From 0fdbaecbc65b097a1ee403830cee73cb45aa29d8 Mon Sep 17 00:00:00 2001
From: Scott Taylor <wonderboymusic@git.wordpress.org>
Date: Sat, 19 Sep 2015 18:52:27 +0000
Subject: [PATCH] Export: Add late-escaping to the contents of several nodes to
 avoid creating invalid XML and XML parse errors.

Props westonruter.
Fixes #33732.


git-svn-id: https://develop.svn.wordpress.org/trunk@34333 602fd350-edb4-49c9-b593-d223f7449a82
---
 src/wp-admin/includes/export.php | 65 +++++++++++++++++---------------
 1 file changed, 34 insertions(+), 31 deletions(-)

diff --git a/src/wp-admin/includes/export.php b/src/wp-admin/includes/export.php
index 3acd7fdc3e..6d01a2c2f3 100644
--- a/src/wp-admin/includes/export.php
+++ b/src/wp-admin/includes/export.php
@@ -283,9 +283,9 @@ function export_wp( $args = array() ) {
 
 		foreach ( $authors as $author ) {
 			echo "\t<wp:author>";
-			echo '<wp:author_id>' . $author->ID . '</wp:author_id>';
-			echo '<wp:author_login>' . $author->user_login . '</wp:author_login>';
-			echo '<wp:author_email>' . $author->user_email . '</wp:author_email>';
+			echo '<wp:author_id>' . intval( $author->ID ) . '</wp:author_id>';
+			echo '<wp:author_login>' . wxr_cdata( $author->user_login ) . '</wp:author_login>';
+			echo '<wp:author_email>' . wxr_cdata( $author->user_email ) . '</wp:author_email>';
 			echo '<wp:author_display_name>' . wxr_cdata( $author->display_name ) . '</wp:author_display_name>';
 			echo '<wp:author_first_name>' . wxr_cdata( $author->first_name ) . '</wp:author_first_name>';
 			echo '<wp:author_last_name>' . wxr_cdata( $author->last_name ) . '</wp:author_last_name>';
@@ -304,7 +304,10 @@ function export_wp( $args = array() ) {
 			return;
 
 		foreach ( $nav_menus as $menu ) {
-			echo "\t<wp:term><wp:term_id>{$menu->term_id}</wp:term_id><wp:term_taxonomy>nav_menu</wp:term_taxonomy><wp:term_slug>{$menu->slug}</wp:term_slug>";
+			echo "\t<wp:term>";
+			echo '<wp:term_id>' . intval( $menu->term_id ) . '</wp:term_id>';
+			echo '<wp:term_taxonomy>nav_menu</wp:term_taxonomy>';
+			echo '<wp:term_slug>' . wxr_cdata( $menu->slug ) . '</wp:term_slug>';
 			wxr_term_name( $menu );
 			echo "</wp:term>\n";
 		}
@@ -383,13 +386,13 @@ function export_wp( $args = array() ) {
 <?php wxr_authors_list( $post_ids ); ?>
 
 <?php foreach ( $cats as $c ) : ?>
-	<wp:category><wp:term_id><?php echo $c->term_id ?></wp:term_id><wp:category_nicename><?php echo $c->slug; ?></wp:category_nicename><wp:category_parent><?php echo $c->parent ? $cats[$c->parent]->slug : ''; ?></wp:category_parent><?php wxr_cat_name( $c ); ?><?php wxr_category_description( $c ); ?></wp:category>
+	<wp:category><wp:term_id><?php echo intval( $c->term_id ); ?></wp:term_id><wp:category_nicename><?php echo wxr_cdata( $c->slug ); ?></wp:category_nicename><wp:category_parent><?php echo wxr_cdata( $c->parent ? $cats[$c->parent]->slug : '' ); ?></wp:category_parent><?php wxr_cat_name( $c ); ?><?php wxr_category_description( $c ); ?></wp:category>
 <?php endforeach; ?>
 <?php foreach ( $tags as $t ) : ?>
-	<wp:tag><wp:term_id><?php echo $t->term_id ?></wp:term_id><wp:tag_slug><?php echo $t->slug; ?></wp:tag_slug><?php wxr_tag_name( $t ); ?><?php wxr_tag_description( $t ); ?></wp:tag>
+	<wp:tag><wp:term_id><?php echo intval( $t->term_id ); ?></wp:term_id><wp:tag_slug><?php echo wxr_cdata( $t->slug ); ?></wp:tag_slug><?php wxr_tag_name( $t ); ?><?php wxr_tag_description( $t ); ?></wp:tag>
 <?php endforeach; ?>
 <?php foreach ( $terms as $t ) : ?>
-	<wp:term><wp:term_id><?php echo $t->term_id ?></wp:term_id><wp:term_taxonomy><?php echo $t->taxonomy; ?></wp:term_taxonomy><wp:term_slug><?php echo $t->slug; ?></wp:term_slug><wp:term_parent><?php echo $t->parent ? $terms[$t->parent]->slug : ''; ?></wp:term_parent><?php wxr_term_name( $t ); ?><?php wxr_term_description( $t ); ?></wp:term>
+	<wp:term><wp:term_id><?php echo wxr_cdata( $t->term_id ); ?></wp:term_id><wp:term_taxonomy><?php echo wxr_cdata( $t->taxonomy ); ?></wp:term_taxonomy><wp:term_slug><?php echo wxr_cdata( $t->slug ); ?></wp:term_slug><wp:term_parent><?php echo wxr_cdata( $t->parent ? $terms[$t->parent]->slug : '' ); ?></wp:term_parent><?php wxr_term_name( $t ); ?><?php wxr_term_description( $t ); ?></wp:term>
 <?php endforeach; ?>
 <?php if ( 'all' == $args['content'] ) wxr_nav_menu_terms(); ?>
 
@@ -447,20 +450,20 @@ function export_wp( $args = array() ) {
 			 */
 			echo wxr_cdata( apply_filters( 'the_excerpt_export', $post->post_excerpt ) );
 		?></excerpt:encoded>
-		<wp:post_id><?php echo $post->ID; ?></wp:post_id>
-		<wp:post_date><?php echo $post->post_date; ?></wp:post_date>
-		<wp:post_date_gmt><?php echo $post->post_date_gmt; ?></wp:post_date_gmt>
-		<wp:comment_status><?php echo $post->comment_status; ?></wp:comment_status>
-		<wp:ping_status><?php echo $post->ping_status; ?></wp:ping_status>
-		<wp:post_name><?php echo $post->post_name; ?></wp:post_name>
-		<wp:status><?php echo $post->post_status; ?></wp:status>
-		<wp:post_parent><?php echo $post->post_parent; ?></wp:post_parent>
-		<wp:menu_order><?php echo $post->menu_order; ?></wp:menu_order>
-		<wp:post_type><?php echo $post->post_type; ?></wp:post_type>
-		<wp:post_password><?php echo $post->post_password; ?></wp:post_password>
-		<wp:is_sticky><?php echo $is_sticky; ?></wp:is_sticky>
+		<wp:post_id><?php echo intval( $post->ID ); ?></wp:post_id>
+		<wp:post_date><?php echo wxr_cdata( $post->post_date ); ?></wp:post_date>
+		<wp:post_date_gmt><?php echo wxr_cdata( $post->post_date_gmt ); ?></wp:post_date_gmt>
+		<wp:comment_status><?php echo wxr_cdata( $post->comment_status ); ?></wp:comment_status>
+		<wp:ping_status><?php echo wxr_cdata( $post->ping_status ); ?></wp:ping_status>
+		<wp:post_name><?php echo wxr_cdata( $post->post_name ); ?></wp:post_name>
+		<wp:status><?php echo wxr_cdata( $post->post_status ); ?></wp:status>
+		<wp:post_parent><?php echo intval( $post->post_parent ); ?></wp:post_parent>
+		<wp:menu_order><?php echo intval( $post->menu_order ); ?></wp:menu_order>
+		<wp:post_type><?php echo wxr_cdata( $post->post_type ); ?></wp:post_type>
+		<wp:post_password><?php echo wxr_cdata( $post->post_password ); ?></wp:post_password>
+		<wp:is_sticky><?php echo intval( $is_sticky ); ?></wp:is_sticky>
 <?php	if ( $post->post_type == 'attachment' ) : ?>
-		<wp:attachment_url><?php echo wp_get_attachment_url( $post->ID ); ?></wp:attachment_url>
+		<wp:attachment_url><?php echo wxr_cdata( wp_get_attachment_url( $post->ID ) ); ?></wp:attachment_url>
 <?php 	endif; ?>
 <?php 	wxr_post_taxonomy(); ?>
 <?php	$postmeta = $wpdb->get_results( $wpdb->prepare( "SELECT * FROM $wpdb->postmeta WHERE post_id = %d", $post->ID ) );
@@ -481,7 +484,7 @@ function export_wp( $args = array() ) {
 				continue;
 		?>
 		<wp:postmeta>
-			<wp:meta_key><?php echo $meta->meta_key; ?></wp:meta_key>
+			<wp:meta_key><?php echo wxr_cdata( $meta->meta_key ); ?></wp:meta_key>
 			<wp:meta_value><?php echo wxr_cdata( $meta->meta_value ); ?></wp:meta_value>
 		</wp:postmeta>
 <?php	endforeach;
@@ -490,18 +493,18 @@ function export_wp( $args = array() ) {
 		$comments = array_map( 'get_comment', $_comments );
 		foreach ( $comments as $c ) : ?>
 		<wp:comment>
-			<wp:comment_id><?php echo $c->comment_ID; ?></wp:comment_id>
+			<wp:comment_id><?php echo intval( $c->comment_ID ); ?></wp:comment_id>
 			<wp:comment_author><?php echo wxr_cdata( $c->comment_author ); ?></wp:comment_author>
-			<wp:comment_author_email><?php echo $c->comment_author_email; ?></wp:comment_author_email>
+			<wp:comment_author_email><?php echo wxr_cdata( $c->comment_author_email ); ?></wp:comment_author_email>
 			<wp:comment_author_url><?php echo esc_url_raw( $c->comment_author_url ); ?></wp:comment_author_url>
-			<wp:comment_author_IP><?php echo $c->comment_author_IP; ?></wp:comment_author_IP>
-			<wp:comment_date><?php echo $c->comment_date; ?></wp:comment_date>
-			<wp:comment_date_gmt><?php echo $c->comment_date_gmt; ?></wp:comment_date_gmt>
+			<wp:comment_author_IP><?php echo wxr_cdata( $c->comment_author_IP ); ?></wp:comment_author_IP>
+			<wp:comment_date><?php echo wxr_cdata( $c->comment_date ); ?></wp:comment_date>
+			<wp:comment_date_gmt><?php echo wxr_cdata( $c->comment_date_gmt ); ?></wp:comment_date_gmt>
 			<wp:comment_content><?php echo wxr_cdata( $c->comment_content ) ?></wp:comment_content>
-			<wp:comment_approved><?php echo $c->comment_approved; ?></wp:comment_approved>
-			<wp:comment_type><?php echo $c->comment_type; ?></wp:comment_type>
-			<wp:comment_parent><?php echo $c->comment_parent; ?></wp:comment_parent>
-			<wp:comment_user_id><?php echo $c->user_id; ?></wp:comment_user_id>
+			<wp:comment_approved><?php echo wxr_cdata( $c->comment_approved ); ?></wp:comment_approved>
+			<wp:comment_type><?php echo wxr_cdata( $c->comment_type ); ?></wp:comment_type>
+			<wp:comment_parent><?php echo intval( $c->comment_parent ); ?></wp:comment_parent>
+			<wp:comment_user_id><?php echo intval( $c->user_id ); ?></wp:comment_user_id>
 <?php		$c_meta = $wpdb->get_results( $wpdb->prepare( "SELECT * FROM $wpdb->commentmeta WHERE comment_id = %d", $c->comment_ID ) );
 			foreach ( $c_meta as $meta ) :
 				/**
@@ -521,7 +524,7 @@ function export_wp( $args = array() ) {
 				}
 			?>
 			<wp:commentmeta>
-				<wp:meta_key><?php echo $meta->meta_key; ?></wp:meta_key>
+				<wp:meta_key><?php echo wxr_cdata( $meta->meta_key ); ?></wp:meta_key>
 				<wp:meta_value><?php echo wxr_cdata( $meta->meta_value ); ?></wp:meta_value>
 			</wp:commentmeta>
 <?php		endforeach; ?>