From 3a19716eeafdd487420a69bdc3fbb9ab409d3883 Mon Sep 17 00:00:00 2001
From: Kirtan Gajjar <8456197+kirtangajjar@users.noreply.github.com>
Date: Sun, 19 May 2024 23:02:23 +0530
Subject: [PATCH 1/3] Update composer.json

---
 composer.json |  4 +--
 composer.lock | 78 ++++++---------------------------------------------
 2 files changed, 10 insertions(+), 72 deletions(-)

diff --git a/composer.json b/composer.json
index 17a49c96..bf47a6c7 100644
--- a/composer.json
+++ b/composer.json
@@ -11,7 +11,7 @@
 			"email": "opensource@10up.com",
 			"homepage": "https://10up.com/",
 			"role": "Developer"
-		},		
+		},
 		{
 			"name": "Daryll Doyle",
 			"email": "daryll@enshrined.co.uk",
@@ -21,7 +21,7 @@
 	],
 	"require": {
 		"php": ">=7.4",
-		"enshrined/svg-sanitize": "^0.16.0"
+		"enshrined/svg-sanitize": "^0.18.0"
 	},
 	"require-dev": {
 		"10up/phpcs-composer": "dev-master",
diff --git a/composer.lock b/composer.lock
index cd53c360..de0b2429 100644
--- a/composer.lock
+++ b/composer.lock
@@ -4,26 +4,25 @@
         "Read more about it at https://getcomposer.org/doc/01-basic-usage.md#installing-dependencies",
         "This file is @generated automatically"
     ],
-    "content-hash": "aee24f057dabdc3d081112793cdea14a",
+    "content-hash": "fbcf78caee7ae8017dee656116a417f3",
     "packages": [
         {
             "name": "enshrined/svg-sanitize",
-            "version": "0.16.0",
+            "version": "0.18.0",
             "source": {
                 "type": "git",
                 "url": "https://github.com/darylldoyle/svg-sanitizer.git",
-                "reference": "239e257605e2141265b429e40987b2ee51bba4b4"
+                "reference": "6a2c069dab3843ca4d887ff09c972fc7033888d0"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/darylldoyle/svg-sanitizer/zipball/239e257605e2141265b429e40987b2ee51bba4b4",
-                "reference": "239e257605e2141265b429e40987b2ee51bba4b4",
+                "url": "https://api.github.com/repos/darylldoyle/svg-sanitizer/zipball/6a2c069dab3843ca4d887ff09c972fc7033888d0",
+                "reference": "6a2c069dab3843ca4d887ff09c972fc7033888d0",
                 "shasum": ""
             },
             "require": {
                 "ext-dom": "*",
                 "ext-libxml": "*",
-                "ezyang/htmlpurifier": "^4.16",
                 "php": "^5.6 || ^7.0 || ^8.0"
             },
             "require-dev": {
@@ -48,70 +47,9 @@
             "description": "An SVG sanitizer for PHP",
             "support": {
                 "issues": "https://github.com/darylldoyle/svg-sanitizer/issues",
-                "source": "https://github.com/darylldoyle/svg-sanitizer/tree/0.16.0"
+                "source": "https://github.com/darylldoyle/svg-sanitizer/tree/0.18.0"
             },
-            "time": "2023-03-20T10:51:12+00:00"
-        },
-        {
-            "name": "ezyang/htmlpurifier",
-            "version": "v4.16.0",
-            "source": {
-                "type": "git",
-                "url": "https://github.com/ezyang/htmlpurifier.git",
-                "reference": "523407fb06eb9e5f3d59889b3978d5bfe94299c8"
-            },
-            "dist": {
-                "type": "zip",
-                "url": "https://api.github.com/repos/ezyang/htmlpurifier/zipball/523407fb06eb9e5f3d59889b3978d5bfe94299c8",
-                "reference": "523407fb06eb9e5f3d59889b3978d5bfe94299c8",
-                "shasum": ""
-            },
-            "require": {
-                "php": "~5.6.0 || ~7.0.0 || ~7.1.0 || ~7.2.0 || ~7.3.0 || ~7.4.0 || ~8.0.0 || ~8.1.0 || ~8.2.0"
-            },
-            "require-dev": {
-                "cerdic/css-tidy": "^1.7 || ^2.0",
-                "simpletest/simpletest": "dev-master"
-            },
-            "suggest": {
-                "cerdic/css-tidy": "If you want to use the filter 'Filter.ExtractStyleBlocks'.",
-                "ext-bcmath": "Used for unit conversion and imagecrash protection",
-                "ext-iconv": "Converts text to and from non-UTF-8 encodings",
-                "ext-tidy": "Used for pretty-printing HTML"
-            },
-            "type": "library",
-            "autoload": {
-                "files": [
-                    "library/HTMLPurifier.composer.php"
-                ],
-                "psr-0": {
-                    "HTMLPurifier": "library/"
-                },
-                "exclude-from-classmap": [
-                    "/library/HTMLPurifier/Language/"
-                ]
-            },
-            "notification-url": "https://packagist.org/downloads/",
-            "license": [
-                "LGPL-2.1-or-later"
-            ],
-            "authors": [
-                {
-                    "name": "Edward Z. Yang",
-                    "email": "admin@htmlpurifier.org",
-                    "homepage": "http://ezyang.com"
-                }
-            ],
-            "description": "Standards compliant HTML filter written in PHP",
-            "homepage": "http://htmlpurifier.org/",
-            "keywords": [
-                "html"
-            ],
-            "support": {
-                "issues": "https://github.com/ezyang/htmlpurifier/issues",
-                "source": "https://github.com/ezyang/htmlpurifier/tree/v4.16.0"
-            },
-            "time": "2022-09-18T07:06:19+00:00"
+            "time": "2024-02-22T17:51:05+00:00"
         }
     ],
     "packages-dev": [
@@ -2639,5 +2577,5 @@
         "php": ">=7.4"
     },
     "platform-dev": [],
-    "plugin-api-version": "2.3.0"
+    "plugin-api-version": "2.6.0"
 }

From 962bd2c140559d40f496d0809ab4684e14cd0cc6 Mon Sep 17 00:00:00 2001
From: Kirtan Gajjar <8456197+kirtangajjar@users.noreply.github.com>
Date: Sun, 19 May 2024 23:11:23 +0530
Subject: [PATCH 2/3] Add option to enable large SVG items

---
 includes/safe-svg-settings.php | 19 +++++++++++++++++++
 safe-svg.php                   |  6 ++++++
 2 files changed, 25 insertions(+)

diff --git a/includes/safe-svg-settings.php b/includes/safe-svg-settings.php
index 574075c6..34c15599 100644
--- a/includes/safe-svg-settings.php
+++ b/includes/safe-svg-settings.php
@@ -25,6 +25,7 @@ public function __construct() {
 	 */
 	public function settings_init() {
 		register_setting( 'media', 'safe_svg_upload_roles', [ $this, 'sanitize_safe_svg_roles' ] );
+		register_setting( 'media', 'safe_svg_large_svg', [ $this, 'sanitize_safe_svg_large_svg' ] );
 
 		add_settings_section(
 			'safe_svg_settings',
@@ -40,6 +41,14 @@ public function settings_init() {
 			'media',
 			'safe_svg_settings'
 		);
+
+		add_settings_field(
+			'safe_svg_large_svg',
+			__( 'Large SVG Files', 'safe-svg' ),
+			[ $this, 'safe_svg_large_svg_cb' ],
+			'media',
+			'safe_svg_settings'
+		);
 	}
 
 	/**
@@ -162,4 +171,14 @@ public function update_capability( $new_roles, $old_roles ) {
 		return $new_roles;
 	}
 
+	/**
+	 * Large SVG files field callback function.
+	 */
+	public function safe_svg_large_svg_cb() {
+		?>
+		<label>
+			<input type="checkbox" name="safe_svg_large_svg" value="1" <?php checked( get_option( 'safe_svg_large_svg' ), 1 ); ?> /> <?php esc_html_e( 'Allow large SVG files(>10MB) to be uploaded.', 'safe-svg' ); ?>
+		</label>
+		<?php
+	}
 }
diff --git a/safe-svg.php b/safe-svg.php
index 2b6b1bc3..9a6c7ee6 100644
--- a/safe-svg.php
+++ b/safe-svg.php
@@ -286,6 +286,12 @@ protected function sanitize( $file ) {
 				}
 			}
 
+			$large_svg = get_option( 'safe_svg_large_svg' );
+
+			if ( $large_svg ) {
+				$this->sanitizer->setAllowHugeFiles( true );
+			}
+
 			/**
 			 * Load extra filters to allow devs to access the safe tags and attrs by themselves.
 			 */

From 3d617622a110c786a4688f5feb9f3dc159c64005 Mon Sep 17 00:00:00 2001
From: Darin Kotter <darin.kotter@gmail.com>
Date: Wed, 20 Nov 2024 10:26:08 -0700
Subject: [PATCH 3/3] Pass proper options to register_setting. Minor
 adjustments to text for the setting

---
 includes/safe-svg-settings.php | 15 ++++++++++++---
 safe-svg.php                   |  5 ++---
 2 files changed, 14 insertions(+), 6 deletions(-)

diff --git a/includes/safe-svg-settings.php b/includes/safe-svg-settings.php
index 34c15599..05239b77 100644
--- a/includes/safe-svg-settings.php
+++ b/includes/safe-svg-settings.php
@@ -25,7 +25,15 @@ public function __construct() {
 	 */
 	public function settings_init() {
 		register_setting( 'media', 'safe_svg_upload_roles', [ $this, 'sanitize_safe_svg_roles' ] );
-		register_setting( 'media', 'safe_svg_large_svg', [ $this, 'sanitize_safe_svg_large_svg' ] );
+		register_setting(
+			'media',
+			'safe_svg_large_svg',
+			[
+				'type'              => 'integer',
+				'default'           => 0,
+				'sanitize_callback' => 'absint',
+			]
+		);
 
 		add_settings_section(
 			'safe_svg_settings',
@@ -44,7 +52,7 @@ public function settings_init() {
 
 		add_settings_field(
 			'safe_svg_large_svg',
-			__( 'Large SVG Files', 'safe-svg' ),
+			__( 'Large Files', 'safe-svg' ),
 			[ $this, 'safe_svg_large_svg_cb' ],
 			'media',
 			'safe_svg_settings'
@@ -177,8 +185,9 @@ public function update_capability( $new_roles, $old_roles ) {
 	public function safe_svg_large_svg_cb() {
 		?>
 		<label>
-			<input type="checkbox" name="safe_svg_large_svg" value="1" <?php checked( get_option( 'safe_svg_large_svg' ), 1 ); ?> /> <?php esc_html_e( 'Allow large SVG files(>10MB) to be uploaded.', 'safe-svg' ); ?>
+			<input type="checkbox" name="safe_svg_large_svg" value="1" <?php checked( get_option( 'safe_svg_large_svg' ), 1 ); ?> /> <?php esc_html_e( 'Allow large SVG files', 'safe-svg' ); ?>
 		</label>
+		<p class="description"><?php esc_html_e( 'Turning this on will allow SVG files larger than 10MB to be uploaded. This can impact performance and is not recommended unless needed.', 'safe-svg' ); ?></p>
 		<?php
 	}
 }
diff --git a/safe-svg.php b/safe-svg.php
index cb4132fd..fa873d55 100644
--- a/safe-svg.php
+++ b/safe-svg.php
@@ -287,9 +287,8 @@ protected function sanitize( $file ) {
 				}
 			}
 
-			$large_svg = get_option( 'safe_svg_large_svg' );
-
-			if ( $large_svg ) {
+			// Allow large SVGs if the setting is on.
+			if ( get_option( 'safe_svg_large_svg' ) ) {
 				$this->sanitizer->setAllowHugeFiles( true );
 			}