Addressing CR feedback

10up · May 27, 2023 · 2d71745 · 2d71745
1 parent 5737372
commit 2d71745
Show file tree

Hide file tree

Showing 2 changed files with 20 additions and 30 deletions.
diff --git a/assets/js/admin/admin.js b/assets/js/admin/admin.js
@@ -4,7 +4,7 @@ import {select, subscribe} from '@wordpress/data';
 
 (function () {
     const ajaxUrl = new URL(safeSvgParams.ajaxUrl);
-    const svgoParams = JSON.parse(safeSvgParams.svgoParams);
+    const svgoParams = safeSvgParams.svgoParams;
 
     if (!ajaxUrl || !svgoParams) {
         return;
@@ -17,10 +17,11 @@ import {select, subscribe} from '@wordpress/data';
      * Optimizes the SVG and prepares the parameters for the AJAX call.
      *
      * @param {string} svgUrl - The URL of the SVG file.
+     * @param {int} svgId - The ID of the SVG file.
      * @param {string} data - The SVG contents.
      * @returns {object}
      */
-    const ajaxUrlParams = (svgUrl, data) => {
+    const ajaxUrlParams = (svgUrl, data, svgId = 0) => {
         // Run the SVGO optimizer to get the optimized SVG contents.
         const optimized = optimize(data, svgoParams);
         const optimizedString = optimized?.data;
@@ -33,6 +34,7 @@ import {select, subscribe} from '@wordpress/data';
         return {
             action: 'safe_svg_optimize',
             svg_url: svgUrl,
+            svg_id: svgId ?? 0,
             optimized_svg: optimizedString,
             svg_nonce: safeSvgParams.nonce,
         };
@@ -42,6 +44,9 @@ import {select, subscribe} from '@wordpress/data';
      * Trigger a refresh on the uploader window to update the file size.
      */
     const refreshMediaUploaderWindow = () => {
+       if(typeof wp.media === 'undefined') {
+           return;
+       }
         if (wp.media.frame.content.get() !== null && wp.media.frame.content.get() !== undefined) {
             wp.media.frame.content
                 .get()
@@ -187,6 +192,7 @@ import {select, subscribe} from '@wordpress/data';
             // Run on a successful upload.
             success(attachment) {
                 const svgUrl = attachment?.attributes?.url;
+                const svgId = attachment?.attributes?.id;
                 if (!svgUrl || attachment?.attributes?.subtype !== 'svg+xml') {
                     return;
                 }
@@ -195,7 +201,7 @@ import {select, subscribe} from '@wordpress/data';
                 fetch(svgUrl, {method: 'GET'})
                     .then((response) => response.text())
                     .then((response) => {
-                        const params = ajaxUrlParams(svgUrl, response);
+                        const params = ajaxUrlParams(svgUrl, response, svgId);
                         if (!params) {
                             return;
                         }

diff --git a/includes/optimizer.php b/includes/optimizer.php
@@ -90,18 +90,19 @@ public function enqueues( $hook ) {
 			wp_enqueue_script(
 				'safe-svg-admin-scripts',
 				SAFE_SVG_PLUGIN_URL . '/dist/safe-svg-admin.js',
-				[ 'wp-data' ],
+				[ 'wp-data', 'utils' ],
 				SAFE_SVG_VERSION,
 				true
 			);
 			$params = wp_json_encode(
 				[
-					'ajaxUrl'    => esc_url( admin_url( 'admin-ajax.php' ) ),
-					'svgoParams' => wp_json_encode( $this->svgo_params() ),
+					'ajaxUrl'    => sanitize_url( admin_url( 'admin-ajax.php' ) ),
+					'svgoParams' => $this->svgo_params(),
 					'nonce'      => wp_create_nonce( $this->nonce_name ),
 					'context'    => $hook,
 				]
 			);
+
 			wp_add_inline_script(
 				'safe-svg-admin-scripts',
 				sprintf(
@@ -117,12 +118,16 @@ public function enqueues( $hook ) {
 		 * @return void
 		 */
 		public function optimize() {
-			$svg_url = filter_input( INPUT_GET, 'svg_url', FILTER_SANITIZE_URL );
-			if ( ! current_user_can( 'edit_posts', attachment_url_to_postid( $svg_url ) ) ) {
+			$svg_url       = filter_input( INPUT_GET, 'svg_url', FILTER_SANITIZE_URL );
+			$svg_id        = filter_input( INPUT_GET, 'svg_id', FILTER_SANITIZE_NUMBER_INT );
+			$attachment_id = ! empty( $svg_id ) ? $svg_id : attachment_url_to_postid( $svg_url );
+
+			if ( empty( $attachment_id ) || ! current_user_can( 'edit_post', $attachment_id ) ) {
 				return;
 			}
 			check_ajax_referer( $this->nonce_name, 'svg_nonce' );
-			$svg_path = $this->url_to_path( $svg_url );
+			$svg_path = get_attached_file( $attachment_id );
+
 			if ( empty( $svg_path ) ) {
 				return;
 			}
@@ -137,26 +142,5 @@ public function optimize() {
 			file_put_contents( $svg_path, $sanitized ); // phpcs:ignore WordPress.WP.AlternativeFunctions.file_system_read_file_put_contents
 			wp_die();
 		}
-		/**
-		 * A helper method to get the file path from its URL.
-		 *
-		 * @param string $url The URL string.
-		 *
-		 * @return false|string
-		 */
-		protected function url_to_path( string $url = '' ) {
-			if ( empty( $url ) ) {
-				return '';
-			}
-			$parsed_url = wp_parse_url( $url );
-			if ( empty( $parsed_url['path'] ) ) {
-				return false;
-			}
-			$file = ABSPATH . ltrim( $parsed_url['path'], '/' );
-			if ( file_exists( $file ) ) {
-				return $file;
-			}
-			return false;
-		}
 	}
 }