Make WordPress Core

Changeset 14947


Ignore:
Timestamp:
05/26/2010 05:01:21 PM (15 years ago)
Author:
westi
Message:

Escape the guid urls when placing them in feeds and other xml locations. See #13555.

Location:
trunk
Files:
5 edited

Legend:

Unmodified
Added
Removed
  • trunk/wp-admin/includes/export.php

    r14924 r14947  
    348348        <?php wxr_post_taxonomy() ?>
    349349
    350         <guid isPermaLink="false"><?php the_guid(); ?></guid>
     350        <guid isPermaLink="false"><?php esc_url( the_guid() ); ?></guid>
    351351        <description></description>
    352352        <content:encoded><?php echo wxr_cdata( apply_filters( 'the_content_export', $post->post_content ) ); ?></content:encoded>
  • trunk/wp-app.php

    r14315 r14947  
    11511151<entry xmlns="<?php echo $this->ATOM_NS ?>"
    11521152       xmlns:app="<?php echo $this->ATOMPUB_NS ?>" xml:lang="<?php echo get_option('rss_language'); ?>">
    1153     <id><?php the_guid($GLOBALS['post']->ID); ?></id>
     1153    <id><?php esc_url( the_guid( $GLOBALS['post']->ID ) ); ?></id>
    11541154<?php list($content_type, $content) = prep_atom_text_construct(get_the_title()); ?>
    11551155    <title type="<?php echo $content_type ?>"><?php echo $content ?></title>
     
    11681168<?php if ($GLOBALS['post']->post_type == 'attachment') { ?>
    11691169    <link rel="edit-media" href="<?php $this->the_media_url() ?>" />
    1170     <content type="<?php echo $GLOBALS['post']->post_mime_type ?>" src="<?php the_guid(); ?>"/>
     1170    <content type="<?php echo $GLOBALS['post']->post_mime_type ?>" src="<?php esc_url( the_guid() ); ?>"/>
    11711171<?php } else { ?>
    11721172    <link href="<?php the_permalink_rss() ?>" />
  • trunk/wp-includes/feed-atom-comments.php

    r13978 r14947  
    7474    // Return comment threading information (http://www.ietf.org/rfc/rfc4685.txt)
    7575    if ( $comment->comment_parent == 0 ) : // This comment is top level ?>
    76         <thr:in-reply-to ref="<?php the_guid() ?>" href="<?php the_permalink_rss() ?>" type="<?php bloginfo_rss('html_type'); ?>" />
     76        <thr:in-reply-to ref="<?php esc_url( the_guid() ); ?>" href="<?php the_permalink_rss() ?>" type="<?php bloginfo_rss('html_type'); ?>" />
    7777<?php else : // This comment is in reply to another comment
    7878    $parent_comment = get_comment($comment->comment_parent);
  • trunk/wp-includes/feed-atom.php

    r13113 r14947  
    3737        <title type="<?php html_type_rss(); ?>"><![CDATA[<?php the_title_rss() ?>]]></title>
    3838        <link rel="alternate" type="text/html" href="<?php the_permalink_rss() ?>" />
    39         <id><?php the_guid(); ?></id>
     39        <id><?php esc_url( the_guid() ); ?></id>
    4040        <updated><?php echo get_post_modified_time('Y-m-d\TH:i:s\Z', true); ?></updated>
    4141        <published><?php echo get_post_time('Y-m-d\TH:i:s\Z', true); ?></published>
  • trunk/wp-includes/feed-rss2.php

    r13113 r14947  
    4040        <?php the_category_rss() ?>
    4141
    42         <guid isPermaLink="false"><?php the_guid(); ?></guid>
     42        <guid isPermaLink="false"><?php esc_url( the_guid() ); ?></guid>
    4343<?php if (get_option('rss_use_excerpt')) : ?>
    4444        <description><![CDATA[<?php the_excerpt_rss() ?>]]></description>
Note: See TracChangeset for help on using the changeset viewer.