• Hi everyone,

    I think I found some bugs in the wp-includes/rss.php file:

    1) In the MagpieRSS class, function feed_start_element, lines 186-197:

    elseif ($this->feed_type == ATOM and $el == 'link' )
    {
    	if ( isset($attrs['rel']) and $attrs['rel'] == 'alternate' )
    	{
    		$link_el = 'link';
    	}
    	else {
    		$link_el = 'link_' . $attrs['rel'];
    	}
    	$this->append($link_el, $attrs['href']);
    }

    it doesn’t handle the case where the <link> element has no rel attribute, and puts the link into $item[‘link_’]. An example ATOM feed: https://marketplace.sitepoint.com/categories/premium-sites-for-sale/feed
    I think this is a bug in MagpieRSS, which is still there in the latest version. And I see wordpress is using an outdated MagpieRSS version (0.51 vs 0.72), why is that?

    2) Lines 850 (wp_rss function) and 869 (get_rss function) use htmlentities without the encoding parameter:
    htmlentities( $item['title'] )
    The same feed can be used as example (has UTF-8 encoding, it contains the pound sign which doesn’t print well).
    It should be htmlentities( $item[‘title’], ENT_COMPAT, ‘UTF-8’ ) but I think the attribute_escape function would do the job.
    It’s a bug and I should report it, right?

Viewing 1 replies (of 1 total)
Viewing 1 replies (of 1 total)
  • The topic ‘bugs in rss.php?’ is closed to new replies.