From a80351f7eda6a398df16d7e292d8dea784ed9d06 Mon Sep 17 00:00:00 2001
From: Jeremy Felt <jeremy.felt@gmail.com>
Date: Mon, 6 Mar 2017 08:03:35 +0000
Subject: [PATCH] Validate video and audio metadata.

merge of [40148] to the 4.7 branch

Built from https://develop.svn.wordpress.org/branches/4.7@40149


git-svn-id: http://core.svn.wordpress.org/branches/4.7@40088 1a063a9b-81f0-0310-95a4-ce76da25c4cd
---
 wp-admin/includes/media.php | 4 ++++
 wp-includes/version.php     | 2 +-
 2 files changed, 5 insertions(+), 1 deletion(-)

diff --git a/wp-admin/includes/media.php b/wp-admin/includes/media.php
index ede25b3df7..d2f4854a2c 100644
--- a/wp-admin/includes/media.php
+++ b/wp-admin/includes/media.php
@@ -3072,6 +3072,8 @@ function wp_read_video_metadata( $file ) {
 
 	wp_add_id3_tag_data( $metadata, $data );
 
+	$metadata = wp_kses_post_deep( $metadata );
+
 	return $metadata;
 }
 
@@ -3117,6 +3119,8 @@ function wp_read_audio_metadata( $file ) {
 
 	wp_add_id3_tag_data( $metadata, $data );
 
+	$metadata = wp_kses_post_deep( $metadata );
+
 	return $metadata;
 }
 
diff --git a/wp-includes/version.php b/wp-includes/version.php
index c1ebd0bb53..6c70cb9e25 100644
--- a/wp-includes/version.php
+++ b/wp-includes/version.php
@@ -4,7 +4,7 @@
  *
  * @global string $wp_version
  */
-$wp_version = '4.7.3-RC1-40141';
+$wp_version = '4.7.3-RC1-40149';
 
 /**
  * Holds the WordPress DB revision, increments when changes are made to the WordPress DB schema.