Ticket #33732: 33732.diff

src/wp-admin/includes/export.php

@@ -270 +270 @@
 
                 foreach ( $authors as $author ) {
                         echo "\t<wp:author>";
-                        echo '<wp:author_id>' . $author->ID . '</wp:author_id>';
-                        echo '<wp:author_login>' . $author->user_login . '</wp:author_login>';
-                        echo '<wp:author_email>' . $author->user_email . '</wp:author_email>';
+                        echo '<wp:author_id>' . intval( $author->ID ) . '</wp:author_id>';
+                        echo '<wp:author_login>' . wxr_cdata( $author->user_login ) . '</wp:author_login>';
+                        echo '<wp:author_email>' . wxr_cdata( $author->user_email ) . '</wp:author_email>';
                         echo '<wp:author_display_name>' . wxr_cdata( $author->display_name ) . '</wp:author_display_name>';
                         echo '<wp:author_first_name>' . wxr_cdata( $author->user_firstname ) . '</wp:author_first_name>';
                         echo '<wp:author_last_name>' . wxr_cdata( $author->user_lastname ) . '</wp:author_last_name>';
@@ -291 +291 @@
                         return;
 
                 foreach ( $nav_menus as $menu ) {
-                        echo "\t<wp:term><wp:term_id>{$menu->term_id}</wp:term_id><wp:term_taxonomy>nav_menu</wp:term_taxonomy><wp:term_slug>{$menu->slug}</wp:term_slug>";
+                        echo "\t<wp:term>";
+                        echo '<wp:term_id>' . intval( $menu->term_id ) . '</wp:term_id>';
+                        echo '<wp:term_taxonomy>nav_menu</wp:term_taxonomy>';
+                        echo '<wp:term_slug>' . wxr_cdata( $menu->slug ) . '</wp:term_slug>';
                         wxr_term_name( $menu );
                         echo "</wp:term>\n";
                 }
@@ -370 +373 @@
 <?php wxr_authors_list( $post_ids ); ?>
 
 <?php foreach ( $cats as $c ) : ?>
-        <wp:category><wp:term_id><?php echo $c->term_id ?></wp:term_id><wp:category_nicename><?php echo $c->slug; ?></wp:category_nicename><wp:category_parent><?php echo $c->parent ? $cats[$c->parent]->slug : ''; ?></wp:category_parent><?php wxr_cat_name( $c ); ?><?php wxr_category_description( $c ); ?></wp:category>
+        <wp:category><wp:term_id><?php echo intval( $c->term_id ); ?></wp:term_id><wp:category_nicename><?php echo wxr_cdata( $c->slug ); ?></wp:category_nicename><wp:category_parent><?php echo wxr_cdata( $c->parent ? $cats[$c->parent]->slug : '' ); ?></wp:category_parent><?php wxr_cat_name( $c ); ?><?php wxr_category_description( $c ); ?></wp:category>
 <?php endforeach; ?>
 <?php foreach ( $tags as $t ) : ?>
-        <wp:tag><wp:term_id><?php echo $t->term_id ?></wp:term_id><wp:tag_slug><?php echo $t->slug; ?></wp:tag_slug><?php wxr_tag_name( $t ); ?><?php wxr_tag_description( $t ); ?></wp:tag>
+        <wp:tag><wp:term_id><?php echo intval( $t->term_id ); ?></wp:term_id><wp:tag_slug><?php echo wxr_cdata( $t->slug ); ?></wp:tag_slug><?php wxr_tag_name( $t ); ?><?php wxr_tag_description( $t ); ?></wp:tag>
 <?php endforeach; ?>
 <?php foreach ( $terms as $t ) : ?>
-        <wp:term><wp:term_id><?php echo $t->term_id ?></wp:term_id><wp:term_taxonomy><?php echo $t->taxonomy; ?></wp:term_taxonomy><wp:term_slug><?php echo $t->slug; ?></wp:term_slug><wp:term_parent><?php echo $t->parent ? $terms[$t->parent]->slug : ''; ?></wp:term_parent><?php wxr_term_name( $t ); ?><?php wxr_term_description( $t ); ?></wp:term>
+        <wp:term><wp:term_id><?php echo wxr_cdata( $t->term_id ); ?></wp:term_id><wp:term_taxonomy><?php echo wxr_cdata( $t->taxonomy ); ?></wp:term_taxonomy><wp:term_slug><?php echo wxr_cdata( $t->slug ); ?></wp:term_slug><wp:term_parent><?php echo wxr_cdata( $t->parent ? $terms[$t->parent]->slug : '' ); ?></wp:term_parent><?php wxr_term_name( $t ); ?><?php wxr_term_description( $t ); ?></wp:term>
 <?php endforeach; ?>
 <?php if ( 'all' == $args['content'] ) wxr_nav_menu_terms(); ?>
 
@@ -434 +437 @@
                          */
                         echo wxr_cdata( apply_filters( 'the_excerpt_export', $post->post_excerpt ) );
                 ?></excerpt:encoded>
-                <wp:post_id><?php echo $post->ID; ?></wp:post_id>
-                <wp:post_date><?php echo $post->post_date; ?></wp:post_date>
-                <wp:post_date_gmt><?php echo $post->post_date_gmt; ?></wp:post_date_gmt>
-                <wp:comment_status><?php echo $post->comment_status; ?></wp:comment_status>
-                <wp:ping_status><?php echo $post->ping_status; ?></wp:ping_status>
-                <wp:post_name><?php echo $post->post_name; ?></wp:post_name>
-                <wp:status><?php echo $post->post_status; ?></wp:status>
-                <wp:post_parent><?php echo $post->post_parent; ?></wp:post_parent>
-                <wp:menu_order><?php echo $post->menu_order; ?></wp:menu_order>
-                <wp:post_type><?php echo $post->post_type; ?></wp:post_type>
-                <wp:post_password><?php echo $post->post_password; ?></wp:post_password>
-                <wp:is_sticky><?php echo $is_sticky; ?></wp:is_sticky>
+                <wp:post_id><?php echo intval( $post->ID ); ?></wp:post_id>
+                <wp:post_date><?php echo wxr_cdata( $post->post_date ); ?></wp:post_date>
+                <wp:post_date_gmt><?php echo wxr_cdata( $post->post_date_gmt ); ?></wp:post_date_gmt>
+                <wp:comment_status><?php echo wxr_cdata( $post->comment_status ); ?></wp:comment_status>
+                <wp:ping_status><?php echo wxr_cdata( $post->ping_status ); ?></wp:ping_status>
+                <wp:post_name><?php echo wxr_cdata( $post->post_name ); ?></wp:post_name>
+                <wp:status><?php echo wxr_cdata( $post->post_status ); ?></wp:status>
+                <wp:post_parent><?php echo intval( $post->post_parent ); ?></wp:post_parent>
+                <wp:menu_order><?php echo intval( $post->menu_order ); ?></wp:menu_order>
+                <wp:post_type><?php echo wxr_cdata( $post->post_type ); ?></wp:post_type>
+                <wp:post_password><?php echo wxr_cdata( $post->post_password ); ?></wp:post_password>
+                <wp:is_sticky><?php echo intval( $is_sticky ); ?></wp:is_sticky>
 <?php   if ( $post->post_type == 'attachment' ) : ?>
-                <wp:attachment_url><?php echo wp_get_attachment_url( $post->ID ); ?></wp:attachment_url>
+                <wp:attachment_url><?php echo wxr_cdata( wp_get_attachment_url( $post->ID ) ); ?></wp:attachment_url>
 <?php   endif; ?>
 <?php   wxr_post_taxonomy(); ?>
 <?php   $postmeta = $wpdb->get_results( $wpdb->prepare( "SELECT * FROM $wpdb->postmeta WHERE post_id = %d", $post->ID ) );
@@ -468 +471 @@
                                 continue;
                 ?>
                 <wp:postmeta>
-                        <wp:meta_key><?php echo $meta->meta_key; ?></wp:meta_key>
+                        <wp:meta_key><?php echo wxr_cdata( $meta->meta_key ); ?></wp:meta_key>
                         <wp:meta_value><?php echo wxr_cdata( $meta->meta_value ); ?></wp:meta_value>
                 </wp:postmeta>
 <?php   endforeach;
@@ -477 +480 @@
                 $comments = array_map( 'get_comment', $_comments );
                 foreach ( $comments as $c ) : ?>
                 <wp:comment>
-                        <wp:comment_id><?php echo $c->comment_ID; ?></wp:comment_id>
+                        <wp:comment_id><?php echo intval( $c->comment_ID ); ?></wp:comment_id>
                         <wp:comment_author><?php echo wxr_cdata( $c->comment_author ); ?></wp:comment_author>
-                        <wp:comment_author_email><?php echo $c->comment_author_email; ?></wp:comment_author_email>
+                        <wp:comment_author_email><?php echo wxr_cdata( $c->comment_author_email ); ?></wp:comment_author_email>
                         <wp:comment_author_url><?php echo esc_url_raw( $c->comment_author_url ); ?></wp:comment_author_url>
-                        <wp:comment_author_IP><?php echo $c->comment_author_IP; ?></wp:comment_author_IP>
-                        <wp:comment_date><?php echo $c->comment_date; ?></wp:comment_date>
-                        <wp:comment_date_gmt><?php echo $c->comment_date_gmt; ?></wp:comment_date_gmt>
+                        <wp:comment_author_IP><?php echo wxr_cdata( $c->comment_author_IP ); ?></wp:comment_author_IP>
+                        <wp:comment_date><?php echo wxr_cdata( $c->comment_date ); ?></wp:comment_date>
+                        <wp:comment_date_gmt><?php echo wxr_cdata( $c->comment_date_gmt ); ?></wp:comment_date_gmt>
                         <wp:comment_content><?php echo wxr_cdata( $c->comment_content ) ?></wp:comment_content>
-                        <wp:comment_approved><?php echo $c->comment_approved; ?></wp:comment_approved>
-                        <wp:comment_type><?php echo $c->comment_type; ?></wp:comment_type>
-                        <wp:comment_parent><?php echo $c->comment_parent; ?></wp:comment_parent>
-                        <wp:comment_user_id><?php echo $c->user_id; ?></wp:comment_user_id>
+                        <wp:comment_approved><?php echo wxr_cdata( $c->comment_approved ); ?></wp:comment_approved>
+                        <wp:comment_type><?php echo wxr_cdata( $c->comment_type ); ?></wp:comment_type>
+                        <wp:comment_parent><?php echo intval( $c->comment_parent ); ?></wp:comment_parent>
+                        <wp:comment_user_id><?php echo intval( $c->user_id ); ?></wp:comment_user_id>
 <?php           $c_meta = $wpdb->get_results( $wpdb->prepare( "SELECT * FROM $wpdb->commentmeta WHERE comment_id = %d", $c->comment_ID ) );
                         foreach ( $c_meta as $meta ) :
                                 /**
@@ -508 +511 @@
                                 }
                         ?>
                         <wp:commentmeta>
-                                <wp:meta_key><?php echo $meta->meta_key; ?></wp:meta_key>
+                                <wp:meta_key><?php echo wxr_cdata( $meta->meta_key ); ?></wp:meta_key>
                                 <wp:meta_value><?php echo wxr_cdata( $meta->meta_value ); ?></wp:meta_value>
                         </wp:commentmeta>
 <?php           endforeach; ?>