Use CDATA escaping on fields. Props tellyworth. fixes #4452

git-svn-id: http://svn.automattic.com/wordpress/trunk@5711 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This commit is contained in:
ryan 2007-06-15 17:22:38 +00:00
parent 560d294867
commit 2ea53cf51a
2 changed files with 5 additions and 5 deletions

View File

@ -131,7 +131,7 @@ print '<?xml version="1.0" encoding="' . get_bloginfo('charset') . '"?' . ">\n";
This is a WordPress eXtended RSS file generated by WordPress as an export of This is a WordPress eXtended RSS file generated by WordPress as an export of
your blog. It contains information about your blog's posts, comments, and your blog. It contains information about your blog's posts, comments, and
categories. You may use this file to transfer that content from one site to categories. You may use this file to transfer that content from one site to
another. This file is not intended to serve as a complete backup of your another. This file is not intended to serve as a complete backup of your
blog. blog.
To import this information into a WordPress blog follow these steps: To import this information into a WordPress blog follow these steps:
@ -203,7 +203,7 @@ $comments = $wpdb->get_results("SELECT * FROM $wpdb->comments WHERE comment_post
if ( $comments ) { foreach ( $comments as $c ) { ?> if ( $comments ) { foreach ( $comments as $c ) { ?>
<wp:comment> <wp:comment>
<wp:comment_id><?php echo $c->comment_ID; ?></wp:comment_id> <wp:comment_id><?php echo $c->comment_ID; ?></wp:comment_id>
<wp:comment_author><?php echo $c->comment_author; ?></wp:comment_author> <wp:comment_author><?php echo wxr_cdata($c->comment_author); ?></wp:comment_author>
<wp:comment_author_email><?php echo $c->comment_author_email; ?></wp:comment_author_email> <wp:comment_author_email><?php echo $c->comment_author_email; ?></wp:comment_author_email>
<wp:comment_author_url><?php echo $c->comment_author_url; ?></wp:comment_author_url> <wp:comment_author_url><?php echo $c->comment_author_url; ?></wp:comment_author_url>
<wp:comment_author_IP><?php echo $c->comment_author_IP; ?></wp:comment_author_IP> <wp:comment_author_IP><?php echo $c->comment_author_IP; ?></wp:comment_author_IP>

View File

@ -37,7 +37,8 @@ class WP_Import {
function get_tag( $string, $tag ) { function get_tag( $string, $tag ) {
global $wpdb; global $wpdb;
preg_match("|<$tag.*?>(.*?)</$tag>|is", $string, $return); preg_match("|<$tag.*?>(.*?)</$tag>|is", $string, $return);
$return = $wpdb->escape( trim( $return[1] ) ); $return = preg_replace('|<!\[CDATA\[(.*)\]\]>|', '$1', $return[1]);
$return = $wpdb->escape( trim( $return ) );
return $return; return $return;
} }
@ -215,7 +216,7 @@ class WP_Import {
$cat_names = (array) $wpdb->get_col("SELECT cat_name FROM $wpdb->categories"); $cat_names = (array) $wpdb->get_col("SELECT cat_name FROM $wpdb->categories");
while ( $c = array_shift($this->categories) ) { while ( $c = array_shift($this->categories) ) {
$cat_name = trim(str_replace(array ('<![CDATA[', ']]>'), '', $this->get_tag( $c, 'wp:cat_name' ))); $cat_name = trim($this->get_tag( $c, 'wp:cat_name' ));
// If the category exists we leave it alone // If the category exists we leave it alone
if ( in_array($cat_name, $cat_names) ) if ( in_array($cat_name, $cat_names) )
@ -274,7 +275,6 @@ class WP_Import {
$post_author = $this->get_tag( $post, 'dc:creator' ); $post_author = $this->get_tag( $post, 'dc:creator' );
$post_content = $this->get_tag( $post, 'content:encoded' ); $post_content = $this->get_tag( $post, 'content:encoded' );
$post_content = str_replace(array ('<![CDATA[', ']]>'), '', $post_content);
$post_content = preg_replace('|<(/?[A-Z]+)|e', "'<' . strtolower('$1')", $post_content); $post_content = preg_replace('|<(/?[A-Z]+)|e', "'<' . strtolower('$1')", $post_content);
$post_content = str_replace('<br>', '<br />', $post_content); $post_content = str_replace('<br>', '<br />', $post_content);
$post_content = str_replace('<hr>', '<hr />', $post_content); $post_content = str_replace('<hr>', '<hr />', $post_content);