]> scripts.mit.edu Git - autoinstalls/wordpress.git/blobdiff - wp-admin/includes/export.php
WordPress 4.5-scripts
[autoinstalls/wordpress.git] / wp-admin / includes / export.php
index ae08c3c17d3190abaa40e2beffab9b856a6cd9dd..4b18c9c0a391e6a7fd2baa29ede3a24acd12488d 100644 (file)
 define( 'WXR_VERSION', '1.2' );
 
 /**
 define( 'WXR_VERSION', '1.2' );
 
 /**
- * Generates the WXR export file for download
+ * Generates the WXR export file for download.
  *
  * @since 2.1.0
  *
  *
  * @since 2.1.0
  *
- * @param array $args Filters defining what should be included in the export
+ * @global wpdb    $wpdb
+ * @global WP_Post $post
+ *
+ * @param array $args Filters defining what should be included in the export.
  */
 function export_wp( $args = array() ) {
        global $wpdb, $post;
  */
 function export_wp( $args = array() ) {
        global $wpdb, $post;
@@ -30,11 +33,31 @@ function export_wp( $args = array() ) {
        );
        $args = wp_parse_args( $args, $defaults );
 
        );
        $args = wp_parse_args( $args, $defaults );
 
-       do_action( 'export_wp' );
+       /**
+        * Fires at the beginning of an export, before any headers are sent.
+        *
+        * @since 2.3.0
+        *
+        * @param array $args An array of export arguments.
+        */
+       do_action( 'export_wp', $args );
 
        $sitename = sanitize_key( get_bloginfo( 'name' ) );
 
        $sitename = sanitize_key( get_bloginfo( 'name' ) );
-       if ( ! empty($sitename) ) $sitename .= '.';
-       $filename = $sitename . 'wordpress.' . date( 'Y-m-d' ) . '.xml';
+       if ( ! empty( $sitename ) ) {
+               $sitename .= '.';
+       }
+       $date = date( 'Y-m-d' );
+       $wp_filename = $sitename . 'wordpress.' . $date . '.xml';
+       /**
+        * Filter the export filename.
+        *
+        * @since 4.4.0
+        *
+        * @param string $wp_filename The name of the file for download.
+        * @param string $sitename    The site name.
+        * @param string $date        Today's date, formatted.
+        */
+       $filename = apply_filters( 'export_wp_filename', $wp_filename, $sitename, $date );
 
        header( 'Content-Description: File Transfer' );
        header( 'Content-Disposition: attachment; filename=' . $filename );
 
        header( 'Content-Description: File Transfer' );
        header( 'Content-Disposition: attachment; filename=' . $filename );
@@ -65,7 +88,7 @@ function export_wp( $args = array() ) {
                }
        }
 
                }
        }
 
-       if ( 'post' == $args['content'] || 'page' == $args['content'] ) {
+       if ( 'post' == $args['content'] || 'page' == $args['content'] || 'attachment' == $args['content'] ) {
                if ( $args['author'] )
                        $where .= $wpdb->prepare( " AND {$wpdb->posts}.post_author = %d", $args['author'] );
 
                if ( $args['author'] )
                        $where .= $wpdb->prepare( " AND {$wpdb->posts}.post_author = %d", $args['author'] );
 
@@ -76,23 +99,26 @@ function export_wp( $args = array() ) {
                        $where .= $wpdb->prepare( " AND {$wpdb->posts}.post_date < %s", date( 'Y-m-d', strtotime('+1 month', strtotime($args['end_date'])) ) );
        }
 
                        $where .= $wpdb->prepare( " AND {$wpdb->posts}.post_date < %s", date( 'Y-m-d', strtotime('+1 month', strtotime($args['end_date'])) ) );
        }
 
-       // grab a snapshot of post IDs, just in case it changes during the export
+       // Grab a snapshot of post IDs, just in case it changes during the export.
        $post_ids = $wpdb->get_col( "SELECT ID FROM {$wpdb->posts} $join WHERE $where" );
 
        $post_ids = $wpdb->get_col( "SELECT ID FROM {$wpdb->posts} $join WHERE $where" );
 
-       // get the requested terms ready, empty unless posts filtered by category or all content
+       /*
+        * Get the requested terms ready, empty unless posts filtered by category
+        * or all content.
+        */
        $cats = $tags = $terms = array();
        if ( isset( $term ) && $term ) {
                $cat = get_term( $term['term_id'], 'category' );
                $cats = array( $cat->term_id => $cat );
                unset( $term, $cat );
        $cats = $tags = $terms = array();
        if ( isset( $term ) && $term ) {
                $cat = get_term( $term['term_id'], 'category' );
                $cats = array( $cat->term_id => $cat );
                unset( $term, $cat );
-       } else if ( 'all' == $args['content'] ) {
+       } elseif ( 'all' == $args['content'] ) {
                $categories = (array) get_categories( array( 'get' => 'all' ) );
                $tags = (array) get_tags( array( 'get' => 'all' ) );
 
                $custom_taxonomies = get_taxonomies( array( '_builtin' => false ) );
                $custom_terms = (array) get_terms( $custom_taxonomies, array( 'get' => 'all' ) );
 
                $categories = (array) get_categories( array( 'get' => 'all' ) );
                $tags = (array) get_tags( array( 'get' => 'all' ) );
 
                $custom_taxonomies = get_taxonomies( array( '_builtin' => false ) );
                $custom_terms = (array) get_terms( $custom_taxonomies, array( 'get' => 'all' ) );
 
-               // put categories in order with no child going before its parent
+               // Put categories in order with no child going before its parent.
                while ( $cat = array_shift( $categories ) ) {
                        if ( $cat->parent == 0 || isset( $cats[$cat->parent] ) )
                                $cats[$cat->term_id] = $cat;
                while ( $cat = array_shift( $categories ) ) {
                        if ( $cat->parent == 0 || isset( $cats[$cat->parent] ) )
                                $cats[$cat->term_id] = $cat;
@@ -100,7 +126,7 @@ function export_wp( $args = array() ) {
                                $categories[] = $cat;
                }
 
                                $categories[] = $cat;
                }
 
-               // put terms in order with no child going before its parent
+               // Put terms in order with no child going before its parent.
                while ( $t = array_shift( $custom_terms ) ) {
                        if ( $t->parent == 0 || isset( $terms[$t->parent] ) )
                                $terms[$t->term_id] = $t;
                while ( $t = array_shift( $custom_terms ) ) {
                        if ( $t->parent == 0 || isset( $terms[$t->parent] ) )
                                $terms[$t->term_id] = $t;
@@ -120,9 +146,9 @@ function export_wp( $args = array() ) {
         * @return string
         */
        function wxr_cdata( $str ) {
         * @return string
         */
        function wxr_cdata( $str ) {
-               if ( seems_utf8( $str ) == false )
+               if ( ! seems_utf8( $str ) ) {
                        $str = utf8_encode( $str );
                        $str = utf8_encode( $str );
-
+               }
                // $str = ent2ncr(esc_html($str));
                $str = '<![CDATA[' . str_replace( ']]>', ']]]]><![CDATA[>', $str ) . ']]>';
 
                // $str = ent2ncr(esc_html($str));
                $str = '<![CDATA[' . str_replace( ']]>', ']]]]><![CDATA[>', $str ) . ']]>';
 
@@ -137,10 +163,10 @@ function export_wp( $args = array() ) {
         * @return string Site URL.
         */
        function wxr_site_url() {
         * @return string Site URL.
         */
        function wxr_site_url() {
-               // ms: the base url
+               // Multisite: the base URL.
                if ( is_multisite() )
                        return network_home_url();
                if ( is_multisite() )
                        return network_home_url();
-               // wp: the blog url
+               // WordPress (single site): the blog URL.
                else
                        return get_bloginfo_rss( 'url' );
        }
                else
                        return get_bloginfo_rss( 'url' );
        }
@@ -233,12 +259,23 @@ function export_wp( $args = array() ) {
         * Output list of authors with posts
         *
         * @since 3.1.0
         * Output list of authors with posts
         *
         * @since 3.1.0
+        *
+        * @global wpdb $wpdb WordPress database abstraction object.
+        *
+        * @param array $post_ids Array of post IDs to filter the query by. Optional.
         */
         */
-       function wxr_authors_list() {
+       function wxr_authors_list( array $post_ids = null ) {
                global $wpdb;
 
                global $wpdb;
 
+               if ( !empty( $post_ids ) ) {
+                       $post_ids = array_map( 'absint', $post_ids );
+                       $and = 'AND ID IN ( ' . implode( ', ', $post_ids ) . ')';
+               } else {
+                       $and = '';
+               }
+
                $authors = array();
                $authors = array();
-               $results = $wpdb->get_results( "SELECT DISTINCT post_author FROM $wpdb->posts WHERE post_status != 'auto-draft'" );
+               $results = $wpdb->get_results( "SELECT DISTINCT post_author FROM $wpdb->posts WHERE post_status != 'auto-draft' $and" );
                foreach ( (array) $results as $result )
                        $authors[] = get_userdata( $result->post_author );
 
                foreach ( (array) $results as $result )
                        $authors[] = get_userdata( $result->post_author );
 
@@ -246,12 +283,12 @@ function export_wp( $args = array() ) {
 
                foreach ( $authors as $author ) {
                        echo "\t<wp:author>";
 
                foreach ( $authors as $author ) {
                        echo "\t<wp:author>";
-                       echo '<wp:author_id>' . $author->ID . '</wp:author_id>';
-                       echo '<wp:author_login>' . $author->user_login . '</wp:author_login>';
-                       echo '<wp:author_email>' . $author->user_email . '</wp:author_email>';
+                       echo '<wp:author_id>' . intval( $author->ID ) . '</wp:author_id>';
+                       echo '<wp:author_login>' . wxr_cdata( $author->user_login ) . '</wp:author_login>';
+                       echo '<wp:author_email>' . wxr_cdata( $author->user_email ) . '</wp:author_email>';
                        echo '<wp:author_display_name>' . wxr_cdata( $author->display_name ) . '</wp:author_display_name>';
                        echo '<wp:author_display_name>' . wxr_cdata( $author->display_name ) . '</wp:author_display_name>';
-                       echo '<wp:author_first_name>' . wxr_cdata( $author->user_firstname ) . '</wp:author_first_name>';
-                       echo '<wp:author_last_name>' . wxr_cdata( $author->user_lastname ) . '</wp:author_last_name>';
+                       echo '<wp:author_first_name>' . wxr_cdata( $author->first_name ) . '</wp:author_first_name>';
+                       echo '<wp:author_last_name>' . wxr_cdata( $author->last_name ) . '</wp:author_last_name>';
                        echo "</wp:author>\n";
                }
        }
                        echo "</wp:author>\n";
                }
        }
@@ -267,7 +304,10 @@ function export_wp( $args = array() ) {
                        return;
 
                foreach ( $nav_menus as $menu ) {
                        return;
 
                foreach ( $nav_menus as $menu ) {
-                       echo "\t<wp:term><wp:term_id>{$menu->term_id}</wp:term_id><wp:term_taxonomy>nav_menu</wp:term_taxonomy><wp:term_slug>{$menu->slug}</wp:term_slug>";
+                       echo "\t<wp:term>";
+                       echo '<wp:term_id>' . intval( $menu->term_id ) . '</wp:term_id>';
+                       echo '<wp:term_taxonomy>nav_menu</wp:term_taxonomy>';
+                       echo '<wp:term_slug>' . wxr_cdata( $menu->slug ) . '</wp:term_slug>';
                        wxr_term_name( $menu );
                        echo "</wp:term>\n";
                }
                        wxr_term_name( $menu );
                        echo "</wp:term>\n";
                }
@@ -291,6 +331,12 @@ function export_wp( $args = array() ) {
                }
        }
 
                }
        }
 
+       /**
+        *
+        * @param bool   $return_me
+        * @param string $meta_key
+        * @return bool
+        */
        function wxr_filter_postmeta( $return_me, $meta_key ) {
                if ( '_edit_lock' == $meta_key )
                        $return_me = true;
        function wxr_filter_postmeta( $return_me, $meta_key ) {
                if ( '_edit_lock' == $meta_key )
                        $return_me = true;
@@ -337,89 +383,148 @@ function export_wp( $args = array() ) {
        <wp:base_site_url><?php echo wxr_site_url(); ?></wp:base_site_url>
        <wp:base_blog_url><?php bloginfo_rss( 'url' ); ?></wp:base_blog_url>
 
        <wp:base_site_url><?php echo wxr_site_url(); ?></wp:base_site_url>
        <wp:base_blog_url><?php bloginfo_rss( 'url' ); ?></wp:base_blog_url>
 
-<?php wxr_authors_list(); ?>
+<?php wxr_authors_list( $post_ids ); ?>
 
 <?php foreach ( $cats as $c ) : ?>
 
 <?php foreach ( $cats as $c ) : ?>
-       <wp:category><wp:term_id><?php echo $c->term_id ?></wp:term_id><wp:category_nicename><?php echo $c->slug; ?></wp:category_nicename><wp:category_parent><?php echo $c->parent ? $cats[$c->parent]->slug : ''; ?></wp:category_parent><?php wxr_cat_name( $c ); ?><?php wxr_category_description( $c ); ?></wp:category>
+       <wp:category><wp:term_id><?php echo intval( $c->term_id ); ?></wp:term_id><wp:category_nicename><?php echo wxr_cdata( $c->slug ); ?></wp:category_nicename><wp:category_parent><?php echo wxr_cdata( $c->parent ? $cats[$c->parent]->slug : '' ); ?></wp:category_parent><?php wxr_cat_name( $c ); ?><?php wxr_category_description( $c ); ?></wp:category>
 <?php endforeach; ?>
 <?php foreach ( $tags as $t ) : ?>
 <?php endforeach; ?>
 <?php foreach ( $tags as $t ) : ?>
-       <wp:tag><wp:term_id><?php echo $t->term_id ?></wp:term_id><wp:tag_slug><?php echo $t->slug; ?></wp:tag_slug><?php wxr_tag_name( $t ); ?><?php wxr_tag_description( $t ); ?></wp:tag>
+       <wp:tag><wp:term_id><?php echo intval( $t->term_id ); ?></wp:term_id><wp:tag_slug><?php echo wxr_cdata( $t->slug ); ?></wp:tag_slug><?php wxr_tag_name( $t ); ?><?php wxr_tag_description( $t ); ?></wp:tag>
 <?php endforeach; ?>
 <?php foreach ( $terms as $t ) : ?>
 <?php endforeach; ?>
 <?php foreach ( $terms as $t ) : ?>
-       <wp:term><wp:term_id><?php echo $t->term_id ?></wp:term_id><wp:term_taxonomy><?php echo $t->taxonomy; ?></wp:term_taxonomy><wp:term_slug><?php echo $t->slug; ?></wp:term_slug><wp:term_parent><?php echo $t->parent ? $terms[$t->parent]->slug : ''; ?></wp:term_parent><?php wxr_term_name( $t ); ?><?php wxr_term_description( $t ); ?></wp:term>
+       <wp:term><wp:term_id><?php echo wxr_cdata( $t->term_id ); ?></wp:term_id><wp:term_taxonomy><?php echo wxr_cdata( $t->taxonomy ); ?></wp:term_taxonomy><wp:term_slug><?php echo wxr_cdata( $t->slug ); ?></wp:term_slug><wp:term_parent><?php echo wxr_cdata( $t->parent ? $terms[$t->parent]->slug : '' ); ?></wp:term_parent><?php wxr_term_name( $t ); ?><?php wxr_term_description( $t ); ?></wp:term>
 <?php endforeach; ?>
 <?php if ( 'all' == $args['content'] ) wxr_nav_menu_terms(); ?>
 
 <?php endforeach; ?>
 <?php if ( 'all' == $args['content'] ) wxr_nav_menu_terms(); ?>
 
-       <?php do_action( 'rss2_head' ); ?>
+       <?php
+       /** This action is documented in wp-includes/feed-rss2.php */
+       do_action( 'rss2_head' );
+       ?>
 
 <?php if ( $post_ids ) {
 
 <?php if ( $post_ids ) {
+       /**
+        * @global WP_Query $wp_query
+        */
        global $wp_query;
        global $wp_query;
-       $wp_query->in_the_loop = true; // Fake being in the loop.
 
 
-       // fetch 20 posts at a time rather than loading the entire table into memory
+       // Fake being in the loop.
+       $wp_query->in_the_loop = true;
+
+       // Fetch 20 posts at a time rather than loading the entire table into memory.
        while ( $next_posts = array_splice( $post_ids, 0, 20 ) ) {
        $where = 'WHERE ID IN (' . join( ',', $next_posts ) . ')';
        $posts = $wpdb->get_results( "SELECT * FROM {$wpdb->posts} $where" );
 
        while ( $next_posts = array_splice( $post_ids, 0, 20 ) ) {
        $where = 'WHERE ID IN (' . join( ',', $next_posts ) . ')';
        $posts = $wpdb->get_results( "SELECT * FROM {$wpdb->posts} $where" );
 
-       // Begin Loop
+       // Begin Loop.
        foreach ( $posts as $post ) {
                setup_postdata( $post );
                $is_sticky = is_sticky( $post->ID ) ? 1 : 0;
 ?>
        <item>
        foreach ( $posts as $post ) {
                setup_postdata( $post );
                $is_sticky = is_sticky( $post->ID ) ? 1 : 0;
 ?>
        <item>
-               <title><?php echo apply_filters( 'the_title_rss', $post->post_title ); ?></title>
+               <title><?php
+                       /** This filter is documented in wp-includes/feed.php */
+                       echo apply_filters( 'the_title_rss', $post->post_title );
+               ?></title>
                <link><?php the_permalink_rss() ?></link>
                <pubDate><?php echo mysql2date( 'D, d M Y H:i:s +0000', get_post_time( 'Y-m-d H:i:s', true ), false ); ?></pubDate>
                <link><?php the_permalink_rss() ?></link>
                <pubDate><?php echo mysql2date( 'D, d M Y H:i:s +0000', get_post_time( 'Y-m-d H:i:s', true ), false ); ?></pubDate>
-               <dc:creator><?php echo get_the_author_meta( 'login' ); ?></dc:creator>
+               <dc:creator><?php echo wxr_cdata( get_the_author_meta( 'login' ) ); ?></dc:creator>
                <guid isPermaLink="false"><?php the_guid(); ?></guid>
                <description></description>
                <guid isPermaLink="false"><?php the_guid(); ?></guid>
                <description></description>
-               <content:encoded><?php echo wxr_cdata( apply_filters( 'the_content_export', $post->post_content ) ); ?></content:encoded>
-               <excerpt:encoded><?php echo wxr_cdata( apply_filters( 'the_excerpt_export', $post->post_excerpt ) ); ?></excerpt:encoded>
-               <wp:post_id><?php echo $post->ID; ?></wp:post_id>
-               <wp:post_date><?php echo $post->post_date; ?></wp:post_date>
-               <wp:post_date_gmt><?php echo $post->post_date_gmt; ?></wp:post_date_gmt>
-               <wp:comment_status><?php echo $post->comment_status; ?></wp:comment_status>
-               <wp:ping_status><?php echo $post->ping_status; ?></wp:ping_status>
-               <wp:post_name><?php echo $post->post_name; ?></wp:post_name>
-               <wp:status><?php echo $post->post_status; ?></wp:status>
-               <wp:post_parent><?php echo $post->post_parent; ?></wp:post_parent>
-               <wp:menu_order><?php echo $post->menu_order; ?></wp:menu_order>
-               <wp:post_type><?php echo $post->post_type; ?></wp:post_type>
-               <wp:post_password><?php echo $post->post_password; ?></wp:post_password>
-               <wp:is_sticky><?php echo $is_sticky; ?></wp:is_sticky>
+               <content:encoded><?php
+                       /**
+                        * Filter the post content used for WXR exports.
+                        *
+                        * @since 2.5.0
+                        *
+                        * @param string $post_content Content of the current post.
+                        */
+                       echo wxr_cdata( apply_filters( 'the_content_export', $post->post_content ) );
+               ?></content:encoded>
+               <excerpt:encoded><?php
+                       /**
+                        * Filter the post excerpt used for WXR exports.
+                        *
+                        * @since 2.6.0
+                        *
+                        * @param string $post_excerpt Excerpt for the current post.
+                        */
+                       echo wxr_cdata( apply_filters( 'the_excerpt_export', $post->post_excerpt ) );
+               ?></excerpt:encoded>
+               <wp:post_id><?php echo intval( $post->ID ); ?></wp:post_id>
+               <wp:post_date><?php echo wxr_cdata( $post->post_date ); ?></wp:post_date>
+               <wp:post_date_gmt><?php echo wxr_cdata( $post->post_date_gmt ); ?></wp:post_date_gmt>
+               <wp:comment_status><?php echo wxr_cdata( $post->comment_status ); ?></wp:comment_status>
+               <wp:ping_status><?php echo wxr_cdata( $post->ping_status ); ?></wp:ping_status>
+               <wp:post_name><?php echo wxr_cdata( $post->post_name ); ?></wp:post_name>
+               <wp:status><?php echo wxr_cdata( $post->post_status ); ?></wp:status>
+               <wp:post_parent><?php echo intval( $post->post_parent ); ?></wp:post_parent>
+               <wp:menu_order><?php echo intval( $post->menu_order ); ?></wp:menu_order>
+               <wp:post_type><?php echo wxr_cdata( $post->post_type ); ?></wp:post_type>
+               <wp:post_password><?php echo wxr_cdata( $post->post_password ); ?></wp:post_password>
+               <wp:is_sticky><?php echo intval( $is_sticky ); ?></wp:is_sticky>
 <?php  if ( $post->post_type == 'attachment' ) : ?>
 <?php  if ( $post->post_type == 'attachment' ) : ?>
-               <wp:attachment_url><?php echo wp_get_attachment_url( $post->ID ); ?></wp:attachment_url>
+               <wp:attachment_url><?php echo wxr_cdata( wp_get_attachment_url( $post->ID ) ); ?></wp:attachment_url>
 <?php  endif; ?>
 <?php  wxr_post_taxonomy(); ?>
 <?php  $postmeta = $wpdb->get_results( $wpdb->prepare( "SELECT * FROM $wpdb->postmeta WHERE post_id = %d", $post->ID ) );
                foreach ( $postmeta as $meta ) :
 <?php  endif; ?>
 <?php  wxr_post_taxonomy(); ?>
 <?php  $postmeta = $wpdb->get_results( $wpdb->prepare( "SELECT * FROM $wpdb->postmeta WHERE post_id = %d", $post->ID ) );
                foreach ( $postmeta as $meta ) :
+                       /**
+                        * Filter whether to selectively skip post meta used for WXR exports.
+                        *
+                        * Returning a truthy value to the filter will skip the current meta
+                        * object from being exported.
+                        *
+                        * @since 3.3.0
+                        *
+                        * @param bool   $skip     Whether to skip the current post meta. Default false.
+                        * @param string $meta_key Current meta key.
+                        * @param object $meta     Current meta object.
+                        */
                        if ( apply_filters( 'wxr_export_skip_postmeta', false, $meta->meta_key, $meta ) )
                                continue;
                ?>
                <wp:postmeta>
                        if ( apply_filters( 'wxr_export_skip_postmeta', false, $meta->meta_key, $meta ) )
                                continue;
                ?>
                <wp:postmeta>
-                       <wp:meta_key><?php echo $meta->meta_key; ?></wp:meta_key>
+                       <wp:meta_key><?php echo wxr_cdata( $meta->meta_key ); ?></wp:meta_key>
                        <wp:meta_value><?php echo wxr_cdata( $meta->meta_value ); ?></wp:meta_value>
                </wp:postmeta>
                        <wp:meta_value><?php echo wxr_cdata( $meta->meta_value ); ?></wp:meta_value>
                </wp:postmeta>
-<?php  endforeach; ?>
-<?php  $comments = $wpdb->get_results( $wpdb->prepare( "SELECT * FROM $wpdb->comments WHERE comment_post_ID = %d AND comment_approved <> 'spam'", $post->ID ) );
+<?php  endforeach;
+
+               $_comments = $wpdb->get_results( $wpdb->prepare( "SELECT * FROM $wpdb->comments WHERE comment_post_ID = %d AND comment_approved <> 'spam'", $post->ID ) );
+               $comments = array_map( 'get_comment', $_comments );
                foreach ( $comments as $c ) : ?>
                <wp:comment>
                foreach ( $comments as $c ) : ?>
                <wp:comment>
-                       <wp:comment_id><?php echo $c->comment_ID; ?></wp:comment_id>
+                       <wp:comment_id><?php echo intval( $c->comment_ID ); ?></wp:comment_id>
                        <wp:comment_author><?php echo wxr_cdata( $c->comment_author ); ?></wp:comment_author>
                        <wp:comment_author><?php echo wxr_cdata( $c->comment_author ); ?></wp:comment_author>
-                       <wp:comment_author_email><?php echo $c->comment_author_email; ?></wp:comment_author_email>
+                       <wp:comment_author_email><?php echo wxr_cdata( $c->comment_author_email ); ?></wp:comment_author_email>
                        <wp:comment_author_url><?php echo esc_url_raw( $c->comment_author_url ); ?></wp:comment_author_url>
                        <wp:comment_author_url><?php echo esc_url_raw( $c->comment_author_url ); ?></wp:comment_author_url>
-                       <wp:comment_author_IP><?php echo $c->comment_author_IP; ?></wp:comment_author_IP>
-                       <wp:comment_date><?php echo $c->comment_date; ?></wp:comment_date>
-                       <wp:comment_date_gmt><?php echo $c->comment_date_gmt; ?></wp:comment_date_gmt>
+                       <wp:comment_author_IP><?php echo wxr_cdata( $c->comment_author_IP ); ?></wp:comment_author_IP>
+                       <wp:comment_date><?php echo wxr_cdata( $c->comment_date ); ?></wp:comment_date>
+                       <wp:comment_date_gmt><?php echo wxr_cdata( $c->comment_date_gmt ); ?></wp:comment_date_gmt>
                        <wp:comment_content><?php echo wxr_cdata( $c->comment_content ) ?></wp:comment_content>
                        <wp:comment_content><?php echo wxr_cdata( $c->comment_content ) ?></wp:comment_content>
-                       <wp:comment_approved><?php echo $c->comment_approved; ?></wp:comment_approved>
-                       <wp:comment_type><?php echo $c->comment_type; ?></wp:comment_type>
-                       <wp:comment_parent><?php echo $c->comment_parent; ?></wp:comment_parent>
-                       <wp:comment_user_id><?php echo $c->user_id; ?></wp:comment_user_id>
+                       <wp:comment_approved><?php echo wxr_cdata( $c->comment_approved ); ?></wp:comment_approved>
+                       <wp:comment_type><?php echo wxr_cdata( $c->comment_type ); ?></wp:comment_type>
+                       <wp:comment_parent><?php echo intval( $c->comment_parent ); ?></wp:comment_parent>
+                       <wp:comment_user_id><?php echo intval( $c->user_id ); ?></wp:comment_user_id>
 <?php          $c_meta = $wpdb->get_results( $wpdb->prepare( "SELECT * FROM $wpdb->commentmeta WHERE comment_id = %d", $c->comment_ID ) );
 <?php          $c_meta = $wpdb->get_results( $wpdb->prepare( "SELECT * FROM $wpdb->commentmeta WHERE comment_id = %d", $c->comment_ID ) );
-                       foreach ( $c_meta as $meta ) : ?>
+                       foreach ( $c_meta as $meta ) :
+                               /**
+                                * Filter whether to selectively skip comment meta used for WXR exports.
+                                *
+                                * Returning a truthy value to the filter will skip the current meta
+                                * object from being exported.
+                                *
+                                * @since 4.0.0
+                                *
+                                * @param bool   $skip     Whether to skip the current comment meta. Default false.
+                                * @param string $meta_key Current meta key.
+                                * @param object $meta     Current meta object.
+                                */
+                               if ( apply_filters( 'wxr_export_skip_commentmeta', false, $meta->meta_key, $meta ) ) {
+                                       continue;
+                               }
+                       ?>
                        <wp:commentmeta>
                        <wp:commentmeta>
-                               <wp:meta_key><?php echo $meta->meta_key; ?></wp:meta_key>
+                               <wp:meta_key><?php echo wxr_cdata( $meta->meta_key ); ?></wp:meta_key>
                                <wp:meta_value><?php echo wxr_cdata( $meta->meta_value ); ?></wp:meta_value>
                        </wp:commentmeta>
 <?php          endforeach; ?>
                                <wp:meta_value><?php echo wxr_cdata( $meta->meta_value ); ?></wp:meta_value>
                        </wp:commentmeta>
 <?php          endforeach; ?>