Changeset 22811 for trunk/wp-includes/feed.php

Timestamp:

11/22/2012 07:23:43 AM (11 years ago)

Author:

nacin

Message:

Do SimplePie sanitization with wp_kses_post() rather than DOMDocument, which cannot be guaranteed to be available.

Overrides SimplePie_Sanitize with WP_SimplePie_Sanitize_KSES.

props markjaquith, rmccue.
see #21990.

File:

• trunk/wp-includes/feed.php (modified) (1 diff)

trunk/wp-includes/feed.php

@@ -529 +529 @@
     $feed = new SimplePie();
 
+    $feed->set_sanitize_class( 'WP_SimplePie_Sanitize_KSES' );
+    // We must manually overwrite $feed->sanitize because SimplePie's
+    // constructor sets it before we have a chance to set the sanitization class
+    $feed->sanitize = new WP_SimplePie_Sanitize_KSES();
+
     $feed->set_cache_class( 'WP_Feed_Cache' );
     $feed->set_file_class( 'WP_SimplePie_File' );