Skip to content

Commit

Permalink
Social Menu: Replacing SVG file inclusion method (#39136)
Browse files Browse the repository at this point in the history
  • Loading branch information
coder-karen authored and gogdzl committed Oct 25, 2024
1 parent e059266 commit f62e42c
Show file tree
Hide file tree
Showing 5 changed files with 74 additions and 3 deletions.
Original file line number Diff line number Diff line change
@@ -0,0 +1,4 @@
Significance: patch
Type: security

Social Menu: Switch to more appropriate method of calling the SVG icon file.
Original file line number Diff line number Diff line change
Expand Up @@ -18,7 +18,28 @@ function jetpack_social_menu_include_svg_icons() {
$svg_icons = __DIR__ . '/social-menu.svg';
// If it exists and we use the SVG menu type, include it.
if ( file_exists( $svg_icons ) && 'svg' === jetpack_social_menu_get_type() ) {
require_once $svg_icons;
$svg_contents = file_get_contents( $svg_icons ); // phpcs:ignore WordPress.WP.AlternativeFunctions.file_get_contents_file_get_contents -- Only reading a local file.
}

if ( ! empty( $svg_contents ) ) {
$allowed_tags = array(
'svg' => array(
'style' => true,
'version' => true,
'xmlns' => true,
'xmlns:xlink' => true,
),
'defs' => array(),
'symbol' => array(
'id' => true,
'viewbox' => true,
),
'path' => array(
'd' => true,
'style' => true,
),
);
echo wp_kses( $svg_contents, $allowed_tags );
}
}
add_action( 'wp_footer', 'jetpack_social_menu_include_svg_icons', 9999 );
Expand Down
Original file line number Diff line number Diff line change
@@ -0,0 +1,4 @@
Significance: patch
Type: other

Social Menus: Switch to more appropriate method of calling the SVG icon file.
Original file line number Diff line number Diff line change
Expand Up @@ -19,7 +19,28 @@ function jetpack_social_menu_include_svg_icons() {
$svg_icons = __DIR__ . '/social-menu.svg';
// If it exists and we use the SVG menu type, include it.
if ( file_exists( $svg_icons ) && 'svg' === jetpack_social_menu_get_type() ) {
require_once $svg_icons;
$svg_contents = file_get_contents( $svg_icons ); // phpcs:ignore WordPress.WP.AlternativeFunctions.file_get_contents_file_get_contents -- Only reading a local file.
}

if ( ! empty( $svg_contents ) ) {
$allowed_tags = array(
'svg' => array(
'style' => true,
'version' => true,
'xmlns' => true,
'xmlns:xlink' => true,
),
'defs' => array(),
'symbol' => array(
'id' => true,
'viewbox' => true,
),
'path' => array(
'd' => true,
'style' => true,
),
);
echo wp_kses( $svg_contents, $allowed_tags );
}
}
add_action( 'wp_footer', 'jetpack_social_menu_include_svg_icons', 9999 );
Expand Down
23 changes: 22 additions & 1 deletion projects/plugins/jetpack/modules/widgets/social-icons.php
Original file line number Diff line number Diff line change
Expand Up @@ -124,7 +124,28 @@ public function include_svg_icons() {

// If it exists, include it.
if ( is_file( $svg_icons ) ) {
require_once $svg_icons;
$svg_contents = file_get_contents( $svg_icons ); // phpcs:ignore WordPress.WP.AlternativeFunctions.file_get_contents_file_get_contents -- Only reading a local file.
}

if ( ! empty( $svg_contents ) ) {
$allowed_tags = array(
'svg' => array(
'style' => true,
'version' => true,
'xmlns' => true,
'xmlns:xlink' => true,
),
'defs' => array(),
'symbol' => array(
'id' => true,
'viewbox' => true,
),
'path' => array(
'd' => true,
'style' => true,
),
);
echo wp_kses( $svg_contents, $allowed_tags );
}
}

Expand Down

0 comments on commit f62e42c

Please sign in to comment.