#40075 closed defect (bug) (fixed)
Broken video/audio thumbnails because of corrupted blob meta data
Reported by: | superbox3000 | Owned by: | joemcgill |
---|---|---|---|
Milestone: | 4.7.4 | Priority: | normal |
Severity: | blocker | Version: | 4.7.3 |
Component: | Media | Keywords: | has-patch needs-testing |
Focuses: | Cc: |
Description
Was asked to make a bug report after others in forum couldn't help. Here's the issue:
When MP3 files are uploaded, they are "split" into two new files: an MP3 and a new JPEG image. The problem is that the "new" MP3 file no longer has the image embedded, and the JPEG is corrupt.
The new MP3 created still works, but no longer has the cover image. Still, this isn't the original file we've uploaded, and there are bound to be new security issues because of this.
We have confirmed this happens on latest WP update (4.9.6.2.) as well as earlier versions. Please help!
Attachments (4)
Change History (40)
#2
@
8 years ago
@superbox3000
Just verified, uploaded a mp3 file to a local dev site running WP 4.7.3. The mp3 file did have valid album artwork saved in the mp3 file.
This ticket was mentioned in Slack in #forums by sergey. View the logs.
8 years ago
This ticket was mentioned in Slack in #core-media by sam. View the logs.
8 years ago
#6
@
8 years ago
- Keywords has-patch added
- Severity changed from normal to blocker
wp_kses_post_deep()
shouldn't be applied on blob data. Also, wp_kses_post_deep()
changes all values to strings, see #35694.
40075.patch is a quick patch that backups the blob data and restores it after wp_kses_post_deep()
.
#7
@
8 years ago
- Summary changed from Bug Report: Uploaded MP3 Files Are "SPLIT" Into Two Files to Broken video/audio thumbnails because of corrupted blob meta data
#8
@
8 years ago
@ocean90
The patch works fine, but if the media type was mp3, why would the extra jpg file need to generate as well for the mp3 file?
#9
follow-up:
↓ 10
@
8 years ago
It also happened to version 4.3.9
PHP Fatal error: Call to undefined function wp_kses_post_deep() in /home/mywebsite/public_html/wp-admin/includes/media.php on line 3051
#10
in reply to:
↑ 9
@
8 years ago
Replying to shiroamada:
It also happened to version 4.3.9
PHP Fatal error: Call to undefined function wp_kses_post_deep() in /home/mywebsite/public_html/wp-admin/includes/media.php on line 3051
See #40085 for that.
#11
@
8 years ago
I've got another approach in 40085.diff that should avoid touching blob data altogether. Feedback and testing would be appreciated.
This ticket was mentioned in Slack in #core by swissspidy. View the logs.
8 years ago
This ticket was mentioned in Slack in #core-media by joemcgill. View the logs.
8 years ago
This ticket was mentioned in Slack in #core by swissspidy. View the logs.
7 years ago
#15
@
7 years ago
Given that the patch on #40085 fixes this behaviour as well, I'm inclined to close this ticket as a duplicate.
#16
@
7 years ago
- Keywords needs-testing added
Any additional eyes on 40085.diff would be really appreciated.
This ticket was mentioned in Slack in #core-media by joemcgill. View the logs.
7 years ago
This ticket was mentioned in Slack in #forums by sergey. View the logs.
7 years ago
#19
@
7 years ago
Uploaded a workaround plugin for both this ticket and and #40085, so that people on support forums could use it until 4.7.4 is available: https://wordpress.org/plugins/correct-audio-video-uploads/
The plugin is based on 40085.diff.
This ticket was mentioned in Slack in #forums by sergey. View the logs.
7 years ago
This ticket was mentioned in Slack in #core by swissspidy. View the logs.
7 years ago
This ticket was mentioned in Slack in #core by swissspidy. View the logs.
7 years ago
This ticket was mentioned in Slack in #core-media by swissspidy. View the logs.
7 years ago
#24
@
7 years ago
- Owner set to joemcgill
- Resolution set to fixed
- Status changed from new to closed
In 40400:
mp3 Media Library issue