WordPress.org

Make WordPress Core

Opened 6 years ago

Closed 6 years ago

Last modified 4 years ago

#4307 closed defect (bug) (fixed)

Single quotes in category name breaks Atom feeds

Reported by: Otto42 Owned by: rob1n
Priority: high Milestone: 2.2.1
Component: General Version: 2.2
Severity: critical Keywords: has-patch
Cc:

Description

This code in function get_the_category_rss():

if ( 'atom' == $type )
	$the_list .= "<category scheme='$home' term='$category->cat_name' />";

Will cause an invalid atom feed if the category name contains a single quote (as in "Otto's category"). The cat_name needs to be passed through htmlentities (probably) to handle the quotes and other special characters.

Attachments (1)

4307.diff (1.1 KB) - added by rob1n 6 years ago.

Download all attachments as: .zip

Change History (7)

comment:1 rob1n6 years ago

  • Owner changed from anonymous to rob1n
  • Status changed from new to assigned

attribute_escape.

comment:2 rob1n6 years ago

Not sure about the patch. It seems like it would work, but I figured I didn't want to double-encode it, so I grabbed the raw values for the Atom feed.

comment:3 rob1n6 years ago

  • Keywords has-patch 2nd-opinion added

comment:4 ryan6 years ago

I'm not sure how convert_chars() and attribute_escape() play together either. Not using get_bloginfo_rss() means the 'get_bloginfo_rss' filter isn't called, though. We should still call that.

rob1n6 years ago

comment:5 rob1n6 years ago

  • Keywords 2nd-opinion removed

comment:6 rob1n6 years ago

  • Resolution set to fixed
  • Status changed from assigned to closed

(In [5548]) Fix Atom feeds' categories. fixes #4307

Note: See TracTickets for help on using tickets.