WordPress.org
Get WordPress

Make WordPress Core

Changeset 5711


Ignore:
Timestamp:
06/15/2007 05:22:38 PM (18 years ago)
Author:
ryan
Message:

Use CDATA escaping on fields. Props tellyworth. fixes #4452

Location:
trunk/wp-admin
Files:
2 edited

Legend:

Unmodified
Added
Removed

  • trunk/wp-admin/export.php

    r5700 r5711  
    132132    your blog. It contains information about your blog's posts, comments, and
    133133    categories. You may use this file to transfer that content from one site to
    134     another. This file is not intended to serve as a complete backup of your 
     134    another. This file is not intended to serve as a complete backup of your
    135135    blog.
    136136
     
    204204<wp:comment>
    205205<wp:comment_id><?php echo $c->comment_ID; ?></wp:comment_id>
    206 <wp:comment_author><?php echo $c->comment_author; ?></wp:comment_author>
     206<wp:comment_author><?php echo wxr_cdata($c->comment_author); ?></wp:comment_author>
    207207<wp:comment_author_email><?php echo $c->comment_author_email; ?></wp:comment_author_email>
    208208<wp:comment_author_url><?php echo $c->comment_author_url; ?></wp:comment_author_url>

  • trunk/wp-admin/import/wordpress.php

    r5700 r5711  
    3838        global $wpdb;
    3939        preg_match("|<$tag.*?>(.*?)</$tag>|is", $string, $return);
    40         $return = $wpdb->escape( trim( $return[1] ) );
     40        $return = preg_replace('|<!\[CDATA\[(.*)\]\]>|', '$1', $return[1]);
     41        $return = $wpdb->escape( trim( $return ) );
    4142        return $return;
    4243    }
     
    216217
    217218        while ( $c = array_shift($this->categories) ) {
    218             $cat_name = trim(str_replace(array ('<![CDATA[', ']]>'), '', $this->get_tag( $c, 'wp:cat_name' )));
     219            $cat_name = trim($this->get_tag( $c, 'wp:cat_name' ));
    219220
    220221            // If the category exists we leave it alone
     
    275276
    276277        $post_content = $this->get_tag( $post, 'content:encoded' );
    277         $post_content = str_replace(array ('<![CDATA[', ']]>'), '', $post_content);
    278278        $post_content = preg_replace('|<(/?[A-Z]+)|e', "'<' . strtolower('$1')", $post_content);
    279279        $post_content = str_replace('<br>', '<br />', $post_content);
Note: See TracChangeset for help on using the changeset viewer.