[wp-trac] [WordPress Trac] #9633: wp:meta_value does not escape
correctly
WordPress Trac
wp-trac at lists.automattic.com
Fri Apr 24 11:23:39 GMT 2009
#9633: wp:meta_value does not escape correctly
--------------------------+-------------------------------------------------
Reporter: gslin | Owner:
Type: defect (bug) | Status: new
Priority: normal | Milestone: Unassigned
Component: Export | Version:
Severity: normal | Keywords: needs-patch
--------------------------+-------------------------------------------------
In wp-admin/includes/export.php:
{{{
<wp:meta_value><?Php echo $meta->meta_value; ?></wp:meta_value>
}}}
Since meta_value might have "&" or "<" this kind of special chars, we need
to escape it:
{{{
<wp:meta_value><?php echo htmlspecialchars($meta->meta_value);
?></wp:meta_value>
}}}
--
Ticket URL: <http://core.trac.wordpress.org/ticket/9633>
WordPress Trac <http://trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list