WordPress
diff --git a/‎wp-includes/ID3/getid3.lib.php‎
Lines changed: 41 additions & 18 deletions b/‎wp-includes/ID3/getid3.lib.php‎
Lines changed: 41 additions & 18 deletions
diff --git a/‎wp-includes/ID3/getid3.php‎
Lines changed: 22 additions & 8 deletions b/‎wp-includes/ID3/getid3.php‎
Lines changed: 22 additions & 8 deletions
@@ -11,8 +11,8 @@
 //                                                            ///
 /////////////////////////////////////////////////////////////////
 
-if(!defined('GETID3_LIBXML_OPTIONS') && defined('LIBXML_VERSION')) {
-	if(LIBXML_VERSION >= 20621) {
+if (!defined('GETID3_LIBXML_OPTIONS') && defined('LIBXML_VERSION')) {
+	if (LIBXML_VERSION >= 20621) {
 		define('GETID3_LIBXML_OPTIONS', LIBXML_NOENT | LIBXML_NONET | LIBXML_NOWARNING | LIBXML_COMPACT);
 	} else {
 		define('GETID3_LIBXML_OPTIONS', LIBXML_NOENT | LIBXML_NONET | LIBXML_NOWARNING);
@@ -73,7 +73,8 @@ public static function trunc($floatnumber) {
 
 	/**
 	 * @param int|null $variable
-	 * @param int      $increment
+	 * @param-out int  $variable
+     * @param int      $increment
 	 *
 	 * @return bool
 	 */
@@ -115,7 +116,9 @@ public static function intValueSupported($num) {
 		// check if integers are 64-bit
 		static $hasINT64 = null;
 		if ($hasINT64 === null) { // 10x faster than is_null()
-			$hasINT64 = is_int(pow(2, 31)); // 32-bit int are limited to (2^31)-1
+			/** @var int|float|object $bigInt */
+			$bigInt = pow(2, 31);
+			$hasINT64 = is_int($bigInt); // 32-bit int are limited to (2^31)-1
 			if (!$hasINT64 && !defined('PHP_INT_MIN')) {
 				define('PHP_INT_MIN', ~PHP_INT_MAX);
 			}
@@ -440,7 +443,7 @@ public static function BigEndian2String($number, $minbytes=1, $synchsafe=false,
 	}
 
 	/**
-	 * @param int $number
+	 * @param int|string $number
 	 *
 	 * @return string
 	 */
@@ -744,16 +747,36 @@ public static function array_min($arraydata, $returnkey=false) {
 	 * @return array|false
 	 */
 	public static function XML2array($XMLstring) {
-		if (function_exists('simplexml_load_string') && function_exists('libxml_disable_entity_loader')) {
-			// http://websec.io/2012/08/27/Preventing-XEE-in-PHP.html
-			// https://core.trac.wordpress.org/changeset/29378
-			// This function has been deprecated in PHP 8.0 because in libxml 2.9.0, external entity loading is
-			// disabled by default, but is still needed when LIBXML_NOENT is used.
-			$loader = @libxml_disable_entity_loader(true);
-			$XMLobject = simplexml_load_string($XMLstring, 'SimpleXMLElement', GETID3_LIBXML_OPTIONS);
-			$return = self::SimpleXMLelement2array($XMLobject);
-			@libxml_disable_entity_loader($loader);
-			return $return;
+		if (function_exists('simplexml_load_string')) {
+			if (PHP_VERSION_ID < 80000) {
+				if (function_exists('libxml_disable_entity_loader')) {
+					// http://websec.io/2012/08/27/Preventing-XEE-in-PHP.html
+					// https://core.trac.wordpress.org/changeset/29378
+					// This function has been deprecated in PHP 8.0 because in libxml 2.9.0, external entity loading is
+					// disabled by default, but is still needed when LIBXML_NOENT is used.
+					$loader = @libxml_disable_entity_loader(true);
+					$XMLobject = simplexml_load_string($XMLstring, 'SimpleXMLElement', GETID3_LIBXML_OPTIONS);
+					$return = self::SimpleXMLelement2array($XMLobject);
+					@libxml_disable_entity_loader($loader);
+					return $return;
+				}
+			} else {
+				$allow = false;
+				if (defined('LIBXML_VERSION') && (LIBXML_VERSION >= 20900)) {
+					// https://www.php.net/manual/en/function.libxml-disable-entity-loader.php
+					// "as of libxml 2.9.0 entity substitution is disabled by default, so there is no need to disable the loading
+					//  of external entities, unless there is the need to resolve internal entity references with LIBXML_NOENT."
+					$allow = true;
+				} elseif (function_exists('libxml_set_external_entity_loader')) {
+					libxml_set_external_entity_loader(function () { return null; }); // https://www.zend.com/blog/cve-2023-3823
+					$allow = true;
+				}
+				if ($allow) {
+					$XMLobject = simplexml_load_string($XMLstring, 'SimpleXMLElement', GETID3_LIBXML_OPTIONS);
+					$return = self::SimpleXMLelement2array($XMLobject);
+					return $return;
+				}
+			}
 		}
 		return false;
 	}
@@ -1497,7 +1520,7 @@ public static function RGADamplitude2dB($amplitude) {
 	public static function GetDataImageSize($imgData, &$imageinfo=array()) {
 		if (PHP_VERSION_ID >= 50400) {
 			$GetDataImageSize = @getimagesizefromstring($imgData, $imageinfo);
-			if ($GetDataImageSize === false || !isset($GetDataImageSize[0], $GetDataImageSize[1])) {
+			if ($GetDataImageSize === false) {
 				return false;
 			}
 			$GetDataImageSize['height'] = $GetDataImageSize[0];
@@ -1525,7 +1548,7 @@ public static function GetDataImageSize($imgData, &$imageinfo=array()) {
 				fwrite($tmp, $imgData);
 				fclose($tmp);
 				$GetDataImageSize = @getimagesize($tempfilename, $imageinfo);
-				if (($GetDataImageSize === false) || !isset($GetDataImageSize[0]) || !isset($GetDataImageSize[1])) {
+				if ($GetDataImageSize === false) {
 					return false;
 				}
 				$GetDataImageSize['height'] = $GetDataImageSize[0];
@@ -1719,7 +1742,7 @@ public static function EmbeddedLookup($key, $begin, $end, $file, $name) {
 			// METHOD B: cache all keys in this lookup - more memory but faster on next lookup of not-previously-looked-up key
 			//$cache[$file][$name][substr($line, 0, $keylength)] = trim(substr($line, $keylength + 1));
 			$explodedLine = explode("\t", $line, 2);
-			$ThisKey   = (isset($explodedLine[0]) ? $explodedLine[0] : '');
+			$ThisKey   = $explodedLine[0];
 			$ThisValue = (isset($explodedLine[1]) ? $explodedLine[1] : '');
 			$cache[$file][$name][$ThisKey] = trim($ThisValue);
 		}
 
@@ -387,7 +387,7 @@ class getID3
 	 */
 	protected $startup_warning = '';
 
-	const VERSION           = '1.9.23-202310190849';
+	const VERSION           = '1.9.24-202509040923';
 	const FREAD_BUFFER_SIZE = 32768;
 
 	const ATTACHMENTS_NONE   = false;
@@ -409,10 +409,10 @@ public function __construct() {
 		$memoryLimit = ini_get('memory_limit');
 		if (preg_match('#([0-9]+) ?M#i', $memoryLimit, $matches)) {
 			// could be stored as "16M" rather than 16777216 for example
-			$memoryLimit = $matches[1] * 1048576;
+			$memoryLimit = (int) $matches[1] * 1048576;
 		} elseif (preg_match('#([0-9]+) ?G#i', $memoryLimit, $matches)) { // The 'G' modifier is available since PHP 5.1.0
 			// could be stored as "2G" rather than 2147483648 for example
-			$memoryLimit = $matches[1] * 1073741824;
+			$memoryLimit = (int) $matches[1] * 1073741824;
 		}
 		$this->memory_limit = $memoryLimit;
 
@@ -446,7 +446,7 @@ public function __construct() {
 			}
 			// Check for magic_quotes_gpc
 			if (function_exists('get_magic_quotes_gpc')) {
-				if (get_magic_quotes_gpc()) { // @phpstan-ignore-line
+				if (get_magic_quotes_gpc()) {
 					$this->startup_error .= 'magic_quotes_gpc must be disabled before running getID3(). Surround getid3 block by set_magic_quotes_gpc(0) and set_magic_quotes_gpc(1).'."\n";
 				}
 			}
@@ -529,7 +529,7 @@ public function fread_buffer_size() {
 	 * @return bool
 	 */
 	public function setOption($optArray) {
-		if (!is_array($optArray) || empty($optArray)) {
+		if (empty($optArray)) {
 			return false;
 		}
 		foreach ($optArray as $opt => $val) {
@@ -680,6 +680,8 @@ public function analyze($filename, $filesize=null, $original_filename='', $fp=nu
 					catch (getid3_exception $e) {
 						throw $e;
 					}
+				} else {
+					$this->warning('skipping check for '.$tag_name.' tags since option_tag_'.$tag_name.'=FALSE');
 				}
 			}
 			if (isset($this->info['id3v2']['tag_offset_start'])) {
@@ -1477,6 +1479,16 @@ public function GetFileFormatArray() {
 
 				// Misc other formats
 
+				// GPX - data         - GPS Exchange Format
+				'gpx' => array (
+							'pattern'   => '^<\\?xml [^>]+>[\s]*<gpx ',
+							'group'     => 'misc',
+							'module'    => 'gpx',
+							'mime_type' => 'application/gpx+xml',
+							'fail_id3'  => 'ERROR',
+							'fail_ape'  => 'ERROR',
+						),
+
 				// PAR2 - data        - Parity Volume Set Specification 2.0
 				'par2' => array (
 							'pattern'   => '^PAR2\\x00PKT',
@@ -1890,8 +1902,8 @@ public function ChannelsBitratePlaytimeCalculations() {
 
 		// Calculate combined bitrate - audio + video
 		$CombinedBitrate  = 0;
-		$CombinedBitrate += (isset($this->info['audio']['bitrate']) ? $this->info['audio']['bitrate'] : 0);
-		$CombinedBitrate += (isset($this->info['video']['bitrate']) ? $this->info['video']['bitrate'] : 0);
+		$CombinedBitrate += (isset($this->info['audio']['bitrate']) && ($this->info['audio']['bitrate'] != 'free') ? $this->info['audio']['bitrate'] : 0);
+		$CombinedBitrate += (isset($this->info['video']['bitrate'])                                                ? $this->info['video']['bitrate'] : 0);
 		if (($CombinedBitrate > 0) && empty($this->info['bitrate'])) {
 			$this->info['bitrate'] = $CombinedBitrate;
 		}
@@ -1998,7 +2010,9 @@ public function CalculateCompressionRatioAudio() {
 		if (empty($this->info['audio']['bitrate']) || empty($this->info['audio']['channels']) || empty($this->info['audio']['sample_rate']) || !is_numeric($this->info['audio']['sample_rate'])) {
 			return false;
 		}
-		$this->info['audio']['compression_ratio'] = $this->info['audio']['bitrate'] / ($this->info['audio']['channels'] * $this->info['audio']['sample_rate'] * (!empty($this->info['audio']['bits_per_sample']) ? $this->info['audio']['bits_per_sample'] : 16));
+		if ($this->info['audio']['bitrate'] != 'free') {
+			$this->info['audio']['compression_ratio'] = $this->info['audio']['bitrate'] / ($this->info['audio']['channels'] * $this->info['audio']['sample_rate'] * (!empty($this->info['audio']['bits_per_sample']) ? $this->info['audio']['bits_per_sample'] : 16));
+		}
 
 		if (!empty($this->info['audio']['streams'])) {
 			foreach ($this->info['audio']['streams'] as $streamnumber => $streamdata) {