Merge branch 'develop' into trunk

CHANGELOG.md

@@ -4,6 +4,17 @@ All notable changes to this project will be documented in this file, per [the Ke
 
 ## [Unreleased] - TBD
 
+## [2.0.1] - 2022-04-19
+
+### Changed
+
+- Documentation updates (props [@jeffpaul](https://github.com/jeffpaul), [@peterwilsoncc](https://github.com/peterwilsoncc) via [#50](https://github.com/10up/safe-svg/pull/50)).
+
+### Fixed
+
+- Ensure our height and width attributes are set before using them (props [@dkotter](https://github.com/dkotter), [@r8r](https://github.com/r8r), [@jerturowetz](https://github.com/jerturowetz), [@cadic](https://github.com/cadic) via [#51](https://github.com/10up/safe-svg/pull/51))
+- Support for installing via packagist.org (props [@roborourke](https://github.com/roborourke), [@peterwilsoncc](https://github.com/peterwilsoncc) via [#52](https://github.com/10up/safe-svg/pull/52)).
+
 ## [2.0.0] - 2022-04-06
 ### Added
 - New filter, `safe_svg_use_width_height_attributes`, that can be used to change the order of attributes we use to determine the SVG dimensions (props [@dkotter](https://github.com/dkotter), [@peterwilsoncc](https://github.com/peterwilsoncc) via [#43](https://github.com/10up/safe-svg/pull/43)).
@@ -198,6 +209,7 @@ All notable changes to this project will be documented in this file, per [the Ke
 - Initial Release.
 
 [Unreleased]: https://github.com/10up/safe-svg/compare/trunk...develop
+[2.0.1]: https://github.com/10up/safe-svg/compare/2.0.0...2.0.1
 [2.0.0]: https://github.com/10up/safe-svg/compare/1.9.10...2.0.0
 [1.9.10]: https://github.com/10up/safe-svg/compare/1.9.9...1.9.10
 [1.9.9]: https://github.com/10up/safe-svg/compare/1.9.8...1.9.9

CREDITS.md

@@ -12,7 +12,7 @@ The following individuals are responsible for curating the list of issues, respo
 
 Thank you to all the people who have already contributed to this repository via bug reports, code, design, ideas, project management, translation, testing, etc.
 
-[Daryll Doyle (@darylldoyle)](https://github.com/darylldoyle), [Lewis Cowles (@LewisCowles1986)](https://github.com/LewisCowles1986), [Daniel M. Hendricks (@dmhendricks)](https://github.com/dmhendricks), [Dan Pock (@mallardduck)](https://github.com/mallardduck), [K. Adam White (@kadamwhite)](https://github.com/kadamwhite), [Joe Hoyle (@joehoyle)](https://github.com/joehoyle), [Jeffrey Paul (@jeffpaul)](https://github.com/jeffpaul), [Brandon Berg (@BBerg10up)](https://github.com/BBerg10up), [Max Lyuchin (@cadic)](https://github.com/cadic), [Mehidi Hassan (@mehidi258)](https://github.com/mehidi258), [Dharmesh Patel (@iamdharmesh)](https://github.com/iamdharmesh), [Timothy Decker (@amdd-tim)](https://github.com/amdd-tim), [Brooke Campbell](https://www.linkedin.com/in/brookecampbelldesign/), [Mehul Kaklotar (@mehulkaklotar)](https://github.com/mehulkaklotar), [@smerriman](https://github.com/smerriman), [Darin Kotter (@dkotter)](https://github.com/dkotter), [Manuel Friedli (@fritteli)](https://github.com/fritteli), [David Hamann (@davidhamann)](https://github.com/davidhamann), [@j-hoffmann](https://github.com/j-hoffmann), [Peter Wilson (@peterwilsoncc)](https://github.com/peterwilsoncc), [Torsten Landsiedel (@Zodiac1978)](https://github.com/Zodiac1978), [Axel DUCORON (@aksld)](https://github.com/aksld).
+[Daryll Doyle (@darylldoyle)](https://github.com/darylldoyle), [Lewis Cowles (@LewisCowles1986)](https://github.com/LewisCowles1986), [Daniel M. Hendricks (@dmhendricks)](https://github.com/dmhendricks), [Dan Pock (@mallardduck)](https://github.com/mallardduck), [K. Adam White (@kadamwhite)](https://github.com/kadamwhite), [Joe Hoyle (@joehoyle)](https://github.com/joehoyle), [Jeffrey Paul (@jeffpaul)](https://github.com/jeffpaul), [Brandon Berg (@BBerg10up)](https://github.com/BBerg10up), [Max Lyuchin (@cadic)](https://github.com/cadic), [Mehidi Hassan (@mehidi258)](https://github.com/mehidi258), [Dharmesh Patel (@iamdharmesh)](https://github.com/iamdharmesh), [Timothy Decker (@amdd-tim)](https://github.com/amdd-tim), [Brooke Campbell](https://www.linkedin.com/in/brookecampbelldesign/), [Mehul Kaklotar (@mehulkaklotar)](https://github.com/mehulkaklotar), [@smerriman](https://github.com/smerriman), [Darin Kotter (@dkotter)](https://github.com/dkotter), [Manuel Friedli (@fritteli)](https://github.com/fritteli), [David Hamann (@davidhamann)](https://github.com/davidhamann), [@j-hoffmann](https://github.com/j-hoffmann), [Peter Wilson (@peterwilsoncc)](https://github.com/peterwilsoncc), [Torsten Landsiedel (@Zodiac1978)](https://github.com/Zodiac1978), [Axel DUCORON (@aksld)](https://github.com/aksld), [Mario Rader (@r8r)](https://github.com/r8r), [Jeremy Turowetz (@jerturowetz)](https://github.com/jerturowetz), [Robert O'Rourke (@roborourke)](https://github.com/roborourke).
 
 ## Libraries
 

LICENSE.md

@@ -1,39 +1,7 @@
-Safe SVG - Upload and sanitize SVGs within WordPress
-
-Copyright 2015 Daryll Doyle
-
-This program is free software; you can redistribute it and/or modify
-it under the terms of the GNU General Public License as published by
-the Free Software Foundation; either version 2 of the License, or
-(at your option) any later version.
-
-This program is distributed in the hope that it will be useful,
-but WITHOUT ANY WARRANTY; without even the implied warranty of
-MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-GNU General Public License for more details.
-
-You should have received a copy of the GNU General Public License
-along with this program; if not, write to the Free Software
-Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA  02110-1301  USA
-
-This program incorporates work covered by the following copyright and
-permission notices:
-
-  svg-sanitize is (c) 2015 Daryll Doyle - daryll@enshrined.co.uk -
-  http://enshrined.co.uk
-
-  Wherever third party code has been used, credit has been given in the code's
-  comments.
-
-  svg-sanitize is released under the GPL
-
-
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
-
                     GNU GENERAL PUBLIC LICENSE
                        Version 2, June 1991
 
- Copyright (C) 1989, 1991 Free Software Foundation, Inc., <http://fsf.org/>
+ Copyright (C) 1989, 1991 Free Software Foundation, Inc.,
  51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
  Everyone is permitted to copy and distribute verbatim copies
  of this license document, but changing it is not allowed.
@@ -322,8 +290,8 @@ to attach them to the start of each source file to most effectively
 convey the exclusion of warranty; and each file should have at least
 the "copyright" line and a pointer to where the full notice is found.
 
-    {description}
-    Copyright (C) {year}  {fullname}
+    <one line to give the program's name and a brief idea of what it does.>
+    Copyright (C) <year>  <name of author>
 
     This program is free software; you can redistribute it and/or modify
     it under the terms of the GNU General Public License as published by
@@ -361,7 +329,7 @@ necessary.  Here is a sample; alter the names:
   Yoyodyne, Inc., hereby disclaims all copyright interest in the program
   `Gnomovision' (which makes passes at compilers) written by James Hacker.
 
-  {signature of Ty Coon}, 1 April 1989
+  <signature of Ty Coon>, 1 April 1989
   Ty Coon, President of Vice
 
 This General Public License does not permit incorporating your program into

readme.txt

@@ -3,7 +3,7 @@ Contributors:      10up, enshrined
 Tags:              svg, sanitize, upload, sanitise, security, svg upload, image, vector, file, graphic, media, mime
 Requires at least: 4.7
 Tested up to:      5.9
-Stable tag:        2.0.0
+Stable tag:        2.0.1
 Requires PHP:      7.0
 License:           GPLv2 or later
 License URI:       http://www.gnu.org/licenses/gpl-2.0.html
@@ -66,6 +66,11 @@ They take one argument that must be returned. See below for examples:
 
 == Changelog ==
 
+= 2.0.1 - 2022-04-19 =
+* **Changed:** Documentation updates (props [@jeffpaul](https://github.com/jeffpaul), [@peterwilsoncc](https://github.com/peterwilsoncc)).
+* **Fixed:** Ensure our height and width attributes are set before using them (props [@dkotter](https://github.com/dkotter), [@r8r](https://github.com/r8r), [@jerturowetz](https://github.com/jerturowetz), [@cadic](https://github.com/cadic)).
+* **Fixed:** Support for installing via packagist.org (props [@roborourke](https://github.com/roborourke), [@peterwilsoncc](https://github.com/peterwilsoncc)).
+
 = 2.0.0 - 2022-04-06 =
 * **Added:** New filter, `safe_svg_use_width_height_attributes`, that can be used to change the order of attributes we use to determine the SVG dimensions (props [@dkotter](https://github.com/dkotter), [@peterwilsoncc](https://github.com/peterwilsoncc)).
 * **Changed:** Documentation updates (props [@j-hoffmann](https://github.com/j-hoffmann), [@jeffpaul](https://github.com/jeffpaul), [@Zodiac1978](https://github.com/Zodiac1978)).

safe-svg.php

@@ -3,7 +3,7 @@
  * Plugin Name:       Safe SVG
  * Plugin URI:        https://wordpress.org/plugins/safe-svg/
  * Description:       Enable SVG uploads and sanitize them to stop XML/SVG vulnerabilities in your WordPress website
- * Version:           2.0.0
+ * Version:           2.0.1
  * Requires at least: 4.7
  * Requires PHP:      7.0
  * Author:            10up
@@ -19,7 +19,7 @@
 // Try and include our autoloader.
 if ( is_readable( __DIR__ . '/vendor/autoload.php' ) ) {
 	require __DIR__ . '/vendor/autoload.php';
-} else {
+} elseif ( ! class_exists( 'enshrined\\svgSanitize\\Sanitizer' ) ) {
 	add_action(
 		'admin_notices',
 		function() {
@@ -500,12 +500,24 @@ protected function svg_dimensions( $svg ) {
                  *
                  * @return {bool} If we should use the width & height attributes first or not.
                  */
-                if ( (bool) apply_filters( 'safe_svg_use_width_height_attributes', false, $svg ) ) {
-                    $width  = $attr_width;
-                    $height = $attr_height;
+                $use_width_height = (bool) apply_filters( 'safe_svg_use_width_height_attributes', false, $svg );
+
+                if ( $use_width_height ) {
+                    if ( isset( $attr_width, $attr_height ) ) {
+                        $width  = $attr_width;
+                        $height = $attr_height;
+                    } elseif ( isset( $viewbox_width, $viewbox_height ) ) {
+                        $width  = $viewbox_width;
+                        $height = $viewbox_height;
+                    }
                 } else {
-                    $width  = $viewbox_width;
-                    $height = $viewbox_height;
+                    if ( isset( $viewbox_width, $viewbox_height ) ) {
+                        $width  = $viewbox_width;
+                        $height = $viewbox_height;
+                    } elseif ( isset( $attr_width, $attr_height ) ) {
+                        $width  = $attr_width;
+                        $height = $attr_height;
+                    }
                 }
 
                 if ( ! $width && ! $height ) {