Make WordPress Core

Ticket #46800: bad_id3_patch_2.diff

File bad_id3_patch_2.diff, 2.0 KB (added by donpark, 5 years ago)

Sorry. last patch was no good. Use this one. It also patches wp_get_attachment_metadata to cover bad metadata already in the database.

  • src/wp-admin/includes/media.php

     
    32603260}
    32613261
    32623262/**
     3263 * Sanitizes metadata extracted from media files.
     3264 *
     3265 * Currently only binary strings are sanitized with focus on preventing propagation of
     3266 * bad character encodings from causing database calls and API endpoints to fail.
     3267 *
     3268 * @param array $metadata An existing array with data
     3269 *
     3270 * @return array Returns array of sanitized metadata.
     3271 */
     3272function wp_sanitize_media_metadata( $metadata ) {
     3273        if ( ! is_array( $metadata ) ) {
     3274                return $metadata;
     3275        }
     3276        foreach ( $metadata as $name => $value ) {
     3277                if ( ! is_string( $value ) ) {
     3278                        continue;
     3279                }
     3280                if ( is_array( $value ) ) {
     3281                        $value = wp_sanitize_media_metadata( $value );
     3282                } elseif ( is_string( $value ) && preg_match('~[^\x20-\x7E\t\r\n]~', $value ) > 0 ) {
     3283                        $encoding = mb_detect_encoding( $value, 'ISO-8859-1, UCS-2' );
     3284                        $value = $encoding ? mb_convert_encoding( $value, 'UTF-8', $encoding ) : utf8_encode( $value );
     3285                }
     3286                $metadata[$name] = $value;
     3287        }
     3288        return $metadata;
     3289}
     3290
     3291/**
    32633292 * Retrieve metadata from a video file's ID3 tags
    32643293 *
    32653294 * @since 3.6.0
     
    33413370
    33423371        $file_format = isset( $metadata['fileformat'] ) ? $metadata['fileformat'] : null;
    33433372
     3373        $metadata = wp_sanitize_media_metadata( $metadata );
     3374
    33443375        /**
    33453376         * Filters the array of metadata retrieved from a video.
    33463377         *
     
    34123443
    34133444        wp_add_id3_tag_data( $metadata, $data );
    34143445
     3446        $metadata = wp_sanitize_media_metadata( $metadata );
     3447
    34153448        return $metadata;
    34163449}
    34173450
  • src/wp-includes/post.php

     
    55385538        }
    55395539
    55405540        $data = get_post_meta( $post->ID, '_wp_attachment_metadata', true );
    5541 
     5541        $data = wp_sanitize_media_metadata( $data );
     5542       
    55425543        if ( $unfiltered ) {
    55435544                return $data;
    55445545        }