Use CDATA escaping on fields. Props tellyworth. fixes #4452

git-svn-id: http://svn.automattic.com/wordpress/trunk@5711 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This commit is contained in:
ryan 2007-06-15 17:22:38 +00:00
parent 560d294867
commit 2ea53cf51a
2 changed files with 5 additions and 5 deletions

View File

@ -203,7 +203,7 @@ $comments = $wpdb->get_results("SELECT * FROM $wpdb->comments WHERE comment_post
if ( $comments ) { foreach ( $comments as $c ) { ?>
<wp:comment>
<wp:comment_id><?php echo $c->comment_ID; ?></wp:comment_id>
<wp:comment_author><?php echo $c->comment_author; ?></wp:comment_author>
<wp:comment_author><?php echo wxr_cdata($c->comment_author); ?></wp:comment_author>
<wp:comment_author_email><?php echo $c->comment_author_email; ?></wp:comment_author_email>
<wp:comment_author_url><?php echo $c->comment_author_url; ?></wp:comment_author_url>
<wp:comment_author_IP><?php echo $c->comment_author_IP; ?></wp:comment_author_IP>

View File

@ -37,7 +37,8 @@ class WP_Import {
function get_tag( $string, $tag ) {
global $wpdb;
preg_match("|<$tag.*?>(.*?)</$tag>|is", $string, $return);
$return = $wpdb->escape( trim( $return[1] ) );
$return = preg_replace('|<!\[CDATA\[(.*)\]\]>|', '$1', $return[1]);
$return = $wpdb->escape( trim( $return ) );
return $return;
}
@ -215,7 +216,7 @@ class WP_Import {
$cat_names = (array) $wpdb->get_col("SELECT cat_name FROM $wpdb->categories");
while ( $c = array_shift($this->categories) ) {
$cat_name = trim(str_replace(array ('<![CDATA[', ']]>'), '', $this->get_tag( $c, 'wp:cat_name' )));
$cat_name = trim($this->get_tag( $c, 'wp:cat_name' ));
// If the category exists we leave it alone
if ( in_array($cat_name, $cat_names) )
@ -274,7 +275,6 @@ class WP_Import {
$post_author = $this->get_tag( $post, 'dc:creator' );
$post_content = $this->get_tag( $post, 'content:encoded' );
$post_content = str_replace(array ('<![CDATA[', ']]>'), '', $post_content);
$post_content = preg_replace('|<(/?[A-Z]+)|e', "'<' . strtolower('$1')", $post_content);
$post_content = str_replace('<br>', '<br />', $post_content);
$post_content = str_replace('<hr>', '<hr />', $post_content);