Ticket #4307 (closed defect (bug): fixed)

Opened 5 years ago

Last modified 2 years ago

Single quotes in category name breaks Atom feeds

Reported by: Otto42 Owned by: rob1n
Priority: high Milestone: 2.2.1
Component: General Version: 2.2
Severity: critical Keywords: has-patch
Cc:

Description

This code in function get_the_category_rss(): 

if ( 'atom' == $type )
	$the_list .= "<category scheme='$home' term='$category->cat_name' />";

Will cause an invalid atom feed if the category name contains a single quote (as in "Otto's category"). The cat_name needs to be passed through htmlentities (probably) to handle the quotes and other special characters.

Attachments

4307.diff Download (1.1 KB) - added by rob1n 5 years ago.

Change History

comment:1   rob1n5 years ago

  • Owner changed from anonymous to rob1n
  • Status changed from new to assigned

attribute_escape.

comment:2   rob1n5 years ago

Not sure about the patch. It seems like it would work, but I figured I didn't want to double-encode it, so I grabbed the raw values for the Atom feed.

comment:3   rob1n5 years ago

  • Keywords has-patch 2nd-opinion added

comment:4   ryan5 years ago

I'm not sure how convert_chars() and attribute_escape() play together either. Not using get_bloginfo_rss() means the 'get_bloginfo_rss' filter isn't called, though. We should still call that.

rob1n5 years ago

comment:5   rob1n5 years ago

  • Keywords 2nd-opinion removed

comment:6   rob1n5 years ago

  • Status changed from assigned to closed
  • Resolution set to fixed

(In [5548]) Fix Atom feeds' categories. fixes #4307

Note: See TracTickets for help on using tickets.