WordPress.org

Make WordPress Core

Changeset 40460


Ignore:
Timestamp:
04/17/17 12:59:21 (6 months ago)
Author:
swissspidy
Message:

Fix broken audio/video functions when sanitizing ID3 data

This fixes a bug where running wp_kses_post_deep() on all the ID3
tag data corrupted blob data.

Fixes #40075, #40085.

Merges [40400] to the 4.7 branch.

Location:
branches/4.7
Files:
2 edited

Legend:

Unmodified
Added
Removed
  • branches/4.7

  • branches/4.7/src/wp-admin/includes/media.php

    r40149 r40460  
    29832983            foreach ( $data[$version]['comments'] as $key => $list ) { 
    29842984                if ( 'length' !== $key && ! empty( $list ) ) { 
    2985                     $metadata[$key] = reset( $list ); 
     2985                    $metadata[$key] = wp_kses_post( reset( $list ) ); 
    29862986                    // Fix bug in byte stream analysis. 
    29872987                    if ( 'terms_of_use' === $key && 0 === strpos( $metadata[$key], 'yright notice.' ) ) 
     
    30733073    wp_add_id3_tag_data( $metadata, $data ); 
    30743074 
    3075     $metadata = wp_kses_post_deep( $metadata ); 
    3076  
    30773075    return $metadata; 
    30783076} 
     
    31203118    wp_add_id3_tag_data( $metadata, $data ); 
    31213119 
    3122     $metadata = wp_kses_post_deep( $metadata ); 
    3123  
    31243120    return $metadata; 
    31253121} 
Note: See TracChangeset for help on using the changeset viewer.