diff --git a/.github/workflows/no-response.yml b/.github/workflows/close-stale-issues.yml similarity index 55% rename from .github/workflows/no-response.yml rename to .github/workflows/close-stale-issues.yml index d312c2c3..4ffcfbc8 100644 --- a/.github/workflows/no-response.yml +++ b/.github/workflows/close-stale-issues.yml @@ -1,26 +1,27 @@ -name: No Response +name: 'Close stale issues' # **What it does**: Closes issues where the original author doesn't respond to a request for information. # **Why we have it**: To remove the need for maintainers to remember to check back on issues periodically to see if contributors have responded. -# **Who does it impact**: Everyone that works on docs or docs-internal. on: - issue_comment: - types: [created] schedule: - # Schedule for five minutes after the hour, every hour - - cron: '5 * * * *' + # Schedule for every day at 1:30am UTC + - cron: '30 1 * * *' + +permissions: + issues: write jobs: - noResponse: + stale: runs-on: ubuntu-latest steps: - - uses: lee-dohm/no-response@v0.5.0 + - uses: actions/stale@v9 with: - token: ${{ github.token }} - daysUntilClose: 14 # Number of days of inactivity before an Issue is closed for lack of response - responseRequiredLabel: "needs:feedback " # Label indicating that a response from the original author is required - closeComment: > + days-before-stale: 7 + days-before-close: 7 + stale-issue-message: > + It has been 7 days since more information was requested from you in this issue and we have not heard back. This issue is now marked as stale and will be closed in 7 days, but if you have more information to add then please comment and the issue will stay open. + close-issue-message: > This issue has been automatically closed because there has been no response to our request for more information. With only the information that is currently in the issue, we don't have enough information @@ -28,3 +29,8 @@ jobs: that we can investigate further. See [this blog post on bug reports and the importance of repro steps](https://www.lee-dohm.com/2015/01/04/writing-good-bug-reports/) for more information about the kind of information that may be helpful. + stale-issue-label: 'stale' + close-issue-reason: 'not_planned' + any-of-labels: 'needs:feedback' + remove-stale-when-updated: true + diff --git a/.github/workflows/cypress.yml b/.github/workflows/cypress.yml index 2901b5d6..4770a790 100644 --- a/.github/workflows/cypress.yml +++ b/.github/workflows/cypress.yml @@ -28,7 +28,7 @@ jobs: - name: Checkout uses: actions/checkout@v3 - name: Download build zip - uses: actions/download-artifact@v3 + uses: actions/download-artifact@v4 with: name: ${{ github.event.repository.name }} path: ${{ github.event.repository.name }} @@ -66,7 +66,7 @@ jobs: npx mochawesome-report-generator tests/cypress/reports/mochawesome.json -o tests/cypress/reports/ cat ./tests/cypress/reports/mochawesome.md >> $GITHUB_STEP_SUMMARY - name: Make artifacts available - uses: actions/upload-artifact@v3 + uses: actions/upload-artifact@v4 if: failure() with: name: cypress-artifact diff --git a/CHANGELOG.md b/CHANGELOG.md index 2ec71301..ddb7a511 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -4,6 +4,19 @@ All notable changes to this project will be documented in this file, per [the Ke ## [Unreleased] - TBD +## [2.2.4] - 2024-03-28 +### Changed +- Upgrade the `download-artifact` from v3 to v4 (props [@iamdharmesh](https://github.com/iamdharmesh), [@jeffpaul](https://github.com/jeffpaul) via [#181](https://github.com/10up/safe-svg/pull/181)). +- Replaced `lee-dohm/no-response` with `actions/stale` to help with closing no-response/stale issues (props [@jeffpaul](https://github.com/jeffpaul), [@dkotter](https://github.com/dkotter) via [#183](https://github.com/10up/safe-svg/pull/183)). + +### Fixed +- Ensure the svg file can be loaded before we try accessing it's attributes (props [@dkotter](https://github.com/dkotter), [@metashield-ie](https://github.com/metashield-ie), [@ocean90](https://github.com/ocean90), [@darylldoyle](https://github.com/darylldoyle), [@faisal-alvi](https://github.com/faisal-alvi) via [#186](https://github.com/10up/safe-svg/pull/186)). +- Ensure we don't throw JS errors in the Classic Editor when the optimizer feature is turned on (props [@dkotter](https://github.com/dkotter), [@turtlepod](https://github.com/turtlepod), [@faisal-alvi](https://github.com/faisal-alvi) via [#187](https://github.com/10up/safe-svg/pull/187)). + +### Security +- Bump `webpack-dev-middleware` from 5.3.3 to 5.3.4 (props [@dependabot](https://github.com/apps/dependabot), [@dkotter](https://github.com/dkotter) via [#185](https://github.com/10up/safe-svg/pull/185)). +- Bump `express` from 4.18.2 to 4.19.2 (props [@dependabot](https://github.com/apps/dependabot), [@dkotter](https://github.com/dkotter) via [#188](https://github.com/10up/safe-svg/pull/188)). + ## [2.2.3] - 2024-03-20 ### Added - Support for the WordPress.org plugin preview (props [@dkotter](https://github.com/dkotter), [@jeffpaul](https://github.com/jeffpaul) via [#167](https://github.com/10up/safe-svg/pull/167)). @@ -321,6 +334,7 @@ All notable changes to this project will be documented in this file, per [the Ke - Initial Release. [Unreleased]: https://github.com/10up/safe-svg/compare/trunk...develop +[2.2.4]: https://github.com/10up/safe-svg/compare/2.2.3...2.2.4 [2.2.3]: https://github.com/10up/safe-svg/compare/2.2.2...2.2.3 [2.2.2]: https://github.com/10up/safe-svg/compare/2.2.1...2.2.2 [2.2.1]: https://github.com/10up/safe-svg/compare/2.2.0...2.2.1 diff --git a/CREDITS.md b/CREDITS.md index 6324559c..f4daf1f5 100644 --- a/CREDITS.md +++ b/CREDITS.md @@ -12,7 +12,7 @@ The following individuals are responsible for curating the list of issues, respo Thank you to all the people who have already contributed to this repository via bug reports, code, design, ideas, project management, translation, testing, etc. -[Daryll Doyle (@darylldoyle)](https://github.com/darylldoyle), [Lewis Cowles (@LewisCowles1986)](https://github.com/LewisCowles1986), [Daniel M. Hendricks (@dmhendricks)](https://github.com/dmhendricks), [Dan Pock (@mallardduck)](https://github.com/mallardduck), [K. Adam White (@kadamwhite)](https://github.com/kadamwhite), [Joe Hoyle (@joehoyle)](https://github.com/joehoyle), [Jeffrey Paul (@jeffpaul)](https://github.com/jeffpaul), [Brandon Berg (@BBerg10up)](https://github.com/BBerg10up), [Max Lyuchin (@cadic)](https://github.com/cadic), [Mehidi Hassan (@mehidi258)](https://github.com/mehidi258), [Dharmesh Patel (@iamdharmesh)](https://github.com/iamdharmesh), [Timothy Decker (@amdd-tim)](https://github.com/amdd-tim), [Brooke Campbell](https://www.linkedin.com/in/brookecampbelldesign/), [Mehul Kaklotar (@mehulkaklotar)](https://github.com/mehulkaklotar), [@smerriman](https://github.com/smerriman), [Darin Kotter (@dkotter)](https://github.com/dkotter), [Manuel Friedli (@fritteli)](https://github.com/fritteli), [David Hamann (@davidhamann)](https://github.com/davidhamann), [@j-hoffmann](https://github.com/j-hoffmann), [Peter Wilson (@peterwilsoncc)](https://github.com/peterwilsoncc), [Torsten Landsiedel (@Zodiac1978)](https://github.com/Zodiac1978), [Axel DUCORON (@aksld)](https://github.com/aksld), [Mario Rader (@r8r)](https://github.com/r8r), [Jeremy Turowetz (@jerturowetz)](https://github.com/jerturowetz), [Robert O'Rourke (@roborourke)](https://github.com/roborourke), [Dominik Schilling (@ocean90)](https://github.com/ocean90), [Adam Wills (@AdamWills)](https://github.com/AdamWills), [Faisal Alvi (@faisal-alvi)](https://github.com/faisal-alvi), [Siddharth Thevaril (@Sidsector9)](https://github.com/Sidsector9), [Cory Hughart (@cr0ybot)](https://github.com/cr0ybot), [Cory Birdsong (@cbirdsong)](https://github.com/cbirdsong), [Vikram Moparthy (@vikrampm1)](https://github.com/vikrampm1), [Garth Gutenberg (@ggutenberg)](https://github.com/ggutenberg), [Jayedul Kabir (@jayedul)](https://github.com/jayedul), [Marcel Freinbichler (@freinbichler)](https://github.com/freinbichler), [IanDelMar (@IanDelMar)](https://github.com/IanDelMar), [Ravinder Kumar (@ravinderk)](https://github.com/ravinderk), [GitHub Dependabot (@dependabot)](https://github.com/apps/dependabot), [Santiago Dimattia (@sdmtt)](https://github.com/sdmtt), [Ben Marshall (@bmarshall511)](https://github.com/bmarshall511), [Viktor Szépe (@szepeviktor)](https://github.com/szepeviktor), [Dhanendran Rajagopal (@dhanendran)](https://github.com/dhanendran), [Curtis Loisel (@csloisel)](https://github.com/csloisel), [Giorgos Sarigiannidis (@gsarig)](https://github.com/gsarig), [Fabian Kägy (@fabiankaegy)](https://github.com/fabiankaegy), [Quamruz Zaman (@zamanq)](https://github.com/zamanq), [Sumit Bagthariya (@qasumitbagthariya)](https://github.com/qasumitbagthariya), [Toby Schrapel (@tobeycodes)](https://github.com/tobeycodes), [Shazahan Kabir Saju (@sksaju)](https://github.com/sksaju), [Chris Abraham (@cjyabraham)](https://github.com/cjyabraham), [Hercilio Martins Ortiz (@Hercilio1)](https://github.com/Hercilio1), [Peter Sorensen (@psorensen)](https://github.com/psorensen), [Dave Adams (@tictag)](https://github.com/tictag). +[Daryll Doyle (@darylldoyle)](https://github.com/darylldoyle), [Lewis Cowles (@LewisCowles1986)](https://github.com/LewisCowles1986), [Daniel M. Hendricks (@dmhendricks)](https://github.com/dmhendricks), [Dan Pock (@mallardduck)](https://github.com/mallardduck), [K. Adam White (@kadamwhite)](https://github.com/kadamwhite), [Joe Hoyle (@joehoyle)](https://github.com/joehoyle), [Jeffrey Paul (@jeffpaul)](https://github.com/jeffpaul), [Brandon Berg (@BBerg10up)](https://github.com/BBerg10up), [Max Lyuchin (@cadic)](https://github.com/cadic), [Mehidi Hassan (@mehidi258)](https://github.com/mehidi258), [Dharmesh Patel (@iamdharmesh)](https://github.com/iamdharmesh), [Timothy Decker (@amdd-tim)](https://github.com/amdd-tim), [Brooke Campbell](https://www.linkedin.com/in/brookecampbelldesign/), [Mehul Kaklotar (@mehulkaklotar)](https://github.com/mehulkaklotar), [@smerriman](https://github.com/smerriman), [Darin Kotter (@dkotter)](https://github.com/dkotter), [Manuel Friedli (@fritteli)](https://github.com/fritteli), [David Hamann (@davidhamann)](https://github.com/davidhamann), [@j-hoffmann](https://github.com/j-hoffmann), [Peter Wilson (@peterwilsoncc)](https://github.com/peterwilsoncc), [Torsten Landsiedel (@Zodiac1978)](https://github.com/Zodiac1978), [Axel DUCORON (@aksld)](https://github.com/aksld), [Mario Rader (@r8r)](https://github.com/r8r), [Jeremy Turowetz (@jerturowetz)](https://github.com/jerturowetz), [Robert O'Rourke (@roborourke)](https://github.com/roborourke), [Dominik Schilling (@ocean90)](https://github.com/ocean90), [Adam Wills (@AdamWills)](https://github.com/AdamWills), [Faisal Alvi (@faisal-alvi)](https://github.com/faisal-alvi), [Siddharth Thevaril (@Sidsector9)](https://github.com/Sidsector9), [Cory Hughart (@cr0ybot)](https://github.com/cr0ybot), [Cory Birdsong (@cbirdsong)](https://github.com/cbirdsong), [Vikram Moparthy (@vikrampm1)](https://github.com/vikrampm1), [Garth Gutenberg (@ggutenberg)](https://github.com/ggutenberg), [Jayedul Kabir (@jayedul)](https://github.com/jayedul), [Marcel Freinbichler (@freinbichler)](https://github.com/freinbichler), [IanDelMar (@IanDelMar)](https://github.com/IanDelMar), [Ravinder Kumar (@ravinderk)](https://github.com/ravinderk), [GitHub Dependabot (@dependabot)](https://github.com/apps/dependabot), [Santiago Dimattia (@sdmtt)](https://github.com/sdmtt), [Ben Marshall (@bmarshall511)](https://github.com/bmarshall511), [Viktor Szépe (@szepeviktor)](https://github.com/szepeviktor), [Dhanendran Rajagopal (@dhanendran)](https://github.com/dhanendran), [Curtis Loisel (@csloisel)](https://github.com/csloisel), [Giorgos Sarigiannidis (@gsarig)](https://github.com/gsarig), [Fabian Kägy (@fabiankaegy)](https://github.com/fabiankaegy), [Quamruz Zaman (@zamanq)](https://github.com/zamanq), [Sumit Bagthariya (@qasumitbagthariya)](https://github.com/qasumitbagthariya), [Toby Schrapel (@tobeycodes)](https://github.com/tobeycodes), [Shazahan Kabir Saju (@sksaju)](https://github.com/sksaju), [Chris Abraham (@cjyabraham)](https://github.com/cjyabraham), [Hercilio Martins Ortiz (@Hercilio1)](https://github.com/Hercilio1), [Peter Sorensen (@psorensen)](https://github.com/psorensen), [Dave Adams (@tictag)](https://github.com/tictag), [Cormac Nicholson (@metashield-ie)](https://github.com/metashield-ie). ## Libraries diff --git a/includes/optimizer.php b/includes/optimizer.php index e795e6e2..268211be 100644 --- a/includes/optimizer.php +++ b/includes/optimizer.php @@ -121,7 +121,7 @@ public function enqueues( $hook ) { wp_enqueue_script( 'safe-svg-admin-scripts', SAFE_SVG_PLUGIN_URL . 'dist/safe-svg-admin.js', - [ 'wp-data', 'utils' ], + [ 'wp-data', 'wp-editor', 'utils' ], SAFE_SVG_VERSION, true ); diff --git a/package-lock.json b/package-lock.json index 3e58a415..0c92e813 100644 --- a/package-lock.json +++ b/package-lock.json @@ -1,12 +1,12 @@ { "name": "@10up/safe-svg", - "version": "2.2.3", + "version": "2.2.4", "lockfileVersion": 3, "requires": true, "packages": { "": { "name": "@10up/safe-svg", - "version": "2.2.3", + "version": "2.2.4", "license": "GPL-2.0-or-later", "dependencies": { "cypress-mochawesome-reporter": "^3.4.0", @@ -6025,13 +6025,13 @@ "integrity": "sha512-XpNj6GDQzdfW+r2Wnn7xiSAd7TM3jzkxGXBGTtWKuSXv1xUV+azxAm8jdWZN06QTQk+2N2XB9jRDkvbmQmcRtg==" }, "node_modules/body-parser": { - "version": "1.20.1", - "resolved": "https://registry.npmjs.org/body-parser/-/body-parser-1.20.1.tgz", - "integrity": "sha512-jWi7abTbYwajOytWCQc37VulmWiRae5RyTpaCyDcS5/lMdtwSz5lOpDE67srw/HYe35f1z3fDQw+3txg7gNtWw==", + "version": "1.20.2", + "resolved": "https://registry.npmjs.org/body-parser/-/body-parser-1.20.2.tgz", + "integrity": "sha512-ml9pReCu3M61kGlqoTm2umSXTlRTuGTx0bfYj+uIUKKYycG5NtSbeetV3faSU6R7ajOPw0g/J1PvK4qNy7s5bA==", "dev": true, "dependencies": { "bytes": "3.1.2", - "content-type": "~1.0.4", + "content-type": "~1.0.5", "debug": "2.6.9", "depd": "2.0.0", "destroy": "1.2.0", @@ -6039,7 +6039,7 @@ "iconv-lite": "0.4.24", "on-finished": "2.4.1", "qs": "6.11.0", - "raw-body": "2.5.1", + "raw-body": "2.5.2", "type-is": "~1.6.18", "unpipe": "1.0.0" }, @@ -9749,17 +9749,17 @@ "dev": true }, "node_modules/express": { - "version": "4.18.2", - "resolved": "https://registry.npmjs.org/express/-/express-4.18.2.tgz", - "integrity": "sha512-5/PsL6iGPdfQ/lKM1UuielYgv3BUoJfz1aUwU9vHZ+J7gyvwdQXFEBIEIaxeGf0GIcreATNyBExtalisDbuMqQ==", + "version": "4.19.2", + "resolved": "https://registry.npmjs.org/express/-/express-4.19.2.tgz", + "integrity": "sha512-5T6nhjsT+EOMzuck8JjBHARTHfMht0POzlA60WV2pMD3gyXw2LZnZ+ueGdNxG+0calOJcWKbpFcuzLZ91YWq9Q==", "dev": true, "dependencies": { "accepts": "~1.3.8", "array-flatten": "1.1.1", - "body-parser": "1.20.1", + "body-parser": "1.20.2", "content-disposition": "0.5.4", "content-type": "~1.0.4", - "cookie": "0.5.0", + "cookie": "0.6.0", "cookie-signature": "1.0.6", "debug": "2.6.9", "depd": "2.0.0", @@ -9791,9 +9791,9 @@ } }, "node_modules/express/node_modules/cookie": { - "version": "0.5.0", - "resolved": "https://registry.npmjs.org/cookie/-/cookie-0.5.0.tgz", - "integrity": "sha512-YZ3GUyn/o8gfKJlnlX7g7xq4gyO6OSuhGPKaaGssGB2qgDUS0gPgtTvoyZLTt9Ab6dC4hfc9dV5arkvc/OCmrw==", + "version": "0.6.0", + "resolved": "https://registry.npmjs.org/cookie/-/cookie-0.6.0.tgz", + "integrity": "sha512-U71cyTamuh1CRNCfpGY6to28lxvNwPG4Guz/EVjgf3Jmzv0vlDp1atT9eS5dDjMYHucpHbWns6Lwf3BKz6svdw==", "dev": true, "engines": { "node": ">= 0.6" @@ -16999,9 +16999,9 @@ } }, "node_modules/raw-body": { - "version": "2.5.1", - "resolved": "https://registry.npmjs.org/raw-body/-/raw-body-2.5.1.tgz", - "integrity": "sha512-qqJBtEyVgS0ZmPGdCFPWJ3FreoqvG4MVQln/kCgF7Olq95IbOp0/BWyMwbdtn4VTvkM8Y7khCQ2Xgk/tcrCXig==", + "version": "2.5.2", + "resolved": "https://registry.npmjs.org/raw-body/-/raw-body-2.5.2.tgz", + "integrity": "sha512-8zGqypfENjCIqGhgXToC8aB2r7YrBX+AQAfIPs/Mlk+BtPTztOvTS01NRW/3Eh60J+a48lt8qsCzirQ6loCVfA==", "dev": true, "dependencies": { "bytes": "3.1.2", @@ -20287,9 +20287,9 @@ } }, "node_modules/webpack-dev-middleware": { - "version": "5.3.3", - "resolved": "https://registry.npmjs.org/webpack-dev-middleware/-/webpack-dev-middleware-5.3.3.tgz", - "integrity": "sha512-hj5CYrY0bZLB+eTO+x/j67Pkrquiy7kWepMHmUMoPsmcUaeEnQJqFzHJOyxgWlq746/wUuA64p9ta34Kyb01pA==", + "version": "5.3.4", + "resolved": "https://registry.npmjs.org/webpack-dev-middleware/-/webpack-dev-middleware-5.3.4.tgz", + "integrity": "sha512-BVdTqhhs+0IfoeAf7EoH5WE+exCmqGerHfDM0IL096Px60Tq2Mn9MAbnaGUe6HiMa41KMCYF19gyzZmBcq/o4Q==", "dev": true, "dependencies": { "colorette": "^2.0.10", diff --git a/package.json b/package.json index 05c9db58..b9f4a90e 100644 --- a/package.json +++ b/package.json @@ -1,6 +1,6 @@ { "name": "@10up/safe-svg", - "version": "2.2.3", + "version": "2.2.4", "description": "Enable SVG uploads and sanitize them to stop XML/SVG vulnerabilities in your WordPress website", "homepage": "https://github.com/10up/safe-svg#readme", "license": "GPL-2.0-or-later", diff --git a/readme.txt b/readme.txt index e4f6d580..82c7dc2a 100644 --- a/readme.txt +++ b/readme.txt @@ -3,7 +3,7 @@ Contributors: 10up, enshrined, jeffpaul Tags: svg, sanitize, upload, sanitise, security, svg upload, image, vector, file, graphic, media, mime Requires at least: 5.7 Tested up to: 6.5 -Stable tag: 2.2.3 +Stable tag: 2.2.4 Requires PHP: 7.4 License: GPLv2 or later License URI: http://www.gnu.org/licenses/gpl-2.0.html @@ -66,6 +66,14 @@ They take one argument that must be returned. See below for examples: == Changelog == += 2.2.4 - 2024-03-28 = +* **Changed:** Upgrade the `download-artifact` from v3 to v4 (props [@iamdharmesh](https://github.com/iamdharmesh), [@jeffpaul](https://github.com/jeffpaul) via [#181](https://github.com/10up/safe-svg/pull/181)). +* **Changed:** Replaced `lee-dohm/no-response` with `actions/stale` to help with closing no-response/stale issues (props [@jeffpaul](https://github.com/jeffpaul), [@dkotter](https://github.com/dkotter) via [#183](https://github.com/10up/safe-svg/pull/183)). +* **Fixed:** Ensure the svg file can be loaded before we try accessing it's attributes (props [@dkotter](https://github.com/dkotter), [@metashield-ie](https://github.com/metashield-ie), [@ocean90](https://github.com/ocean90), [@darylldoyle](https://github.com/darylldoyle), [@faisal-alvi](https://github.com/faisal-alvi) via [#186](https://github.com/10up/safe-svg/pull/186)). +* **Fixed:** Ensure we don't throw JS errors in the Classic Editor when the optimizer feature is turned on (props [@dkotter](https://github.com/dkotter), [@turtlepod](https://github.com/turtlepod), [@faisal-alvi](https://github.com/faisal-alvi) via [#187](https://github.com/10up/safe-svg/pull/187)). +* **Security:** Bump `webpack-dev-middleware` from 5.3.3 to 5.3.4 (props [@dependabot](https://github.com/apps/dependabot), [@dkotter](https://github.com/dkotter) via [#185](https://github.com/10up/safe-svg/pull/185)). +* **Security:** Bump `express` from 4.18.2 to 4.19.2 (props [@dependabot](https://github.com/apps/dependabot), [@dkotter](https://github.com/dkotter) via [#188](https://github.com/10up/safe-svg/pull/188)). + = 2.2.3 - 2024-03-20 = * **Added:** Support for the WordPress.org plugin preview (props [@dkotter](https://github.com/dkotter), [@jeffpaul](https://github.com/jeffpaul) via [#167](https://github.com/10up/safe-svg/pull/167)). * **Changed:** Bump WordPress "tested up to" version 6.5 (props [@dkotter](https://github.com/dkotter), [@jeffpaul](https://github.com/jeffpaul) via [#180](https://github.com/10up/safe-svg/pull/180)). diff --git a/safe-svg.php b/safe-svg.php index 399fc3a1..68e8a079 100644 --- a/safe-svg.php +++ b/safe-svg.php @@ -3,7 +3,7 @@ * Plugin Name: Safe SVG * Plugin URI: https://wordpress.org/plugins/safe-svg/ * Description: Enable SVG uploads and sanitize them to stop XML/SVG vulnerabilities in your WordPress website - * Version: 2.2.3 + * Version: 2.2.4 * Requires at least: 5.7 * Requires PHP: 7.4 * Author: 10up @@ -24,7 +24,7 @@ exit; // Exit if accessed directly. } -define( 'SAFE_SVG_VERSION', '2.2.3' ); +define( 'SAFE_SVG_VERSION', '2.2.4' ); define( 'SAFE_SVG_PLUGIN_DIR', __DIR__ ); define( 'SAFE_SVG_PLUGIN_URL', plugin_dir_url( __FILE__ ) ); @@ -597,6 +597,11 @@ protected function svg_dimensions( $attachment_id ) { } elseif ( $svg ) { $svg = @simplexml_load_file( $svg ); // phpcs:ignore WordPress.PHP.NoSilencedErrors.Discouraged + // Ensure the svg could be loaded. + if ( ! $svg ) { + return false; + } + $attributes = $svg->attributes(); if ( isset( $attributes->viewBox ) ) { // phpcs:ignore WordPress.NamingConventions.ValidVariableName.UsedPropertyNotSnakeCase