[wp-trac] [WordPress Trac] #46800: protect against bad characters in media attachment metadata

WordPress Trac noreply at wordpress.org
Tue Apr 16 04:17:42 UTC 2019


#46800: protect against bad characters in media attachment metadata
--------------------------+-----------------------------
 Reporter:  donpark       |       Owner:  joemcgill
     Type:  defect (bug)  |      Status:  accepted
 Priority:  normal        |   Milestone:  Future Release
Component:  Media         |     Version:  trunk
 Severity:  normal        |  Resolution:
 Keywords:                |     Focuses:
--------------------------+-----------------------------
Changes (by joemcgill):

 * owner:  (none) => joemcgill
 * status:  new => accepted
 * milestone:  Awaiting Review => Future Release


Comment:

 Hi @donpark. Thanks for the detailed report.

 I'm curious if updating the ID3 library in core would have any affect (see
 #43836)? If not, we should apply this sanitization as soon as the data is
 read from the file, which I think would be in `wp_read_image_metadata()`,
 if I'm understanding correctly. Any interest in trying to put together a
 patch for this?

-- 
Ticket URL: <https://core.trac.wordpress.org/ticket/46800#comment:1>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform


More information about the wp-trac mailing list