WordPress.org

Make WordPress Core

Opened 7 months ago

Closed 5 months ago

Last modified 5 months ago

#40075 closed defect (bug) (fixed)

Broken video/audio thumbnails because of corrupted blob meta data

Reported by: superbox3000 Owned by: joemcgill
Milestone: 4.7.4 Priority: normal
Severity: blocker Version: 4.7.3
Component: Media Keywords: has-patch needs-testing
Focuses: Cc:

Description

Was asked to make a bug report after others in forum couldn't help. Here's the issue:

When MP3 files are uploaded, they are "split" into two new files: an MP3 and a new JPEG image. The problem is that the "new" MP3 file no longer has the image embedded, and the JPEG is corrupt.

The new MP3 created still works, but no longer has the cover image. Still, this isn't the original file we've uploaded, and there are bound to be new security issues because of this.

We have confirmed this happens on latest WP update (4.9.6.2.) as well as earlier versions. Please help!

Attachments (4)

mp3_testing_error.jpg (22.9 KB) - added by superbox3000 7 months ago.
mp3 upload issue.png (58.9 KB) - added by lukecavanagh 7 months ago.
mp3 Media Library issue
40075.patch (1.0 KB) - added by ocean90 7 months ago.
mp3 media library upload.png (136.0 KB) - added by lukecavanagh 7 months ago.
mp3 Media Library patch fix

Download all attachments as: .zip

Change History (40)

#1 @SergeyBiryukov
7 months ago

  • Milestone changed from Awaiting Review to 4.7.4

@lukecavanagh
7 months ago

mp3 Media Library issue

#2 @lukecavanagh
7 months ago

@superbox3000

Just verified, uploaded a mp3 file to a local dev site running WP 4.7.3. The mp3 file did have valid album artwork saved in the mp3 file.

This ticket was mentioned in Slack in #forums by sergey. View the logs.


7 months ago

This ticket was mentioned in Slack in #core-media by sam. View the logs.


7 months ago

@ocean90
7 months ago

#6 @ocean90
7 months ago

  • Keywords has-patch added
  • Severity changed from normal to blocker

wp_kses_post_deep() shouldn't be applied on blob data. Also, wp_kses_post_deep() changes all values to strings, see #35694.

40075.patch is a quick patch that backups the blob data and restores it after wp_kses_post_deep().

#7 @ocean90
7 months ago

  • Summary changed from Bug Report: Uploaded MP3 Files Are "SPLIT" Into Two Files to Broken video/audio thumbnails because of corrupted blob meta data

#8 @lukecavanagh
7 months ago

@ocean90 

The patch works fine, but if the media type was mp3, why would the extra jpg file need to generate as well for the mp3 file?

@lukecavanagh
7 months ago

mp3 Media Library patch fix

#9 follow-up: @shiroamada
6 months ago

It also happened to version 4.3.9


PHP Fatal error:  Call to undefined function wp_kses_post_deep() in /home/mywebsite/public_html/wp-admin/includes/media.php on line 3051

#10 in reply to: ↑ 9 @swissspidy
6 months ago

Replying to shiroamada:

It also happened to version 4.3.9


PHP Fatal error:  Call to undefined function wp_kses_post_deep() in /home/mywebsite/public_html/wp-admin/includes/media.php on line 3051

See #40085 for that.

#11 @joemcgill
6 months ago

I've got another approach in 40085.diff that should avoid touching blob data altogether. Feedback and testing would be appreciated.

This ticket was mentioned in Slack in #core by swissspidy. View the logs.


6 months ago

This ticket was mentioned in Slack in #core-media by joemcgill. View the logs.


6 months ago

This ticket was mentioned in Slack in #core by swissspidy. View the logs.


6 months ago

#15 @swissspidy
6 months ago

Given that the patch on #40085 fixes this behaviour as well, I'm inclined to close this ticket as a duplicate.

#16 @swissspidy
6 months ago

  • Keywords needs-testing added

Any additional eyes on 40085.diff would be really appreciated.

This ticket was mentioned in Slack in #core-media by joemcgill. View the logs.


6 months ago

This ticket was mentioned in Slack in #forums by sergey. View the logs.


6 months ago

#19 @SergeyBiryukov
6 months ago

Uploaded a workaround plugin for both this ticket and #40085, so that people on support forums could use it until 4.7.4 is available: https://wordpress.org/plugins/correct-audio-video-uploads/

The plugin is based on 40085.diff.

Last edited 6 months ago by SergeyBiryukov (previous) (diff)

This ticket was mentioned in Slack in #forums by sergey. View the logs.


6 months ago

This ticket was mentioned in Slack in #core by swissspidy. View the logs.


6 months ago

This ticket was mentioned in Slack in #core by swissspidy. View the logs.


6 months ago

This ticket was mentioned in Slack in #core-media by swissspidy. View the logs.


6 months ago

#24 @joemcgill
5 months ago

  • Owner set to joemcgill
  • Resolution set to fixed
  • Status changed from new to closed

In 40400:

Fix broken audio/video functions when sanitizing ID3 data

This fixes a bug where running wp_kses_post_deep() on all the ID3
tag data corrupted blob data.

Fixes #40075, #40085.

#25 @swissspidy
5 months ago

In 40460:

Fix broken audio/video functions when sanitizing ID3 data

This fixes a bug where running wp_kses_post_deep() on all the ID3
tag data corrupted blob data.

Fixes #40075, #40085.

Merges [40400] to the 4.7 branch.

#26 @swissspidy
5 months ago

In 40461:

Fix broken audio/video functions when sanitizing ID3 data

This fixes a bug where running wp_kses_post_deep() on all the ID3
tag data corrupted blob data.

See #40075, #40085.

Merges [40400] to the 4.6 branch.

#27 @swissspidy
5 months ago

In 40462:

Fix broken audio/video functions when sanitizing ID3 data

This fixes a bug where running wp_kses_post_deep() on all the ID3
tag data corrupted blob data.

See #40075, #40085.

Merges [40400] to the 4.5 branch.

#28 @swissspidy
5 months ago

In 40463:

Fix broken audio/video functions when sanitizing ID3 data

This fixes a bug where running wp_kses_post_deep() on all the ID3
tag data corrupted blob data.

See #40075, #40085.

Merges [40400] to the 4.4 branch.

#29 @swissspidy
5 months ago

In 40464:

Fix broken audio/video functions when sanitizing ID3 data

This fixes a bug where running wp_kses_post_deep() on all the ID3
tag data corrupted blob data.

See #40075, #40085.

Merges [40400] to the 4.3 branch.

#30 @swissspidy
5 months ago

In 40465:

Fix broken audio/video functions when sanitizing ID3 data

This fixes a bug where running wp_kses_post_deep() on all the ID3
tag data corrupted blob data.

See #40075, #40085.

Merges [40400] to the 4.2 branch.

#31 @swissspidy
5 months ago

In 40466:

Fix broken audio/video functions when sanitizing ID3 data

This fixes a bug where running wp_kses_post_deep() on all the ID3
tag data corrupted blob data.

See #40075, #40085.

Merges [40400] to the 4.1 branch.

#32 @swissspidy
5 months ago

In 40467:

Fix broken audio/video functions when sanitizing ID3 data

This fixes a bug where running wp_kses_post_deep() on all the ID3
tag data corrupted blob data.

See #40075, #40085.

Merges [40400] to the 4.0 branch.

#33 @swissspidy
5 months ago

In 40468:

Fix broken audio/video functions when sanitizing ID3 data

This fixes a bug where running wp_kses_post_deep() on all the ID3
tag data corrupted blob data.

See #40075, #40085.

Merges [40400] to the 3.9 branch.

#34 @swissspidy
5 months ago

In 40469:

Fix broken audio/video functions when sanitizing ID3 data

This fixes a bug where running wp_kses_post_deep() on all the ID3
tag data corrupted blob data.

See #40075, #40085.

Merges [40400] to the 3.8 branch.

#35 @swissspidy
5 months ago

In 40470:

Fix broken audio/video functions when sanitizing ID3 data

This fixes a bug where running wp_kses_post_deep() on all the ID3
tag data corrupted blob data.

See #40075, #40085.

Merges [40400] to the 3.7 branch.

This ticket was mentioned in Slack in #core by swissspidy. View the logs.


5 months ago

Note: See TracTickets for help on using tickets.