From 63d7638596ff48dba26a219c8ae1e45860785383 Mon Sep 17 00:00:00 2001 From: Pascal Birchler Date: Mon, 17 Apr 2017 13:17:31 +0000 Subject: [PATCH] Fix broken audio/video functions when sanitizing ID3 data This fixes a bug where running `wp_kses_post_deep()` on all the ID3 tag data corrupted blob data. See #40075, #40085. Merges [40400] to the 4.4 branch. Built from https://develop.svn.wordpress.org/branches/4.4@40463 git-svn-id: http://core.svn.wordpress.org/branches/4.4@40339 1a063a9b-81f0-0310-95a4-ce76da25c4cd --- wp-admin/includes/media.php | 6 +----- 1 file changed, 1 insertion(+), 5 deletions(-) diff --git a/wp-admin/includes/media.php b/wp-admin/includes/media.php index a1b0f5bda8..8ba2ffa848 100644 --- a/wp-admin/includes/media.php +++ b/wp-admin/includes/media.php @@ -2938,7 +2938,7 @@ function wp_add_id3_tag_data( &$metadata, $data ) { if ( ! empty( $data[$version]['comments'] ) ) { foreach ( $data[$version]['comments'] as $key => $list ) { if ( 'length' !== $key && ! empty( $list ) ) { - $metadata[$key] = reset( $list ); + $metadata[$key] = wp_kses_post( reset( $list ) ); // Fix bug in byte stream analysis. if ( 'terms_of_use' === $key && 0 === strpos( $metadata[$key], 'yright notice.' ) ) $metadata[$key] = 'Cop' . $metadata[$key]; @@ -3028,8 +3028,6 @@ function wp_read_video_metadata( $file ) { wp_add_id3_tag_data( $metadata, $data ); - $metadata = wp_kses_post_deep( $metadata ); - return $metadata; } @@ -3075,8 +3073,6 @@ function wp_read_audio_metadata( $file ) { wp_add_id3_tag_data( $metadata, $data ); - $metadata = wp_kses_post_deep( $metadata ); - return $metadata; }