WordPress.org

Make WordPress Core

Changes between Initial Version and Version 1 of Ticket #31080, comment 3


Ignore:
Timestamp:
01/30/2015 01:06:34 AM (5 years ago)
Author:
stevenkword
Comment:

Legend:

Unmodified
Added
Removed
Modified
  • Ticket #31080, comment 3

    initial v1  
    11I've attached a patch to change the escaping method when rendering GUIDs.  'the_guid()' is the only effected function which is called 4 times among the following 4 files: `wp-admin/includes/export.php`, `wp-includes/feed-atom-comments.php`, `wp-includes/feed-atom.php`, and `wp-includes/feed-rss2.php`.
    22
    3 The patch replaces the existing `esc_url()` method with `esc_html()`.  This is done because according to the RSS 2.0 specification there is no syntax specified for this element other than to escape HTML entities.  Spaces, for example, are perfectly valid and could exist for content created outside of a WordPress environment.  As mentioned by the original author, this could cause a problem for migrated instances and should be addressed.
     3The patch replaces the existing `esc_url()` method with `esc_html()`.  This is done because according to the RSS 2.0 specification there is no syntax specified for this element other than to escape HTML entities.  Spaces, for example, are perfectly valid and could exist for content created outside of a WordPress environment.  As mentioned by the reporter (thanks CheeseDurger), this could cause a problem for migrated instances and should be addressed.