diff --git src/wp-admin/includes/media.php src/wp-admin/includes/media.php
index d2f4854a2c..c4090174fa 100644
|
|
function wp_add_id3_tag_data( &$metadata, $data ) { |
2982 | 2982 | if ( ! empty( $data[$version]['comments'] ) ) { |
2983 | 2983 | foreach ( $data[$version]['comments'] as $key => $list ) { |
2984 | 2984 | if ( 'length' !== $key && ! empty( $list ) ) { |
2985 | | $metadata[$key] = reset( $list ); |
| 2985 | $metadata[$key] = wp_kses_post( reset( $list ) ); |
2986 | 2986 | // Fix bug in byte stream analysis. |
2987 | 2987 | if ( 'terms_of_use' === $key && 0 === strpos( $metadata[$key], 'yright notice.' ) ) |
2988 | 2988 | $metadata[$key] = 'Cop' . $metadata[$key]; |
… |
… |
function wp_read_video_metadata( $file ) { |
3072 | 3072 | |
3073 | 3073 | wp_add_id3_tag_data( $metadata, $data ); |
3074 | 3074 | |
3075 | | $metadata = wp_kses_post_deep( $metadata ); |
3076 | | |
3077 | 3075 | return $metadata; |
3078 | 3076 | } |
3079 | 3077 | |
… |
… |
function wp_read_audio_metadata( $file ) { |
3119 | 3117 | |
3120 | 3118 | wp_add_id3_tag_data( $metadata, $data ); |
3121 | 3119 | |
3122 | | $metadata = wp_kses_post_deep( $metadata ); |
3123 | | |
3124 | 3120 | return $metadata; |
3125 | 3121 | } |
3126 | 3122 | |