Make WordPress Core

Opened 8 years ago

Closed 7 years ago

Last modified 7 years ago

#40075 closed defect (bug) (fixed)

Broken video/audio thumbnails because of corrupted blob meta data

Reported by: superbox3000's profile superbox3000 Owned by: joemcgill's profile joemcgill
Milestone: 4.7.4 Priority: normal
Severity: blocker Version: 4.7.3
Component: Media Keywords: has-patch needs-testing
Focuses: Cc:

Description

Was asked to make a bug report after others in forum couldn't help. Here's the issue:

When MP3 files are uploaded, they are "split" into two new files: an MP3 and a new JPEG image. The problem is that the "new" MP3 file no longer has the image embedded, and the JPEG is corrupt.

The new MP3 created still works, but no longer has the cover image. Still, this isn't the original file we've uploaded, and there are bound to be new security issues because of this.

We have confirmed this happens on latest WP update (4.9.6.2.) as well as earlier versions. Please help!

Attachments (4)

mp3_testing_error.jpg (22.9 KB) - added by superbox3000 8 years ago.
mp3 upload issue.png (58.9 KB) - added by lukecavanagh 8 years ago.
mp3 Media Library issue
40075.patch (1.0 KB) - added by ocean90 8 years ago.
mp3 media library upload.png (136.0 KB) - added by lukecavanagh 8 years ago.
mp3 Media Library patch fix

Download all attachments as: .zip

Change History (40)

#1 @SergeyBiryukov
8 years ago

  • Milestone changed from Awaiting Review to 4.7.4

@lukecavanagh
8 years ago

mp3 Media Library issue

#2 @lukecavanagh
8 years ago

@superbox3000

Just verified, uploaded a mp3 file to a local dev site running WP 4.7.3. The mp3 file did have valid album artwork saved in the mp3 file.

This ticket was mentioned in Slack in #forums by sergey. View the logs.


8 years ago

This ticket was mentioned in Slack in #core-media by sam. View the logs.


8 years ago

@ocean90
8 years ago

#6 @ocean90
8 years ago

  • Keywords has-patch added
  • Severity changed from normal to blocker

wp_kses_post_deep() shouldn't be applied on blob data. Also, wp_kses_post_deep() changes all values to strings, see #35694.

40075.patch is a quick patch that backups the blob data and restores it after wp_kses_post_deep().

#7 @ocean90
8 years ago

  • Summary changed from Bug Report: Uploaded MP3 Files Are "SPLIT" Into Two Files to Broken video/audio thumbnails because of corrupted blob meta data

#8 @lukecavanagh
8 years ago

@ocean90 

The patch works fine, but if the media type was mp3, why would the extra jpg file need to generate as well for the mp3 file?

@lukecavanagh
8 years ago

mp3 Media Library patch fix

#9 follow-up: @shiroamada
8 years ago

It also happened to version 4.3.9


PHP Fatal error:  Call to undefined function wp_kses_post_deep() in /home/mywebsite/public_html/wp-admin/includes/media.php on line 3051

#10 in reply to: ↑ 9 @swissspidy
8 years ago

Replying to shiroamada:

It also happened to version 4.3.9


PHP Fatal error:  Call to undefined function wp_kses_post_deep() in /home/mywebsite/public_html/wp-admin/includes/media.php on line 3051

See #40085 for that.

#11 @joemcgill
8 years ago

I've got another approach in 40085.diff that should avoid touching blob data altogether. Feedback and testing would be appreciated.

This ticket was mentioned in Slack in #core by swissspidy. View the logs.


8 years ago

This ticket was mentioned in Slack in #core-media by joemcgill. View the logs.


8 years ago

This ticket was mentioned in Slack in #core by swissspidy. View the logs.


7 years ago

#15 @swissspidy
7 years ago

Given that the patch on #40085 fixes this behaviour as well, I'm inclined to close this ticket as a duplicate.

#16 @swissspidy
7 years ago

  • Keywords needs-testing added

Any additional eyes on 40085.diff would be really appreciated.

This ticket was mentioned in Slack in #core-media by joemcgill. View the logs.


7 years ago

This ticket was mentioned in Slack in #forums by sergey. View the logs.


7 years ago

#19 @SergeyBiryukov
7 years ago

Uploaded a workaround plugin for both this ticket and and #40085, so that people on support forums could use it until 4.7.4 is available: https://wordpress.org/plugins/correct-audio-video-uploads/

The plugin is based on 40085.diff.

Version 0, edited 7 years ago by SergeyBiryukov (next)

This ticket was mentioned in Slack in #forums by sergey. View the logs.


7 years ago

This ticket was mentioned in Slack in #core by swissspidy. View the logs.


7 years ago

This ticket was mentioned in Slack in #core by swissspidy. View the logs.


7 years ago

This ticket was mentioned in Slack in #core-media by swissspidy. View the logs.


7 years ago

#24 @joemcgill
7 years ago

  • Owner set to joemcgill
  • Resolution set to fixed
  • Status changed from new to closed

In 40400:

Fix broken audio/video functions when sanitizing ID3 data

This fixes a bug where running wp_kses_post_deep() on all the ID3
tag data corrupted blob data.

Fixes #40075, #40085.

#25 @swissspidy
7 years ago

In 40460:

Fix broken audio/video functions when sanitizing ID3 data

This fixes a bug where running wp_kses_post_deep() on all the ID3
tag data corrupted blob data.

Fixes #40075, #40085.

Merges [40400] to the 4.7 branch.

#26 @swissspidy
7 years ago

In 40461:

Fix broken audio/video functions when sanitizing ID3 data

This fixes a bug where running wp_kses_post_deep() on all the ID3
tag data corrupted blob data.

See #40075, #40085.

Merges [40400] to the 4.6 branch.

#27 @swissspidy
7 years ago

In 40462:

Fix broken audio/video functions when sanitizing ID3 data

This fixes a bug where running wp_kses_post_deep() on all the ID3
tag data corrupted blob data.

See #40075, #40085.

Merges [40400] to the 4.5 branch.

#28 @swissspidy
7 years ago

In 40463:

Fix broken audio/video functions when sanitizing ID3 data

This fixes a bug where running wp_kses_post_deep() on all the ID3
tag data corrupted blob data.

See #40075, #40085.

Merges [40400] to the 4.4 branch.

#29 @swissspidy
7 years ago

In 40464:

Fix broken audio/video functions when sanitizing ID3 data

This fixes a bug where running wp_kses_post_deep() on all the ID3
tag data corrupted blob data.

See #40075, #40085.

Merges [40400] to the 4.3 branch.

#30 @swissspidy
7 years ago

In 40465:

Fix broken audio/video functions when sanitizing ID3 data

This fixes a bug where running wp_kses_post_deep() on all the ID3
tag data corrupted blob data.

See #40075, #40085.

Merges [40400] to the 4.2 branch.

#31 @swissspidy
7 years ago

In 40466:

Fix broken audio/video functions when sanitizing ID3 data

This fixes a bug where running wp_kses_post_deep() on all the ID3
tag data corrupted blob data.

See #40075, #40085.

Merges [40400] to the 4.1 branch.

#32 @swissspidy
7 years ago

In 40467:

Fix broken audio/video functions when sanitizing ID3 data

This fixes a bug where running wp_kses_post_deep() on all the ID3
tag data corrupted blob data.

See #40075, #40085.

Merges [40400] to the 4.0 branch.

#33 @swissspidy
7 years ago

In 40468:

Fix broken audio/video functions when sanitizing ID3 data

This fixes a bug where running wp_kses_post_deep() on all the ID3
tag data corrupted blob data.

See #40075, #40085.

Merges [40400] to the 3.9 branch.

#34 @swissspidy
7 years ago

In 40469:

Fix broken audio/video functions when sanitizing ID3 data

This fixes a bug where running wp_kses_post_deep() on all the ID3
tag data corrupted blob data.

See #40075, #40085.

Merges [40400] to the 3.8 branch.

#35 @swissspidy
7 years ago

In 40470:

Fix broken audio/video functions when sanitizing ID3 data

This fixes a bug where running wp_kses_post_deep() on all the ID3
tag data corrupted blob data.

See #40075, #40085.

Merges [40400] to the 3.7 branch.

This ticket was mentioned in Slack in #core by swissspidy. View the logs.


7 years ago

Note: See TracTickets for help on using tickets.