Make WordPress Core

Opened 5 years ago

Closed 5 years ago

#47482 closed defect (bug) (fixed)

atom_site_icon() function not escaped

Reported by: shawfactor's profile shawfactor Owned by: sergeybiryukov's profile SergeyBiryukov
Milestone: 5.3 Priority: normal
Severity: minor Version: 4.3
Component: Feeds Keywords: has-patch
Focuses: Cc:


The outputted url of the atom_site_icon function is not appropriately xml escaped. This creates invalid atom feeds when the site icons url include multiple get parameters as the & symbol creates invalid xml.

Attachments (1)

47482.diff (342 bytes) - added by abhijitrakas 5 years ago.
Escape URL before use.

Download all attachments as: .zip

Change History (5)

#1 @desrosj
5 years ago

  • Keywords needs-patch added
  • Milestone changed from Awaiting Review to Future Release
  • Version changed from 5.2.1 to 4.3

Hi @shawfactor,

Thanks for this ticket!

Are you interested in creating a patch for this? If you need some help getting started, there are lots of helpful tips in the Core Handbook.

5 years ago

Escape URL before use.

#2 @abhijitrakas
5 years ago

  • Keywords has-patch added; needs-patch removed

#3 @SergeyBiryukov
5 years ago

  • Milestone changed from Future Release to 5.3
  • Owner set to SergeyBiryukov
  • Status changed from new to reviewing

#4 @SergeyBiryukov
5 years ago

  • Resolution set to fixed
  • Status changed from reviewing to closed

In 45753:

Feeds: Escape & characters in atom_site_icon() for XML, for consistency with rss2_site_icon().

Props abhijitrakas, shawfactor.
Fixes #47482.

Note: See TracTickets for help on using tickets.