[wp-trac] [WordPress Trac] #9524: Exporter does not escape url
WordPress Trac
wp-trac at lists.automattic.com
Mon Apr 13 05:15:48 GMT 2009
#9524: Exporter does not escape url
--------------------------+-------------------------------------------------
Reporter: gslin | Owner:
Type: defect (bug) | Status: new
Priority: normal | Milestone: Unassigned
Component: Export | Version:
Severity: normal | Keywords:
--------------------------+-------------------------------------------------
In wp-admin/includes/export.php, url does not escape correctly:
{{{
<wp:comment_author_url><?php echo $c->comment_author_url;
?></wp:comment_author_url>
}}}
htmlspecialchars() will escape only 4 chars when no options given (lt, gt,
amp, quot), and these 4 chars are compatible to XML, so we can use
htmlspecialchars() to fix the bug:
{{{
<wp:comment_author_url><?php echo
htmlspecialchars($c->comment_author_url); ?></wp:comment_author_url>
}}}
--
Ticket URL: <http://core.trac.wordpress.org/ticket/9524>
WordPress Trac <http://trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list