Merge tag 'v1.9.21' into 2.0-with-fixes

# Conflicts:
#	demos/demo.mysqli.php
#	src/GetID3.php
#	src/Module/Audio/Mp3.php
#	src/Module/Tag/ID3v2.php

Author: StudioMaX

.github/workflows/continuous-integration.yml

@@ -6,7 +6,6 @@ jobs:
   lint:
     name: "Lint"
     runs-on: "ubuntu-latest"
-    continue-on-error: ${{ matrix.experimental }}
     strategy:
       fail-fast: false
       matrix:
@@ -20,21 +19,15 @@ jobs:
           - "7.3"
           - "7.4"
           - "8.0"
-        experimental:
-          - false
-        include:
-          - php-version: "8.1"
-            experimental: true
-            composer-options: "--ignore-platform-reqs"
+          - "8.1"
     steps:
       - uses: "actions/checkout@v2"
       - uses: "shivammathur/setup-php@v2"
         with:
           php-version: "${{ matrix.php-version }}"
+          ini-values: error_reporting=-1, display_errors=On
           coverage: "none"
       - uses: "ramsey/composer-install@v1"
-        with:
-          composer-options: "${{ matrix.composer-options }}"
       - name: "Run the linter"
         run: "composer lint -- --colors"
 

changelog.txt

@@ -18,6 +18,42 @@
 Version History
 ===============
 
+1.9.21: [2021-09-22] James Heinrich :: 1.9.21-202109171300
+	» add support for RIFF.guan
+	¤ add ID3v1 genres 148-191
+	¤ torrent files easy access key
+	* bugfix #342 demo.mysqli.php XSS
+	* bugfix #340 default quicktime.ReturnAtomData=false
+	* bugfix #338 improved transliterated tag merging
+	* bugfix #337 PHP 8.1 compatibility
+	* bugfix #335 PHP 8.1 compatibility
+	* bugfix #330 QuicktimeContentRatingLookup 'rtng'
+	* bugfix #328 throw exception if a resource seek fails
+	* bugfix #326 improved temporary path detection
+	* bugfix #325 INF/NAN constants instead of float/string
+	* bugfix #324 Nikon-specific atoms in QuickTime
+	* bugfix #321 prevent errors on corrupt JPEGs
+	* bugfix #319 prevent error in ZIP contents MIME detect
+	* bugfix #315 ID3v2 USLT check for data length
+	* bugfix #308 silence libxml deprecation warning
+	* bugfix #304 undefined index: comments
+	* bugfix #299 decbin type error in PHP8
+	* bugfix #298 error scanning WAV via file pointer
+	* bugfix #294 replace IMG_JPG with IMAGETYPE_JPEG
+	* bugfix #292 PDFs take long time to parse
+	* bugfix #291 divzero QuickTime with no playable content
+	* bugfix #290 detect ID3v1 on minimal example files
+	* bugfix #289 avoid crash on invalid TIFF
+	* bugfix #287 mp3 CBR detected as VBR
+	* bugfix #286 corrupt mp3 can cause slow scanning
+	* bugfix #284 allow "0" as a value in tags
+	* bugfix #283 array offset on value of type int
+	* bugfix #277 ID3v2 add new Turkish Lira TRY
+	* bugfix #270 demo.mysqli.php LONGBLOB
+	* bugfix #266 fix possible endless loop on PNG
+	* bugfix #257 undefined variables
+	* bugfix #207 improved LAME version string parsing
+
 1.9.20: [2020-06-30] James Heinrich :: 1.9.20-202006061653
 	» add support for DSDIFF audio
 	» add support for TAK lossess audio

demos/demo.mysqli.php

@@ -1495,7 +1495,7 @@ function SynchronizeAllTags($filename, $synchronizefrom='all', $synchronizeto='A
 		} else {
 
 			echo '<a href="'.htmlentities($_SERVER['PHP_SELF'].'?encoderoptionsdistribution=1').'">Show all Encoder Options</a><hr>';
-			echo 'Files with Encoder Options <b>'.$_REQUEST['showtagfiles'].'</b>:<br>';
+			echo 'Files with Encoder Options <b>'.htmlentities($_REQUEST['showtagfiles']).'</b>:<br>';
 			echo '<table border="1" cellspacing="0" cellpadding="3">';
 			while ($row = mysqli_fetch_array($result)) {
 				echo '<tr>';

src/GetID3.php

@@ -226,7 +226,7 @@ class GetID3
 	 *
 	 * @var bool
 	 */
-	public $options_audiovideo_quicktime_ReturnAtomData        = true;
+	public $options_audiovideo_quicktime_ReturnAtomData  = false;
 
 	/** audio-video.quicktime
 	 * return all parsed data from all atoms if true, otherwise just returned parsed metadata
@@ -319,7 +319,7 @@ class GetID3
 	 */
 	protected $startup_warning = '';
 
-	const VERSION           = '2.0.x-202105131611';
+	const VERSION           = '2.0.x-202109171300';
 	const FREAD_BUFFER_SIZE = 32768;
 
 	const ATTACHMENTS_NONE   = false;

src/Module/Audio/Mp3.php

@@ -31,7 +31,7 @@ class QuickTime extends Handler
 	 *
 	 * @var bool
 	 */
-	public $ReturnAtomData        = true;
+	public $ReturnAtomData        = false;
 
 	/** audio-video.quicktime
 	 * return all parsed data from all atoms if true, otherwise just returned parsed metadata
@@ -2094,7 +2094,7 @@ public function QuicktimeParseAtom($atomname, $atomsize, $atom_data, $baseoffset
 	 * @return array|false
 	 */
 	public function QuicktimeParseContainerAtom($atom_data, $baseoffset, &$atomHierarchy, $ParseAllPossibleAtoms) {
-		$atom_structure  = false;
+		$atom_structure = array();
 		$subatomoffset  = 0;
 		$subatomcounter = 0;
 		if ((strlen($atom_data) == 4) && (Utils::BigEndian2Int($atom_data) == 0x00000000)) {
@@ -2112,17 +2112,22 @@ public function QuicktimeParseContainerAtom($atom_data, $baseoffset, &$atomHiera
 					$subatomoffset += 4;
 					continue;
 				}
-				return $atom_structure;
+				break;
 			}
 			if (strlen($subatomdata) < ($subatomsize - 8)) {
 			    // we don't have enough data to decode the subatom.
 			    // this may be because we are refusing to parse large subatoms, or it may be because this atom had its size set too large
 			    // so we passed in the start of a following atom incorrectly?
-			    return $atom_structure;
+			    break;
 			}
 			$atom_structure[$subatomcounter++] = $this->QuicktimeParseAtom($subatomname, $subatomsize, $subatomdata, $baseoffset + $subatomoffset, $atomHierarchy, $ParseAllPossibleAtoms);
 			$subatomoffset += $subatomsize;
 		}
+
+		if (empty($atom_structure)) {
+			return false;
+		}
+
 		return $atom_structure;
 	}
 
@@ -2607,8 +2612,9 @@ public function QuicktimeContentRatingLookup($rtng) {
 		static $QuicktimeContentRatingLookup = array();
 		if (empty($QuicktimeContentRatingLookup)) {
 			$QuicktimeContentRatingLookup[0]  = 'None';
+			$QuicktimeContentRatingLookup[1]  = 'Explicit';
 			$QuicktimeContentRatingLookup[2]  = 'Clean';
-			$QuicktimeContentRatingLookup[4]  = 'Explicit';
+			$QuicktimeContentRatingLookup[4]  = 'Explicit (old)';
 		}
 		return (isset($QuicktimeContentRatingLookup[$rtng]) ? $QuicktimeContentRatingLookup[$rtng] : 'invalid');
 	}

src/Module/AudioVideo/QuickTime.php

@@ -180,19 +180,25 @@ protected function fseek($bytes, $whence=SEEK_SET) {
 					$this->data_string_position = $this->data_string_length + $bytes;
 					break;
 			}
-			return 0;
-		} else {
-			$pos = $bytes;
-			if ($whence == SEEK_CUR) {
-				$pos = $this->ftell() + $bytes;
-			} elseif ($whence == SEEK_END) {
-				$pos = $this->getid3->info['filesize'] + $bytes;
-			}
-			if (!Utils::intValueSupported($pos)) {
-				throw new Exception('cannot fseek('.$pos.') because beyond PHP filesystem limit', 10);
-			}
+			return 0; // fseek returns 0 on success
+		}
+
+		$pos = $bytes;
+		if ($whence == SEEK_CUR) {
+			$pos = $this->ftell() + $bytes;
+		} elseif ($whence == SEEK_END) {
+			$pos = $this->getid3->info['filesize'] + $bytes;
+		}
+		if (!Utils::intValueSupported($pos)) {
+			throw new Exception('cannot fseek('.$pos.') because beyond PHP filesystem limit', 10);
+		}
+
+		// https://github.com/JamesHeinrich/getID3/issues/327
+		$result = fseek($this->getid3->fp, $bytes, $whence);
+		if ($result !== 0) { // fseek returns 0 on success
+			throw new Exception('cannot fseek('.$pos.'). resource/stream does not appear to support seeking', 10);
 		}
-		return fseek($this->getid3->fp, $bytes, $whence);
+		return $result;
 	}
 
 	/**

src/Module/Handler.php

@@ -1961,18 +1961,14 @@ public function ParseID3v2Frame(&$parsedFrame) {
 			$frame_offset = 0;
 			$parsedFrame['peakamplitude'] = Utils::BigEndian2Float(substr($parsedFrame['data'], $frame_offset, 4));
 			$frame_offset += 4;
-			$rg_track_adjustment = Utils::Dec2Bin(substr($parsedFrame['data'], $frame_offset, 2));
-			$frame_offset += 2;
-			$rg_album_adjustment = Utils::Dec2Bin(substr($parsedFrame['data'], $frame_offset, 2));
-			$frame_offset += 2;
-			$parsedFrame['raw']['track']['name']       = Utils::Bin2Dec(substr($rg_track_adjustment, 0, 3));
-			$parsedFrame['raw']['track']['originator'] = Utils::Bin2Dec(substr($rg_track_adjustment, 3, 3));
-			$parsedFrame['raw']['track']['signbit']    = Utils::Bin2Dec(substr($rg_track_adjustment, 6, 1));
-			$parsedFrame['raw']['track']['adjustment'] = Utils::Bin2Dec(substr($rg_track_adjustment, 7, 9));
-			$parsedFrame['raw']['album']['name']       = Utils::Bin2Dec(substr($rg_album_adjustment, 0, 3));
-			$parsedFrame['raw']['album']['originator'] = Utils::Bin2Dec(substr($rg_album_adjustment, 3, 3));
-			$parsedFrame['raw']['album']['signbit']    = Utils::Bin2Dec(substr($rg_album_adjustment, 6, 1));
-			$parsedFrame['raw']['album']['adjustment'] = Utils::Bin2Dec(substr($rg_album_adjustment, 7, 9));
+			foreach (array('track','album') as $rgad_entry_type) {
+				$rg_adjustment_word = Utils::BigEndian2Int(substr($parsedFrame['data'], $frame_offset, 2));
+				$frame_offset += 2;
+				$parsedFrame['raw'][$rgad_entry_type]['name']       = ($rg_adjustment_word & 0xE000) >> 13;
+				$parsedFrame['raw'][$rgad_entry_type]['originator'] = ($rg_adjustment_word & 0x1C00) >> 10;
+				$parsedFrame['raw'][$rgad_entry_type]['signbit']    = ($rg_adjustment_word & 0x0200) >>  9;
+				$parsedFrame['raw'][$rgad_entry_type]['adjustment'] = ($rg_adjustment_word & 0x0100);
+			}
 			$parsedFrame['track']['name']       = Utils::RGADnameLookup($parsedFrame['raw']['track']['name']);
 			$parsedFrame['track']['originator'] = Utils::RGADoriginatorLookup($parsedFrame['raw']['track']['originator']);
 			$parsedFrame['track']['adjustment'] = Utils::RGADadjustmentLookup($parsedFrame['raw']['track']['adjustment'], $parsedFrame['raw']['track']['signbit']);

src/Module/Tag/ID3v2.php

@@ -584,12 +584,17 @@ public static function BigEndian2String($number, $minbytes=1, $synchsafe=false,
 	 * @return string
 	 */
 	public static function Dec2Bin($number) {
+		if (!is_numeric($number)) {
+			// https://github.com/JamesHeinrich/getID3/issues/299
+			trigger_error('TypeError: Dec2Bin(): Argument #1 ($number) must be numeric, '.gettype($number).' given', E_USER_WARNING);
+			return '';
+		}
 		$bytes = array();
 		while ($number >= 256) {
-			$bytes[] = (($number / 256) - (floor($number / 256))) * 256;
+			$bytes[] = (int) (($number / 256) - (floor($number / 256))) * 256;
 			$number = floor($number / 256);
 		}
-		$bytes[] = $number;
+		$bytes[] = (int) $number;
 		$binstring = '';
 		foreach ($bytes as $i => $byte) {
 			$binstring = (($i == count($bytes) - 1) ? decbin($byte) : str_pad(decbin($byte), 8, '0', STR_PAD_LEFT)).$binstring;
@@ -1665,12 +1670,21 @@ public static function ImageExtFromMime($mime_type) {
 	public static function CopyTagsToComments(&$ThisFileInfo, $option_tags_html=true) {
 		// Copy all entries from ['tags'] into common ['comments']
 		if (!empty($ThisFileInfo['tags'])) {
-			if (isset($ThisFileInfo['tags']['id3v1'])) {
-				// bubble ID3v1 to the end, if present to aid in detecting bad ID3v1 encodings
-				$ID3v1 = $ThisFileInfo['tags']['id3v1'];
-				unset($ThisFileInfo['tags']['id3v1']);
-				$ThisFileInfo['tags']['id3v1'] = $ID3v1;
-				unset($ID3v1);
+
+			// Some tag types can only support limited character sets and may contain data in non-standard encoding (usually ID3v1)
+			// and/or poorly-transliterated tag values that are also in tag formats that do support full-range character sets
+			// To make the output more user-friendly, process the potentially-problematic tag formats last to enhance the chance that
+			// the first entries in [comments] are the most correct and the "bad" ones (if any) come later.
+			// https://github.com/JamesHeinrich/getID3/issues/338
+			$processLastTagTypes = array('id3v1','riff');
+			foreach ($processLastTagTypes as $processLastTagType) {
+				if (isset($ThisFileInfo['tags'][$processLastTagType])) {
+					// bubble ID3v1 to the end, if present to aid in detecting bad ID3v1 encodings
+					$temp = $ThisFileInfo['tags'][$processLastTagType];
+					unset($ThisFileInfo['tags'][$processLastTagType]);
+					$ThisFileInfo['tags'][$processLastTagType] = $temp;
+					unset($temp);
+				}
 			}
 			foreach ($ThisFileInfo['tags'] as $tagtype => $tagarray) {
 				foreach ($tagarray as $tagname => $tagdata) {
@@ -1701,9 +1715,18 @@ public static function CopyTagsToComments(&$ThisFileInfo, $option_tags_html=true
 
 							} elseif (!is_array($value)) {
 
-								$newvaluelength = strlen(trim($value));
+								$newvaluelength   =    strlen(trim($value));
+								$newvaluelengthMB = mb_strlen(trim($value));
 								foreach ($ThisFileInfo['comments'][$tagname] as $existingkey => $existingvalue) {
-									$oldvaluelength = strlen(trim($existingvalue));
+									$oldvaluelength   =    strlen(trim($existingvalue));
+									$oldvaluelengthMB = mb_strlen(trim($existingvalue));
+									if (($newvaluelengthMB == $oldvaluelengthMB) && ($existingvalue == Utils::iconv_fallback('UTF-8', 'ASCII', $value))) {
+										// https://github.com/JamesHeinrich/getID3/issues/338
+										// check for tags containing extended characters that may have been forced into limited-character storage (e.g. UTF8 values into ASCII)
+										// which will usually display unrepresentable characters as "?"
+										$ThisFileInfo['comments'][$tagname][$existingkey] = trim($value);
+										break;
+									}
 									if ((strlen($existingvalue) > 10) && ($newvaluelength > $oldvaluelength) && (substr(trim($value), 0, strlen($existingvalue)) == $existingvalue)) {
 										$ThisFileInfo['comments'][$tagname][$existingkey] = trim($value);
 										break;
@@ -1914,7 +1937,7 @@ public static function truepath($filename) {
 	 *
 	 * @return string
 	 */
-	public static function mb_basename($path, $suffix = null) {
+	public static function mb_basename($path, $suffix = '') {
 		$splited = preg_split('#/#', rtrim($path, '/ '));
 		return substr(basename('X'.$splited[count($splited) - 1], $suffix), 1);
 	}