WordPress.org

Make WordPress Core

Opened 7 weeks ago

Closed 2 weeks ago

Last modified 6 days ago

#40075 closed defect (bug) (fixed)

Broken video/audio thumbnails because of corrupted blob meta data

Reported by: superbox3000 Owned by: joemcgill
Milestone: 4.7.4 Priority: normal
Severity: blocker Version: 4.7.3
Component: Media Keywords: has-patch needs-testing
Focuses: Cc:

Description

Was asked to make a bug report after others in forum couldn't help. Here's the issue:

When MP3 files are uploaded, they are "split" into two new files: an MP3 and a new JPEG image. The problem is that the "new" MP3 file no longer has the image embedded, and the JPEG is corrupt.

The new MP3 created still works, but no longer has the cover image. Still, this isn't the original file we've uploaded, and there are bound to be new security issues because of this.

We have confirmed this happens on latest WP update (4.9.6.2.) as well as earlier versions. Please help!

Attachments (4)

mp3_testing_error.jpg (22.9 KB) - added by superbox3000 7 weeks ago.
mp3 upload issue.png (58.9 KB) - added by lukecavanagh 7 weeks ago.
mp3 Media Library issue
40075.patch (1.0 KB) - added by ocean90 7 weeks ago.
mp3 media library upload.png (136.0 KB) - added by lukecavanagh 7 weeks ago.
mp3 Media Library patch fix

Download all attachments as: .zip

Change History (40)

#1 @SergeyBiryukov
7 weeks ago

  • Milestone changed from Awaiting Review to 4.7.4

@lukecavanagh
7 weeks ago

mp3 Media Library issue

#2 @lukecavanagh
7 weeks ago

@superbox3000

Just verified, uploaded a mp3 file to a local dev site running WP 4.7.3. The mp3 file did have valid album artwork saved in the mp3 file.

This ticket was mentioned in Slack in #forums by sergey. View the logs.


7 weeks ago

This ticket was mentioned in Slack in #core-media by sam. View the logs.


7 weeks ago

@ocean90
7 weeks ago

#6 @ocean90
7 weeks ago

  • Keywords has-patch added
  • Severity changed from normal to blocker

wp_kses_post_deep() shouldn't be applied on blob data. Also, wp_kses_post_deep() changes all values to strings, see #35694.

40075.patch is a quick patch that backups the blob data and restores it after wp_kses_post_deep().

#7 @ocean90
7 weeks ago

  • Summary changed from Bug Report: Uploaded MP3 Files Are "SPLIT" Into Two Files to Broken video/audio thumbnails because of corrupted blob meta data

#8 @lukecavanagh
7 weeks ago

@ocean90 

The patch works fine, but if the media type was mp3, why would the extra jpg file need to generate as well for the mp3 file?

@lukecavanagh
7 weeks ago

mp3 Media Library patch fix

#9 follow-up: @shiroamada
6 weeks ago

It also happened to version 4.3.9


PHP Fatal error:  Call to undefined function wp_kses_post_deep() in /home/mywebsite/public_html/wp-admin/includes/media.php on line 3051

#10 in reply to: ↑ 9 @swissspidy
6 weeks ago

Replying to shiroamada:

It also happened to version 4.3.9


PHP Fatal error:  Call to undefined function wp_kses_post_deep() in /home/mywebsite/public_html/wp-admin/includes/media.php on line 3051

See #40085 for that.

#11 @joemcgill
6 weeks ago

I've got another approach in 40085.diff that should avoid touching blob data altogether. Feedback and testing would be appreciated.

This ticket was mentioned in Slack in #core by swissspidy. View the logs.


6 weeks ago

This ticket was mentioned in Slack in #core-media by joemcgill. View the logs.


6 weeks ago

This ticket was mentioned in Slack in #core by swissspidy. View the logs.


5 weeks ago

#15 @swissspidy
5 weeks ago

Given that the patch on #40085 fixes this behaviour as well, I'm inclined to close this ticket as a duplicate.

#16 @swissspidy
5 weeks ago

  • Keywords needs-testing added

Any additional eyes on 40085.diff would be really appreciated.

This ticket was mentioned in Slack in #core-media by joemcgill. View the logs.


5 weeks ago

This ticket was mentioned in Slack in #forums by sergey. View the logs.


4 weeks ago

#19 @SergeyBiryukov
4 weeks ago

Uploaded a workaround plugin for both this ticket and #40085, so that people on support forums could use it until 4.7.4 is available: https://wordpress.org/plugins/correct-audio-video-uploads/

The plugin is based on 40085.diff.

Last edited 4 weeks ago by SergeyBiryukov (previous) (diff)

This ticket was mentioned in Slack in #forums by sergey. View the logs.


4 weeks ago

This ticket was mentioned in Slack in #core by swissspidy. View the logs.


3 weeks ago

This ticket was mentioned in Slack in #core by swissspidy. View the logs.


3 weeks ago

This ticket was mentioned in Slack in #core-media by swissspidy. View the logs.


3 weeks ago

#24 @joemcgill
2 weeks ago

  • Owner set to joemcgill
  • Resolution set to fixed
  • Status changed from new to closed

In 40400:

Fix broken audio/video functions when sanitizing ID3 data

This fixes a bug where running wp_kses_post_deep() on all the ID3
tag data corrupted blob data.

Fixes #40075, #40085.

#25 @swissspidy
9 days ago

In 40460:

Fix broken audio/video functions when sanitizing ID3 data

This fixes a bug where running wp_kses_post_deep() on all the ID3
tag data corrupted blob data.

Fixes #40075, #40085.

Merges [40400] to the 4.7 branch.

#26 @swissspidy
9 days ago

In 40461:

Fix broken audio/video functions when sanitizing ID3 data

This fixes a bug where running wp_kses_post_deep() on all the ID3
tag data corrupted blob data.

See #40075, #40085.

Merges [40400] to the 4.6 branch.

#27 @swissspidy
9 days ago

In 40462:

Fix broken audio/video functions when sanitizing ID3 data

This fixes a bug where running wp_kses_post_deep() on all the ID3
tag data corrupted blob data.

See #40075, #40085.

Merges [40400] to the 4.5 branch.

#28 @swissspidy
9 days ago

In 40463:

Fix broken audio/video functions when sanitizing ID3 data

This fixes a bug where running wp_kses_post_deep() on all the ID3
tag data corrupted blob data.

See #40075, #40085.

Merges [40400] to the 4.4 branch.

#29 @swissspidy
9 days ago

In 40464:

Fix broken audio/video functions when sanitizing ID3 data

This fixes a bug where running wp_kses_post_deep() on all the ID3
tag data corrupted blob data.

See #40075, #40085.

Merges [40400] to the 4.3 branch.

#30 @swissspidy
9 days ago

In 40465:

Fix broken audio/video functions when sanitizing ID3 data

This fixes a bug where running wp_kses_post_deep() on all the ID3
tag data corrupted blob data.

See #40075, #40085.

Merges [40400] to the 4.2 branch.

#31 @swissspidy
9 days ago

In 40466:

Fix broken audio/video functions when sanitizing ID3 data

This fixes a bug where running wp_kses_post_deep() on all the ID3
tag data corrupted blob data.

See #40075, #40085.

Merges [40400] to the 4.1 branch.

#32 @swissspidy
9 days ago

In 40467:

Fix broken audio/video functions when sanitizing ID3 data

This fixes a bug where running wp_kses_post_deep() on all the ID3
tag data corrupted blob data.

See #40075, #40085.

Merges [40400] to the 4.0 branch.

#33 @swissspidy
9 days ago

In 40468:

Fix broken audio/video functions when sanitizing ID3 data

This fixes a bug where running wp_kses_post_deep() on all the ID3
tag data corrupted blob data.

See #40075, #40085.

Merges [40400] to the 3.9 branch.

#34 @swissspidy
9 days ago

In 40469:

Fix broken audio/video functions when sanitizing ID3 data

This fixes a bug where running wp_kses_post_deep() on all the ID3
tag data corrupted blob data.

See #40075, #40085.

Merges [40400] to the 3.8 branch.

#35 @swissspidy
9 days ago

In 40470:

Fix broken audio/video functions when sanitizing ID3 data

This fixes a bug where running wp_kses_post_deep() on all the ID3
tag data corrupted blob data.

See #40075, #40085.

Merges [40400] to the 3.7 branch.

This ticket was mentioned in Slack in #core by swissspidy. View the logs.


6 days ago

Note: See TracTickets for help on using tickets.