Merge pull request #137 from wp-media/develop

CrochetFeve0251 · web-flow · commit 05d9292bc778 · 2024-06-28T15:10:48.000+02:00
Deploy polyfill fix
diff --git a/readme.txt b/readme.txt
@@ -4,7 +4,7 @@ Tags: lazyload, lazy load, images, iframes, thumbnail, thumbnails, smiley, smili
 Requires at least: 4.7
 Tested up to: 6.3
 Requires PHP: 5.6
-Stable tag: 2.3.6
+Stable tag: 2.3.7
 Tags: lazy load, lazy loading, defer offscreen images, lazy load plugin, lazy load images, image lazy loading, iframe lazy load, video lazy load
 
 The best free lazy load plugin for WordPress. Lazy load images, videos, and iframes to improve performance and Core Web Vitals scores.
@@ -113,6 +113,9 @@ You can report any security bugs found in the source code of the site-reviews pl
 * [Increase Max upload file size](https://wordpress.org/plugins/upload-max-file-size/) is the best plugin to increase the upload file size limit to any value with one click.
 
 == Changelog ==
+= 2.3.7 =
+Bugfix: Removed `rocket_lazyload_polyfill` filter due to a vulnerability on polyfill
+
 = 2.3.5 =
 Enhancement: Test the plugin with latest version of WordPress v5.9.3
 Enhancement: Change WP readme content.
diff --git a/rocket-lazy-load.php b/rocket-lazy-load.php
@@ -3,7 +3,7 @@
  * Plugin Name: Lazy Load - Optimize Images
  * Plugin URI: http://wordpress.org/plugins/rocket-lazy-load/
  * Description: The tiny Lazy Load script for WordPress without jQuery or others libraries.
- * Version: 2.3.6
+ * Version: 2.3.7
  * Requires PHP: 5.6
  * Author: WP Rocket
  * Author URI: https://wp-rocket.me
@@ -30,7 +30,7 @@
 
 defined( 'ABSPATH' ) || die( 'Cheatin\' uh?' );
 
-define( 'ROCKET_LL_VERSION', '2.3.6' );
+define( 'ROCKET_LL_VERSION', '2.3.7' );
 define( 'ROCKET_LL_WP_VERSION', '4.9' );
 define( 'ROCKET_LL_PHP_VERSION', '5.6' );
 define( 'ROCKET_LL_BASENAME', plugin_basename( __FILE__ ) );
diff --git a/src/Dependencies/RocketLazyload/Assets.php b/src/Dependencies/RocketLazyload/Assets.php
@@ -155,17 +155,12 @@ public function getLazyloadScript( $args = [] ) {
 		$defaults = [
 			'base_url' => '',
 			'version'  => '',
-			'polyfill' => false,
 		];
 
 		$args   = wp_parse_args( $args, $defaults );
 		$min    = ( defined( 'SCRIPT_DEBUG' ) && SCRIPT_DEBUG ) ? '' : '.min';
 		$script = '';
 
-		if ( isset( $args['polyfill'] ) && $args['polyfill'] ) {
-			$script .= '<script crossorigin="anonymous" src="https://polyfill.io/v3/polyfill.min.js?flags=gated&features=default%2CIntersectionObserver%2CIntersectionObserverEntry"></script>';
-		}
-
 		/**
 		 * Filters the script tag for the lazyload script
 		 *
diff --git a/src/Subscriber/LazyloadSubscriber.php b/src/Subscriber/LazyloadSubscriber.php
@@ -120,20 +120,10 @@ public function insertLazyloadScript() {
 		 */
 		$threshold = apply_filters( 'rocket_lazyload_threshold', 300 );
 
-		/**
-		 * Filters the use of the polyfill for intersectionObserver
-		 *
-		 * @since 3.3
-		 * @author Remy Perona
-		 *
-		 * @param bool $polyfill True to use the polyfill, false otherwise.
-		 */
-		$polyfill = apply_filters( 'rocket_lazyload_polyfill', false );
-
 		$script_args = [
 			'base_url' => ROCKET_LL_FRONT_JS_URL,
 			'version'  => '16.1',
-			'polyfill' => $polyfill,
+			'polyfill' => false,
 		];
 
 		$inline_args = [
