id,summary,reporter,owner,description,type,status,priority,milestone,component,version,severity,resolution,keywords,cc,focuses 33591,Media File Missing Length Causes WordPress Atom Feed to Be Invalid,jonnybot,stevenkword,"In wp-includes\feed.php, the atom_enclosure() function can produce invalid XML, which will break some feed readers and XML parsers that might digest the feed. This happens when the get_post_custom() function returns data that doesn't include all the metadata that it ought to for a given enclosure. This line- {{{$enclosure = explode(""\n"", $enc);}}} ...creates an array by splitting the enclosure meta information on newline characters (""\n""). Then, this line: {{{ echo apply_filters( 'atom_enclosure', '' . ""\n"" ); }}} ...assumes that the url will be at position 0 in the array, the length in position 1, and the type in position 2. If the length line is simply missing, as is the case for a particular post I have on my blog, then the next line in the metadata is some kind of configuration data that looks something like this: {{{ a:1:{s:8:""duration"";s:8:""00:05:29"";}"" } }}} This breaks the feed in a couple of ways. First, because the length attribute is missing from the metadata, the length attribute of the resulting link tag will read ""audio/mpeg"" (or whatever type of file it is). Second, it tries to put a type that contains quotes, which ends the attribute's value early and creates a broken link tag. {{{ }}} The broken link tag will break some feed readers and other XML parsers that are pointed at the blog's ATOM feed. The same issue may also affect the rss_enclosure function in feed.php, though I haven't tested it for that case. I'm not sure whether the more important bug bug is that that the ATOM feed breaks if the length is missing, or if the bug is, ""Hey, the length meta data is missing for this object, how did THAT happen?"" Still, it would seem that the assumption that the length will be at the second (or 1th) position in the array is not a safe one. At the very least, it might be good to encode the output so that double quotes from the metadata don't break the XML of the feed? Also, any pointers on sleuthing out why the metadata is missing would be much appreciated. At the very least, it seems prudent to wrap the length (contents of {{{$enclosure[1]}}}) and the type ({{{$enclosure[2]}}}) in the htmlspecialchars() function, the same way the href attribute is.",defect (bug),closed,normal,5.5,Feeds,4.2.4,normal,fixed,good-first-bug has-patch has-unit-tests,,administration