Changeset 61289 for branches/6.9/src/wp-includes/ID3/getid3.lib.php

Timestamp:

11/24/2025 06:36:59 PM (3 months ago)

Author:

SergeyBiryukov

Message:

External Libraries: Update getID3 to version 1.9.24.

In [60812], two changes related to PHP 8.5 compatibility were cherry picked from the upstream repository to be included in time for WordPress 6.9. Since then, a proper release has been tagged which includes several bug fixes in addition to the previous two changes.

HEIF support has also been added to the Quicktime audio/video module.

A full list of changes can be found on GitHub: ​https://github.com/JamesHeinrich/getID3/releases/tag/v1.9.24

Reviewed by desrosj, SergeyBiryukov.
Merges [61253] to the 6.9 branch.

Props TobiasBg.
Fixes #64253.

Location:

branches/6.9

Files:

• . (modified) (1 prop)
• src/wp-includes/ID3/getid3.lib.php (modified) (8 diffs)

branches/6.9/src/wp-includes/ID3/getid3.lib.php

@@ -12 +12 @@
 /////////////////////////////////////////////////////////////////
 
-if(!defined('GETID3_LIBXML_OPTIONS') && defined('LIBXML_VERSION')) {
-    if(LIBXML_VERSION >= 20621) {
+if (!defined('GETID3_LIBXML_OPTIONS') && defined('LIBXML_VERSION')) {
+    if (LIBXML_VERSION >= 20621) {
         define('GETID3_LIBXML_OPTIONS', LIBXML_NOENT | LIBXML_NONET | LIBXML_NOWARNING | LIBXML_COMPACT);
     } else {
@@ -74 +74 @@
     /**
      * @param int|null $variable
-     * @param int      $increment
+     * @param-out int  $variable
+     * @param int      $increment
      *
      * @return bool
@@ -116 +117 @@
         static $hasINT64 = null;
         if ($hasINT64 === null) { // 10x faster than is_null()
-            $hasINT64 = is_int(pow(2, 31)); // 32-bit int are limited to (2^31)-1
+            /** @var int|float|object $bigInt */
+            $bigInt = pow(2, 31);
+            $hasINT64 = is_int($bigInt); // 32-bit int are limited to (2^31)-1
             if (!$hasINT64 && !defined('PHP_INT_MIN')) {
                 define('PHP_INT_MIN', ~PHP_INT_MAX);
@@ -441 +444 @@
 
     /**
-     * @param int $number
+     * @param int|string $number
      *
      * @return string
@@ -745 +748 @@
      */
     public static function XML2array($XMLstring) {
-        if (function_exists('simplexml_load_string') && function_exists('libxml_disable_entity_loader')) {
-            // http://websec.io/2012/08/27/Preventing-XEE-in-PHP.html
-            // https://core.trac.wordpress.org/changeset/29378
-            // This function has been deprecated in PHP 8.0 because in libxml 2.9.0, external entity loading is
-            // disabled by default, but is still needed when LIBXML_NOENT is used.
-            $loader = @libxml_disable_entity_loader(true);
-            $XMLobject = simplexml_load_string($XMLstring, 'SimpleXMLElement', GETID3_LIBXML_OPTIONS);
-            $return = self::SimpleXMLelement2array($XMLobject);
-            @libxml_disable_entity_loader($loader);
-            return $return;
+        if (function_exists('simplexml_load_string')) {
+            if (PHP_VERSION_ID < 80000) {
+                if (function_exists('libxml_disable_entity_loader')) {
+                    // http://websec.io/2012/08/27/Preventing-XEE-in-PHP.html
+                    // https://core.trac.wordpress.org/changeset/29378
+                    // This function has been deprecated in PHP 8.0 because in libxml 2.9.0, external entity loading is
+                    // disabled by default, but is still needed when LIBXML_NOENT is used.
+                    $loader = @libxml_disable_entity_loader(true);
+                    $XMLobject = simplexml_load_string($XMLstring, 'SimpleXMLElement', GETID3_LIBXML_OPTIONS);
+                    $return = self::SimpleXMLelement2array($XMLobject);
+                    @libxml_disable_entity_loader($loader);
+                    return $return;
+                }
+            } else {
+                $allow = false;
+                if (defined('LIBXML_VERSION') && (LIBXML_VERSION >= 20900)) {
+                    // https://www.php.net/manual/en/function.libxml-disable-entity-loader.php
+                    // "as of libxml 2.9.0 entity substitution is disabled by default, so there is no need to disable the loading
+                    //  of external entities, unless there is the need to resolve internal entity references with LIBXML_NOENT."
+                    $allow = true;
+                } elseif (function_exists('libxml_set_external_entity_loader')) {
+                    libxml_set_external_entity_loader(function () { return null; }); // https://www.zend.com/blog/cve-2023-3823
+                    $allow = true;
+                }
+                if ($allow) {
+                    $XMLobject = simplexml_load_string($XMLstring, 'SimpleXMLElement', GETID3_LIBXML_OPTIONS);
+                    $return = self::SimpleXMLelement2array($XMLobject);
+                    return $return;
+                }
+            }
         }
         return false;
@@ -1498 +1521 @@
         if (PHP_VERSION_ID >= 50400) {
             $GetDataImageSize = @getimagesizefromstring($imgData, $imageinfo);
-            if ($GetDataImageSize === false || !isset($GetDataImageSize[0], $GetDataImageSize[1])) {
+            if ($GetDataImageSize === false) {
                 return false;
             }
@@ -1526 +1549 @@
                 fclose($tmp);
                 $GetDataImageSize = @getimagesize($tempfilename, $imageinfo);
-                if (($GetDataImageSize === false) || !isset($GetDataImageSize[0]) || !isset($GetDataImageSize[1])) {
+                if ($GetDataImageSize === false) {
                     return false;
                 }
@@ -1720 +1743 @@
             //$cache[$file][$name][substr($line, 0, $keylength)] = trim(substr($line, $keylength + 1));
             $explodedLine = explode("\t", $line, 2);
-            $ThisKey   = (isset($explodedLine[0]) ? $explodedLine[0] : '');
+            $ThisKey   = $explodedLine[0];
             $ThisValue = (isset($explodedLine[1]) ? $explodedLine[1] : '');
             $cache[$file][$name][$ThisKey] = trim($ThisValue);