Escape the guid urls when placing them in feeds and other xml locations. See #13555.

git-svn-id: http://svn.automattic.com/wordpress/trunk@14947 1a063a9b-81f0-0310-95a4-ce76da25c4cd

wp-admin/includes/export.php

@@ -347,7 +347,7 @@ function export_wp( $args = array() ) {
 		<dc:creator><?php echo wxr_cdata( get_the_author() ); ?></dc:creator>
 		<?php wxr_post_taxonomy() ?>
 
-		<guid isPermaLink="false"><?php the_guid(); ?></guid>
+		<guid isPermaLink="false"><?php esc_url( the_guid() ); ?></guid>
 		<description></description>
 		<content:encoded><?php echo wxr_cdata( apply_filters( 'the_content_export', $post->post_content ) ); ?></content:encoded>
 		<excerpt:encoded><?php echo wxr_cdata( apply_filters( 'the_excerpt_export', $post->post_excerpt ) ); ?></excerpt:encoded>

wp-app.php

@@ -1150,7 +1150,7 @@ EOD;
 	function echo_entry() { ?>
 <entry xmlns="<?php echo $this->ATOM_NS ?>"
        xmlns:app="<?php echo $this->ATOMPUB_NS ?>" xml:lang="<?php echo get_option('rss_language'); ?>">
-	<id><?php the_guid($GLOBALS['post']->ID); ?></id>
+	<id><?php esc_url( the_guid( $GLOBALS['post']->ID ) ); ?></id>
 <?php list($content_type, $content) = prep_atom_text_construct(get_the_title()); ?>
 	<title type="<?php echo $content_type ?>"><?php echo $content ?></title>
 	<updated><?php echo get_post_modified_time('Y-m-d\TH:i:s\Z', true); ?></updated>
@@ -1167,7 +1167,7 @@ EOD;
 	</author>
 <?php if ($GLOBALS['post']->post_type == 'attachment') { ?>
 	<link rel="edit-media" href="<?php $this->the_media_url() ?>" />
-	<content type="<?php echo $GLOBALS['post']->post_mime_type ?>" src="<?php the_guid(); ?>"/>
+	<content type="<?php echo $GLOBALS['post']->post_mime_type ?>" src="<?php esc_url( the_guid() ); ?>"/>
 <?php } else { ?>
 	<link href="<?php the_permalink_rss() ?>" />
 <?php if ( strlen( $GLOBALS['post']->post_content ) ) :

wp-includes/feed-atom-comments.php

@@ -73,7 +73,7 @@ if ( have_comments() ) : while ( have_comments() ) : the_comment();
 <?php endif; // post pass
 	// Return comment threading information (http://www.ietf.org/rfc/rfc4685.txt)
 	if ( $comment->comment_parent == 0 ) : // This comment is top level ?>
-		<thr:in-reply-to ref="<?php the_guid() ?>" href="<?php the_permalink_rss() ?>" type="<?php bloginfo_rss('html_type'); ?>" />
+		<thr:in-reply-to ref="<?php esc_url( the_guid() ); ?>" href="<?php the_permalink_rss() ?>" type="<?php bloginfo_rss('html_type'); ?>" />
 <?php else : // This comment is in reply to another comment
 	$parent_comment = get_comment($comment->comment_parent);
 	// The rel attribute below and the id tag above should be GUIDs, but WP doesn't create them for comments (unlike posts). Either way, its more important that they both use the same system

wp-includes/feed-atom.php

@@ -36,7 +36,7 @@ echo '<?xml version="1.0" encoding="'.get_option('blog_charset').'"?'.'>'; ?>
 		</author>
 		<title type="<?php html_type_rss(); ?>"><![CDATA[<?php the_title_rss() ?>]]></title>
 		<link rel="alternate" type="text/html" href="<?php the_permalink_rss() ?>" />
-		<id><?php the_guid(); ?></id>
+		<id><?php esc_url( the_guid() ); ?></id>
 		<updated><?php echo get_post_modified_time('Y-m-d\TH:i:s\Z', true); ?></updated>
 		<published><?php echo get_post_time('Y-m-d\TH:i:s\Z', true); ?></published>
 		<?php the_category_rss('atom') ?>

wp-includes/feed-rss2.php

@@ -39,7 +39,7 @@ echo '<?xml version="1.0" encoding="'.get_option('blog_charset').'"?'.'>'; ?>
 		<dc:creator><?php the_author() ?></dc:creator>
 		<?php the_category_rss() ?>
 
-		<guid isPermaLink="false"><?php the_guid(); ?></guid>
+		<guid isPermaLink="false"><?php esc_url( the_guid() ); ?></guid>
 <?php if (get_option('rss_use_excerpt')) : ?>
 		<description><![CDATA[<?php the_excerpt_rss() ?>]]></description>
 <?php else : ?>