Use CDATA escaping on fields. Props tellyworth. fixes #4452
git-svn-id: http://svn.automattic.com/wordpress/trunk@5711 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This commit is contained in:
parent
560d294867
commit
2ea53cf51a
|
@ -203,7 +203,7 @@ $comments = $wpdb->get_results("SELECT * FROM $wpdb->comments WHERE comment_post
|
|||
if ( $comments ) { foreach ( $comments as $c ) { ?>
|
||||
<wp:comment>
|
||||
<wp:comment_id><?php echo $c->comment_ID; ?></wp:comment_id>
|
||||
<wp:comment_author><?php echo $c->comment_author; ?></wp:comment_author>
|
||||
<wp:comment_author><?php echo wxr_cdata($c->comment_author); ?></wp:comment_author>
|
||||
<wp:comment_author_email><?php echo $c->comment_author_email; ?></wp:comment_author_email>
|
||||
<wp:comment_author_url><?php echo $c->comment_author_url; ?></wp:comment_author_url>
|
||||
<wp:comment_author_IP><?php echo $c->comment_author_IP; ?></wp:comment_author_IP>
|
||||
|
|
|
@ -37,7 +37,8 @@ class WP_Import {
|
|||
function get_tag( $string, $tag ) {
|
||||
global $wpdb;
|
||||
preg_match("|<$tag.*?>(.*?)</$tag>|is", $string, $return);
|
||||
$return = $wpdb->escape( trim( $return[1] ) );
|
||||
$return = preg_replace('|<!\[CDATA\[(.*)\]\]>|', '$1', $return[1]);
|
||||
$return = $wpdb->escape( trim( $return ) );
|
||||
return $return;
|
||||
}
|
||||
|
||||
|
@ -215,7 +216,7 @@ class WP_Import {
|
|||
$cat_names = (array) $wpdb->get_col("SELECT cat_name FROM $wpdb->categories");
|
||||
|
||||
while ( $c = array_shift($this->categories) ) {
|
||||
$cat_name = trim(str_replace(array ('<![CDATA[', ']]>'), '', $this->get_tag( $c, 'wp:cat_name' )));
|
||||
$cat_name = trim($this->get_tag( $c, 'wp:cat_name' ));
|
||||
|
||||
// If the category exists we leave it alone
|
||||
if ( in_array($cat_name, $cat_names) )
|
||||
|
@ -274,7 +275,6 @@ class WP_Import {
|
|||
$post_author = $this->get_tag( $post, 'dc:creator' );
|
||||
|
||||
$post_content = $this->get_tag( $post, 'content:encoded' );
|
||||
$post_content = str_replace(array ('<![CDATA[', ']]>'), '', $post_content);
|
||||
$post_content = preg_replace('|<(/?[A-Z]+)|e', "'<' . strtolower('$1')", $post_content);
|
||||
$post_content = str_replace('<br>', '<br />', $post_content);
|
||||
$post_content = str_replace('<hr>', '<hr />', $post_content);
|
||||
|
|
Loading…
Reference in New Issue