X-Git-Url: https://scripts.mit.edu/gitweb/autoinstalls/wordpress.git/blobdiff_plain/177fd6fefd2e3d5a0ea6591c71d660cabdb3c1a4..refs/tags/wordpress-2.6.2:/wp-admin/includes/export.php

diff --git a/wp-admin/includes/export.php b/wp-admin/includes/export.php
index 96239af9..00201fab 100644
--- a/wp-admin/includes/export.php
+++ b/wp-admin/includes/export.php
@@ -17,7 +17,7 @@ header('Content-Type: text/xml; charset=' . get_option('blog_charset'), true);
 $where = '';
 if ( $author and $author != 'all' ) {
 	$author_id = (int) $author;
-	$where = " WHERE post_author = '$author_id' ";
+	$where = $wpdb->prepare(" WHERE post_author = %d ", $author_id);
 }
 
 // grab a snapshot of post IDs, just in case it changes during the export
@@ -201,6 +201,7 @@ echo '<?xml version="1.0" encoding="' . get_bloginfo('charset') . '"?' . ">\n";
 <guid isPermaLink="false"><?php the_guid(); ?></guid>
 <description></description>
 <content:encoded><?php echo wxr_cdata( apply_filters('the_content_export', $post->post_content) ); ?></content:encoded>
+<excerpt:encoded><?php echo wxr_cdata( apply_filters('the_excerpt_export', $post->post_excerpt) ); ?></excerpt:encoded>
 <wp:post_id><?php echo $post->ID; ?></wp:post_id>
 <wp:post_date><?php echo $post->post_date; ?></wp:post_date>
 <wp:post_date_gmt><?php echo $post->post_date_gmt; ?></wp:post_date_gmt>
@@ -217,7 +218,7 @@ if ($post->post_type == 'attachment') { ?>
 <wp:attachment_url><?php echo wp_get_attachment_url($post->ID); ?></wp:attachment_url>
 <?php } ?>
 <?php
-$postmeta = $wpdb->get_results("SELECT * FROM $wpdb->postmeta WHERE post_id = $post->ID");
+$postmeta = $wpdb->get_results( $wpdb->prepare("SELECT * FROM $wpdb->postmeta WHERE post_id = %d", $post->ID) );
 if ( $postmeta ) {
 ?>
 <?php foreach( $postmeta as $meta ) { ?>
@@ -228,7 +229,7 @@ if ( $postmeta ) {
 <?php } ?>
 <?php } ?>
 <?php
-$comments = $wpdb->get_results("SELECT * FROM $wpdb->comments WHERE comment_post_ID = $post->ID");
+$comments = $wpdb->get_results( $wpdb->prepare("SELECT * FROM $wpdb->comments WHERE comment_post_ID = %d", $post->ID) );
 if ( $comments ) { foreach ( $comments as $c ) { ?>
 <wp:comment>
 <wp:comment_id><?php echo $c->comment_ID; ?></wp:comment_id>
@@ -252,4 +253,4 @@ if ( $comments ) { foreach ( $comments as $c ) { ?>
 <?php
 }
 
-?>
\ No newline at end of file
+?>