X-Git-Url: https://scripts.mit.edu/gitweb/autoinstalls/wordpress.git/blobdiff_plain/f5fcdc7994bb67cce809bc4777944ae8b7fad4a4..53f4633144ed68c8b8fb5861f992b5489894a940:/wp-includes/ID3/getid3.lib.php

diff --git a/wp-includes/ID3/getid3.lib.php b/wp-includes/ID3/getid3.lib.php
index 0c92e060..76e2854a 100644
--- a/wp-includes/ID3/getid3.lib.php
+++ b/wp-includes/ID3/getid3.lib.php
@@ -519,11 +519,13 @@ class getid3_lib
 	}
 
 	public static function XML2array($XMLstring) {
-		if ( function_exists( 'simplexml_load_string' ) && function_exists( 'libxml_disable_entity_loader' ) ) {
-			$loader = libxml_disable_entity_loader( true );
-			$XMLobject = simplexml_load_string( $XMLstring, 'SimpleXMLElement', LIBXML_NOENT );
-			$return = self::SimpleXMLelement2array( $XMLobject );
-			libxml_disable_entity_loader( $loader );
+		if (function_exists('simplexml_load_string') && function_exists('libxml_disable_entity_loader')) {
+			// http://websec.io/2012/08/27/Preventing-XEE-in-PHP.html
+			// https://core.trac.wordpress.org/changeset/29378
+			$loader = libxml_disable_entity_loader(true);
+			$XMLobject = simplexml_load_string($XMLstring, 'SimpleXMLElement', LIBXML_NOENT);
+			$return = self::SimpleXMLelement2array($XMLobject);
+			libxml_disable_entity_loader($loader);
 			return $return;
 		}
 		return false;
@@ -1163,6 +1165,8 @@ class getid3_lib
 				fwrite($tmp, $imgData);
 				fclose($tmp);
 				$GetDataImageSize = @getimagesize($tempfilename, $imageinfo);
+				$GetDataImageSize['height'] = $GetDataImageSize[0];
+				$GetDataImageSize['width']  = $GetDataImageSize[1];
 			}
 			unlink($tempfilename);
 		}
@@ -1373,4 +1377,4 @@ class getid3_lib
 		return substr(basename('X'.$splited[count($splited) - 1], $suffix), 1);
 	}
 
-}
\ No newline at end of file
+}