#18056 closed defect (bug) (fixed)
dc:creator needs to be escaped in RSS feed
Reported by: |
|
Owned by: |
|
---|---|---|---|
Milestone: | 3.7 | Priority: | normal |
Severity: | major | Version: | 3.2 |
Component: | Feeds | Keywords: | has-patch needs-testing |
Focuses: | Cc: |
Description (last modified by )
If the author name contains any special characters, they might end up in the RSS feed unescaped, causing failed feed validation and thus causing problems for many readers.
The code now is:
<dc:creator><?php the_author() ?></dc:creator>
Shouldn't this be:
<dc:creator><![CDATA[<?php the_author() ?>]]></dc:creator>
Or:
<dc:creator><?php htmlspecialchars(the_author()) ?></dc:creator>
This might be a result of a custom author plugin not escaping these characters on the way into the database, but Wordpress should handle this more robustly to prevent plugin authors from messing things up like this.
Attachments (2)
Change History (9)
#2
@
12 years ago
- Keywords needs-patch added; has-patch removed
- Milestone changed from Awaiting Review to 3.7
#4
@
11 years ago
the default filters send the_author()
through ent2ncr()
which is consistent with other fields, the CDATA
-wrapping was not consistent though - my new patch reflects that
#5
@
11 years ago
- Owner set to wonderboymusic
- Resolution set to fixed
- Status changed from new to closed
In 25315:
This ticket was mentioned in IRC in #wordpress-dev by ocean90. View the logs.
11 years ago
Note: See
TracTickets for help on using
tickets.
Related: #17767