WordPress.org

Make WordPress Core

Changeset 5711


Ignore:
Timestamp:
06/15/07 17:22:38 (8 years ago)
Author:
ryan
Message:

Use CDATA escaping on fields. Props tellyworth. fixes #4452

Location:
trunk/wp-admin
Files:
2 edited

Legend:

Unmodified
Added
Removed
  • trunk/wp-admin/export.php

    r5700 r5711  
    132132    your blog. It contains information about your blog's posts, comments, and  
    133133    categories. You may use this file to transfer that content from one site to  
    134     another. This file is not intended to serve as a complete backup of your  
     134    another. This file is not intended to serve as a complete backup of your 
    135135    blog. 
    136136 
     
    204204<wp:comment> 
    205205<wp:comment_id><?php echo $c->comment_ID; ?></wp:comment_id> 
    206 <wp:comment_author><?php echo $c->comment_author; ?></wp:comment_author> 
     206<wp:comment_author><?php echo wxr_cdata($c->comment_author); ?></wp:comment_author> 
    207207<wp:comment_author_email><?php echo $c->comment_author_email; ?></wp:comment_author_email> 
    208208<wp:comment_author_url><?php echo $c->comment_author_url; ?></wp:comment_author_url> 
  • trunk/wp-admin/import/wordpress.php

    r5700 r5711  
    3838        global $wpdb; 
    3939        preg_match("|<$tag.*?>(.*?)</$tag>|is", $string, $return); 
    40         $return = $wpdb->escape( trim( $return[1] ) ); 
     40        $return = preg_replace('|<!\[CDATA\[(.*)\]\]>|', '$1', $return[1]); 
     41        $return = $wpdb->escape( trim( $return ) ); 
    4142        return $return; 
    4243    } 
     
    216217 
    217218        while ( $c = array_shift($this->categories) ) { 
    218             $cat_name = trim(str_replace(array ('<![CDATA[', ']]>'), '', $this->get_tag( $c, 'wp:cat_name' ))); 
     219            $cat_name = trim($this->get_tag( $c, 'wp:cat_name' )); 
    219220 
    220221            // If the category exists we leave it alone 
     
    275276 
    276277        $post_content = $this->get_tag( $post, 'content:encoded' ); 
    277         $post_content = str_replace(array ('<![CDATA[', ']]>'), '', $post_content); 
    278278        $post_content = preg_replace('|<(/?[A-Z]+)|e', "'<' . strtolower('$1')", $post_content); 
    279279        $post_content = str_replace('<br>', '<br />', $post_content); 
Note: See TracChangeset for help on using the changeset viewer.