WordPress-C
/
WordPress
mirror of https://github.com/WordPress/WordPress.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Fix broken audio/video functions when sanitizing ID3 data 

This fixes a bug where running `wp_kses_post_deep()` on all the ID3
tag data corrupted blob data.

Fixes #40075, #40085.

Merges [40400] to the 4.7 branch.

Built from https://develop.svn.wordpress.org/branches/4.7@40460


git-svn-id: http://core.svn.wordpress.org/branches/4.7@40336 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This commit is contained in:
Pascal Birchler 2017-04-17 13:00:35 +00:00
parent a785107bf4
commit d9681fd881
2 changed files with 2 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
wp-admin/includes/media.php
View File

@ -2982,7 +2982,7 @@ function wp_add_id3_tag_data( &$metadata, $data ) {
if ( ! empty( $data[$version]['comments'] ) ) { if ( ! empty( $data[$version]['comments'] ) ) {
foreach ( $data[$version]['comments'] as $key => $list ) { foreach ( $data[$version]['comments'] as $key => $list ) {
if ( 'length' !== $key && ! empty( $list ) ) { if ( 'length' !== $key && ! empty( $list ) ) {
$metadata[$key] = reset( $list ); $metadata[$key] = wp_kses_post( reset( $list ) );
// Fix bug in byte stream analysis. // Fix bug in byte stream analysis.
if ( 'terms_of_use' === $key && 0 === strpos( $metadata[$key], 'yright notice.' ) ) if ( 'terms_of_use' === $key && 0 === strpos( $metadata[$key], 'yright notice.' ) )
$metadata[$key] = 'Cop' . $metadata[$key]; $metadata[$key] = 'Cop' . $metadata[$key];
@ -3072,8 +3072,6 @@ function wp_read_video_metadata( $file ) {
wp_add_id3_tag_data( $metadata, $data ); wp_add_id3_tag_data( $metadata, $data );
$metadata = wp_kses_post_deep( $metadata );
return $metadata; return $metadata;
} }
@ -3119,8 +3117,6 @@ function wp_read_audio_metadata( $file ) {
wp_add_id3_tag_data( $metadata, $data ); wp_add_id3_tag_data( $metadata, $data );
$metadata = wp_kses_post_deep( $metadata );
return $metadata; return $metadata;
} }

2
wp-includes/version.php
View File

@ -4,7 +4,7 @@
* *
* @global string $wp_version * @global string $wp_version
*/ */
$wp_version = '4.7.4-alpha-40459'; $wp_version = '4.7.4-alpha-40460';
/** /**
* Holds the WordPress DB revision, increments when changes are made to the WordPress DB schema. * Holds the WordPress DB revision, increments when changes are made to the WordPress DB schema.