From 82c9b36ce7d5f57e1ff01f1f802fb1f1ba553bd0 Mon Sep 17 00:00:00 2001
From: Pascal Birchler <pascal.birchler@gmail.com>
Date: Mon, 17 Apr 2017 13:22:30 +0000
Subject: [PATCH] Fix broken audio/video functions when sanitizing ID3 data

This fixes a bug where running `wp_kses_post_deep()` on all the ID3
tag data corrupted blob data.

See #40075, #40085.

Merges [40400] to the 4.2 branch.

Built from https://develop.svn.wordpress.org/branches/4.2@40465


git-svn-id: http://core.svn.wordpress.org/branches/4.2@40341 1a063a9b-81f0-0310-95a4-ce76da25c4cd
---
 wp-admin/includes/media.php | 6 +-----
 1 file changed, 1 insertion(+), 5 deletions(-)

diff --git a/wp-admin/includes/media.php b/wp-admin/includes/media.php
index 97b971dc21..f107623f20 100644
--- a/wp-admin/includes/media.php
+++ b/wp-admin/includes/media.php
@@ -2896,7 +2896,7 @@ function wp_add_id3_tag_data( &$metadata, $data ) {
 		if ( ! empty( $data[$version]['comments'] ) ) {
 			foreach ( $data[$version]['comments'] as $key => $list ) {
 				if ( 'length' !== $key && ! empty( $list ) ) {
-					$metadata[$key] = reset( $list );
+					$metadata[$key] = wp_kses_post( reset( $list ) );
 					// Fix bug in byte stream analysis.
 					if ( 'terms_of_use' === $key && 0 === strpos( $metadata[$key], 'yright notice.' ) )
 						$metadata[$key] = 'Cop' . $metadata[$key];
@@ -2980,8 +2980,6 @@ function wp_read_video_metadata( $file ) {
 
 	wp_add_id3_tag_data( $metadata, $data );
 
-	$metadata = wp_kses_post_deep( $metadata );
-
 	return $metadata;
 }
 
@@ -3021,8 +3019,6 @@ function wp_read_audio_metadata( $file ) {
 
 	wp_add_id3_tag_data( $metadata, $data );
 
-	$metadata = wp_kses_post_deep( $metadata );
-
 	return $metadata;
 }