WordPress.org

Make WordPress Core


Ignore:
Timestamp:
04/17/2017 01:16:31 PM (3 years ago)
Author:
swissspidy
Message:

Fix broken audio/video functions when sanitizing ID3 data

This fixes a bug where running wp_kses_post_deep() on all the ID3
tag data corrupted blob data.

See #40075, #40085.

Merges [40400] to the 4.4 branch.

Location:
branches/4.4
Files:
2 edited

Legend:

Unmodified
Added
Removed
  • branches/4.4

  • branches/4.4/src/wp-admin/includes/media.php

    r40152 r40463  
    29392939            foreach ( $data[$version]['comments'] as $key => $list ) {
    29402940                if ( 'length' !== $key && ! empty( $list ) ) {
    2941                     $metadata[$key] = reset( $list );
     2941                    $metadata[$key] = wp_kses_post( reset( $list ) );
    29422942                    // Fix bug in byte stream analysis.
    29432943                    if ( 'terms_of_use' === $key && 0 === strpos( $metadata[$key], 'yright notice.' ) )
     
    30293029    wp_add_id3_tag_data( $metadata, $data );
    30303030
    3031     $metadata = wp_kses_post_deep( $metadata );
    3032 
    30333031    return $metadata;
    30343032}
     
    30763074    wp_add_id3_tag_data( $metadata, $data );
    30773075
    3078     $metadata = wp_kses_post_deep( $metadata );
    3079 
    30803076    return $metadata;
    30813077}
Note: See TracChangeset for help on using the changeset viewer.