[wp-trac] [WordPress Trac] #18056: dc:creator needs to be escaped in RSS feed
WordPress Trac
wp-trac at lists.automattic.com
Sun Jul 10 03:46:15 UTC 2011
#18056: dc:creator needs to be escaped in RSS feed
--------------------------+-----------------------------
Reporter: Nettsentrisk | Owner:
Type: defect (bug) | Status: new
Priority: normal | Milestone: Awaiting Review
Component: Feeds | Version: 3.2
Severity: major | Keywords: has-patch
--------------------------+-----------------------------
If the author name contains any special characters, they might end up in
the RSS feed unescaped, causing failed feed validation and thus causing
problems for many readers.
The code now is:
<dc:creator><?php the_author() ?></dc:creator>
Shouldn't this be:
<dc:creator><![CDATA[<?php the_author() ?>]]></dc:creator>
Or:
<dc:creator><?php htmlspecialchars(the_author()) ?></dc:creator>
This might be a result of a custom author plugin not escaping these
characters on the way into the database, but Wordpress should handle this
more robustly to prevent plugin authors from messing things up like this.
--
Ticket URL: <http://core.trac.wordpress.org/ticket/18056>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list