From 4e1f22bf78e832f2d71d073126a2a2b103e45d1f Mon Sep 17 00:00:00 2001 From: Joe McGill Date: Mon, 10 Apr 2017 01:28:47 +0000 Subject: [PATCH] Fix broken audio/video functions when sanitizing ID3 data This fixes a bug where running `wp_kses_post_deep()` on all the ID3 tag data corrupted blob data. Fixes #40075, #40085. Built from https://develop.svn.wordpress.org/trunk@40400 git-svn-id: http://core.svn.wordpress.org/trunk@40307 1a063a9b-81f0-0310-95a4-ce76da25c4cd --- wp-admin/includes/media.php | 6 +----- wp-includes/version.php | 2 +- 2 files changed, 2 insertions(+), 6 deletions(-) diff --git a/wp-admin/includes/media.php b/wp-admin/includes/media.php index d2f4854a2c..c4090174fa 100644 --- a/wp-admin/includes/media.php +++ b/wp-admin/includes/media.php @@ -2982,7 +2982,7 @@ function wp_add_id3_tag_data( &$metadata, $data ) { if ( ! empty( $data[$version]['comments'] ) ) { foreach ( $data[$version]['comments'] as $key => $list ) { if ( 'length' !== $key && ! empty( $list ) ) { - $metadata[$key] = reset( $list ); + $metadata[$key] = wp_kses_post( reset( $list ) ); // Fix bug in byte stream analysis. if ( 'terms_of_use' === $key && 0 === strpos( $metadata[$key], 'yright notice.' ) ) $metadata[$key] = 'Cop' . $metadata[$key]; @@ -3072,8 +3072,6 @@ function wp_read_video_metadata( $file ) { wp_add_id3_tag_data( $metadata, $data ); - $metadata = wp_kses_post_deep( $metadata ); - return $metadata; } @@ -3119,8 +3117,6 @@ function wp_read_audio_metadata( $file ) { wp_add_id3_tag_data( $metadata, $data ); - $metadata = wp_kses_post_deep( $metadata ); - return $metadata; } diff --git a/wp-includes/version.php b/wp-includes/version.php index 1cde66f5a1..751ae5dc7f 100644 --- a/wp-includes/version.php +++ b/wp-includes/version.php @@ -4,7 +4,7 @@ * * @global string $wp_version */ -$wp_version = '4.8-alpha-40399'; +$wp_version = '4.8-alpha-40400'; /** * Holds the WordPress DB revision, increments when changes are made to the WordPress DB schema.