Merge branch 'develop' into trunk

10up · Aug 21, 2023 · 413ca06 · 413ca06
2 parents bda2ac2 + 0e895da
commit 413ca06
Show file tree

Hide file tree

Showing 25 changed files with 18,730 additions and 3,469 deletions.
diff --git a/.distignore b/.distignore
@@ -6,9 +6,7 @@
 /tests
 
 # Files
-.distignore
-.gitignore
-.wp-env.json
+.*
 CHANGELOG.md
 CODE_OF_CONDUCT.md
 composer.json
@@ -21,4 +19,5 @@ package.json
 phpcs.xml
 phpunit.xml.dist
 README.md
-webpack.config.js
+webpack.config.js
+/assets/js/admin/admin.js
diff --git a/.github/workflows/cypress.yml b/.github/workflows/cypress.yml
@@ -57,13 +57,22 @@ jobs:
     - name: Test
       run: npm run cypress:run
 
-    - name: Upload artifacts
-      uses: actions/upload-artifact@v2
+    - name: Update summary
+      if: always()
+      run: |
+          npx mochawesome-merge ./tests/cypress/reports/*.json -o tests/cypress/reports/mochawesome.json
+          rm -rf ./tests/cypress/reports/mochawesome-*.json
+          npx mochawesome-json-to-md -p ./tests/cypress/reports/mochawesome.json -o ./tests/cypress/reports/mochawesome.md
+          npx mochawesome-report-generator tests/cypress/reports/mochawesome.json -o tests/cypress/reports/
+          cat ./tests/cypress/reports/mochawesome.md >> $GITHUB_STEP_SUMMARY
+    - name: Make artifacts available
+      uses: actions/upload-artifact@v3
       if: failure()
       with:
-        name: cypress-artifact-safe-svg
-        retention-days: 7
+        name: cypress-artifact
+        retention-days: 2
         path: |
-          ${{ github.workspace }}/tests/cypress/screenshots/
-          ${{ github.workspace }}/tests/cypress/videos/
-          ${{ github.workspace }}/tests/cypress/logs/
+            ${{ github.workspace }}/tests/cypress/screenshots/
+            ${{ github.workspace }}/tests/cypress/videos/
+            ${{ github.workspace }}/tests/cypress/logs/
+            ${{ github.workspace }}/tests/cypress/reports/
diff --git a/.github/workflows/dependency-review.yml b/.github/workflows/dependency-review.yml
@@ -16,5 +16,9 @@ jobs:
     steps:
       - name: 'Checkout Repository'
         uses: actions/checkout@v3
-      - name: 'Dependency Review'
-        uses: actions/dependency-review-action@v1
+      - name: Dependency Review
+        uses: actions/dependency-review-action@v3
+        with:
+          license-check: true
+          vulnerability-check: false
+          config-file: 10up/.github/.github/dependency-review-config.yml@trunk
diff --git a/.github/workflows/wordpress-latest.yml → ...b/workflows/wordpress-version-checker.yml b/.github/workflows/wordpress-latest.yml → ...b/workflows/wordpress-version-checker.yml
@@ -10,11 +10,14 @@ on:
   schedule:
     - cron: '0 0 * * 1'
 
+permissions:
+  issues: write
+
 jobs:
   wordpress-version-checker:
     runs-on: ubuntu-latest
     steps:
       - name: WordPress version checker
-        uses: skaut/wordpress-version-checker@v1.2.0
+        uses: skaut/wordpress-version-checker@master
         with:
           repo-token: ${{ secrets.GITHUB_TOKEN }}
diff --git a/.gitignore b/.gitignore
@@ -5,6 +5,7 @@ node_modules
 tests/cypress/downloads
 tests/cypress/screenshots
 tests/cypress/videos
+tests/cypress/reports
 dist
 
 # Files

diff --git a/.wordpress-version-checker.json b/.wordpress-version-checker.json
@@ -0,0 +1,4 @@
+{
+    "readme": "readme.txt",
+    "channel": "rc"
+}
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -4,6 +4,33 @@ All notable changes to this project will be documented in this file, per [the Ke
 
 ## [Unreleased] - TBD
 
+## [2.2.0] - 2023-08-21
+### Added
+- New settings that give the ability to select which user roles can upload SVG files (props [@dhanendran](https://github.com/dhanendran), [@csloisel](https://github.com/csloisel), [@faisal-alvi](https://github.com/faisal-alvi), [@dkotter](https://github.com/dkotter) via [#76](https://github.com/10up/safe-svg/pull/76)).
+- SVG optimization during upload via SVGO. Feature is disabled by default but can be enabled using the `safe_svg_optimizer_enabled` filter (props [@gsarig](https://github.com/gsarig), [@peterwilsoncc](https://github.com/peterwilsoncc), [@Sidsector9](https://github.com/Sidsector9), [@darylldoyle](https://github.com/darylldoyle), [@faisal-alvi](https://github.com/faisal-alvi), [@dkotter](https://github.com/dkotter), [@ravinderk](https://github.com/ravinderk) via [#79](https://github.com/10up/safe-svg/pull/79), [#145](https://github.com/10up/safe-svg/pull/145)).
+- Spacing and color controls added to SVG block (props [@bmarshall511](https://github.com/bmarshall511), [@iamdharmesh](https://github.com/iamdharmesh) via [#135](https://github.com/10up/safe-svg/pull/135)).
+- Mochawesome reporter added for Cypress test report (props [@jayedul](https://github.com/jayedul), [@peterwilsoncc](https://github.com/peterwilsoncc) via [#124](https://github.com/10up/safe-svg/pull/124)).
+
+### Changed
+- Update [Support Level](https://github.com/10up/safe-svg#support-level) from `Active` to `Stable` (props [@Sidsector9](https://github.com/Sidsector9), [@iamdharmesh](https://github.com/iamdharmesh) via [#100](https://github.com/10up/safe-svg/pull/100)).
+- Update name of SVG block from Safe SVG Icon to Inline SVG (props [@bmarshall511](https://github.com/bmarshall511), [@iamdharmesh](https://github.com/iamdharmesh) via [#135](https://github.com/10up/safe-svg/pull/135)).
+- Bump WordPress "tested up to" version 6.3 (props [@dkotter](https://github.com/dkotter), [@jeffpaul](https://github.com/jeffpaul) via [#144](https://github.com/10up/safe-svg/pull/144)).
+- Update the Dependency Review GitHub Action (props [@jeffpaul](https://github.com/jeffpaul), [@Sidsector9](https://github.com/Sidsector9) via [#128](https://github.com/10up/safe-svg/pull/128)).
+
+### Fixed
+- Add namespace to the `class_exists` check (props [@szepeviktor](https://github.com/szepeviktor), [@iamdharmesh](https://github.com/iamdharmesh) via [#120](https://github.com/10up/safe-svg/pull/120)).
+- Ensure Sanitizer class is properly imported (props [@szepeviktor](https://github.com/szepeviktor), [@iamdharmesh](https://github.com/iamdharmesh) via [#121](https://github.com/10up/safe-svg/pull/121)).
+- Remove an unneeded global (props [@szepeviktor](https://github.com/szepeviktor), [@iamdharmesh](https://github.com/iamdharmesh) via [#122](https://github.com/10up/safe-svg/pull/122)).
+- Use absolute path in require (props [@szepeviktor](https://github.com/szepeviktor), [@iamdharmesh](https://github.com/iamdharmesh) via [#123](https://github.com/10up/safe-svg/pull/123)).
+- Ensure custom classname added to SVG block is output on the front-end (props [@bmarshall511](https://github.com/bmarshall511), [@Sidsector9](https://github.com/Sidsector9), [@dkotter](https://github.com/dkotter) via [#130](https://github.com/10up/safe-svg/pull/130)).
+- Ensure `SimpleXML` exists before using it (props [@sdmtt](https://github.com/sdmtt), [@faisal-alvi](https://github.com/faisal-alvi) via [#140](https://github.com/10up/safe-svg/pull/140)).
+- Fix markdown issues in the readme (props [@szepeviktor](https://github.com/szepeviktor), [@iamdharmesh](https://github.com/iamdharmesh) via [#119](https://github.com/10up/safe-svg/pull/119)).
+
+### Security
+- Bump `semver` from 5.7.1 to 5.7.2 (props [@dependabot](https://github.com/apps/dependabot) via [#134](https://github.com/10up/safe-svg/pull/134)).
+- Bump `word-wrap` from 1.2.3 to 1.2.5 (props [@dependabot](https://github.com/apps/dependabot) via [#141](https://github.com/10up/safe-svg/pull/141)).
+- Bump `tough-cookie` from 4.1.2 to 4.1.3 and `@cypress/request` from 2.88.10 to 2.88.12 (props [@dependabot](https://github.com/apps/dependabot) via [#146](https://github.com/10up/safe-svg/pull/146)).
+
 ## [2.1.1] - 2023-04-05
 ### Changed
 - Upgrade `@wordpress` npm package dependencies (props [@ggutenberg](https://github.com/ggutenberg), [@Sidsector9](https://github.com/Sidsector9) via [#108](https://github.com/10up/safe-svg/pull/108)).
@@ -259,6 +286,7 @@ All notable changes to this project will be documented in this file, per [the Ke
 - Initial Release.
 
 [Unreleased]: https://github.com/10up/safe-svg/compare/trunk...develop
+[2.2.0]: https://github.com/10up/safe-svg/compare/2.1.1...2.2.0
 [2.1.1]: https://github.com/10up/safe-svg/compare/2.1.0...2.1.1
 [2.1.0]: https://github.com/10up/safe-svg/compare/2.0.3...2.1.0
 [2.0.3]: https://github.com/10up/safe-svg/compare/2.0.2...2.0.3

diff --git a/CREDITS.md b/CREDITS.md
@@ -12,7 +12,7 @@ The following individuals are responsible for curating the list of issues, respo
 
 Thank you to all the people who have already contributed to this repository via bug reports, code, design, ideas, project management, translation, testing, etc.
 
-[Daryll Doyle (@darylldoyle)](https://github.com/darylldoyle), [Lewis Cowles (@LewisCowles1986)](https://github.com/LewisCowles1986), [Daniel M. Hendricks (@dmhendricks)](https://github.com/dmhendricks), [Dan Pock (@mallardduck)](https://github.com/mallardduck), [K. Adam White (@kadamwhite)](https://github.com/kadamwhite), [Joe Hoyle (@joehoyle)](https://github.com/joehoyle), [Jeffrey Paul (@jeffpaul)](https://github.com/jeffpaul), [Brandon Berg (@BBerg10up)](https://github.com/BBerg10up), [Max Lyuchin (@cadic)](https://github.com/cadic), [Mehidi Hassan (@mehidi258)](https://github.com/mehidi258), [Dharmesh Patel (@iamdharmesh)](https://github.com/iamdharmesh), [Timothy Decker (@amdd-tim)](https://github.com/amdd-tim), [Brooke Campbell](https://www.linkedin.com/in/brookecampbelldesign/), [Mehul Kaklotar (@mehulkaklotar)](https://github.com/mehulkaklotar), [@smerriman](https://github.com/smerriman), [Darin Kotter (@dkotter)](https://github.com/dkotter), [Manuel Friedli (@fritteli)](https://github.com/fritteli), [David Hamann (@davidhamann)](https://github.com/davidhamann), [@j-hoffmann](https://github.com/j-hoffmann), [Peter Wilson (@peterwilsoncc)](https://github.com/peterwilsoncc), [Torsten Landsiedel (@Zodiac1978)](https://github.com/Zodiac1978), [Axel DUCORON (@aksld)](https://github.com/aksld), [Mario Rader (@r8r)](https://github.com/r8r), [Jeremy Turowetz (@jerturowetz)](https://github.com/jerturowetz), [Robert O'Rourke (@roborourke)](https://github.com/roborourke), [Dominik Schilling (@ocean90)](https://github.com/ocean90), [Adam Wills (@AdamWills)](https://github.com/AdamWills), [Faisal Alvi (@faisal-alvi)](https://github.com/faisal-alvi), [Siddharth Thevaril (@Sidsector9)](https://github.com/Sidsector9), [Cory Hughart (@cr0ybot)](https://github.com/cr0ybot),  [Cory Birdsong (@cbirdsong)](https://github.com/cbirdsong), [Vikram Moparthy (@vikrampm1)](https://github.com/vikrampm1), [Garth Gutenberg (@ggutenberg)](https://github.com/ggutenberg), [Jayedul Kabir (@jayedul)](https://github.com/jayedul), [Marcel Freinbichler (@freinbichler)](https://github.com/freinbichler), [IanDelMar (@IanDelMar)](https://github.com/IanDelMar), [Ravinder Kumar (@ravinderk)](https://github.com/ravinderk).
+[Daryll Doyle (@darylldoyle)](https://github.com/darylldoyle), [Lewis Cowles (@LewisCowles1986)](https://github.com/LewisCowles1986), [Daniel M. Hendricks (@dmhendricks)](https://github.com/dmhendricks), [Dan Pock (@mallardduck)](https://github.com/mallardduck), [K. Adam White (@kadamwhite)](https://github.com/kadamwhite), [Joe Hoyle (@joehoyle)](https://github.com/joehoyle), [Jeffrey Paul (@jeffpaul)](https://github.com/jeffpaul), [Brandon Berg (@BBerg10up)](https://github.com/BBerg10up), [Max Lyuchin (@cadic)](https://github.com/cadic), [Mehidi Hassan (@mehidi258)](https://github.com/mehidi258), [Dharmesh Patel (@iamdharmesh)](https://github.com/iamdharmesh), [Timothy Decker (@amdd-tim)](https://github.com/amdd-tim), [Brooke Campbell](https://www.linkedin.com/in/brookecampbelldesign/), [Mehul Kaklotar (@mehulkaklotar)](https://github.com/mehulkaklotar), [@smerriman](https://github.com/smerriman), [Darin Kotter (@dkotter)](https://github.com/dkotter), [Manuel Friedli (@fritteli)](https://github.com/fritteli), [David Hamann (@davidhamann)](https://github.com/davidhamann), [@j-hoffmann](https://github.com/j-hoffmann), [Peter Wilson (@peterwilsoncc)](https://github.com/peterwilsoncc), [Torsten Landsiedel (@Zodiac1978)](https://github.com/Zodiac1978), [Axel DUCORON (@aksld)](https://github.com/aksld), [Mario Rader (@r8r)](https://github.com/r8r), [Jeremy Turowetz (@jerturowetz)](https://github.com/jerturowetz), [Robert O'Rourke (@roborourke)](https://github.com/roborourke), [Dominik Schilling (@ocean90)](https://github.com/ocean90), [Adam Wills (@AdamWills)](https://github.com/AdamWills), [Faisal Alvi (@faisal-alvi)](https://github.com/faisal-alvi), [Siddharth Thevaril (@Sidsector9)](https://github.com/Sidsector9), [Cory Hughart (@cr0ybot)](https://github.com/cr0ybot),  [Cory Birdsong (@cbirdsong)](https://github.com/cbirdsong), [Vikram Moparthy (@vikrampm1)](https://github.com/vikrampm1), [Garth Gutenberg (@ggutenberg)](https://github.com/ggutenberg), [Jayedul Kabir (@jayedul)](https://github.com/jayedul), [Marcel Freinbichler (@freinbichler)](https://github.com/freinbichler), [IanDelMar (@IanDelMar)](https://github.com/IanDelMar), [Ravinder Kumar (@ravinderk)](https://github.com/ravinderk), [GitHub Dependabot (@dependabot)](https://github.com/apps/dependabot), [Santiago Dimattia (@sdmtt)](https://github.com/sdmtt), [Ben Marshall (@bmarshall511)](https://github.com/bmarshall511), [Viktor Szépe (@szepeviktor)](https://github.com/szepeviktor), [Dhanendran Rajagopal (@dhanendran)](https://github.com/dhanendran), [Curtis Loisel (@csloisel)](https://github.com/csloisel), [Giorgos Sarigiannidis (@gsarig)](https://github.com/gsarig).
 
 ## Libraries
 

diff --git a/README.md b/README.md
@@ -1,9 +1,16 @@
 # Safe SVG
 
-> Enable SVG uploads and sanitize them to stop XML/SVG vulnerabilities in your WordPress website
-
-[![Support Level](https://img.shields.io/badge/support-active-green.svg)](#support-level) [![Release Version](https://img.shields.io/github/release/10up/safe-svg.svg)](https://github.com/10up/safe-svg/releases/latest) ![WordPress tested up to version](https://img.shields.io/wordpress/plugin/tested/safe-svg?label=WordPress) [![GPLv2 License](https://img.shields.io/github/license/10up/safe-svg.svg)](https://github.com/10up/safe-svg/blob/develop/LICENSE.md)
-[![Dependency Review](https://github.com/10up/safe-svg/actions/workflows/dependency-review.yml/badge.svg)](https://github.com/10up/safe-svg/actions/workflows/dependency-review.yml) [![E2E test](https://github.com/10up/safe-svg/actions/workflows/cypress.yml/badge.svg)](https://github.com/10up/safe-svg/actions/workflows/cypress.yml) [![PHP Compatibility](https://github.com/10up/safe-svg/actions/workflows/php-compatibility.yml/badge.svg)](https://github.com/10up/safe-svg/actions/workflows/php-compatibility.yml) [![PHPCS](https://github.com/10up/safe-svg/actions/workflows/phpcs.yml/badge.svg)](https://github.com/10up/safe-svg/actions/workflows/phpcs.yml) [![PHPUnit](https://github.com/10up/safe-svg/actions/workflows/phpunit.yml/badge.svg)](https://github.com/10up/safe-svg/actions/workflows/phpunit.yml)
+> Enable SVG uploads and sanitize them to stop XML/SVG vulnerabilities in your WordPress website.
+
+[![Support Level](https://img.shields.io/badge/support-stable-blue.svg)](#support-level)
+[![Release Version](https://img.shields.io/github/release/10up/safe-svg.svg)](https://github.com/10up/safe-svg/releases/latest)
+![WordPress tested up to version](https://img.shields.io/wordpress/plugin/tested/safe-svg?label=WordPress)
+[![GPLv2 License](https://img.shields.io/github/license/10up/safe-svg.svg)](https://github.com/10up/safe-svg/blob/develop/LICENSE.md)
+[![Dependency Review](https://github.com/10up/safe-svg/actions/workflows/dependency-review.yml/badge.svg)](https://github.com/10up/safe-svg/actions/workflows/dependency-review.yml)
+[![E2E test](https://github.com/10up/safe-svg/actions/workflows/cypress.yml/badge.svg)](https://github.com/10up/safe-svg/actions/workflows/cypress.yml)
+[![PHP Compatibility](https://github.com/10up/safe-svg/actions/workflows/php-compatibility.yml/badge.svg)](https://github.com/10up/safe-svg/actions/workflows/php-compatibility.yml)
+[![PHPCS](https://github.com/10up/safe-svg/actions/workflows/phpcs.yml/badge.svg)](https://github.com/10up/safe-svg/actions/workflows/phpcs.yml)
+[![PHPUnit](https://github.com/10up/safe-svg/actions/workflows/phpunit.yml/badge.svg)](https://github.com/10up/safe-svg/actions/workflows/phpunit.yml)
 
 ## Overview
 
@@ -12,17 +19,18 @@ Safe SVG is the best way to Allow SVG Uploads in WordPress!
 It gives you the ability to allow SVG uploads whilst making sure that they're sanitized to stop SVG/XML vulnerabilities affecting your site.  It also gives you the ability to preview your uploaded SVGs in the media library in all views.
 
 ### Current Features
+
 * **Sanitised SVGs** - Don't open up security holes in your WordPress site by allowing uploads of unsanitised files.
+* **SVGO Optimisation** - Runs your SVGs through the SVGO tool on upload to save you space. This feature is disabled by default but can be enabled by adding the following code: `add_filter( 'safe_svg_optimizer_enabled', '__return_true' );`
 * **View SVGs in the Media Library** - Gone are the days of guessing which SVG is the correct one, we'll enable SVG previews in the WordPress media library.
-
-### Features on the Roadmap
-* **SVGO Optimisation** - You'll have the option to run your SVGs through our SVGO server on upload to save you space.
 * **Choose Who Can Upload** - Restrict SVG uploads to certain users on your WordPress site or allow anyone to upload.
 
 Initially a proof of concept for [#24251](https://core.trac.wordpress.org/ticket/24251).
 
 SVG Sanitization is done through the following library: [https://github.com/darylldoyle/svg-sanitizer](https://github.com/darylldoyle/svg-sanitizer).
 
+SVG Optimization is done through the following library: [https://github.com/svg/svgo](https://github.com/svg/svgo).
+
 ## Requirements
 
 * PHP 7.4+
@@ -39,42 +47,46 @@ Install through the WordPress directory or download, unzip and upload the files
 Yes, this can be done using the `svg_allowed_attributes` and `svg_allowed_tags` filters.
 They take one argument that must be returned. See below for examples:
 
-    add_filter( 'svg_allowed_attributes', function ( $attributes ) {
+```php
+add_filter( 'svg_allowed_attributes', function ( $attributes ) {
 
-        // Do what you want here...
+    // Do what you want here...
 
-        // This should return an array so add your attributes to
-        // to the $attributes array before returning it. E.G.
+    // This should return an array so add your attributes to
+    // to the $attributes array before returning it. E.G.
 
-        $attributes[] = 'target'; // This would allow the target="" attribute.
+    $attributes[] = 'target'; // This would allow the target="" attribute.
 
-        return $attributes;
-    } );
+    return $attributes;
+} );
 
 
-    add_filter( 'svg_allowed_tags', function ( $tags ) {
+add_filter( 'svg_allowed_tags', function ( $tags ) {
 
-        // Do what you want here...
+    // Do what you want here...
 
-        // This should return an array so add your tags to
-        // to the $tags array before returning it. E.G.
+    // This should return an array so add your tags to
+    // to the $tags array before returning it. E.G.
 
-        $tags[] = 'use'; // This would allow the <use> element.
+    $tags[] = 'use'; // This would allow the <use> element.
 
-        return $tags;
-    } );
+    return $tags;
+} );
+```
 
 ## Support Level
 
-**Active:** 10up is actively working on this, and we expect to continue work for the foreseeable future including keeping tested up to the most recent version of WordPress.  Bug reports, feature requests, questions, and pull requests are welcome.
+**Stable:** 10up is not planning to develop any new features for this, but will still respond to bug reports and security concerns. We welcome PRs, but any that include new features should be small and easy to integrate and should not include breaking changes. We otherwise intend to keep this tested up to the most recent version of WordPress.
 
 ## Changelog
 
-A complete listing of all notable changes to Safe SVG are documented in [CHANGELOG.md](https://github.com/10up/safe-svg/blob/develop/CHANGELOG.md).
+A complete listing of all notable changes to Safe SVG are documented in [CHANGELOG.md](CHANGELOG.md).
 
 ## Contributing
 
-Please read [CODE_OF_CONDUCT.md](https://github.com/10up/safe-svg/blob/develop/CODE_OF_CONDUCT.md) for details on our code of conduct, [CONTRIBUTING.md](https://github.com/10up/safe-svg/blob/develop/CONTRIBUTING.md) for details on the process for submitting pull requests to us, and [CREDITS.md](https://github.com/10up/safe-svg/blob/develop/CREDITS.md) for a listing of maintainers of, contributors to, and libraries used by Safe SVG.
+Please read [CODE_OF_CONDUCT.md](CODE_OF_CONDUCT.md) for details on our code of conduct,
+[CONTRIBUTING.md](CONTRIBUTING.md) for details on the process for submitting pull requests to us,
+and [CREDITS.md](CREDITS.md) for a listing of maintainers of, contributors to, and libraries used by Safe SVG.
 
 ## Like what you see?