[wp-trac] [WordPress Trac] #33591: Media File Missing Length Causes Wordpress Atom Feed to Be Invalid
WordPress Trac
noreply at wordpress.org
Fri Aug 28 21:14:58 UTC 2015
#33591: Media File Missing Length Causes Wordpress Atom Feed to Be Invalid
----------------------------+-----------------------------
Reporter: jonnybot | Owner:
Type: defect (bug) | Status: new
Priority: normal | Milestone: Awaiting Review
Component: Feeds | Version: 4.2.4
Severity: normal | Keywords:
Focuses: administration |
----------------------------+-----------------------------
In wp-includes\feed.php, the atom_enclosure() function can produce invalid
XML, which will break some feed readers and XML parsers that might digest
the feed. This happens when the get_post_custom() function returns data
that doesn't include all the metadata that it ought to for a given
enclosure.
This line-
{{{$enclosure = explode("\n", $enc);}}}
...creates an array by splitting the enclosure meta information on newline
characters ("\n"). Then, this line:
{{{
echo apply_filters( 'atom_enclosure', '<link href="' . trim(
htmlspecialchars( $enclosure[0] ) ) . '" rel="enclosure" length="' . trim(
$enclosure[1] ) . '" type="' . trim( $enclosure[2] ) . '" />' . "\n" );
}}}
...assumes that the url will be at position 0 in the array, the length in
position 1, and the type in position 2.
If the length line is simply missing, as is the case for a particular post
I have on my blog, then the next line in the metadata is some kind of
configuration data that looks something like this:
{{{
a:1:{s:8:"duration";s:8:"00:05:29";}" }
}}}
This breaks the feed in a couple of ways. First, because the length
attribute is missing from the metadata, the length attribute of the
resulting link tag will read "audio/mpeg" (or whatever type of file it
is).
Second, it tries to put a type that contains quotes, which ends the
attribute's value early and creates a broken link tag.
{{{
<link href="http://myblog.com/wp-content/uploads/2015/03/media.mp3"
rel="enclosure" length="audio/mpeg"
type="a:1:{s:8:"duration";s:8:"00:05:20";}" />
}}}
The broken link tag will break some feed readers and other XML parsers
that are pointed at the blog's ATOM feed.
The same issue may also affect the rss_enclosure function in feed.php,
though I haven't tested it for that case.
I'm not sure whether the more important bug bug is that that the ATOM feed
breaks if the length is missing, or if the bug is, "Hey, the length meta
data is missing for this object, how did THAT happen?"
Still, it would seem that the assumption that the length will be at the
second (or 1th) position in the array is not a safe one. At the very
least, it might be good to encode the output so that double quotes from
the metadata don't break the XML of the feed?
Also, any pointers on sleuthing out why the metadata is missing would be
much appreciated.
At the very least, it seems prudent to wrap the length (contents of
{{{$enclosure[1]}}}) and the type ({{{$enclosure[2]}}}) in the
htmlspecialchars() function, the same way the href attribute is.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/33591>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list