diff --git a/src/wp-includes/ID3/getid3.lib.php b/src/wp-includes/ID3/getid3.lib.php index 13c766c78d..ebdc569864 100644 --- a/src/wp-includes/ID3/getid3.lib.php +++ b/src/wp-includes/ID3/getid3.lib.php @@ -681,10 +681,10 @@ class getid3_lib */ public static function array_max($arraydata, $returnkey=false) { $maxvalue = false; - $maxkey = false; + $maxkey = false; foreach ($arraydata as $key => $value) { if (!is_array($value)) { - if ($value > $maxvalue) { + if (($maxvalue === false) || ($value > $maxvalue)) { $maxvalue = $value; $maxkey = $key; } @@ -701,10 +701,10 @@ class getid3_lib */ public static function array_min($arraydata, $returnkey=false) { $minvalue = false; - $minkey = false; + $minkey = false; foreach ($arraydata as $key => $value) { if (!is_array($value)) { - if ($value > $minvalue) { + if (($minvalue === false) || ($value < $minvalue)) { $minvalue = $value; $minkey = $key; } @@ -1529,13 +1529,20 @@ class getid3_lib /** * @param array $ThisFileInfo + * @param bool $option_tags_html default true (just as in the main getID3 class) * * @return bool */ - public static function CopyTagsToComments(&$ThisFileInfo) { - + public static function CopyTagsToComments(&$ThisFileInfo, $option_tags_html=true) { // Copy all entries from ['tags'] into common ['comments'] if (!empty($ThisFileInfo['tags'])) { + if (isset($ThisFileInfo['tags']['id3v1'])) { + // bubble ID3v1 to the end, if present to aid in detecting bad ID3v1 encodings + $ID3v1 = $ThisFileInfo['tags']['id3v1']; + unset($ThisFileInfo['tags']['id3v1']); + $ThisFileInfo['tags']['id3v1'] = $ID3v1; + unset($ID3v1); + } foreach ($ThisFileInfo['tags'] as $tagtype => $tagarray) { foreach ($tagarray as $tagname => $tagdata) { foreach ($tagdata as $key => $value) { @@ -1554,6 +1561,13 @@ class getid3_lib break 2; } } + if (function_exists('mb_convert_encoding')) { + if (trim($value) == trim(substr(mb_convert_encoding($existingvalue, $ThisFileInfo['id3v1']['encoding'], $ThisFileInfo['encoding']), 0, 30))) { + // value stored in ID3v1 appears to be probably the multibyte value transliterated (badly) into ISO-8859-1 in ID3v1. + // As an example, Foobar2000 will do this if you tag a file with Chinese or Arabic or Cyrillic or something that doesn't fit into ISO-8859-1 the ID3v1 will consist of mostly "?" characters, one per multibyte unrepresentable character + break 2; + } + } } elseif (!is_array($value)) { @@ -1562,7 +1576,6 @@ class getid3_lib $oldvaluelength = strlen(trim($existingvalue)); if ((strlen($existingvalue) > 10) && ($newvaluelength > $oldvaluelength) && (substr(trim($value), 0, strlen($existingvalue)) == $existingvalue)) { $ThisFileInfo['comments'][$tagname][$existingkey] = trim($value); - //break 2; break; } } @@ -1597,19 +1610,21 @@ class getid3_lib } } - // Copy to ['comments_html'] - if (!empty($ThisFileInfo['comments'])) { - foreach ($ThisFileInfo['comments'] as $field => $values) { - if ($field == 'picture') { - // pictures can take up a lot of space, and we don't need multiple copies of them - // let there be a single copy in [comments][picture], and not elsewhere - continue; - } - foreach ($values as $index => $value) { - if (is_array($value)) { - $ThisFileInfo['comments_html'][$field][$index] = $value; - } else { - $ThisFileInfo['comments_html'][$field][$index] = str_replace('�', '', self::MultiByteCharString2HTML($value, $ThisFileInfo['encoding'])); + if ($option_tags_html) { + // Copy ['comments'] to ['comments_html'] + if (!empty($ThisFileInfo['comments'])) { + foreach ($ThisFileInfo['comments'] as $field => $values) { + if ($field == 'picture') { + // pictures can take up a lot of space, and we don't need multiple copies of them + // let there be a single copy in [comments][picture], and not elsewhere + continue; + } + foreach ($values as $index => $value) { + if (is_array($value)) { + $ThisFileInfo['comments_html'][$field][$index] = $value; + } else { + $ThisFileInfo['comments_html'][$field][$index] = str_replace('�', '', self::MultiByteCharString2HTML($value, $ThisFileInfo['encoding'])); + } } } } diff --git a/src/wp-includes/ID3/getid3.php b/src/wp-includes/ID3/getid3.php index 9c319bff42..5cb3c036c0 100644 --- a/src/wp-includes/ID3/getid3.php +++ b/src/wp-includes/ID3/getid3.php @@ -99,6 +99,13 @@ class getID3 */ public $encoding_id3v1 = 'ISO-8859-1'; + /** + * ID3v1 should always be 'ISO-8859-1', but some tags may be written in other encodings such as 'Windows-1251' or 'KOI8-R'. If true attempt to detect these encodings, but may return incorrect values for some tags actually in ISO-8859-1 encoding + * + * @var bool + */ + public $encoding_id3v1_autodetect = false; + /* * Optional tag checks - disable for speed. */ @@ -250,7 +257,7 @@ class getID3 */ protected $startup_warning = ''; - const VERSION = '1.9.19-201912211559'; + const VERSION = '1.9.20-202006061653'; const FREAD_BUFFER_SIZE = 32768; const ATTACHMENTS_NONE = false; @@ -289,24 +296,28 @@ class getID3 $this->warning('WARNING: Safe mode is on, shorten support disabled, md5data/sha1data for ogg vorbis disabled, ogg vorbos/flac tag writing disabled.'); } - if (($mbstring_func_overload = (int) ini_get('mbstring.func_overload')) && ($mbstring_func_overload & 0x02)) { // phpcs:ignore PHPCompatibility.IniDirectives.RemovedIniDirectives.mbstring_func_overloadDeprecated + // phpcs:ignore PHPCompatibility.IniDirectives.RemovedIniDirectives.mbstring_func_overloadDeprecated + if (($mbstring_func_overload = (int) ini_get('mbstring.func_overload')) && ($mbstring_func_overload & 0x02)) { // http://php.net/manual/en/mbstring.overload.php // "mbstring.func_overload in php.ini is a positive value that represents a combination of bitmasks specifying the categories of functions to be overloaded. It should be set to 1 to overload the mail() function. 2 for string functions, 4 for regular expression functions" // getID3 cannot run when string functions are overloaded. It doesn't matter if mail() or ereg* functions are overloaded since getID3 does not use those. - $this->startup_error .= 'WARNING: php.ini contains "mbstring.func_overload = '.ini_get('mbstring.func_overload').'", getID3 cannot run with this setting (bitmask 2 (string functions) cannot be set). Recommended to disable entirely.'."\n"; // phpcs:ignore PHPCompatibility.IniDirectives.RemovedIniDirectives.mbstring_func_overloadDeprecated + // phpcs:ignore PHPCompatibility.IniDirectives.RemovedIniDirectives.mbstring_func_overloadDeprecated + $this->startup_error .= 'WARNING: php.ini contains "mbstring.func_overload = '.ini_get('mbstring.func_overload').'", getID3 cannot run with this setting (bitmask 2 (string functions) cannot be set). Recommended to disable entirely.'."\n"; } // check for magic quotes in PHP < 7.4.0 (when these functions became deprecated) if (version_compare(PHP_VERSION, '7.4.0', '<')) { // Check for magic_quotes_runtime if (function_exists('get_magic_quotes_runtime')) { - if (get_magic_quotes_runtime()) { // phpcs:ignore PHPCompatibility.FunctionUse.RemovedFunctions.get_magic_quotes_runtimeDeprecated + // phpcs:ignore PHPCompatibility.FunctionUse.RemovedFunctions.get_magic_quotes_runtimeDeprecated + if (get_magic_quotes_runtime()) { $this->startup_error .= 'magic_quotes_runtime must be disabled before running getID3(). Surround getid3 block by set_magic_quotes_runtime(0) and set_magic_quotes_runtime(1).'."\n"; } } // Check for magic_quotes_gpc if (function_exists('get_magic_quotes_gpc')) { - if (get_magic_quotes_gpc()) { // phpcs:ignore PHPCompatibility.FunctionUse.RemovedFunctions.get_magic_quotes_gpcDeprecated + // phpcs:ignore PHPCompatibility.FunctionUse.RemovedFunctions.get_magic_quotes_gpcDeprecated + if (get_magic_quotes_gpc()) { $this->startup_error .= 'magic_quotes_gpc must be disabled before running getID3(). Surround getid3 block by set_magic_quotes_gpc(0) and set_magic_quotes_gpc(1).'."\n"; } } @@ -846,6 +857,14 @@ class getID3 'mime_type' => 'application/octet-stream', ), + // DSDIFF - audio - Direct Stream Digital Interchange File Format + 'dsdiff' => array( + 'pattern' => '^FRM8', + 'group' => 'audio', + 'module' => 'dsdiff', + 'mime_type' => 'audio/dsd', + ), + // DTS - audio - Dolby Theatre System 'dts' => array( 'pattern' => '^\\x7F\\xFE\\x80\\x01', @@ -973,6 +992,14 @@ class getID3 'fail_ape' => 'ERROR', ), + // TAK - audio - Tom's lossless Audio Kompressor + 'tak' => array( + 'pattern' => '^tBaK', + 'group' => 'audio', + 'module' => 'tak', + 'mime_type' => 'application/octet-stream', + ), + // TTA - audio - TTA Lossless Audio Compressor (http://tta.corecodec.org) 'tta' => array( 'pattern' => '^TTA', // could also be '^TTA(\\x01|\\x02|\\x03|2|1)' @@ -1033,6 +1060,14 @@ class getID3 'mime_type' => 'video/x-flv', ), + // IVF - audio/video - IVF + 'ivf' => array( + 'pattern' => '^DKIF', + 'group' => 'audio-video', + 'module' => 'ivf', + 'mime_type' => 'video/x-ivf', + ), + // MKAV - audio/video - Mastroka 'matroska' => array( 'pattern' => '^\\x1A\\x45\\xDF\\xA3', @@ -1217,12 +1252,22 @@ class getID3 'iconv_req' => false, ), + // HPK - data - HPK compressed data + 'hpk' => array( + 'pattern' => '^BPUL', + 'group' => 'archive', + 'module' => 'hpk', + 'mime_type' => 'application/octet-stream', + 'fail_id3' => 'ERROR', + 'fail_ape' => 'ERROR', + ), + // RAR - data - RAR compressed data 'rar' => array( 'pattern' => '^Rar\\!', 'group' => 'archive', 'module' => 'rar', - 'mime_type' => 'application/octet-stream', + 'mime_type' => 'application/vnd.rar', 'fail_id3' => 'ERROR', 'fail_ape' => 'ERROR', ), @@ -1424,6 +1469,7 @@ class getID3 'flac' => array('vorbiscomment' , 'UTF-8'), 'divxtag' => array('divx' , 'ISO-8859-1'), 'iptc' => array('iptc' , 'ISO-8859-1'), + 'dsdiff' => array('dsdiff' , 'ISO-8859-1'), ); } @@ -1525,6 +1571,17 @@ class getID3 return true; } + /** + * Calls getid3_lib::CopyTagsToComments() but passes in the option_tags_html setting from this instance of getID3 + * + * @param array $ThisFileInfo + * + * @return bool + */ + public function CopyTagsToComments(&$ThisFileInfo) { + return getid3_lib::CopyTagsToComments($ThisFileInfo, $this->option_tags_html); + } + /** * @param string $algorithm * @@ -1560,7 +1617,8 @@ class getID3 // page sequence numbers likely happens for OggSpeex and OggFLAC as well, but // currently vorbiscomment only works on OggVorbis files. - if (preg_match('#(1|ON)#i', ini_get('safe_mode'))) { // phpcs:ignore PHPCompatibility.IniDirectives.RemovedIniDirectives.safe_modeDeprecatedRemoved + // phpcs:ignore PHPCompatibility.IniDirectives.RemovedIniDirectives.safe_modeDeprecatedRemoved + if (preg_match('#(1|ON)#i', ini_get('safe_mode'))) { $this->warning('Failed making system call to vorbiscomment.exe - '.$algorithm.'_data is incorrect - error returned: PHP running in Safe Mode (backtick operator not available)'); $this->info[$algorithm.'_data'] = false; @@ -2053,6 +2111,61 @@ abstract class getid3_handler return fseek($this->getid3->fp, $bytes, $whence); } + /** + * @return string|false + * + * @throws getid3_exception + */ + protected function fgets() { + // must be able to handle CR/LF/CRLF but not read more than one lineend + $buffer = ''; // final string we will return + $prevchar = ''; // save previously-read character for end-of-line checking + if ($this->data_string_flag) { + while (true) { + $thischar = substr($this->data_string, $this->data_string_position++, 1); + if (($prevchar == "\r") && ($thischar != "\n")) { + // read one byte too many, back up + $this->data_string_position--; + break; + } + $buffer .= $thischar; + if ($thischar == "\n") { + break; + } + if ($this->data_string_position >= $this->data_string_length) { + // EOF + break; + } + $prevchar = $thischar; + } + + } else { + + // Ideally we would just use PHP's fgets() function, however... + // it does not behave consistently with regards to mixed line endings, may be system-dependent + // and breaks entirely when given a file with mixed \r vs \n vs \r\n line endings (e.g. some PDFs) + //return fgets($this->getid3->fp); + while (true) { + $thischar = fgetc($this->getid3->fp); + if (($prevchar == "\r") && ($thischar != "\n")) { + // read one byte too many, back up + fseek($this->getid3->fp, -1, SEEK_CUR); + break; + } + $buffer .= $thischar; + if ($thischar == "\n") { + break; + } + if (feof($this->getid3->fp)) { + break; + } + $prevchar = $thischar; + } + + } + return $buffer; + } + /** * @return bool */ diff --git a/src/wp-includes/ID3/module.audio-video.asf.php b/src/wp-includes/ID3/module.audio-video.asf.php index cb680f8930..fce923c027 100644 --- a/src/wp-includes/ID3/module.audio-video.asf.php +++ b/src/wp-includes/ID3/module.audio-video.asf.php @@ -13,6 +13,9 @@ // /// ///////////////////////////////////////////////////////////////// +if (!defined('GETID3_INCLUDEPATH')) { // prevent path-exposing attacks that access modules directly on public webservers + exit; +} getid3_lib::IncludeDependency(GETID3_INCLUDEPATH.'module.audio-video.riff.php', __FILE__, true); class getid3_asf extends getid3_handler diff --git a/src/wp-includes/ID3/module.audio-video.flv.php b/src/wp-includes/ID3/module.audio-video.flv.php index b6703b5a71..7e684072e3 100644 --- a/src/wp-includes/ID3/module.audio-video.flv.php +++ b/src/wp-includes/ID3/module.audio-video.flv.php @@ -53,6 +53,10 @@ // /// ///////////////////////////////////////////////////////////////// +if (!defined('GETID3_INCLUDEPATH')) { // prevent path-exposing attacks that access modules directly on public webservers + exit; +} + define('GETID3_FLV_TAG_AUDIO', 8); define('GETID3_FLV_TAG_VIDEO', 9); define('GETID3_FLV_TAG_META', 18); diff --git a/src/wp-includes/ID3/module.audio-video.matroska.php b/src/wp-includes/ID3/module.audio-video.matroska.php index 5999066218..a285108590 100644 --- a/src/wp-includes/ID3/module.audio-video.matroska.php +++ b/src/wp-includes/ID3/module.audio-video.matroska.php @@ -14,6 +14,9 @@ // /// ///////////////////////////////////////////////////////////////// +if (!defined('GETID3_INCLUDEPATH')) { // prevent path-exposing attacks that access modules directly on public webservers + exit; +} define('EBML_ID_CHAPTERS', 0x0043A770); // [10][43][A7][70] -- A system to define basic menus and partition data. For more detailed information, look at the Chapters Explanation. define('EBML_ID_SEEKHEAD', 0x014D9B74); // [11][4D][9B][74] -- Contains the position of other level 1 elements. @@ -329,7 +332,7 @@ class getid3_matroska extends getid3_handler break;*/ } - $info['video']['streams'][] = $track_info; + $info['video']['streams'][$trackarray['TrackUID']] = $track_info; break; case 2: // Audio @@ -362,7 +365,7 @@ class getid3_matroska extends getid3_handler // create temp instance $getid3_temp = new getID3(); if ($track_info['dataformat'] != 'flac') { - $getid3_temp->openfile($this->getid3->filename); + $getid3_temp->openfile($this->getid3->filename, $this->getid3->info['filesize'], $this->getid3->fp); } $getid3_temp->info['avdataoffset'] = $info['matroska']['track_data_offsets'][$trackarray['TrackNumber']]['offset']; if ($track_info['dataformat'][0] == 'm' || $track_info['dataformat'] == 'flac') { @@ -478,7 +481,7 @@ class getid3_matroska extends getid3_handler break; } - $info['audio']['streams'][] = $track_info; + $info['audio']['streams'][$trackarray['TrackUID']] = $track_info; break; } } @@ -509,6 +512,30 @@ class getid3_matroska extends getid3_handler unset($info['mime_type']); } + // use _STATISTICS_TAGS if available to set audio/video bitrates + if (!empty($info['matroska']['tags'])) { + $_STATISTICS_byTrackUID = array(); + foreach ($info['matroska']['tags'] as $key1 => $value1) { + if (!empty($value1['Targets']['TagTrackUID'][0]) && !empty($value1['SimpleTag'])) { + foreach ($value1['SimpleTag'] as $key2 => $value2) { + if (!empty($value2['TagName']) && isset($value2['TagString'])) { + $_STATISTICS_byTrackUID[$value1['Targets']['TagTrackUID'][0]][$value2['TagName']] = $value2['TagString']; + } + } + } + } + foreach (array('audio','video') as $avtype) { + if (!empty($info[$avtype]['streams'])) { + foreach ($info[$avtype]['streams'] as $trackUID => $trackdata) { + if (!isset($trackdata['bitrate']) && !empty($_STATISTICS_byTrackUID[$trackUID]['BPS'])) { + $info[$avtype]['streams'][$trackUID]['bitrate'] = (int) $_STATISTICS_byTrackUID[$trackUID]['BPS']; + @$info[$avtype]['bitrate'] += $info[$avtype]['streams'][$trackUID]['bitrate']; + } + } + } + } + } + return true; } @@ -614,8 +641,10 @@ class getid3_matroska extends getid3_handler while ($this->getEBMLelement($subelement, $track_entry['end'], array(EBML_ID_VIDEO, EBML_ID_AUDIO, EBML_ID_CONTENTENCODINGS, EBML_ID_CODECPRIVATE))) { switch ($subelement['id']) { - case EBML_ID_TRACKNUMBER: case EBML_ID_TRACKUID: + $track_entry[$subelement['id_name']] = getid3_lib::PrintHexBytes($subelement['data'], true, false); + break; + case EBML_ID_TRACKNUMBER: case EBML_ID_TRACKTYPE: case EBML_ID_MINCACHE: case EBML_ID_MAXCACHE: @@ -963,7 +992,7 @@ class getid3_matroska extends getid3_handler case EBML_ID_TAGEDITIONUID: case EBML_ID_TAGCHAPTERUID: case EBML_ID_TAGATTACHMENTUID: - $targets_entry[$sub_sub_subelement['id_name']][] = getid3_lib::BigEndian2Int($sub_sub_subelement['data']); + $targets_entry[$sub_sub_subelement['id_name']][] = getid3_lib::PrintHexBytes($sub_sub_subelement['data'], true, false); break; default: diff --git a/src/wp-includes/ID3/module.audio-video.quicktime.php b/src/wp-includes/ID3/module.audio-video.quicktime.php index 3c66199b1b..1cf1c0590b 100644 --- a/src/wp-includes/ID3/module.audio-video.quicktime.php +++ b/src/wp-includes/ID3/module.audio-video.quicktime.php @@ -15,6 +15,9 @@ // /// ///////////////////////////////////////////////////////////////// +if (!defined('GETID3_INCLUDEPATH')) { // prevent path-exposing attacks that access modules directly on public webservers + exit; +} getid3_lib::IncludeDependency(GETID3_INCLUDEPATH.'module.audio.mp3.php', __FILE__, true); getid3_lib::IncludeDependency(GETID3_INCLUDEPATH.'module.tag.id3v2.php', __FILE__, true); // needed for ISO 639-2 language code lookup @@ -55,23 +58,33 @@ class getid3_quicktime extends getid3_handler $atomsize = getid3_lib::BigEndian2Int($this->fread(8)); } - $info['quicktime'][$atomname]['name'] = $atomname; - $info['quicktime'][$atomname]['size'] = $atomsize; - $info['quicktime'][$atomname]['offset'] = $offset; - if (($offset + $atomsize) > $info['avdataend']) { + $info['quicktime'][$atomname]['name'] = $atomname; + $info['quicktime'][$atomname]['size'] = $atomsize; + $info['quicktime'][$atomname]['offset'] = $offset; $this->error('Atom at offset '.$offset.' claims to go beyond end-of-file (length: '.$atomsize.' bytes)'); return false; } - if ($atomsize == 0) { // Furthermore, for historical reasons the list of atoms is optionally // terminated by a 32-bit integer set to 0. If you are writing a program // to read user data atoms, you should allow for the terminating 0. + $info['quicktime'][$atomname]['name'] = $atomname; + $info['quicktime'][$atomname]['size'] = $atomsize; + $info['quicktime'][$atomname]['offset'] = $offset; break; } + $atomHierarchy = array(); - $info['quicktime'][$atomname] = $this->QuicktimeParseAtom($atomname, $atomsize, $this->fread(min($atomsize, $atom_data_read_buffer_size)), $offset, $atomHierarchy, $this->ParseAllPossibleAtoms); + $parsedAtomData = $this->QuicktimeParseAtom($atomname, $atomsize, $this->fread(min($atomsize, $atom_data_read_buffer_size)), $offset, $atomHierarchy, $this->ParseAllPossibleAtoms); + $parsedAtomData['name'] = $atomname; + $parsedAtomData['size'] = $atomsize; + $parsedAtomData['offset'] = $offset; + if (in_array($atomname, array('uuid'))) { + @$info['quicktime'][$atomname][] = $parsedAtomData; + } else { + $info['quicktime'][$atomname] = $parsedAtomData; + } $offset += $atomsize; $atomcounter++; @@ -114,7 +127,8 @@ class getid3_quicktime extends getid3_handler foreach ($info['quicktime']['comments']['location.ISO6709'] as $ISO6709string) { $ISO6709parsed = array('latitude'=>false, 'longitude'=>false, 'altitude'=>false); if (preg_match('#^([\\+\\-])([0-9]{2}|[0-9]{4}|[0-9]{6})(\\.[0-9]+)?([\\+\\-])([0-9]{3}|[0-9]{5}|[0-9]{7})(\\.[0-9]+)?(([\\+\\-])([0-9]{3}|[0-9]{5}|[0-9]{7})(\\.[0-9]+)?)?/$#', $ISO6709string, $matches)) { - @list($dummy, $lat_sign, $lat_deg, $lat_deg_dec, $lon_sign, $lon_deg, $lon_deg_dec, $dummy, $alt_sign, $alt_deg, $alt_deg_dec) = $matches; // phpcs:ignore PHPCompatibility.Lists.AssignmentOrder.Affected + // phpcs:ignore PHPCompatibility.Lists.AssignmentOrder.Affected + @list($dummy, $lat_sign, $lat_deg, $lat_deg_dec, $lon_sign, $lon_deg, $lon_deg_dec, $dummy, $alt_sign, $alt_deg, $alt_deg_dec) = $matches; if (strlen($lat_deg) == 2) { // [+-]DD.D $ISO6709parsed['latitude'] = (($lat_sign == '-') ? -1 : 1) * floatval(ltrim($lat_deg, '0').$lat_deg_dec); @@ -143,8 +157,8 @@ class getid3_quicktime extends getid3_handler foreach (array('latitude', 'longitude', 'altitude') as $key) { if ($ISO6709parsed[$key] !== false) { $value = (($lat_sign == '-') ? -1 : 1) * floatval($ISO6709parsed[$key]); - if (!in_array($value, $info['quicktime']['comments']['gps_'.$key])) { - $info['quicktime']['comments']['gps_'.$key][] = (($lat_sign == '-') ? -1 : 1) * floatval($ISO6709parsed[$key]); + if (!isset($info['quicktime']['comments']['gps_'.$key]) || !in_array($value, $info['quicktime']['comments']['gps_'.$key])) { + @$info['quicktime']['comments']['gps_'.$key][] = (($lat_sign == '-') ? -1 : 1) * floatval($ISO6709parsed[$key]); } } } @@ -527,6 +541,7 @@ class getid3_quicktime extends getid3_handler } elseif (preg_match('#^GIF#', $atom_structure['data'])) { $atom_structure['image_mime'] = 'image/gif'; } + $info['quicktime']['comments']['picture'][] = array('image_mime'=>$atom_structure['image_mime'], 'data'=>$atom_structure['data'], 'description'=>'cover'); break; case 'atID': @@ -553,6 +568,7 @@ class getid3_quicktime extends getid3_handler } elseif (preg_match('#^GIF#', $atom_structure['data'])) { $atom_structure['image_mime'] = 'image/gif'; } + $info['quicktime']['comments']['picture'][] = array('image_mime'=>$atom_structure['image_mime'], 'data'=>$atom_structure['data'], 'description'=>'cover'); } break; @@ -756,6 +772,15 @@ class getid3_quicktime extends getid3_handler $atom_structure['sample_description_table'][$i]['data'] = substr($atom_data, $stsdEntriesDataOffset, ($atom_structure['sample_description_table'][$i]['size'] - 4 - 4 - 6 - 2)); $stsdEntriesDataOffset += ($atom_structure['sample_description_table'][$i]['size'] - 4 - 4 - 6 - 2); + if (substr($atom_structure['sample_description_table'][$i]['data'], 1, 54) == 'application/octet-stream;type=com.parrot.videometadata') { + // special handling for apparently-malformed (TextMetaDataSampleEntry?) data for some version of Parrot drones + $atom_structure['sample_description_table'][$i]['parrot_frame_metadata']['mime_type'] = substr($atom_structure['sample_description_table'][$i]['data'], 1, 55); + $atom_structure['sample_description_table'][$i]['parrot_frame_metadata']['metadata_version'] = (int) substr($atom_structure['sample_description_table'][$i]['data'], 55, 1); + unset($atom_structure['sample_description_table'][$i]['data']); +$this->warning('incomplete/incorrect handling of "stsd" with Parrot metadata in this version of getID3() ['.$this->getid3->version().']'); + continue; + } + $atom_structure['sample_description_table'][$i]['encoder_version'] = getid3_lib::BigEndian2Int(substr($atom_structure['sample_description_table'][$i]['data'], 0, 2)); $atom_structure['sample_description_table'][$i]['encoder_revision'] = getid3_lib::BigEndian2Int(substr($atom_structure['sample_description_table'][$i]['data'], 2, 2)); $atom_structure['sample_description_table'][$i]['encoder_vendor'] = substr($atom_structure['sample_description_table'][$i]['data'], 4, 4); @@ -1133,7 +1158,7 @@ class getid3_quicktime extends getid3_handler $atom_structure['component_manufacturer'] = substr($atom_data, 12, 4); $atom_structure['component_flags_raw'] = getid3_lib::BigEndian2Int(substr($atom_data, 16, 4)); $atom_structure['component_flags_mask'] = getid3_lib::BigEndian2Int(substr($atom_data, 20, 4)); - $atom_structure['component_name'] = $this->Pascal2String(substr($atom_data, 24)); + $atom_structure['component_name'] = $this->MaybePascal2String(substr($atom_data, 24)); if (($atom_structure['component_subtype'] == 'STpn') && ($atom_structure['component_manufacturer'] == 'zzzz')) { $info['video']['dataformat'] = 'quicktimevr'; @@ -1164,6 +1189,8 @@ class getid3_quicktime extends getid3_handler if (empty($info['comments']['language']) || (!in_array($atom_structure['language'], $info['comments']['language']))) { $info['comments']['language'][] = $atom_structure['language']; } + $info['quicktime']['timestamps_unix']['create'][$atom_structure['hierarchy']] = $atom_structure['creation_time_unix']; + $info['quicktime']['timestamps_unix']['modify'][$atom_structure['hierarchy']] = $atom_structure['modify_time_unix']; break; @@ -1174,6 +1201,7 @@ class getid3_quicktime extends getid3_handler $atom_structure['atom_index'] = getid3_lib::BigEndian2Int(substr($atom_data, 10, 2)); // usually: 0x01 $atom_structure['modification_date_unix'] = getid3_lib::DateMac2Unix($atom_structure['modification_date']); + $info['quicktime']['timestamps_unix']['modify'][$atom_structure['hierarchy']] = $atom_structure['modification_date_unix']; break; @@ -1271,6 +1299,8 @@ class getid3_quicktime extends getid3_handler } $atom_structure['creation_time_unix'] = getid3_lib::DateMac2Unix($atom_structure['creation_time']); $atom_structure['modify_time_unix'] = getid3_lib::DateMac2Unix($atom_structure['modify_time']); + $info['quicktime']['timestamps_unix']['create'][$atom_structure['hierarchy']] = $atom_structure['creation_time_unix']; + $info['quicktime']['timestamps_unix']['modify'][$atom_structure['hierarchy']] = $atom_structure['modify_time_unix']; $info['quicktime']['time_scale'] = ((isset($info['quicktime']['time_scale']) && ($info['quicktime']['time_scale'] < 1000)) ? max($info['quicktime']['time_scale'], $atom_structure['time_scale']) : $atom_structure['time_scale']); $info['quicktime']['display_scale'] = $atom_structure['matrix_a']; $info['playtime_seconds'] = $atom_structure['duration'] / $atom_structure['time_scale']; @@ -1309,6 +1339,8 @@ class getid3_quicktime extends getid3_handler $atom_structure['flags']['in_poster'] = (bool) ($atom_structure['flags_raw'] & 0x0008); $atom_structure['creation_time_unix'] = getid3_lib::DateMac2Unix($atom_structure['creation_time']); $atom_structure['modify_time_unix'] = getid3_lib::DateMac2Unix($atom_structure['modify_time']); + $info['quicktime']['timestamps_unix']['create'][$atom_structure['hierarchy']] = $atom_structure['creation_time_unix']; + $info['quicktime']['timestamps_unix']['modify'][$atom_structure['hierarchy']] = $atom_structure['modify_time_unix']; // https://www.getid3.org/phpBB3/viewtopic.php?t=1908 // attempt to compute rotation from matrix values @@ -1450,7 +1482,7 @@ class getid3_quicktime extends getid3_handler $info['avdataend'] = $atom_structure['offset'] + $atom_structure['size']; // $info['quicktime'][$atomname]['offset'] + $info['quicktime'][$atomname]['size']; $getid3_temp = new getID3(); - $getid3_temp->openfile($this->getid3->filename); + $getid3_temp->openfile($this->getid3->filename, $this->getid3->info['filesize'], $this->getid3->fp); $getid3_temp->info['avdataoffset'] = $info['avdataoffset']; $getid3_temp->info['avdataend'] = $info['avdataend']; $getid3_mp3 = new getid3_mp3($getid3_temp); @@ -1639,122 +1671,144 @@ class getid3_quicktime extends getid3_handler } break; - case 'uuid': // Atom holding 360fly spatial data?? - /* code in this block by Paul Lewis 2019-Oct-31 */ - /* Sensor Timestamps need to be calculated using the recordings base time at ['quicktime']['moov']['subatoms'][0]['creation_time_unix']. */ - $atom_structure['title'] = '360Fly Sensor Data'; - + case 'uuid': // user-defined atom often seen containing XML data, also used for potentially many other purposes, only a few specifically handled by getID3 (e.g. 360fly spatial data) //Get the UUID ID in first 16 bytes $uuid_bytes_read = unpack('H8time_low/H4time_mid/H4time_hi/H4clock_seq_hi/H12clock_seq_low', substr($atom_data, 0, 16)); - $atom_structure['uuid_field_id'] = print_r(implode('-', $uuid_bytes_read), true); + $atom_structure['uuid_field_id'] = implode('-', $uuid_bytes_read); - //Get the UUID HEADER data - $uuid_bytes_read = unpack('Sheader_size/Sheader_version/Stimescale/Shardware_version/x/x/x/x/x/x/x/x/x/x/x/x/x/x/x/x/', substr($atom_data, 16, 32)); - $atom_structure['uuid_header'] = json_encode($uuid_bytes_read, true); + switch ($atom_structure['uuid_field_id']) { // http://fileformats.archiveteam.org/wiki/Boxes/atoms_format#UUID_boxes - $start_byte = 48; - $atom_SENSOR_data = substr($atom_data, $start_byte); - $atom_structure['sensor_data']['data_type'] = array( - 'fusion_count' => 0, // ID 250 - 'fusion_data' => array(), - 'accel_count' => 0, // ID 1 - 'accel_data' => array(), - 'gyro_count' => 0, // ID 2 - 'gyro_data' => array(), - 'magno_count' => 0, // ID 3 - 'magno_data' => array(), - 'gps_count' => 0, // ID 5 - 'gps_data' => array(), - 'rotation_count' => 0, // ID 6 - 'rotation_data' => array(), - 'unknown_count' => 0, // ID ?? - 'unknown_data' => array(), - 'debug_list' => '', // Used to debug variables stored as comma delimited strings - ); - $debug_structure['debug_items'] = array(); - // Can start loop here to decode all sensor data in 32 Byte chunks: - foreach (str_split($atom_SENSOR_data, 32) as $sensor_key => $sensor_data) { - // This gets me a data_type code to work out what data is in the next 31 bytes. - $sensor_data_type = substr($sensor_data, 0, 1); - $sensor_data_content = substr($sensor_data, 1); - $uuid_bytes_read = unpack('C*', $sensor_data_type); - $sensor_data_array = array(); - switch ($uuid_bytes_read[1]) { - case 250: - $atom_structure['sensor_data']['data_type']['fusion_count']++; - $uuid_bytes_read = unpack('cmode/Jtimestamp/Gyaw/Gpitch/Groll/x*', $sensor_data_content); - $sensor_data_array['mode'] = $uuid_bytes_read['mode']; - $sensor_data_array['timestamp'] = $uuid_bytes_read['timestamp']; - $sensor_data_array['yaw'] = $uuid_bytes_read['yaw']; - $sensor_data_array['pitch'] = $uuid_bytes_read['pitch']; - $sensor_data_array['roll'] = $uuid_bytes_read['roll']; - array_push($atom_structure['sensor_data']['data_type']['fusion_data'], $sensor_data_array); - break; - case 1: - $atom_structure['sensor_data']['data_type']['accel_count']++; - $uuid_bytes_read = unpack('cmode/Jtimestamp/Gyaw/Gpitch/Groll/x*', $sensor_data_content); - $sensor_data_array['mode'] = $uuid_bytes_read['mode']; - $sensor_data_array['timestamp'] = $uuid_bytes_read['timestamp']; - $sensor_data_array['yaw'] = $uuid_bytes_read['yaw']; - $sensor_data_array['pitch'] = $uuid_bytes_read['pitch']; - $sensor_data_array['roll'] = $uuid_bytes_read['roll']; - array_push($atom_structure['sensor_data']['data_type']['accel_data'], $sensor_data_array); - break; - case 2: - $atom_structure['sensor_data']['data_type']['gyro_count']++; - $uuid_bytes_read = unpack('cmode/Jtimestamp/Gyaw/Gpitch/Groll/x*', $sensor_data_content); - $sensor_data_array['mode'] = $uuid_bytes_read['mode']; - $sensor_data_array['timestamp'] = $uuid_bytes_read['timestamp']; - $sensor_data_array['yaw'] = $uuid_bytes_read['yaw']; - $sensor_data_array['pitch'] = $uuid_bytes_read['pitch']; - $sensor_data_array['roll'] = $uuid_bytes_read['roll']; - array_push($atom_structure['sensor_data']['data_type']['gyro_data'], $sensor_data_array); - break; - case 3: - $atom_structure['sensor_data']['data_type']['magno_count']++; - $uuid_bytes_read = unpack('cmode/Jtimestamp/Gmagx/Gmagy/Gmagz/x*', $sensor_data_content); - $sensor_data_array['mode'] = $uuid_bytes_read['mode']; - $sensor_data_array['timestamp'] = $uuid_bytes_read['timestamp']; - $sensor_data_array['magx'] = $uuid_bytes_read['magx']; - $sensor_data_array['magy'] = $uuid_bytes_read['magy']; - $sensor_data_array['magz'] = $uuid_bytes_read['magz']; - array_push($atom_structure['sensor_data']['data_type']['magno_data'], $sensor_data_array); - break; - case 5: - $atom_structure['sensor_data']['data_type']['gps_count']++; - $uuid_bytes_read = unpack('cmode/Jtimestamp/Glat/Glon/Galt/Gspeed/nbearing/nacc/x*', $sensor_data_content); - $sensor_data_array['mode'] = $uuid_bytes_read['mode']; - $sensor_data_array['timestamp'] = $uuid_bytes_read['timestamp']; - $sensor_data_array['lat'] = $uuid_bytes_read['lat']; - $sensor_data_array['lon'] = $uuid_bytes_read['lon']; - $sensor_data_array['alt'] = $uuid_bytes_read['alt']; - $sensor_data_array['speed'] = $uuid_bytes_read['speed']; - $sensor_data_array['bearing'] = $uuid_bytes_read['bearing']; - $sensor_data_array['acc'] = $uuid_bytes_read['acc']; - //$sensor_data_array = print_r($uuid_bytes_read, true); - array_push($atom_structure['sensor_data']['data_type']['gps_data'], $sensor_data_array); - //array_push($debug_structure['debug_items'], $uuid_bytes_read['timestamp']); - break; - case 6: - $atom_structure['sensor_data']['data_type']['rotation_count']++; - $uuid_bytes_read = unpack('cmode/Jtimestamp/Grotx/Groty/Grotz/x*', $sensor_data_content); - $sensor_data_array['mode'] = $uuid_bytes_read['mode']; - $sensor_data_array['timestamp'] = $uuid_bytes_read['timestamp']; - $sensor_data_array['rotx'] = $uuid_bytes_read['rotx']; - $sensor_data_array['roty'] = $uuid_bytes_read['roty']; - $sensor_data_array['rotz'] = $uuid_bytes_read['rotz']; - array_push($atom_structure['sensor_data']['data_type']['rotation_data'], $sensor_data_array); - break; - default: - $atom_structure['sensor_data']['data_type']['unknown_count']++; - break; - } + case '0537cdab-9d0c-4431-a72a-fa561f2a113e': // Exif - http://fileformats.archiveteam.org/wiki/Exif + case '2c4c0100-8504-40b9-a03e-562148d6dfeb': // Photoshop Image Resources - http://fileformats.archiveteam.org/wiki/Photoshop_Image_Resources + case '33c7a4d2-b81d-4723-a0ba-f1a3e097ad38': // IPTC-IIM - http://fileformats.archiveteam.org/wiki/IPTC-IIM + case '8974dbce-7be7-4c51-84f9-7148f9882554': // PIFF Track Encryption Box - http://fileformats.archiveteam.org/wiki/Protected_Interoperable_File_Format + case '96a9f1f1-dc98-402d-a7ae-d68e34451809': // GeoJP2 World File Box - http://fileformats.archiveteam.org/wiki/GeoJP2 + case 'a2394f52-5a9b-4f14-a244-6c427c648df4': // PIFF Sample Encryption Box - http://fileformats.archiveteam.org/wiki/Protected_Interoperable_File_Format + case 'b14bf8bd-083d-4b43-a5ae-8cd7d5a6ce03': // GeoJP2 GeoTIFF Box - http://fileformats.archiveteam.org/wiki/GeoJP2 + case 'd08a4f18-10f3-4a82-b6c8-32d8aba183d3': // PIFF Protection System Specific Header Box - http://fileformats.archiveteam.org/wiki/Protected_Interoperable_File_Format + $this->warning('Unhandled (but recognized) "uuid" atom identified by "'.$atom_structure['uuid_field_id'].'" at offset '.$atom_structure['offset'].' ('.strlen($atom_data).' bytes)'); + break; + + case 'be7acfcb-97a9-42e8-9c71-999491e3afac': // XMP data (in XML format) + $atom_structure['xml'] = substr($atom_data, 16, strlen($atom_data) - 16 - 8); // 16 bytes for UUID, 8 bytes header(?) + break; + + case 'efe1589a-bb77-49ef-8095-27759eb1dc6f': // 360fly data + /* 360fly code in this block by Paul Lewis 2019-Oct-31 */ + /* Sensor Timestamps need to be calculated using the recordings base time at ['quicktime']['moov']['subatoms'][0]['creation_time_unix']. */ + $atom_structure['title'] = '360Fly Sensor Data'; + + //Get the UUID HEADER data + $uuid_bytes_read = unpack('vheader_size/vheader_version/vtimescale/vhardware_version/x/x/x/x/x/x/x/x/x/x/x/x/x/x/x/x/', substr($atom_data, 16, 32)); + $atom_structure['uuid_header'] = $uuid_bytes_read; + + $start_byte = 48; + $atom_SENSOR_data = substr($atom_data, $start_byte); + $atom_structure['sensor_data']['data_type'] = array( + 'fusion_count' => 0, // ID 250 + 'fusion_data' => array(), + 'accel_count' => 0, // ID 1 + 'accel_data' => array(), + 'gyro_count' => 0, // ID 2 + 'gyro_data' => array(), + 'magno_count' => 0, // ID 3 + 'magno_data' => array(), + 'gps_count' => 0, // ID 5 + 'gps_data' => array(), + 'rotation_count' => 0, // ID 6 + 'rotation_data' => array(), + 'unknown_count' => 0, // ID ?? + 'unknown_data' => array(), + 'debug_list' => '', // Used to debug variables stored as comma delimited strings + ); + $debug_structure['debug_items'] = array(); + // Can start loop here to decode all sensor data in 32 Byte chunks: + foreach (str_split($atom_SENSOR_data, 32) as $sensor_key => $sensor_data) { + // This gets me a data_type code to work out what data is in the next 31 bytes. + $sensor_data_type = substr($sensor_data, 0, 1); + $sensor_data_content = substr($sensor_data, 1); + $uuid_bytes_read = unpack('C*', $sensor_data_type); + $sensor_data_array = array(); + switch ($uuid_bytes_read[1]) { + case 250: + $atom_structure['sensor_data']['data_type']['fusion_count']++; + $uuid_bytes_read = unpack('cmode/Jtimestamp/Gyaw/Gpitch/Groll/x*', $sensor_data_content); + $sensor_data_array['mode'] = $uuid_bytes_read['mode']; + $sensor_data_array['timestamp'] = $uuid_bytes_read['timestamp']; + $sensor_data_array['yaw'] = $uuid_bytes_read['yaw']; + $sensor_data_array['pitch'] = $uuid_bytes_read['pitch']; + $sensor_data_array['roll'] = $uuid_bytes_read['roll']; + array_push($atom_structure['sensor_data']['data_type']['fusion_data'], $sensor_data_array); + break; + case 1: + $atom_structure['sensor_data']['data_type']['accel_count']++; + $uuid_bytes_read = unpack('cmode/Jtimestamp/Gyaw/Gpitch/Groll/x*', $sensor_data_content); + $sensor_data_array['mode'] = $uuid_bytes_read['mode']; + $sensor_data_array['timestamp'] = $uuid_bytes_read['timestamp']; + $sensor_data_array['yaw'] = $uuid_bytes_read['yaw']; + $sensor_data_array['pitch'] = $uuid_bytes_read['pitch']; + $sensor_data_array['roll'] = $uuid_bytes_read['roll']; + array_push($atom_structure['sensor_data']['data_type']['accel_data'], $sensor_data_array); + break; + case 2: + $atom_structure['sensor_data']['data_type']['gyro_count']++; + $uuid_bytes_read = unpack('cmode/Jtimestamp/Gyaw/Gpitch/Groll/x*', $sensor_data_content); + $sensor_data_array['mode'] = $uuid_bytes_read['mode']; + $sensor_data_array['timestamp'] = $uuid_bytes_read['timestamp']; + $sensor_data_array['yaw'] = $uuid_bytes_read['yaw']; + $sensor_data_array['pitch'] = $uuid_bytes_read['pitch']; + $sensor_data_array['roll'] = $uuid_bytes_read['roll']; + array_push($atom_structure['sensor_data']['data_type']['gyro_data'], $sensor_data_array); + break; + case 3: + $atom_structure['sensor_data']['data_type']['magno_count']++; + $uuid_bytes_read = unpack('cmode/Jtimestamp/Gmagx/Gmagy/Gmagz/x*', $sensor_data_content); + $sensor_data_array['mode'] = $uuid_bytes_read['mode']; + $sensor_data_array['timestamp'] = $uuid_bytes_read['timestamp']; + $sensor_data_array['magx'] = $uuid_bytes_read['magx']; + $sensor_data_array['magy'] = $uuid_bytes_read['magy']; + $sensor_data_array['magz'] = $uuid_bytes_read['magz']; + array_push($atom_structure['sensor_data']['data_type']['magno_data'], $sensor_data_array); + break; + case 5: + $atom_structure['sensor_data']['data_type']['gps_count']++; + $uuid_bytes_read = unpack('cmode/Jtimestamp/Glat/Glon/Galt/Gspeed/nbearing/nacc/x*', $sensor_data_content); + $sensor_data_array['mode'] = $uuid_bytes_read['mode']; + $sensor_data_array['timestamp'] = $uuid_bytes_read['timestamp']; + $sensor_data_array['lat'] = $uuid_bytes_read['lat']; + $sensor_data_array['lon'] = $uuid_bytes_read['lon']; + $sensor_data_array['alt'] = $uuid_bytes_read['alt']; + $sensor_data_array['speed'] = $uuid_bytes_read['speed']; + $sensor_data_array['bearing'] = $uuid_bytes_read['bearing']; + $sensor_data_array['acc'] = $uuid_bytes_read['acc']; + array_push($atom_structure['sensor_data']['data_type']['gps_data'], $sensor_data_array); + //array_push($debug_structure['debug_items'], $uuid_bytes_read['timestamp']); + break; + case 6: + $atom_structure['sensor_data']['data_type']['rotation_count']++; + $uuid_bytes_read = unpack('cmode/Jtimestamp/Grotx/Groty/Grotz/x*', $sensor_data_content); + $sensor_data_array['mode'] = $uuid_bytes_read['mode']; + $sensor_data_array['timestamp'] = $uuid_bytes_read['timestamp']; + $sensor_data_array['rotx'] = $uuid_bytes_read['rotx']; + $sensor_data_array['roty'] = $uuid_bytes_read['roty']; + $sensor_data_array['rotz'] = $uuid_bytes_read['rotz']; + array_push($atom_structure['sensor_data']['data_type']['rotation_data'], $sensor_data_array); + break; + default: + $atom_structure['sensor_data']['data_type']['unknown_count']++; + break; + } + } + //if (isset($debug_structure['debug_items']) && count($debug_structure['debug_items']) > 0) { + // $atom_structure['sensor_data']['data_type']['debug_list'] = implode(',', $debug_structure['debug_items']); + //} else { + $atom_structure['sensor_data']['data_type']['debug_list'] = 'No debug items in list!'; + //} + break; + + default: + $this->warning('Unhandled "uuid" atom identified by "'.$atom_structure['uuid_field_id'].'" at offset '.$atom_structure['offset'].' ('.strlen($atom_data).' bytes)'); } -// if (isset($debug_structure['debug_items']) && count($debug_structure['debug_items']) > 0) { -// $atom_structure['sensor_data']['data_type']['debug_list'] = implode(',', $debug_structure['debug_items']); -// } else { - $atom_structure['sensor_data']['data_type']['debug_list'] = 'No debug items in list!'; -// } break; case 'gps ': @@ -1949,17 +2003,22 @@ class getid3_quicktime extends getid3_handler case 'thma': // subatom to "frea" -- "ThumbnailImage" // https://www.sno.phy.queensu.ca/~phil/exiftool/TagNames/Kodak.html#frea if (strlen($atom_data) > 0) { - $info['quicktime']['comments']['picture'][] = array('data'=>$atom_data, 'image_mime'=>'image/jpeg'); + $info['quicktime']['comments']['picture'][] = array('data'=>$atom_data, 'image_mime'=>'image/jpeg', 'description'=>'ThumbnailImage'); } break; case 'scra': // subatom to "frea" -- "PreviewImage" // https://www.sno.phy.queensu.ca/~phil/exiftool/TagNames/Kodak.html#frea // but the only sample file I've seen has no useful data here if (strlen($atom_data) > 0) { - $info['quicktime']['comments']['picture'][] = array('data'=>$atom_data, 'image_mime'=>'image/jpeg'); + $info['quicktime']['comments']['picture'][] = array('data'=>$atom_data, 'image_mime'=>'image/jpeg', 'description'=>'PreviewImage'); } break; + case 'cdsc': // timed metadata reference + // A QuickTime movie can contain none, one, or several timed metadata tracks. Timed metadata tracks can refer to multiple tracks. + // Metadata tracks are linked to the tracks they describe using a track-reference of type 'cdsc'. The metadata track holds the 'cdsc' track reference. + $atom_structure['track_number'] = getid3_lib::BigEndian2Int($atom_data); + break; default: $this->warning('Unknown QuickTime atom type: "'.preg_replace('#[^a-zA-Z0-9 _\\-]#', '?', $atomname).'" ('.trim(getid3_lib::PrintHexBytes($atomname)).'), '.$atomsize.' bytes at offset '.$baseoffset); @@ -2000,6 +2059,12 @@ class getid3_quicktime extends getid3_handler } return $atom_structure; } + if (strlen($subatomdata) < ($subatomsize - 8)) { + // we don't have enough data to decode the subatom. + // this may be because we are refusing to parse large subatoms, or it may be because this atom had its size set too large + // so we passed in the start of a following atom incorrectly? + return $atom_structure; + } $atom_structure[$subatomcounter++] = $this->QuicktimeParseAtom($subatomname, $subatomsize, $subatomdata, $baseoffset + $subatomoffset, $atomHierarchy, $ParseAllPossibleAtoms); $subatomoffset += $subatomsize; } @@ -2840,19 +2905,8 @@ class getid3_quicktime extends getid3_handler } if ($comment_key) { if ($comment_key == 'picture') { - if (!is_array($data)) { - $image_mime = ''; - if (preg_match('#^\x89\x50\x4E\x47\x0D\x0A\x1A\x0A#', $data)) { - $image_mime = 'image/png'; - } elseif (preg_match('#^\xFF\xD8\xFF#', $data)) { - $image_mime = 'image/jpeg'; - } elseif (preg_match('#^GIF#', $data)) { - $image_mime = 'image/gif'; - } elseif (preg_match('#^BM#', $data)) { - $image_mime = 'image/bmp'; - } - $data = array('data'=>$data, 'image_mime'=>$image_mime); - } + // already copied directly into [comments][picture] elsewhere, do not re-copy here + return true; } $gooddata = array($data); if ($comment_key == 'genre') { @@ -2860,7 +2914,7 @@ class getid3_quicktime extends getid3_handler $gooddata = explode(';', $data); } foreach ($gooddata as $data) { - if (is_array($data) || (!empty($info['quicktime']['comments'][$comment_key]) && in_array($data, $info['quicktime']['comments'][$comment_key]))) { + if (!empty($info['quicktime']['comments'][$comment_key]) && in_array($data, $info['quicktime']['comments'][$comment_key], true)) { // avoid duplicate copies of identical data continue; } @@ -2929,6 +2983,23 @@ class getid3_quicktime extends getid3_handler return substr($pascalstring, 1); } + /** + * @param string $pascalstring + * + * @return string + */ + public function MaybePascal2String($pascalstring) { + // Pascal strings have 1 unsigned byte at the beginning saying how many chars (1-255) are in the string + // Check if string actually is in this format or written incorrectly, straight string, or null-terminated string + if (ord(substr($pascalstring, 0, 1)) == (strlen($pascalstring) - 1)) { + return substr($pascalstring, 1); + } elseif (substr($pascalstring, -1, 1) == "\x00") { + // appears to be null-terminated instead of Pascal-style + return substr($pascalstring, 0, -1); + } + return $pascalstring; + } + /** * Helper functions for m4b audiobook chapters diff --git a/src/wp-includes/ID3/module.audio-video.riff.php b/src/wp-includes/ID3/module.audio-video.riff.php index 02adb72d60..cdf553386b 100644 --- a/src/wp-includes/ID3/module.audio-video.riff.php +++ b/src/wp-includes/ID3/module.audio-video.riff.php @@ -23,6 +23,9 @@ * @todo Rewrite RIFF parser totally */ +if (!defined('GETID3_INCLUDEPATH')) { // prevent path-exposing attacks that access modules directly on public webservers + exit; +} getid3_lib::IncludeDependency(GETID3_INCLUDEPATH.'module.audio.mp3.php', __FILE__, true); getid3_lib::IncludeDependency(GETID3_INCLUDEPATH.'module.audio.ac3.php', __FILE__, true); getid3_lib::IncludeDependency(GETID3_INCLUDEPATH.'module.audio.dts.php', __FILE__, true); diff --git a/src/wp-includes/ID3/module.audio.ac3.php b/src/wp-includes/ID3/module.audio.ac3.php index 6faa4e3d64..636ff8f17b 100644 --- a/src/wp-includes/ID3/module.audio.ac3.php +++ b/src/wp-includes/ID3/module.audio.ac3.php @@ -14,6 +14,9 @@ // /// ///////////////////////////////////////////////////////////////// +if (!defined('GETID3_INCLUDEPATH')) { // prevent path-exposing attacks that access modules directly on public webservers + exit; +} class getid3_ac3 extends getid3_handler { diff --git a/src/wp-includes/ID3/module.audio.dts.php b/src/wp-includes/ID3/module.audio.dts.php index dafaf0bbd2..ff1a88fc80 100644 --- a/src/wp-includes/ID3/module.audio.dts.php +++ b/src/wp-includes/ID3/module.audio.dts.php @@ -14,6 +14,9 @@ // // ///////////////////////////////////////////////////////////////// +if (!defined('GETID3_INCLUDEPATH')) { // prevent path-exposing attacks that access modules directly on public webservers + exit; +} /** * @tutorial http://wiki.multimedia.cx/index.php?title=DTS diff --git a/src/wp-includes/ID3/module.audio.flac.php b/src/wp-includes/ID3/module.audio.flac.php index a37bae9b8f..1cea4364c2 100644 --- a/src/wp-includes/ID3/module.audio.flac.php +++ b/src/wp-includes/ID3/module.audio.flac.php @@ -14,7 +14,9 @@ // /// ///////////////////////////////////////////////////////////////// - +if (!defined('GETID3_INCLUDEPATH')) { // prevent path-exposing attacks that access modules directly on public webservers + exit; +} getid3_lib::IncludeDependency(GETID3_INCLUDEPATH.'module.audio.ogg.php', __FILE__, true); /** diff --git a/src/wp-includes/ID3/module.audio.mp3.php b/src/wp-includes/ID3/module.audio.mp3.php index 0b8a351169..26b28068f8 100644 --- a/src/wp-includes/ID3/module.audio.mp3.php +++ b/src/wp-includes/ID3/module.audio.mp3.php @@ -14,6 +14,9 @@ // /// ///////////////////////////////////////////////////////////////// +if (!defined('GETID3_INCLUDEPATH')) { // prevent path-exposing attacks that access modules directly on public webservers + exit; +} // number of frames to scan to determine if MPEG-audio sequence is valid // Lower this number to 5-20 for faster scanning diff --git a/src/wp-includes/ID3/module.audio.ogg.php b/src/wp-includes/ID3/module.audio.ogg.php index fd69c68558..fe092d9d94 100644 --- a/src/wp-includes/ID3/module.audio.ogg.php +++ b/src/wp-includes/ID3/module.audio.ogg.php @@ -14,6 +14,9 @@ // /// ///////////////////////////////////////////////////////////////// +if (!defined('GETID3_INCLUDEPATH')) { // prevent path-exposing attacks that access modules directly on public webservers + exit; +} getid3_lib::IncludeDependency(GETID3_INCLUDEPATH.'module.audio.flac.php', __FILE__, true); class getid3_ogg extends getid3_handler diff --git a/src/wp-includes/ID3/module.tag.apetag.php b/src/wp-includes/ID3/module.tag.apetag.php index d56fcbac79..26be982c73 100644 --- a/src/wp-includes/ID3/module.tag.apetag.php +++ b/src/wp-includes/ID3/module.tag.apetag.php @@ -14,6 +14,10 @@ // /// ///////////////////////////////////////////////////////////////// +if (!defined('GETID3_INCLUDEPATH')) { // prevent path-exposing attacks that access modules directly on public webservers + exit; +} + class getid3_apetag extends getid3_handler { /** diff --git a/src/wp-includes/ID3/module.tag.id3v1.php b/src/wp-includes/ID3/module.tag.id3v1.php index 0084838b63..16dcf253b6 100644 --- a/src/wp-includes/ID3/module.tag.id3v1.php +++ b/src/wp-includes/ID3/module.tag.id3v1.php @@ -14,6 +14,9 @@ // /// ///////////////////////////////////////////////////////////////// +if (!defined('GETID3_INCLUDEPATH')) { // prevent path-exposing attacks that access modules directly on public webservers + exit; +} class getid3_id3v1 extends getid3_handler { @@ -62,26 +65,30 @@ class getid3_id3v1 extends getid3_handler foreach ($ParsedID3v1 as $key => $value) { $ParsedID3v1['comments'][$key][0] = $value; } - // ID3v1 encoding detection hack START - // ID3v1 is defined as always using ISO-8859-1 encoding, but it is not uncommon to find files tagged with ID3v1 using Windows-1251 or other character sets - // Since ID3v1 has no concept of character sets there is no certain way to know we have the correct non-ISO-8859-1 character set, but we can guess - $ID3v1encoding = 'ISO-8859-1'; - foreach ($ParsedID3v1['comments'] as $tag_key => $valuearray) { - foreach ($valuearray as $key => $value) { - if (preg_match('#^[\\x00-\\x40\\xA8\\xB8\\x80-\\xFF]+$#', $value)) { - foreach (array('Windows-1251', 'KOI8-R') as $id3v1_bad_encoding) { - if (function_exists('mb_convert_encoding') && @mb_convert_encoding($value, $id3v1_bad_encoding, $id3v1_bad_encoding) === $value) { - $ID3v1encoding = $id3v1_bad_encoding; - break 3; - } elseif (function_exists('iconv') && @iconv($id3v1_bad_encoding, $id3v1_bad_encoding, $value) === $value) { - $ID3v1encoding = $id3v1_bad_encoding; - break 3; + $ID3v1encoding = $this->getid3->encoding_id3v1; + if ($this->getid3->encoding_id3v1_autodetect) { + // ID3v1 encoding detection hack START + // ID3v1 is defined as always using ISO-8859-1 encoding, but it is not uncommon to find files tagged with ID3v1 using Windows-1251 or other character sets + // Since ID3v1 has no concept of character sets there is no certain way to know we have the correct non-ISO-8859-1 character set, but we can guess + foreach ($ParsedID3v1['comments'] as $tag_key => $valuearray) { + foreach ($valuearray as $key => $value) { + if (preg_match('#^[\\x00-\\x40\\x80-\\xFF]+$#', $value) && !ctype_digit((string) $value)) { // check for strings with only characters above chr(128) and punctuation/numbers, but not just numeric strings (e.g. track numbers or years) + foreach (array('Windows-1251', 'KOI8-R') as $id3v1_bad_encoding) { + if (function_exists('mb_convert_encoding') && @mb_convert_encoding($value, $id3v1_bad_encoding, $id3v1_bad_encoding) === $value) { + $ID3v1encoding = $id3v1_bad_encoding; + $this->warning('ID3v1 detected as '.$id3v1_bad_encoding.' text encoding in '.$tag_key); + break 3; + } elseif (function_exists('iconv') && @iconv($id3v1_bad_encoding, $id3v1_bad_encoding, $value) === $value) { + $ID3v1encoding = $id3v1_bad_encoding; + $this->warning('ID3v1 detected as '.$id3v1_bad_encoding.' text encoding in '.$tag_key); + break 3; + } } } } } + // ID3v1 encoding detection hack END } - // ID3v1 encoding detection hack END // ID3v1 data is supposed to be padded with NULL characters, but some taggers pad with spaces $GoodFormatID3v1tag = $this->GenerateID3v1Tag( diff --git a/src/wp-includes/ID3/module.tag.id3v2.php b/src/wp-includes/ID3/module.tag.id3v2.php index d0ddd9ebea..85dd7a147a 100644 --- a/src/wp-includes/ID3/module.tag.id3v2.php +++ b/src/wp-includes/ID3/module.tag.id3v2.php @@ -14,6 +14,9 @@ // /// ///////////////////////////////////////////////////////////////// +if (!defined('GETID3_INCLUDEPATH')) { // prevent path-exposing attacks that access modules directly on public webservers + exit; +} getid3_lib::IncludeDependency(GETID3_INCLUDEPATH.'module.tag.id3v1.php', __FILE__, true); class getid3_id3v2 extends getid3_handler @@ -520,14 +523,21 @@ class getid3_id3v2 extends getid3_handler if (($this->getid3->info['id3v2']['majorversion'] == 3) && !preg_match('#[\x00]#', $genrestring)) { // note: MusicBrainz Picard incorrectly stores plaintext genres separated by "/" when writing in ID3v2.3 mode, hack-fix here: // replace / with NULL, then replace back the two ID3v1 genres that legitimately have "/" as part of the single genre name - if (preg_match('#/#', $genrestring)) { + if (strpos($genrestring, '/') !== false) { + $LegitimateSlashedGenreList = array( // https://github.com/JamesHeinrich/getID3/issues/223 + 'Pop/Funk', // ID3v1 genre #62 - https://en.wikipedia.org/wiki/ID3#standard + 'Cut-up/DJ', // Discogs - https://www.discogs.com/style/cut-up/dj + 'RnB/Swing', // Discogs - https://www.discogs.com/style/rnb/swing + 'Funk / Soul', // Discogs (note spaces) - https://www.discogs.com/genre/funk+%2F+soul + ); $genrestring = str_replace('/', "\x00", $genrestring); - $genrestring = str_replace('Pop'."\x00".'Funk', 'Pop/Funk', $genrestring); - $genrestring = str_replace('Rock'."\x00".'Rock', 'Folk/Rock', $genrestring); + foreach ($LegitimateSlashedGenreList as $SlashedGenre) { + $genrestring = str_ireplace(str_replace('/', "\x00", $SlashedGenre), $SlashedGenre, $genrestring); + } } // some other taggers separate multiple genres with semicolon, e.g. "Heavy Metal;Thrash Metal;Metal" - if (preg_match('#;#', $genrestring)) { + if (strpos($genrestring, ';') !== false) { $genrestring = str_replace(';', "\x00", $genrestring); } } diff --git a/src/wp-includes/ID3/module.tag.lyrics3.php b/src/wp-includes/ID3/module.tag.lyrics3.php index 27e51e0b82..b2375057e7 100644 --- a/src/wp-includes/ID3/module.tag.lyrics3.php +++ b/src/wp-includes/ID3/module.tag.lyrics3.php @@ -14,7 +14,9 @@ // /// ///////////////////////////////////////////////////////////////// - +if (!defined('GETID3_INCLUDEPATH')) { // prevent path-exposing attacks that access modules directly on public webservers + exit; +} class getid3_lyrics3 extends getid3_handler { /** @@ -107,7 +109,7 @@ class getid3_lyrics3 extends getid3_handler $GETID3_ERRORARRAY = &$info['warning']; getid3_lib::IncludeDependency(GETID3_INCLUDEPATH.'module.tag.apetag.php', __FILE__, true); $getid3_temp = new getID3(); - $getid3_temp->openfile($this->getid3->filename); + $getid3_temp->openfile($this->getid3->filename, $this->getid3->info['filesize'], $this->getid3->fp); $getid3_apetag = new getid3_apetag($getid3_temp); $getid3_apetag->overrideendoffset = $info['lyrics3']['tag_offset_start']; $getid3_apetag->Analyze();