
+            'text', 'tspan', 'textPath',
+            // Other visual elements
+            'image', 'title', 'desc',
+            // Gradients and Patterns
+            'linearGradient', 'radialGradient', 'stop', 'pattern',
+            // Filters
+            'filter', 'feBlend', 'feColorMatrix', 'feComponentTransfer',
+            'feComposite', 'feConvolveMatrix', 'feDiffuseLighting',
+            'feDisplacementMap', 'feDistantLight', 'feFlood', 'feFuncA',
+            'feFuncB', 'feFuncG', 'feFuncR', 'feGaussianBlur', 'feImage',
+            'feMerge', 'feMergeNode', 'feMorphology', 'feOffset',
+            'fePointLight', 'feSpecularLighting', 'feSpotLight', 'feTile',
+            'feTurbulence'
+        );
+    }
+    /**
+     * List of allowed SVG attributes
+     */
+    public static function get_allowed_attributes() {
+        return array(
+            // Core attributes
+            'id', 'class', 'style', 'data-name',
+            // Presentation attributes
+            'fill', 'fill-rule', 'stroke', 'stroke-width', 'stroke-linecap',
+            'stroke-linejoin', 'stroke-miterlimit', 'stroke-dasharray',
+            'stroke-dashoffset', 'stroke-opacity', 'fill-opacity', 'opacity',
+            'transform', 'offset', 'stop-color', 'stop-opacity',
+            'xmlns', 'xmlns:xlink', 'xmlns:svg',
+            // Gradient attributes
+            'gradientUnits', 'gradientTransform', 'href', 'xlink:href',
+            'x1', 'x2', 'y1', 'y2', 'cx', 'cy', 'r', 'fx', 'fy',
+            // Dimension attributes
+            'x', 'y', 'width', 'height', 'viewBox', 'preserveAspectRatio',
+            // Path attributes
+            'd', 'pathLength',
+            // Text attributes
+            'text-anchor', 'font-family', 'font-size', 'font-weight',
+            'letter-spacing', 'word-spacing', 'text-decoration',
+            // Filter attributes
+            'filterUnits', 'primitiveUnits', 'in', 'in2', 'result',
+            'stdDeviation', 'mode', 'operator', 'scale', 'values',
+            'flood-color', 'flood-opacity'
+        );
+    }
+    private $logger = null;
+    public function __construct() {
+        $this->logger = SVGPlus_Logger::get_instance();
+    }
+    /**
+     * Sanitize SVG content
+     */
+    public function sanitize_svg($content) {
+        try {
+            $this->logger->log_message('Starting SVG sanitization');
+            // Load the SVG content
+            $dom = new DOMDocument();
+            libxml_use_internal_errors(true);
+            // Try to load the SVG content with LIBXML_NONET to prevent external entities
+            $this->logger->log_message('Loading XML content');
+            if (!$dom->loadXML($content, LIBXML_NONET)) {
+                $this->logger->log_message('Failed to load XML content', 'ERROR');
+                $this->logger->log_xml_errors();
+                return false;
+            }
+            // Get the root SVG element
+            $svg = $dom->getElementsByTagName('svg')->item(0);
+            if (!$svg) {
+                $this->logger->log_message('No SVG element found', 'ERROR');
+                return false;
+            }
+            $this->logger->log_message('Found SVG element, checking namespaces');
+            // Get allowed tags and attributes
+            $allowed_tags = self::get_allowed_tags();
+            $allowed_attrs = self::get_allowed_attributes();
+            $this->logger->log_message('Cleaning SVG element');
+            // Clean the SVG
+            $this->clean_svg_element($svg, $allowed_tags, $allowed_attrs);
+            // Ensure root SVG element has proper namespaces
+            if (!$svg->hasAttribute('xmlns')) {
+                $this->logger->log_message('Adding xmlns namespace');
+                $svg->setAttribute('xmlns', 'http://www.w3.org/2000/svg');
+            }
+            if (strpos($dom->saveXML(), 'xlink:') !== false && !$svg->hasAttribute('xmlns:xlink')) {
+                $this->logger->log_message('Adding xmlns:xlink namespace');
+                $svg->setAttribute('xmlns:xlink', 'http://www.w3.org/1999/xlink');
+            }
+            // Return the cleaned SVG
+            $result = $dom->saveXML($svg);
+            $this->logger->log_message('SVG sanitization completed successfully');
+            $this->logger->log_message('Final SVG size: ' . strlen($result) . ' bytes');
+            return $result;
+        } catch (Exception $e) {
+            $this->logger->log_message('Error during sanitization: ' . $e->getMessage(), 'ERROR');
+            return false;
+        }
+    }
+    /**
+     * Clean SVG element recursively
+     */
+    private function clean_svg_element($element, $allowed_tags, $allowed_attrs) {
+        try {
+            $children = array();
+            foreach ($element->childNodes as $child) {
+                if ($child->nodeType === XML_ELEMENT_NODE) {
+                    $children[] = $child;
+                }
+            }
+            foreach ($children as $child) {
+                // Remove if tag not allowed
+                if (!in_array($child->tagName, $allowed_tags)) {
+                    $this->logger->log_message("Removing disallowed tag: {$child->tagName}", 'WARNING');
+                    $element->removeChild($child);
+                    continue;
+                }
+                // Clean attributes
+                $attributes = array();
+                foreach ($child->attributes as $attr) {
+                    $attributes[] = $attr;
+                }
+                foreach ($attributes as $attr) {
+                    if (!in_array($attr->name, $allowed_attrs)) {
+                        $this->logger->log_message("Removing disallowed attribute: {$attr->name} from {$child->tagName}", 'WARNING');
+                        $child->removeAttribute($attr->name);
+                    }
+                }
+                // Clean child elements
+                $this->clean_svg_element($child, $allowed_tags, $allowed_attrs);
+            }
+        } catch (Exception $e) {
+            $this->logger->log_message('Error cleaning element: ' . $e->getMessage(), 'ERROR');
+        }
+    }
+    /**
+     * Sanitizes the uploaded SVG content.
+     *
      * @param string $svg_content The raw SVG content.
      * @return string|false The sanitized SVG content or false on failure.
      */
+    public static function sanitize_svg($svg_content) {
+        // Initialize the sanitizer
+        $sanitizer = new Sanitizer();
+        // Sanitize the SVG
+        $sanitized_svg = $sanitizer->sanitize($svg_content);
+        if ($sanitized_svg === false) {
+            error_log('SVGPlus_Sanitizer: Failed to sanitize SVG.');
+    public static function sanitize_svg_content($svg_content) {
+        if (empty($svg_content)) {
             return false;
+        }
+        return $sanitized_svg;
+        // Load the SVG content into a DOMDocument
+        $dom = new DOMDocument();
+        $dom->preserveWhiteSpace = true;
+        $dom->formatOutput = true;
+        // Suppress warnings during loading
+        libxml_use_internal_errors(true);
+        if (!$dom->loadXML($svg_content, LIBXML_NOBLANKS | LIBXML_NONET)) {
+            libxml_clear_errors();
+            return false;
+        }
+        libxml_clear_errors();
+        // Get all elements
+        $allElements = $dom->getElementsByTagName('*');
+        $allowed_tags = self::get_allowed_tags();
+        $allowed_attributes = self::get_allowed_attributes();
+        // Check each element
+        for ($i = $allElements->length - 1; $i >= 0; $i--) {
+            $element = $allElements->item($i);
+            // Remove if not in allowed tags
+            if (!in_array($element->tagName, $allowed_tags)) {
+                $element->parentNode->removeChild($element);
+                continue;
+            }
+            // Check attributes
+            if ($element->hasAttributes()) {
+                $attributes = $element->attributes;
+                for ($j = $attributes->length - 1; $j >= 0; $j--) {
+                    $attr = $attributes->item($j);
+                    if (!in_array($attr->name, $allowed_attributes)) {
+                        $element->removeAttributeNode($attr);
+                    }
+                }
+            }
+        }
+        // Ensure root SVG element has proper namespaces
+        $svg = $dom->getElementsByTagName('svg')->item(0);
+        if ($svg) {
+            if (!$svg->hasAttribute('xmlns')) {
+                $svg->setAttribute('xmlns', 'http://www.w3.org/2000/svg');
+            }
+            if (strpos($dom->saveXML(), 'xlink:') !== false && !$svg->hasAttribute('xmlns:xlink')) {
+                $svg->setAttribute('xmlns:xlink', 'http://www.w3.org/1999/xlink');
+            }
+        }
+        // Convert back to XML string
+        $clean = $dom->saveXML($dom->documentElement);
+        // Add XML declaration if missing
+        if (strpos($clean, '<?xml') === false) {
+            $clean = '<?xml version="1.0" encoding="UTF-8" standalone="no"?>' . $clean;
+        }
+        return $clean;
+    }
+}

svgplus/trunk/includes/class-svgplus-settings.php

-                      r3168748
+                      r3192812
 class SVGPlus_Settings {
+    public function __construct() {
+    private static $instance = null;
+    /**
+     * Get the singleton instance.
+     */
+    public static function init() {
+        if (null === self::$instance) {
+            self::$instance = new self();
+        }
+        return self::$instance;
+    }
+    private function __construct() {
         add_action('admin_menu', array($this, 'add_settings_menu'));
         add_action('admin_init', array($this, 'register_settings'));
 …
     public function add_settings_menu() {
         add_options_page(
             __('SVGPlus Settings', 'svgplus'), // Page title
             __('SVGPlus', 'svgplus'),          // Menu title
+            __('SVG Plus Settings', 'svgplus'), // Page title
+            __('SVG Plus', 'svgplus'),          // Menu title
             'manage_options',                  // Capability
             'svgplus-settings',                // Menu slug
 …
      */
     public function main_section_callback() {
         echo esc_html__('Configure the main settings for SVGPlus.', 'svgplus');
+        echo esc_html__('Configure the main settings for SVG Plus.', 'svgplus');
+    }
 …
         <div class="wrap">
             <h1>
                 <img src="<?php echo esc_url($icon_url); ?>" alt="SVGPlus Icon" class="svgplus-settings-icon" />
                 <?php esc_html_e('SVGPlus Settings', 'svgplus'); ?>
+                <img src="<?php echo esc_url($icon_url); ?>" alt="SVG Plus Icon" class="svgplus-settings-icon" />
+                <?php esc_html_e('SVG Plus Settings', 'svgplus'); ?>
             </h1>

svgplus/trunk/includes/class-svgplus-upload.php

-                      r3168748
+                      r3192812
 class SVGPlus_Upload {
+    private static $sanitizer = null;
+    private static $logger = null;
+    /**
+     * Initialize the upload handler
+     */
     public static function init() {
+        // Modified section starts here
+        // Initialize security features
+        SVGPlus_Security::init();
+        // Initialize logger
+        self::$logger = SVGPlus_Logger::get_instance();
+        self::$logger->log_message('SVGPlus Upload Handler Initialized');
         $options = get_option('svgplus_settings');
         $is_svg_enabled = isset($options['enable_svg_support']) ? $options['enable_svg_support'] : 0;
         if ($is_svg_enabled) {
+            // Allow SVG mime types
+            // Register SVG block
+            add_action('init', array(__CLASS__, 'register_svg_block'));
             add_filter('upload_mimes', array(__CLASS__, 'add_svg_mime_type'));
-            // Fix MIME type and file extension checks for SVGs
             add_filter('wp_check_filetype_and_ext', array(__CLASS__, 'fix_mime_type_svg'), 10, 4);
-            // Handle file upload prefilter for SVG sanitization
             add_filter('wp_handle_upload_prefilter', array(__CLASS__, 'handle_upload_prefilter'));
+        }
+        // Modified section ends here
+    }
+    /**
+     * Adds SVG to the list of allowed mime types with the custom MIME type svgplus/svg+xml.
+     *
+     * @param array $mimes Existing mime types.
+     * @return array Modified mime types.
+            add_filter('wp_prepare_attachment_for_js', array(__CLASS__, 'fix_admin_preview'), 10, 3);
+            add_filter('wp_get_attachment_image_src', array(__CLASS__, 'fix_thumbnail_display'), 10, 4);
+            // Add filters for alt text handling
+            add_filter('post_thumbnail_html', array(__CLASS__, 'filter_post_thumbnail_html'), 10, 5);
+            add_filter('the_content', array(__CLASS__, 'filter_content_images'), 10, 1);
+            add_filter('wp_get_attachment_image_attributes', array(__CLASS__, 'filter_image_attributes'), 10, 2);
+            // Add media editor support
+            add_filter('image_send_to_editor', array(__CLASS__, 'svg_media_send_to_editor'), 10, 8);
+            add_filter('wp_ajax_image-editor', array(__CLASS__, 'svg_media_editor_response'), 1);
+            add_filter('wp_get_attachment_metadata', array(__CLASS__, 'svg_get_attachment_metadata'), 10, 2);
+            add_filter('wp_generate_attachment_metadata', array(__CLASS__, 'svg_generate_metadata'), 10, 2);
+            // Bypass image processing for SVGs
+            add_filter('wp_image_editors', array(__CLASS__, 'disable_svg_image_editors'));
+            self::$logger->log_message('SVG support enabled and filters registered');
+        } else {
+            self::$logger->log_message('SVG support is disabled');
+        }
+    }
+    /**
+     * Add SVG mime type to allowed upload types
      */
     public static function add_svg_mime_type($mimes) {
+        // Add the custom MIME type for SVGPlus
+        $mimes['svg'] = 'image/svg+xml';  // Standard SVG MIME type
+        $mimes['svgz'] = 'image/svg+xml'; // Compressed SVG
+        return $mimes;
+    }
+    /**
+     * Fixes the MIME type and extension checks for SVG files to ensure they pass WordPress validation.
+     *
+     * @param array  $data
+     * @param string $file
+     * @param string $filename
+     * @param array  $mimes
+     * @return array
+        try {
+            self::$logger->log_message('Adding SVG mime type to allowed types');
+            $mimes['svg'] = 'image/svg+xml';
+            return $mimes;
+        } catch (Exception $e) {
+            self::$logger->log_message('Error adding mime type: ' . $e->getMessage(), 'ERROR');
+            return $mimes;
+        }
+    }
+    /**
+     * Fix mime type for SVG files
      */
     public static function fix_mime_type_svg($data, $file, $filename, $mimes) {
+        $ext = pathinfo($filename, PATHINFO_EXTENSION);
+        if ($ext === 'svg' || $ext === 'svgz') {
+            $data['ext'] = 'svg';
+            $data['type'] = 'image/svg+xml';  // Ensure the proper MIME type is set
+            $data['proper_filename'] = $data['proper_filename'] ?? $filename;
+        }
+        try {
+            self::$logger->log_message("Checking mime type for file: $filename");
+            self::$logger->log_array($data, 'Current data: ');
+            $ext = isset($data['ext']) ? $data['ext'] : '';
+            if (strlen($ext) < 1) {
+                $ext = strtolower(pathinfo($filename, PATHINFO_EXTENSION));
+            }
+            if ($ext === 'svg') {
+                self::$logger->log_message('File is SVG, checking content');
+                // Check file content
+                $content = file_get_contents($file);
+                if ($content && strpos($content, '<svg') !== false) {
+                    self::$logger->log_message('Valid SVG content found');
+                    $data['type'] = 'image/svg+xml';
+                    $data['ext'] = 'svg';
+                } else {
+                    self::$logger->log_message('Invalid SVG content', 'WARNING');
+                    self::$logger->log_message('File content: ' . substr($content, 0, 100) . '...', 'DEBUG');
+                    $data['type'] = false;
+                    $data['ext'] = false;
+                }
+            }
+            self::$logger->log_array($data, 'Final data: ');
+            return $data;
+        } catch (Exception $e) {
+            self::$logger->log_message('Error in mime type check: ' . $e->getMessage(), 'ERROR');
+            return $data;
+        }
+    }
+    /**
+     * Handle SVG upload and sanitization
+     */
+    public static function handle_upload_prefilter($file) {
+        try {
+            self::$logger->log_message("Processing upload: {$file['name']}");
+            self::$logger->log_array($file, 'Upload data: ');
+            // Check if this is an SVG upload
+            if (!in_array($file['type'], array('image/svg+xml', 'image/svg'))) {
+                self::$logger->log_message("Not an SVG file: {$file['type']}", 'DEBUG');
+                return $file;
+            }
+            // Read file content
+            $content = file_get_contents($file['tmp_name']);
+            if ($content === false) {
+                self::$logger->log_message("Could not read file: {$file['tmp_name']}", 'ERROR');
+                $file['error'] = __('Could not read SVG file.', 'svgplus');
+                return $file;
+            }
+            self::$logger->log_message('File content length: ' . strlen($content));
+            self::$logger->log_message('First 100 bytes: ' . substr($content, 0, 100));
+            // Quick validation check
+            if (strpos($content, '<svg') === false) {
+                self::$logger->log_message('No SVG tag found in file', 'ERROR');
+                $file['error'] = __('Invalid SVG file format.', 'svgplus');
+                return $file;
+            }
+            // Initialize sanitizer if needed
+            if (self::$sanitizer === null) {
+                self::$sanitizer = new SVGPlus_Sanitizer();
+            }
+            // Sanitize SVG content
+            $sanitized = self::$sanitizer->sanitize_svg($content);
+            if ($sanitized === false) {
+                self::$logger->log_message('SVG sanitization failed', 'ERROR');
+                $file['error'] = __('Invalid SVG file format.', 'svgplus');
+                return $file;
+            }
+            self::$logger->log_message('Sanitized content length: ' . strlen($sanitized));
+            // Write sanitized content back to file
+            if (file_put_contents($file['tmp_name'], $sanitized) === false) {
+                self::$logger->log_message('Could not write sanitized content', 'ERROR');
+                $file['error'] = __('Could not write sanitized SVG file.', 'svgplus');
+                return $file;
+            }
+            // Add a filter to prevent WordPress from trying to create image subsizes
+            add_filter('wp_image_editors', function($editors) use ($file) {
+                if (in_array($file['type'], array('image/svg+xml', 'image/svg'))) {
+                    self::$logger->log_message('Disabled image editors for SVG');
+                    return array();
+                }
+                return $editors;
+            });
+            self::$logger->log_message("Successfully processed SVG: {$file['name']}");
+            return $file;
+        } catch (Exception $e) {
+            self::$logger->log_message('Error processing SVG: ' . $e->getMessage(), 'ERROR');
+            $file['error'] = __('Error processing SVG file: ', 'svgplus') . $e->getMessage();
+            return $file;
+        }
+    }
+    /**
+     * Fix SVG preview in media library
+     */
+    public static function fix_admin_preview($response, $attachment, $meta) {
+        if ($response['mime'] === 'image/svg+xml') {
+            $svg_path = get_attached_file($attachment->ID);
+            if (!file_exists($svg_path)) {
+                return $response;
+            }
+            try {
+                $dimensions = self::get_svg_dimensions($svg_path);
+                if ($dimensions) {
+                    // Get original dimensions
+                    $original_width = $dimensions['width'];
+                    $original_height = $dimensions['height'];
+                    $aspect_ratio = $original_width / $original_height;
+                    // Get current dimensions (if being resized)
+                    $width = isset($_POST['width']) ? intval($_POST['width']) : $original_width;
+                    $height = isset($_POST['height']) ? intval($_POST['height']) : $original_height;
+                    // If width is being changed, adjust height to maintain aspect ratio
+                    if (isset($_POST['width']) && !isset($_POST['height'])) {
+                        $height = round($width / $aspect_ratio);
+                    }
+                    // If height is being changed, adjust width to maintain aspect ratio
+                    else if (!isset($_POST['width']) && isset($_POST['height'])) {
+                        $width = round($height * $aspect_ratio);
+                    }
+                    // Update response with new dimensions
+                    $response['width'] = $width;
+                    $response['height'] = $height;
+                    // For SVGs, we don't need multiple sizes
+                    $response['sizes'] = array(
+                        'full' => array(
+                            'url' => $response['url'],
+                            'width' => $width,
+                            'height' => $height,
+                            'orientation' => $width >= $height ? 'landscape' : 'portrait'
+                        )
+                    );
+                    // Add SVG-specific metadata
+                    $response['svgplus'] = array(
+                        'originalWidth' => $original_width,
+                        'originalHeight' => $original_height,
+                        'aspectRatio' => $aspect_ratio,
+                        'preserveAspectRatio' => true
+                    );
+                    // Add custom CSS class for SVG handling
+                    $response['classes'] = isset($response['classes']) ? $response['classes'] . ' svgplus-widget' : 'svgplus-widget';
+                }
+            } catch (Exception $e) {
+                // Log error but don't break the upload
+                self::$logger->log_message('Error processing SVG preview: ' . $e->getMessage(), 'ERROR');
+            }
+        }
+        return $response;
+    }
+    /**
+     * Get SVG dimensions from file
+     */
+    private static function get_svg_dimensions($file_path) {
+        if (!file_exists($file_path)) {
+            return false;
+        }
+        $svg = file_get_contents($file_path);
+        if (!$svg) {
+            return false;
+        }
+        $dimensions = array('width' => null, 'height' => null);
+        // Create new DOMDocument instance
+        $xml = new DOMDocument();
+        // Disable errors temporarily
+        $internal_errors = libxml_use_internal_errors(true);
+        // Load SVG content
+        if ($xml->loadXML($svg)) {
+            $svg_element = $xml->documentElement;
+            // Get width and height attributes
+            $width = $svg_element->getAttribute('width');
+            $height = $svg_element->getAttribute('height');
+            // If width/height are percentages or missing, try viewBox
+            if (empty($width) || empty($height) || strpos($width, '%') !== false || strpos($height, '%') !== false) {
+                $viewBox = $svg_element->getAttribute('viewBox');
+                if ($viewBox) {
+                    $viewBoxValues = preg_split('/[\s,]+/', trim($viewBox));
+                    if (count($viewBoxValues) === 4) {
+                        $width = $viewBoxValues[2];
+                        $height = $viewBoxValues[3];
+                    }
+                }
+            }
+            // Convert to numeric values
+            $width = $width ? floatval($width) : 150;  // Default width if not specified
+            $height = $height ? floatval($height) : 150;  // Default height if not specified
+            // Ensure minimum dimensions
+            $width = max(50, $width);
+            $height = max(50, $height);
+            $dimensions['width'] = round($width);
+            $dimensions['height'] = round($height);
+        }
+        // Restore error handling
+        libxml_use_internal_errors($internal_errors);
+        return $dimensions;
+    }
+    /**
+     * Fix SVG thumbnail display
+     */
+    public static function fix_thumbnail_display($image, $attachment_id, $size, $icon) {
+        if (get_post_mime_type($attachment_id) === 'image/svg+xml') {
+            $image[0] = wp_get_attachment_url($attachment_id);
+        }
+        return $image;
+    }
+    /**
+     * Filter post thumbnail HTML for SVG images
+     */
+    public static function filter_post_thumbnail_html($html, $post_id, $post_thumbnail_id, $size, $attr) {
+        if (get_post_mime_type($post_thumbnail_id) === 'image/svg+xml') {
+            $attr = wp_parse_args($attr, array());
+            $url = wp_get_attachment_url($post_thumbnail_id);
+            $html = sprintf(
+                '<img src="%s" %s>',
+                esc_url($url),
+                self::build_attributes($attr)
+            );
+        }
+        return $html;
+    }
+    /**
+     * Filter content images for SVG
+     */
+    public static function filter_content_images($content) {
+        if (!has_blocks($content)) {
+            return $content;
+        }
+        return $content;
+    }
+    /**
+     * Filter image attributes for SVG
+     */
+    public static function filter_image_attributes($attr, $attachment) {
+        if (get_post_mime_type($attachment->ID) === 'image/svg+xml') {
+            $attr['class'] = isset($attr['class']) ? $attr['class'] . ' svg-image' : 'svg-image';
+        }
+        return $attr;
+    }
+    /**
+     * Handle SVG in media editor
+     */
+    public static function svg_media_editor_response() {
+        if (isset($_POST['postid'])) {
+            $post_id = intval($_POST['postid']);
+            if (get_post_mime_type($post_id) === 'image/svg+xml') {
+                wp_send_json_error(array(
+                    'message' => __('SVG files cannot be edited directly in WordPress. Please use an SVG editor.', 'svgplus')
+                ));
+            }
+        }
+    }
+    /**
+     * Handle SVG metadata generation
+     */
+    public static function svg_generate_metadata($metadata, $attachment_id) {
+        if (get_post_mime_type($attachment_id) === 'image/svg+xml') {
+            $svg_path = get_attached_file($attachment_id);
+            $dimensions = self::get_svg_dimensions($svg_path);
+            if ($dimensions) {
+                $metadata = array(
+                    'width' => $dimensions['width'],
+                    'height' => $dimensions['height'],
+                    'file' => _wp_relative_upload_path($svg_path),
+                    'filesize' => filesize($svg_path),
+                    'sizes' => array(),
+                    'svg' => true
+                );
+            }
+        }
+        return $metadata;
+    }
+    /**
+     * Get SVG metadata for existing attachments
+     */
+    public static function svg_get_attachment_metadata($data, $attachment_id) {
+        if (get_post_mime_type($attachment_id) === 'image/svg+xml') {
+            if (empty($data)) {
+                $data = self::svg_generate_metadata(array(), $attachment_id);
+            }
+            // Ensure we have the filesize
+            if (empty($data['filesize'])) {
+                $file = get_attached_file($attachment_id);
+                if (file_exists($file)) {
+                    $data['filesize'] = filesize($file);
+                }
+            }
+        }
         return $data;
+    }
     /**
+     * Handles the upload prefilter for SVGs, sanitizing the uploaded file.
+     *
+     * @param array $file The uploaded file data.
+     * @return array Modified file data.
+     */
+    public static function handle_upload_prefilter($file) {
+        // Make sure we're dealing with an SVG
+        if ($file['type'] === 'image/svg+xml') {
+            // Check user permissions
+            $current_user = wp_get_current_user();
+            $settings = get_option('svgplus_settings');
+            $allowed_roles = isset($settings['allowed_roles']) ? $settings['allowed_roles'] : array();
+            $has_allowed_role = false;
+            foreach ($current_user->roles as $role) {
+                if (in_array($role, $allowed_roles)) {
+                    $has_allowed_role = true;
+                    break;
+                }
+            }
+            if (!$has_allowed_role) {
+                $file['error'] = __('You do not have permission to upload SVG files.', 'svgplus');
+                return $file;
+            }
+            global $wp_filesystem;
+            // Initialize WP_Filesystem if not already done
+            if (empty($wp_filesystem)) {
+                require_once ABSPATH . 'wp-admin/includes/file.php';
+                WP_Filesystem();
+            }
+            // Get SVG content using WP_Filesystem
+            $svg_content = $wp_filesystem->get_contents($file['tmp_name']);
+            if ($svg_content === false) {
+                $file['error'] = __('Unable to read SVG file.', 'svgplus');
+                return $file;
+            }
+            // Sanitize SVG
+            $sanitized_svg = SVGPlus_Sanitizer::sanitize_svg($svg_content);
+            if ($sanitized_svg === false) {
+                $file['error'] = __('Invalid SVG file.', 'svgplus');
+                return $file;
+            }
+            // Overwrite the temporary file with sanitized SVG using WP_Filesystem
+            $result = $wp_filesystem->put_contents($file['tmp_name'], $sanitized_svg, FS_CHMOD_FILE);
+            if ($result === false) {
+                $file['error'] = __('Failed to sanitize SVG file.', 'svgplus');
+                return $file;
+            }
+        }
+        return $file;
+     * Handle SVG in media send to editor
+     */
+    public static function svg_media_send_to_editor($html, $id, $caption, $title, $align, $url, $size, $alt) {
+        if (get_post_mime_type($id) === 'image/svg+xml') {
+            $dimensions = self::get_svg_dimensions(get_attached_file($id));
+            if ($dimensions) {
+                // Get the original aspect ratio
+                $aspect_ratio = $dimensions['width'] / $dimensions['height'];
+                // Get current dimensions
+                $width = isset($_POST['width']) ? intval($_POST['width']) : $dimensions['width'];
+                $height = isset($_POST['height']) ? intval($_POST['height']) : $dimensions['height'];
+                // Maintain aspect ratio
+                if (isset($_POST['width']) && !isset($_POST['height'])) {
+                    $height = round($width / $aspect_ratio);
+                } elseif (!isset($_POST['width']) && isset($_POST['height'])) {
+                    $width = round($height * $aspect_ratio);
+                }
+                // Build attributes array
+                $attributes = array(
+                    'src' => $url,
+                    'alt' => $alt,
+                    'width' => $width,
+                    'height' => $height,
+                    'class' => 'svgplus-widget' . ($align ? " align$align" : ''),
+                    'preserveAspectRatio' => 'xMidYMid meet'
+                );
+                // Create new HTML with proper attributes
+                $html = sprintf(
+                    '<img %s />',
+                    self::build_attributes($attributes)
+                );
+                // Handle caption if present
+                if ($caption) {
+                    $html = "[caption id='attachment_$id' align='align$align' width='{$width}']" . $html . ' ' . $caption . '[/caption]';
+                }
+            }
+        }
+        return $html;
+    }
+    /**
+     * Build HTML attributes string
+     */
+    private static function build_attributes($attributes) {
+        $html = '';
+        foreach ($attributes as $name => $value) {
+            if ($value === true) {
+                $html .= ' ' . $name;
+            } elseif ($value !== false && $value !== '') {
+                $html .= sprintf(' %s="%s"', $name, esc_attr($value));
+            }
+        }
+        return $html;
+    }
+    /**
+     * Disable image editors for SVG files
+     */
+    public static function disable_svg_image_editors($editors) {
+        // Get the current file being processed
+        $current_filter = current_filter();
+        if ($current_filter === 'wp_image_editors') {
+            // Check if we're processing an SVG file
+            if (isset($_REQUEST['post_id'])) {
+                $post_id = intval($_REQUEST['post_id']);
+                if (get_post_mime_type($post_id) === 'image/svg+xml') {
+                    return array();
+                }
+            }
+            // Check file extension in upload if available
+            if (isset($_FILES['async-upload']['name'])) {
+                if (preg_match('/\.svg$/i', $_FILES['async-upload']['name'])) {
+                    return array();
+                }
+            }
+        }
+        return $editors;
+    }
+    /**
+     * Register SVG block
+     */
+    public static function register_svg_block() {
+        register_block_type(plugin_dir_path(SVGPLUS_FILE) . 'blocks/svg-block/block.json');
+    }
+}

svgplus/trunk/readme.txt

-                      r3168748
+                      r3192812
 === SVGPlus ===
+=== SVG Plus ===
 Contributors: Rizonepress
+Tags: svg, vector graphics, media upload, sanitization
+Requires at least: 5.0
+Tested up to: 6.6
+Stable tag: 1.1.0
+Tags: svg, image, upload, media, gutenberg, block
+Requires at least: 5.8
+Tested up to: 6.4
+Requires PHP: 7.4
+Stable tag: 1.2.2
 License: GPLv2 or later
+License URI: http://www.gnu.org/licenses/gpl-2.0.html
+Home Page: https://rizonepress.com
+License URI: https://www.gnu.org/licenses/gpl-2.0.html
 Short Description: Upload, sanitize, and display SVG files securely in WordPress with role-based upload permissions and custom CSS support.
+Enhanced SVG upload and management for WordPress with sanitization, resizing, and Gutenberg block support.
 == Description ==
 **SVGPlus** is a WordPress plugin designed to securely manage SVG (Scalable Vector Graphics) files on your website. It allows for safe SVG uploads, automatic sanitization, and provides options to control which user roles can upload SVGs.
+SVG Plus provides comprehensive SVG support for WordPress, allowing you to safely upload and manage SVG files in your media library. The plugin includes a custom Gutenberg block for enhanced SVG handling and maintains aspect ratios during resizing.
+### Key Features
+= Key Features =
+. **Secure SVG Uploads with Automatic Sanitization**: Upload SVG files directly to your WordPress media library, with automatic sanitization to remove potentially harmful code.
+. **Role-Based Upload Permissions**: Control which user roles are permitted to upload SVG files. Only administrators can modify these settings.
+. **Option to Enable or Disable SVG Support**: Easily enable or disable SVG support across your site with a single switch in the settings.
+. **Centralized Settings for Consistency and Control**: Access a dedicated settings page (`Settings > SVGPlus`) in the WordPress admin dashboard to configure plugin options.
+. **Custom CSS Support**: Add global custom CSS to style all SVGs managed by SVGPlus, maintaining a consistent design aesthetic across your site.
+* Safe SVG upload with comprehensive sanitization
+* Custom Gutenberg block for SVG images
+* Aspect ratio preservation during resize
+* Media library integration
+* Detailed error reporting and logging
+* Comprehensive security features
+= Security Features =
+* SVG content sanitization
+* Removal of potentially harmful elements and attributes
+* Prevention of external entity loading
+* Comprehensive error logging and reporting
+= Technical Features =
+* Custom Gutenberg block with resize controls
+* Automatic dimension detection
+* Proper MIME type handling
+* Detailed debugging capabilities
+* WordPress coding standards compliant
 == Installation ==
+. **Upload the Plugin:**
+   - Upload the `svgplus` folder to the `/wp-content/plugins/` directory.
+. **Activate the Plugin:**
+   - Activate the plugin through the 'Plugins' menu in WordPress.
+. **Configure Settings:**
+   - Navigate to `Settings > SVGPlus` in the WordPress admin dashboard to configure your SVG preferences.
+. Upload the plugin files to `/wp-content/plugins/svgplus`
+. Activate the plugin through the 'Plugins' screen in WordPress
+. Use the Settings->SVG Plus screen to configure the plugin
+### Usage
+== Frequently Asked Questions ==
+#### Uploading and Managing SVGs
+= Is it safe to upload SVG files? =
+. **Upload SVGs:** Go to the WordPress media library (`Media > Add New`) and upload your SVG files as you would with any other media type.
+. **Sanitized SVGs:** SVGPlus automatically sanitizes your SVG uploads to ensure they are safe and optimized for use on your website.
+Yes, SVG Plus includes comprehensive security features that sanitize SVG files before allowing them to be uploaded.
+#### Configuring Plugin Settings
+= Can I resize SVG files? =
+. **Access Settings:** Navigate to `Settings > SVGPlus` in the WordPress admin dashboard.
+. **Enable SVG Support:** Toggle the option to enable or disable SVG support across your site.
+. **Select Allowed User Roles:** (Administrators only) Choose which user roles are permitted to upload SVG files to your site.
+. **Add Custom CSS:** Input any custom CSS to style your SVGs globally.
+Yes, the plugin includes a custom Gutenberg block that allows you to resize SVG files while maintaining their aspect ratio.
+## Changelog
+= Where can I find error logs? =
+The plugin creates detailed logs in wp-content/uploads/svgplus-debug.log for troubleshooting purposes.
+== Changelog ==
+= 1.2.2 =
+* Added comprehensive logging system for better debugging
+* Enhanced SVG file validation and sanitization
+* Improved error handling and reporting
+* Added detailed upload process logging
+* Enhanced mime type detection with content validation
+* Added proper namespace handling for SVG files
+* Improved security with LIBXML_NONET flag
+* Added better error messages for users
+* Fixed various upload handling issues
+* Added file permission handling for logs
+= 1.1.2 =
+* Added custom Gutenberg block for SVG handling
+* Improved SVG sanitization process
+* Enhanced media library integration
+* Added aspect ratio preservation
+* Fixed dimension detection issues
+= 1.1.1 =
+* Initial security improvements
+* Basic SVG upload handling
+* Simple media library integration
 = 1.1.0 =
+* Initial release
+- Fixed issue where the blue background of switches did not change to orange when SVG support was disabled.
+- Restricted modification of allowed roles to Administrators only.
+- Removed the "Custom CSS" main label and adjusted the codebox to span the full width of the row.
+- Updated plugin version and aligned documentation to reflect current features.
+== Upgrade Notice ==
+= 1.0.14 =
+= 1.2.2 =
+This version adds comprehensive logging and improved security features. It's recommended for all users to update for better SVG handling and troubleshooting capabilities.
+- General UI Enhancements
 - Improved responsiveness of the settings page to ensure better usability across different devices.
+= 1.1.2 =
+This version adds Gutenberg block support and improves SVG handling. Upgrade for better SVG management capabilities.
 = 1.0.13 =
+== Additional Information ==
+- Switched to using the `enshrined/svg-sanitize` library for SVG sanitization.
+- Ensured "Allow SVG Animations" setting functions correctly with the new sanitizer.
+- Default allowed roles for SVG uploads are Administrator, Editor, and Author.
+- Confirmed custom CSS settings are applied correctly to SVG images.
+= 1.0.12 =
+- Comprehensive SVG Element Support: Expanded the list of allowed SVG elements and attributes in the sanitizer to include a complete set of SVG elements, including all filter elements and animation elements. This ensures compatibility with a wider range of SVG files and features.
+- Enhanced Animation Support: Completed the inclusion of all animation elements and their attributes, allowing for full support of SVG animations when enabled in the settings.
+- Improved Sanitization Logic: Updated the SVG sanitizer to support advanced SVG features like filters and animations while maintaining strict security measures. The sanitizer now properly handles a more extensive range of elements and attributes.
+- Security Enhancements: Ensured that the expanded support does not compromise security by maintaining robust sanitization and validation of SVG content.
+= 1.0.8 =
+* Shortcode Enhancement: Added support for the lazy attribute in the shortcode to control lazy loading of SVGs. Users can now enable or disable lazy loading per SVG by setting lazy="true" or lazy="false" in the shortcode.
+* Global Custom CSS Application: Modified the plugin to enqueue custom CSS globally from the settings page. This ensures that custom styles are applied consistently to all SVGs without needing to append CSS in each shortcode instance.
+* Conditional Animation Support: Updated the SVG sanitization process to conditionally allow animation elements and attributes based on the 'Allow SVG Animations' setting in the plugin settings. When enabled, the sanitizer permits elements like <animate>, <animateTransform>, and their associated attributes.
+* Improved Sanitization Logic: Enhanced the SVG sanitizer to dynamically adjust allowed elements and attributes based on settings, improving security and flexibility.
+* Code Optimizations: Refactored code for better performance and maintainability, including optimizing the shortcode rendering process and reducing redundant code.
+* Documentation Updates: Updated the readme file and usage instructions to reflect the new features and provide clearer guidance on how to use the plugin.
+= 1.0.7 =
+* Security Enhancements: Escaped output functions to prevent security vulnerabilities.
+* Filesystem Operations: Replaced `file_get_contents()` with `WP_Filesystem::get_contents()` and Replaced `file_put_contents()` with `WP_Filesystem::put_contents()`.
+= 1.0.6 =
+* Refined plugin to remove the dedicated Elementor widget while enhancing SVG upload compatibility with Elementor's native widgets.
+* Improved sanitization process for SVG uploads.
+* Enhanced shortcode functionality with additional customization options.
+* Updated settings page for better user experience.
+* Fixed minor bugs and improved performance.
+= 1.0.3 =
+* Added lazy loading support for SVG images.
+* Introduced custom CSS options in the settings page.
+* Enhanced compatibility with the latest WordPress and Elementor versions.
+= 1.0.2 =
+* Initial release with core functionalities.
+## Upgrade Notice
+= 1.1.0 =
+Please update to this version to fix the switch background color issue, improve settings notifications, and enhance security by restricting role modifications to administrators.
+== License ==
+This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License version 2.
+For support or feature requests, please visit our website at https://rizonetech.com

svgplus/trunk/svgplus.php

-                      r3168748
+                      r3192812
 <?php
 /**
+ * Plugin Name: SVGPlus
+ * Description: Upload, sanitize, and display SVG files securely in WordPress.
+ * Version: 1.1.0
+ * Author: Rizonepress
+ * License: GPL2
+ * Plugin Name: SVG Plus
+ * Plugin URI: https://wordpress.org/plugins/svgplus/
+ * Description: Enhanced SVG upload and management for WordPress with sanitization, resizing, and Gutenberg block support.
+ * Version: 1.2.2
+ * Requires at least: 5.8
+ * Requires PHP: 7.4
+ * Author: Rizone
+ * Author URI: https://rizonetech.com
+ * License: GPL v2 or later
+ * License URI: https://www.gnu.org/licenses/gpl-2.0.html
+ * Text Domain: svgplus
+ * Domain Path: /languages
  */
+// If this file is called directly, abort
 if (!defined('ABSPATH')) {
     exit;
+}
+// Include Composer's autoloader if it exists
+if (file_exists(__DIR__ . '/vendor/autoload.php')) {
+    require_once __DIR__ . '/vendor/autoload.php';
+} else {
+    error_log('SVGPlus: Composer autoloader not found. Please ensure dependencies are installed.');
+    return;
+// Define plugin constants
+define('SVGPLUS_VERSION', '1.2.2');
+define('SVGPLUS_FILE', __FILE__);
+define('SVGPLUS_PATH', plugin_dir_path(__FILE__));
+define('SVGPLUS_URL', plugin_dir_url(__FILE__));
+// Load required files
+require_once plugin_dir_path(__FILE__) . 'includes/class-svgplus-logger.php';
+require_once plugin_dir_path(__FILE__) . 'includes/class-svgplus-security.php';
+require_once plugin_dir_path(__FILE__) . 'includes/class-svgplus-sanitizer.php';
+require_once plugin_dir_path(__FILE__) . 'includes/class-svgplus-upload.php';
+require_once plugin_dir_path(__FILE__) . 'includes/class-svgplus-settings.php';
+// Initialize plugin
+add_action('plugins_loaded', 'svgplus_init');
+function svgplus_init() {
+    // Initialize components
+    SVGPlus_Security::init();
+    SVGPlus_Upload::init();
+    SVGPlus_Settings::init();
+    // Load translations
+    load_plugin_textdomain('svgplus', false, dirname(plugin_basename(__FILE__)) . '/languages');
+}
+// Include necessary classes
+$required_classes = [
+    'includes/class-svgplus-sanitizer.php',
+    'includes/class-svgplus-upload.php',
+    'includes/class-svgplus-settings.php',  // Ensure settings class is included
+];
+// Register block scripts and styles
+function svgplus_register_block_assets() {
+    $asset_file = include(SVGPLUS_PATH . 'blocks/svg-block/build/index.asset.php');
+    wp_register_script(
+        'svgplus-block-editor',
+        SVGPLUS_URL . 'blocks/svg-block/build/index.js',
+        $asset_file['dependencies'],
+        $asset_file['version']
+    );
+foreach ($required_classes as $class_file) {
+    $file_path = plugin_dir_path(__FILE__) . $class_file;
+    if (file_exists($file_path)) {
+        require_once $file_path;
+    } else {
+        error_log('SVGPlus: ' . basename($class_file) . ' file not found.');
+        return;
+    }
+    wp_register_style(
+        'svgplus-block-style',
+        SVGPLUS_URL . 'blocks/svg-block/build/style-style.css',
+        array(),
+        $asset_file['version']
+    );
+}
+add_action('init', 'svgplus_register_block_assets');
+// Add the default settings function
+function svgplus_default_settings() {
+    return [
+        'allowed_roles' => ['administrator', 'editor'],  // Default allowed roles for uploads
+        'allow_animations' => true,  // Enable animations by default
+        'custom_css' => '',  // Custom CSS field, initially empty
+        'enable_svg_support' => 1, // Added default setting for SVG support
+    ];
+}
+// Register activation hook
+register_activation_hook(__FILE__, 'svgplus_activate');
+// Set up the plugin activation hook to ensure default settings are added
+function svgplus_activate_plugin() {
+    $default_settings = svgplus_default_settings();
+function svgplus_activate() {
+    // Add default options
+    $default_settings = array(
+        'enable_svg_support' => 1,
+        'sanitize_uploads' => 1,
+        'preserve_aspect_ratio' => 1
+    );
     if (!get_option('svgplus_settings')) {
         add_option('svgplus_settings', $default_settings);
+    }
+}
+register_activation_hook(__FILE__, 'svgplus_activate_plugin');
+// Initialize the Settings class to make sure the settings page is loaded
+if (class_exists('SVGPlus_Settings')) {
+    new SVGPlus_Settings();  // Load the settings page
+    // Clear rewrite rules
+    flush_rewrite_rules();
+}
 // Initialize the upload process
 SVGPlus_Upload::init();
+// Register deactivation hook
+register_deactivation_hook(__FILE__, 'svgplus_deactivate');
+// Force allow SVG uploads based on the 'Enable SVG Support' setting
+function svgplus_allow_svg_uploads($existing_mimes) {
+    $options = get_option('svgplus_settings');
+    $is_svg_enabled = isset($options['enable_svg_support']) ? $options['enable_svg_support'] : 0;
+    if ($is_svg_enabled) {
+        // Add the SVG mime type
+        $existing_mimes['svg'] = 'image/svg+xml';
+        $existing_mimes['svgz'] = 'image/svg+xml'; // For compressed SVG
+    } else {
+        // Remove SVG mime types if present
+        unset($existing_mimes['svg']);
+        unset($existing_mimes['svgz']);
+    }
+    return $existing_mimes;
+}
+add_filter('upload_mimes', 'svgplus_allow_svg_uploads');
+// Bypass MIME type checks only when SVG support is enabled
+function svgplus_disable_real_mime_check($data, $file, $filename, $mimes) {
+    $options = get_option('svgplus_settings');
+    $is_svg_enabled = isset($options['enable_svg_support']) ? $options['enable_svg_support'] : 0;
+    if (!$is_svg_enabled) {
+        return $data;
+    }
+    $ext = pathinfo($filename, PATHINFO_EXTENSION);
+    if ($ext === 'svg' || $ext === 'svgz') {
+        $data['ext'] = 'svg';
+        $data['type'] = 'image/svg+xml';
+    }
+    return $data;
+}
+add_filter('wp_check_filetype_and_ext', 'svgplus_disable_real_mime_check', 10, 4);
+// Update user roles based on settings
+function svgplus_user_roles_can_upload($user) {
+    $options = get_option('svgplus_settings');
+    $allowed_roles = isset($options['allowed_roles']) ? $options['allowed_roles'] : array();
+    foreach ($allowed_roles as $role) {
+        if (in_array($role, $user->roles)) {
+            return true;
+        }
+    }
+    return false;
+function svgplus_deactivate() {
+    // Clear rewrite rules
+    flush_rewrite_rules();
+}
+// Adjust permissions only when SVG support is enabled
+add_action('admin_init', function() {
+    $options = get_option('svgplus_settings');
+    $is_svg_enabled = isset($options['enable_svg_support']) ? $options['enable_svg_support'] : 0;
+// Add settings link to plugins page
+add_filter('plugin_action_links_' . plugin_basename(__FILE__), 'svgplus_add_plugin_links');
+    if ($is_svg_enabled) {
+        if (!current_user_can('upload_files')) {
+            add_filter('user_has_cap', function($caps, $cap, $user_id) {
+                $user = new WP_User($user_id);
+                if (svgplus_user_roles_can_upload($user)) {
+                    $caps['upload_files'] = true;
+                }
+                return $caps;
+            }, 10, 3);
+        }
+    }
+});
+function svgplus_add_plugin_links($links) {
+    $settings_link = '<a href="' . admin_url('options-general.php?page=svgplus-settings') . '">' . __('Settings', 'svgplus') . '</a>';
+    array_unshift($links, $settings_link);
+    return $links;
+}

Note: See TracChangeset for help on using the changeset viewer.

Trac UI Preferences

Plugin Directory