release(minor): features

- Optimole is now fully translated into German! This update makes our service more convenient for our German-speaking customers and helps you support your German-speaking clients more effectively.
- We now have a PHP SDK available on GitHub: [Optimole PHP SDK](https://github.com/Optimole/optimole-php-sdk). This SDK simplifies the integration of Optimole’s features with any PHP-based website, making the process straightforward and efficient.
- You can now associate a billing email to receive invoices. For more details, check out our [documentation](https://docs.optimole.com/article/1992-setting-a-billing-email-for-invoice-delivery).
- We've improved Largest Contentful Paint (LCP) by prioritizing the loading of initial images that are not affected by lazy loading.
- We've also improved LCP by using the srcset attribute for non-lazyloaded images.
- We've fixed various issues with offload compatibility to ensure all images load properly, making the service more robust.
- We've resolved an issue where the offloading process was getting stuck on large websites, making the process smoother and more reliable.
- We've improved the handling and sanitization of SVG files.

Author: selul

assets/src/dashboard/parts/connected/index.js

@@ -21,7 +21,7 @@ import Help from './help';
 import Sidebar from './Sidebar';
 import CSAT from './CSAT';
 import { retrieveConflicts } from '../../utils/api';
-import formbricks from '@formbricks/js';
+import formbricks from '@formbricks/js/app';
 if ( 'undefined' !== typeof window && optimoleDashboardApp.user_data.plan ) {
 	formbricks.init({
 		environmentId: 'clo8wxwzj44orpm0gjchurujm',

composer.json

@@ -53,6 +53,9 @@
     "install-wp-tests": "bash bin/install-wp-tests.sh wordpress_test root '' localhost latest"
   },
   "require": {
-    "codeinwp/themeisle-sdk": "^3.3"
+    "php": ">=7.4",
+    "codeinwp/themeisle-sdk": "^3.3",
+    "codeinwp/optimole-sdk": "^1.0",
+    "enshrined/svg-sanitize": "^0.18.0"
   }
 }

composer.lock

@@ -10,6 +10,7 @@
  * @author     Optimole <[email protected]>
  */
 
+use enshrined\svgSanitize\Sanitizer;
 /**
  * Class Optml_Admin
  */
@@ -87,12 +88,105 @@ public function __construct() {
 				'upload_mimes',
 				[
 					$this,
-					'allow_meme_types',
+					'allow_svg',
 				]
 			); // phpcs:ignore WordPressVIPMinimum.Hooks.RestrictedHooks.upload_mimes
+			add_filter( 'wp_handle_upload_prefilter', [ $this, 'check_svg_and_sanitize' ] );
 		}
 	}
+	/**
+	 * Check if the file is an SVG, if so handle appropriately
+	 *
+	 * @param array $file An array of data for a single file.
+	 *
+	 * @return mixed
+	 */
+	public function check_svg_and_sanitize( $file ) {
+		// Ensure we have a proper file path before processing.
+		if ( ! isset( $file['tmp_name'] ) ) {
+			return $file;
+		}
+
+		$file_name   = isset( $file['name'] ) ? $file['name'] : '';
+		$wp_filetype = wp_check_filetype_and_ext( $file['tmp_name'], $file_name );
+		$type        = ! empty( $wp_filetype['type'] ) ? $wp_filetype['type'] : '';
+
+		if ( 'image/svg+xml' === $type ) {
+			if ( ! current_user_can( 'upload_files' ) ) {
+				$file['error'] = 'Invalid';
+				return $file;
+			}
+
+			if ( ! $this->sanitize_svg( $file['tmp_name'] ) ) {
+				$file['error'] = 'Invalid';
+			}
+		}
+
+		return $file;
+	}
+
+	/**
+	 * Sanitize the SVG
+	 *
+	 * @param string $file Temp file path.
+	 *
+	 * @return bool|int
+	 */
+	protected function sanitize_svg( $file ) {
+		// We can ignore the phpcs warning here as we're reading and writing to the Temp file.
+		$dirty = file_get_contents( $file ); // phpcs:ignore
+
+		// Is the SVG gzipped? If so we try and decode the string.
+		$is_zipped = $this->is_gzipped( $dirty );
+		if ( $is_zipped && ( ! function_exists( 'gzdecode' ) || ! function_exists( 'gzencode' ) ) ) {
+			return false;
+		}
 
+		if ( $is_zipped ) {
+			$dirty = gzdecode( $dirty );
+
+			// If decoding fails, bail as we're not secure.
+			if ( false === $dirty ) {
+				return false;
+			}
+		}
+
+		$sanitizer = new Sanitizer();
+		$clean     = $sanitizer->sanitize( $dirty );
+
+		if ( false === $clean ) {
+			return false;
+		}
+
+		// If we were gzipped, we need to re-zip.
+		if ( $is_zipped ) {
+			$clean = gzencode( $clean );
+		}
+
+		// We can ignore the phpcs warning here as we're reading and writing to the Temp file.
+		file_put_contents( $file, $clean ); // phpcs:ignore
+
+		return true;
+	}
+
+	/**
+	 * Check if the contents are gzipped
+	 *
+	 * @see http://www.gzip.org/zlib/rfc-gzip.html#member-format
+	 *
+	 * @param string $contents Content to check.
+	 *
+	 * @return bool
+	 */
+	protected function is_gzipped( $contents ) {
+		// phpcs:disable Generic.Strings.UnnecessaryStringConcat.Found
+		if ( function_exists( 'mb_strpos' ) ) {
+			return 0 === mb_strpos( $contents, "\x1f" . "\x8b" . "\x08" );
+		} else {
+			return 0 === strpos( $contents, "\x1f" . "\x8b" . "\x08" );
+		}
+		// phpcs:enable
+	}
 	/**
 	 * Schedules the hourly cron that starts the querying for images alt/title attributes
 	 *
@@ -1824,7 +1918,7 @@ private function get_dashboard_strings() {
 	 * @access public
 	 * @uses filter:upload_mimes
 	 */
-	public function allow_meme_types( $mimes ) {
+	public function allow_svg( $mimes ) {
 		$mimes['svg'] = 'image/svg+xml';
 
 		return $mimes;

inc/admin.php

@@ -1,5 +1,8 @@
 <?php
 
+use Optimole\Sdk\Optimole;
+use Optimole\Sdk\ValueObject\Position;
+
 /**
  * Class Optml_App_Replacer
  *
@@ -615,9 +618,7 @@ protected function parse_dimensions_from_filename( $src ) {
 	 * @return string The optimized url.
 	 */
 	public function get_media_optimized_url( $url, $table_id, $width = 'auto', $height = 'auto', $resize = [] ) {
-		$optimized_url = ( new Optml_Image( $url, ['width' => $width, 'height' => $height, 'resize' => $resize, 'quality' => $this->settings->get_numeric_quality()], $this->settings->get( 'cache_buster' ) ) )->get_url();
-		$optimized_url = str_replace( $url, Optml_Media_Offload::KEYS['not_processed_flag'] . 'media_cloud' . '/' . Optml_Media_Offload::KEYS['uploaded_flag'] . $table_id . '/' . $url, $optimized_url );
-		return $optimized_url;
+		return str_replace( $url, Optml_Media_Offload::KEYS['not_processed_flag'] . 'media_cloud' . '/' . Optml_Media_Offload::KEYS['uploaded_flag'] . $table_id . '/' . $url, $this->get_optimized_image_url( $url, $width, $height, $resize ) );
 	}
 
 	/**
@@ -630,4 +631,29 @@ public function get_media_optimized_url( $url, $table_id, $width = 'auto', $heig
 	public function url_has_dam_flag( $url ) {
 		return strpos( $url, Optml_Dam::URL_DAM_FLAG ) !== false;
 	}
+
+	/**
+	 * Get the optimized image url for the image url.
+	 *
+	 * @param string $url    The image URL.
+	 * @param mixed  $width  The image width.
+	 * @param mixed  $height The image height.
+	 * @param array  $resize The resize properties.
+	 *
+	 * @return string
+	 */
+	protected function get_optimized_image_url( $url, $width, $height, $resize = [] ) {
+		$optimized_image = Optimole::image( $url, $this->settings->get( 'cache_buster' ) )
+			->width( $width )
+			->height( $height );
+
+		if ( is_array( $resize ) && ! empty( $resize['type'] ) ) {
+			$optimized_image->resize( $resize['type'], $resize['gravity'] ?? Position::CENTER, $resize['enlarge'] ?? false );
+
+		}
+
+		$optimized_image->quality( $this->settings->to_accepted_quality( $this->settings->get_quality() ) );
+
+		return $optimized_image->getUrl();
+	}
 }