search

10up / safe-svg

Enable SVG uploads and sanitize them to stop XML/SVG vulnerabilities in your WordPress website.
https://wordpress.org/plugins/safe-svg/
GNU General Public License v2.0
258 stars 33 forks source link

PHP 8.3 compatibility #210

Open rolf-yoast opened 1 month ago

rolf-yoast commented 1 month ago

Describe the bug

The plugin is using the ezyang/htmlpurifier library via composer. This library uses the get_magic_quotes_gpc function in https://github.com/ezyang/htmlpurifier/blob/master/library/HTMLPurifier/Config.php.

  1. But this function has been removed in PHP 8.0

Steps to Reproduce

  1. Go to https://github.com/ezyang/htmlpurifier/blob/master/library/HTMLPurifier/Config.php
  2. Search for get_magic_quotes_gpc and you can find it multiple times in the code
  3. Check https://www.php.net/manual/en/function.get-magic-quotes-gpc.php

Screenshots, screen recording, code snippet

No response

Environment information

No response

WordPress information

No response

Code of Conduct

darylldoyle commented 1 month ago

@jeffpaul the new versions of the svg-sanitizer library dropped the use of the ezyang/htmlpurifier library. Updating enshrined/svg-sanitize to the latest version will solve this issue.

rolf-yoast commented 1 week ago

@sksaju I see you've made a PR for this, thanks for that. But when will this be released? Any estimate on the ETA?

jeffpaul commented 5 days ago

@rolf-yoast there's some code review feedback on the linked PR that need to be resolved first, then we otherwise do a monthly check across our FOSS plugins to see which have something releasable. So unlikely that we see this get released until later in September at the earliest.