id,summary,reporter,owner,description,type,status,priority,milestone,component,version,severity,resolution,keywords,cc
9524,Exporter does not escape url,gslin,westi,"In wp-admin/includes/export.php, url does not escape correctly:
{{{
<wp:comment_author_url><?php echo $c->comment_author_url; ?></wp:comment_author_url>
}}}
htmlspecialchars() will escape only 4 chars when no options given (lt, gt, amp, quot), and these 4 chars are compatible to XML, so we can use htmlspecialchars() to fix the bug:
{{{
<wp:comment_author_url><?php echo htmlspecialchars($c->comment_author_url); ?></wp:comment_author_url>
}}}",defect (bug),closed,normal,2.9,Export,2.8,normal,fixed,has-patch tested reporter-feedback,