Merge branch 'develop' into trunk

.github/CODEOWNERS

@@ -0,0 +1,8 @@
+# These owners will be the default owners for everything in the repo. Unless a later match takes precedence, @faisal-alvi, as primary maintainer will be requested for review when someone opens a Pull Request.
+*                   @faisal-alvi
+
+# GitHub and WordPress.org specifics
+/.github/           @jeffpaul
+/.wordpress-org/    @jeffpaul
+CODE_OF_CONDUCT.md  @jeffpaul
+LICENSE.md          @jeffpaul

.github/workflows/cypress.yml

@@ -31,3 +31,22 @@ jobs:
       run: npm run env:start
     - name: Test
       run: npm run cypress:run
+    - name: Update summary
+      if: ${{ always() }}
+      run: |
+        npx mochawesome-merge ./tests/cypress/reports/*.json -o tests/cypress/reports/mochawesome.json
+        rm -rf ./tests/cypress/reports/mochawesome-*.json
+        npx mochawesome-json-to-md -p ./tests/cypress/reports/mochawesome.json -o ./tests/cypress/reports/mochawesome.md
+        npx mochawesome-report-generator tests/cypress/reports/mochawesome.json -o tests/cypress/reports/
+        cat ./tests/cypress/reports/mochawesome.md >> $GITHUB_STEP_SUMMARY
+    - name: Make artifacts available
+      uses: actions/upload-artifact@v2
+      if: failure()
+      with:
+        name: cypress-artifact
+        retention-days: 2
+        path: |
+          ${{ github.workspace }}/tests/cypress/screenshots/
+          ${{ github.workspace }}/tests/cypress/videos/
+          ${{ github.workspace }}/tests/cypress/logs/
+          ${{ github.workspace }}/tests/cypress/reports/

.gitignore

@@ -33,3 +33,9 @@ Session.vim
 # Windows
 Thumbs.db
 Desktop.ini
+
+# Cypress
+tests/cypress/screenshots
+tests/cypress/videos
+tests/cypress/downloads
+tests/cypress/reports

CHANGELOG.md

@@ -4,6 +4,24 @@ All notable changes to this project will be documented in this file, per [the Ke
 
 ## [Unreleased] - TBD
 
+## [2.7.2] - 2023-01-13
+### Added
+- Filter hook `simple_local_avatars_upload_limit` to restrict image upload size & image file checking enhanced (props [@Shirkit](https://github.com/Shirkit), [@jayedul](https://github.com/jayedul), [@faisal-alvi](https://github.com/faisal-alvi), [@jeffpaul](https://github.com/jeffpaul) via [#171](https://github.com/10up/simple-local-avatars/pull/171)).
+- GitHub Actions summary on Cypress e2e test runs (props [@faisal-alvi](https://github.com/faisal-alvi), [@jeffpaul](https://github.com/jeffpaul), [@iamdharmesh](https://github.com/iamdharmesh) via [#174](https://github.com/10up/simple-local-avatars/pull/174)).
+
+### Changed
+- Cypress integration migrated from 9.5.4 to 11.2.0 (props [@iamdharmesh](https://github.com/iamdharmesh), [@jayedul](https://github.com/jayedul), [@faisal-alvi](https://github.com/faisal-alvi) via [#172](https://github.com/10up/simple-local-avatars/pull/172)).
+
+### Fixed
+- PHP8 support for `assign_new_user_avatar` (props [@lllopo](https://github.com/lllopo), [@mattwatsoncodes](https://github.com/mattwatsoncodes), [@faisal-alvi](https://github.com/faisal-alvi) via [#183](https://github.com/10up/simple-local-avatars/pull/183)).
+- Fixed the user profile language not respected issue (props [@dkotter](https://github.com/dkotter), [@lllopo](https://github.com/lllopo), [@faisal-alvi](https://github.com/faisal-alvi), [@jeffpaul](https://github.com/jeffpaul) via [#175](https://github.com/10up/simple-local-avatars/pull/175)).
+
+### Removed
+- textdomain from the core strings and the function `update_avatar_ratings` as it's not required anymore (props [@dkotter](https://github.com/dkotter), [@lllopo](https://github.com/lllopo), [@faisal-alvi](https://github.com/faisal-alvi), [@jeffpaul](https://github.com/jeffpaul) via [#175](https://github.com/10up/simple-local-avatars/pull/175)).
+
+### Security
+- Bump `json5` from 1.0.1 to 1.0.2  (props [@dependabot](https://github.com/dependabot), [@faisal-alvi](https://github.com/faisal-alvi) via [#182](https://github.com/10up/simple-local-avatars/pull/182)).
+
 ## [2.7.1] - 2022-12-08
 ### Added
 - Added missing files from the last release and changed the readme file to fix the bullet points and added fullstops.
@@ -211,6 +229,7 @@ All notable changes to this project will be documented in this file, per [the Ke
 - Initial release
 
 [Unreleased]: https://github.com/10up/simple-local-avatars/compare/trunk...develop
+[2.7.2]: https://github.com/10up/simple-local-avatars/compare/2.7.1...2.7.2
 [2.7.1]: https://github.com/10up/simple-local-avatars/compare/2.7.0...2.7.1
 [2.7.0]: https://github.com/10up/simple-local-avatars/compare/2.6.0...2.7.0
 [2.6.0]: https://github.com/10up/simple-local-avatars/compare/2.5.0...2.6.0

CREDITS.md

@@ -10,7 +10,8 @@ The following individuals are responsible for curating the list of issues, respo
 
 Thank you to all the people who have already contributed to this repository via bug reports, code, design, ideas, project management, translation, testing, etc.
 
-[Jake Goldman (@jakemgold)](https://github.com/jakemgold), [Steve Grunwell (@stevegrunwell)](https://github.com/stevegrunwell), [Ravi Chandra (@ravichdev)](https://github.com/ravichdev), [Eduard Florea (@eflorea)](https://github.com/eflorea), [Helen Hou-Sandi (@helen)](https://github.com/helen), [@kniebremser](https://github.com/kniebremser), [Robbie Trencheny (@robbiet480)](https://github.com/robbiet480), [Jeffrey Paul (@jeffpaul)](https://github.com/jeffpaul), [Adam Silverstein (@adamsilverstein)](https://github.com/adamsilverstein), [Paul de Wouters  (@pdewouters)](https://github.com/pdewouters), [Ledwing Hernandez (@Waka867)](https://github.com/Waka867), [Tim Moore (@tmoorewp)](https://github.com/tmoorewp), [Oscar Sanchez S. (@oscarssanchez)](https://github.com/oscarssanchez), [Tung Du (@dinhtungdu)](https://github.com/dinhtungdu), [Ben Lobaugh (@blobaugh)](https://github.com/blobaugh), [Chris Jones (@heyjones)](https://github.com/heyjones), [Darin Kotter (@dkotter)](https://github.com/dkotter), [Ammon Lockwood (@sumnercreations)](https://github.com/sumnercreations), [David Shanske (@dshanske)](https://github.com/dshanske), [Myles McNamara (@tripflex)](https://github.com/tripflex), [Jackie Kjome (@JackieKjome)](https://github.com/JackieKjome) [David Chabbi (@davidchabbi)](https://profiles.wordpress.org/davidchabbi/), [Jeffrey Carandang (@phpbits)](https://github.com/phpbits), [@Antonio-Laguna](https://github.com/Antonio-Laguna), [(@ituk)](https://github.com/ituk), [Fabio Giannese (@diodoe)](https://github.com/diodoe), [Ankit K Gupta (@ankitguptaindia)](https://github.com/ankitguptaindia), [Ajay Maurya (@ajmaurya99)](https://github.com/ajmaurya99), [Clayton Collie (@claytoncollie)](https://github.com/claytoncollie), [Connor Smyth (@ActuallyConnor)](https://github.com/ActuallyConnor), [Thrijith Thankachan (@thrijith)](https://github.com/thrijith), [Rahul Prajapati (@rahulsprajapati)](https://github.com/rahulsprajapati), [Faisal Alvi (@faisal-alvi)](https://github.com/faisal-alvi), [Sudip Dadhaniya (@sudip-10up)](https://github.com/sudip-10up), [Max Lyuchin (@cadic)](https://github.com/cadic), [Dharmesh Patel (@iamdharmesh)](https://github.com/iamdharmesh), [(@holle75)](https://github.com/holle75), [Mehul Kaklotar (@mehulkaklotar)](https://github.com/mehulkaklotar), [Ulrich Pogson (@grappler)](https://github.com/grappler), [Peter Wilson (@peterwilsoncc)](https://github.com/peterwilsoncc), [Austin Passy (@thefrosty)](https://github.com/thefrosty), [Vikram Moparthy (@vikrampm1)](https://github.com/vikrampm1), [Alireza Salehi (@alireza-salehi)](https://github.com/alireza-salehi), [Vlad Olaru (@vladolaru)](https://github.com/vladolaru), [Alec Kinnear (@foliovision)](https://github.com/foliovision), [Siddharth Thevaril (@Sidsector9)](https://github.com/Sidsector9), [David (@pixelloop)](https://github.com/pixelloop), [Victor Berland (@victorberland)](https://github.com/victorberland), [Konstantin Kovshenin (@kovshenin)](https://github.com/kovshenin), [Timothy Wheelock (@t-lock)](https://github.com/t-lock), [Jayedul K. (@jayedul)](https://github.com/jayedul), [Zaman.Q (@zamanq)](https://github.com/zamanq), [K Adam White (@kadamwhite)](https://github.com/kadamwhite).
+[Jake Goldman (@jakemgold)](https://github.com/jakemgold), [Steve Grunwell (@stevegrunwell)](https://github.com/stevegrunwell), [Ravi Chandra (@ravichdev)](https://github.com/ravichdev), [Eduard Florea (@eflorea)](https://github.com/eflorea), [Helen Hou-Sandi (@helen)](https://github.com/helen), [@kniebremser](https://github.com/kniebremser), [Robbie Trencheny (@robbiet480)](https://github.com/robbiet480), [Jeffrey Paul (@jeffpaul)](https://github.com/jeffpaul), [Adam Silverstein (@adamsilverstein)](https://github.com/adamsilverstein), [Paul de Wouters  (@pdewouters)](https://github.com/pdewouters), [Ledwing Hernandez (@Waka867)](https://github.com/Waka867), [Tim Moore (@tmoorewp)](https://github.com/tmoorewp), [Oscar Sanchez S. (@oscarssanchez)](https://github.com/oscarssanchez), [Tung Du (@dinhtungdu)](https://github.com/dinhtungdu), [Ben Lobaugh (@blobaugh)](https://github.com/blobaugh), [Chris Jones (@heyjones)](https://github.com/heyjones), [Darin Kotter (@dkotter)](https://github.com/dkotter), [Ammon Lockwood (@sumnercreations)](https://github.com/sumnercreations), [David Shanske (@dshanske)](https://github.com/dshanske), [Myles McNamara (@tripflex)](https://github.com/tripflex), [Jackie Kjome (@JackieKjome)](https://github.com/JackieKjome) [David Chabbi (@davidchabbi)](https://profiles.wordpress.org/davidchabbi/), [Jeffrey Carandang (@phpbits)](https://github.com/phpbits), [@Antonio-Laguna](https://github.com/Antonio-Laguna), [(@ituk)](https://github.com/ituk), [Fabio Giannese (@diodoe)](https://github.com/diodoe), [Ankit K Gupta (@ankitguptaindia)](https://github.com/ankitguptaindia), [Ajay Maurya (@ajmaurya99)](https://github.com/ajmaurya99), [Clayton Collie (@claytoncollie)](https://github.com/claytoncollie), [Connor Smyth (@ActuallyConnor)](https://github.com/ActuallyConnor), [Thrijith Thankachan (@thrijith)](https://github.com/thrijith), [Rahul Prajapati (@rahulsprajapati)](https://github.com/rahulsprajapati), [Faisal Alvi (@faisal-alvi)](https://github.com/faisal-alvi), [Sudip Dadhaniya (@sudip-10up)](https://github.com/sudip-10up), [Max Lyuchin (@cadic)](https://github.com/cadic), [Dharmesh Patel (@iamdharmesh)](https://github.com/iamdharmesh), [(@holle75)](https://github.com/holle75), [Mehul Kaklotar (@mehulkaklotar)](https://github.com/mehulkaklotar), [Ulrich Pogson (@grappler)](https://github.com/grappler), [Peter Wilson (@peterwilsoncc)](https://github.com/peterwilsoncc), [Austin Passy (@thefrosty)](https://github.com/thefrosty), [Vikram Moparthy (@vikrampm1)](https://github.com/vikrampm1), [Alireza Salehi (@alireza-salehi)](https://github.com/alireza-salehi), [Vlad Olaru (@vladolaru)](https://github.com/vladolaru), [Alec Kinnear (@foliovision)](https://github.com/foliovision), [Siddharth Thevaril (@Sidsector9)](https://github.com/Sidsector9), [David (@pixelloop)](https://github.com/pixelloop), [Victor Berland (@victorberland)](https://github.com/victorberland), [Konstantin Kovshenin (@kovshenin)](https://github.com/kovshenin), [Timothy Wheelock (@t-lock)](https://github.com/t-lock), [Jayedul Kabir (@jayedul)](https://github.com/jayedul), [Quamruz Zaman (@zamanq)](https://github.com/zamanq), [K. Adam White (@kadamwhite)](https://github.com/kadamwhite), [Shirkit (@Shirkit)](https://github.com/Shirkit), [Georgi Georgiev (@lllopo)](https://github.com/lllopo), [Matt Watson (@mattwatsoncodes)](https://github.com/mattwatsoncodes).
+
 
 ## Libraries
 

includes/class-simple-local-avatars.php

@@ -68,13 +68,7 @@ public function __construct() {
 		$this->options        = (array) get_option( 'simple_local_avatars' );
 		$this->user_key       = 'simple_local_avatar';
 		$this->rating_key     = 'simple_local_avatar_rating';
-		$this->avatar_ratings = array(
-			'G'  => __( 'G — Suitable for all audiences', 'simple-local-avatars' ),
-			'PG' => __( 'PG — Possibly offensive, usually for audiences 13 and above', 'simple-local-avatars' ),
-			'R'  => __( 'R — Intended for adult audiences above 17', 'simple-local-avatars' ),
-			'X'  => __( 'X — Even more mature than above', 'simple-local-avatars' ),
-		);
-
+
 		if (
 			! $this->is_avatar_shared() // Are we sharing avatars?
 			&& (
@@ -512,6 +506,13 @@ public function get_default_avatar_url( $size ) {
 	 * Register admin settings.
 	 */
 	public function admin_init() {
+		$this->avatar_ratings = array(
+			'G'  => __( 'G — Suitable for all audiences', ),
+			'PG' => __( 'PG — Possibly offensive, usually for audiences 13 and above', ),
+			'R'  => __( 'R — Intended for adult audiences above 17', ),
+			'X'  => __( 'X — Even more mature than above', ),
+		);
+
 		// upgrade pre 2.0 option
 		$old_ops = get_option( 'simple_local_avatars_caps' );
 		if ( $old_ops ) {
@@ -917,8 +918,6 @@ public function edit_user_profile( $profileuser ) {
 						<fieldset id="simple-local-avatar-ratings" <?php disabled( empty( $profileuser->simple_local_avatar ) ); ?>>
 							<legend class="screen-reader-text"><span><?php esc_html_e( 'Rating' ); ?></span></legend>
 							<?php
-							$this->update_avatar_ratings();
-
 							if ( empty( $profileuser->simple_local_avatar_rating ) || ! array_key_exists( $profileuser->simple_local_avatar_rating, $this->avatar_ratings ) ) {
 								$profileuser->simple_local_avatar_rating = 'G';
 							}
@@ -956,7 +955,7 @@ public function assign_new_user_avatar( $url_or_media_id, $user_id ) {
 		$meta_value = array();
 
 		// set the new avatar
-		if ( is_int( $url_or_media_id + 0 ) ) {
+		if ( is_numeric( $url_or_media_id ) ) {
 			$meta_value['media_id'] = $url_or_media_id;
 			$url_or_media_id        = wp_get_attachment_url( $url_or_media_id );
 		}
@@ -988,13 +987,22 @@ public function edit_user_profile_update( $user_id ) {
 		}
 
 		// check for uploaded files
-		if ( ! empty( $_FILES['simple-local-avatar']['name'] ) ) :
+		if ( ! empty( $_FILES['simple-local-avatar']['name'] ) && 0 === $_FILES['simple-local-avatar']['error'] ) :
 
 			// need to be more secure since low privelege users can upload
-			if ( false !== strpos( $_FILES['simple-local-avatar']['name'], '.php' ) ) {
-				$this->avatar_upload_error = __( 'For security reasons, the extension ".php" cannot be in your file name.', 'simple-local-avatars' );
+			$allowed_mime_types = wp_get_mime_types();
+			$file_mime_type     = strtolower( $_FILES['simple-local-avatar']['type'] );
+
+			if ( ! ( 0 === strpos( $file_mime_type, 'image/' ) ) || ! in_array( $file_mime_type, $allowed_mime_types, true ) ) {
+				$this->avatar_upload_error = __( 'Only images can be uploaded as an avatar', 'simple-local-avatars' );
 				add_action( 'user_profile_update_errors', array( $this, 'user_profile_update_errors' ) );
+				return;
+			}
 
+			$max_upload_size = $this->upload_size_limit( wp_max_upload_size() );
+			if ( $_FILES['simple-local-avatar']['size'] > $max_upload_size ) {
+				$this->avatar_upload_error = sprintf( __( 'Max allowed avatar size is %s', 'simple-local-avatars' ), size_format( $max_upload_size ) );
+				add_action( 'user_profile_update_errors', array( $this, 'user_profile_update_errors' ) );
 				return;
 			}
 
@@ -1011,9 +1019,6 @@ public function edit_user_profile_update( $user_id ) {
 				include_once ABSPATH . 'wp-admin/includes/image.php';
 			}
 
-			// allow developers to override file size upload limit for avatars
-			add_filter( 'upload_size_limit', array( $this, 'upload_size_limit' ) );
-
 			$this->user_id_being_edited = $user_id; // make user_id known to unique_filename_callback function
 			$avatar_id                  = media_handle_upload(
 				'simple-local-avatar',
@@ -1030,8 +1035,6 @@ public function edit_user_profile_update( $user_id ) {
 				)
 			);
 
-			remove_filter( 'upload_size_limit', array( $this, 'upload_size_limit' ) );
-
 			if ( is_wp_error( $avatar_id ) ) { // handle failures.
 				$this->avatar_upload_error = '<strong>' . __( 'There was an error uploading the avatar:', 'simple-local-avatars' ) . '</strong> ' . esc_html( $avatar_id->get_error_message() );
 				add_action( 'user_profile_update_errors', array( $this, 'user_profile_update_errors' ) );
@@ -1302,20 +1305,6 @@ public function admin_body_class( $classes ) {
 		return $classes;
 	}
 
-	/**
-	 * Overwriting existing avatar_ratings so this can be called just before the rating strings would be used so that
-	 * translations will work correctly.
-	 * Default text-domain because the strings have already been translated
-	 */
-	private function update_avatar_ratings() {
-		$this->avatar_ratings = array(
-			'G'  => __( 'G &#8212; Suitable for all audiences' ),
-			'PG' => __( 'PG &#8212; Possibly offensive, usually for audiences 13 and above' ),
-			'R'  => __( 'R &#8212; Intended for adult audiences above 17' ),
-			'X'  => __( 'X &#8212; Even more mature than above' ),
-		);
-	}
-
 	/**
 	 * Clear user cache.
 	 */