From 2ea53cf51a18d91369e120d72af8cc70ab66882b Mon Sep 17 00:00:00 2001
From: ryan <ryan@1a063a9b-81f0-0310-95a4-ce76da25c4cd>
Date: Fri, 15 Jun 2007 17:22:38 +0000
Subject: [PATCH] Use CDATA escaping on fields.  Props tellyworth. fixes #4452

git-svn-id: http://svn.automattic.com/wordpress/trunk@5711 1a063a9b-81f0-0310-95a4-ce76da25c4cd
---
 wp-admin/export.php           | 4 ++--
 wp-admin/import/wordpress.php | 6 +++---
 2 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/wp-admin/export.php b/wp-admin/export.php
index ce2cb581af..8d3a47f6aa 100644
--- a/wp-admin/export.php
+++ b/wp-admin/export.php
@@ -131,7 +131,7 @@ print '<?xml version="1.0" encoding="' . get_bloginfo('charset') . '"?' . ">\n";
 	This is a WordPress eXtended RSS file generated by WordPress as an export of 
 	your blog. It contains information about your blog's posts, comments, and 
 	categories. You may use this file to transfer that content from one site to 
-	another. This file is not intended to serve as a complete backup of your 
+	another. This file is not intended to serve as a complete backup of your
 	blog.
 
 	To import this information into a WordPress blog follow these steps:
@@ -203,7 +203,7 @@ $comments = $wpdb->get_results("SELECT * FROM $wpdb->comments WHERE comment_post
 if ( $comments ) { foreach ( $comments as $c ) { ?>
 <wp:comment>
 <wp:comment_id><?php echo $c->comment_ID; ?></wp:comment_id>
-<wp:comment_author><?php echo $c->comment_author; ?></wp:comment_author>
+<wp:comment_author><?php echo wxr_cdata($c->comment_author); ?></wp:comment_author>
 <wp:comment_author_email><?php echo $c->comment_author_email; ?></wp:comment_author_email>
 <wp:comment_author_url><?php echo $c->comment_author_url; ?></wp:comment_author_url>
 <wp:comment_author_IP><?php echo $c->comment_author_IP; ?></wp:comment_author_IP>
diff --git a/wp-admin/import/wordpress.php b/wp-admin/import/wordpress.php
index ef84032cac..fe12cf416a 100644
--- a/wp-admin/import/wordpress.php
+++ b/wp-admin/import/wordpress.php
@@ -37,7 +37,8 @@ class WP_Import {
 	function get_tag( $string, $tag ) {
 		global $wpdb;
 		preg_match("|<$tag.*?>(.*?)</$tag>|is", $string, $return);
-		$return = $wpdb->escape( trim( $return[1] ) );
+		$return = preg_replace('|<!\[CDATA\[(.*)\]\]>|', '$1', $return[1]);
+		$return = $wpdb->escape( trim( $return ) );
 		return $return;
 	}
 
@@ -215,7 +216,7 @@ class WP_Import {
 		$cat_names = (array) $wpdb->get_col("SELECT cat_name FROM $wpdb->categories");
 
 		while ( $c = array_shift($this->categories) ) {
-			$cat_name = trim(str_replace(array ('<![CDATA[', ']]>'), '', $this->get_tag( $c, 'wp:cat_name' )));
+			$cat_name = trim($this->get_tag( $c, 'wp:cat_name' ));
 
 			// If the category exists we leave it alone
 			if ( in_array($cat_name, $cat_names) )
@@ -274,7 +275,6 @@ class WP_Import {
 		$post_author    = $this->get_tag( $post, 'dc:creator' );
 
 		$post_content = $this->get_tag( $post, 'content:encoded' );
-		$post_content = str_replace(array ('<![CDATA[', ']]>'), '', $post_content);
 		$post_content = preg_replace('|<(/?[A-Z]+)|e', "'<' . strtolower('$1')", $post_content);
 		$post_content = str_replace('<br>', '<br />', $post_content);
 		$post_content = str_replace('<hr>', '<hr />', $post_content);