From d9681fd881d6011c0d4ebde0ad299eab385fea69 Mon Sep 17 00:00:00 2001 From: Pascal Birchler Date: Mon, 17 Apr 2017 13:00:35 +0000 Subject: [PATCH] Fix broken audio/video functions when sanitizing ID3 data This fixes a bug where running `wp_kses_post_deep()` on all the ID3 tag data corrupted blob data. Fixes #40075, #40085. Merges [40400] to the 4.7 branch. Built from https://develop.svn.wordpress.org/branches/4.7@40460 git-svn-id: http://core.svn.wordpress.org/branches/4.7@40336 1a063a9b-81f0-0310-95a4-ce76da25c4cd --- wp-admin/includes/media.php | 6 +----- wp-includes/version.php | 2 +- 2 files changed, 2 insertions(+), 6 deletions(-) diff --git a/wp-admin/includes/media.php b/wp-admin/includes/media.php index d2f4854a2c..c4090174fa 100644 --- a/wp-admin/includes/media.php +++ b/wp-admin/includes/media.php @@ -2982,7 +2982,7 @@ function wp_add_id3_tag_data( &$metadata, $data ) { if ( ! empty( $data[$version]['comments'] ) ) { foreach ( $data[$version]['comments'] as $key => $list ) { if ( 'length' !== $key && ! empty( $list ) ) { - $metadata[$key] = reset( $list ); + $metadata[$key] = wp_kses_post( reset( $list ) ); // Fix bug in byte stream analysis. if ( 'terms_of_use' === $key && 0 === strpos( $metadata[$key], 'yright notice.' ) ) $metadata[$key] = 'Cop' . $metadata[$key]; @@ -3072,8 +3072,6 @@ function wp_read_video_metadata( $file ) { wp_add_id3_tag_data( $metadata, $data ); - $metadata = wp_kses_post_deep( $metadata ); - return $metadata; } @@ -3119,8 +3117,6 @@ function wp_read_audio_metadata( $file ) { wp_add_id3_tag_data( $metadata, $data ); - $metadata = wp_kses_post_deep( $metadata ); - return $metadata; } diff --git a/wp-includes/version.php b/wp-includes/version.php index 6efa93affd..052ca7f7fd 100644 --- a/wp-includes/version.php +++ b/wp-includes/version.php @@ -4,7 +4,7 @@ * * @global string $wp_version */ -$wp_version = '4.7.4-alpha-40459'; +$wp_version = '4.7.4-alpha-40460'; /** * Holds the WordPress DB revision, increments when changes are made to the WordPress DB schema.