X-Git-Url: https://scripts.mit.edu/gitweb/autoinstalls/wordpress.git/blobdiff_plain/849f15aeed7a5e39314057bdc0064d8edd60dd7d..3194d1bb103c2d8db4f44feeced5e58ee2756658:/wp-admin/includes/export.php

diff --git a/wp-admin/includes/export.php b/wp-admin/includes/export.php
index 1ffc1d34..4b18c9c0 100644
--- a/wp-admin/includes/export.php
+++ b/wp-admin/includes/export.php
@@ -20,6 +20,9 @@ define( 'WXR_VERSION', '1.2' );
  *
  * @since 2.1.0
  *
+ * @global wpdb    $wpdb
+ * @global WP_Post $post
+ *
  * @param array $args Filters defining what should be included in the export.
  */
 function export_wp( $args = array() ) {
@@ -40,8 +43,21 @@ function export_wp( $args = array() ) {
 	do_action( 'export_wp', $args );
 
 	$sitename = sanitize_key( get_bloginfo( 'name' ) );
-	if ( ! empty($sitename) ) $sitename .= '.';
-	$filename = $sitename . 'wordpress.' . date( 'Y-m-d' ) . '.xml';
+	if ( ! empty( $sitename ) ) {
+		$sitename .= '.';
+	}
+	$date = date( 'Y-m-d' );
+	$wp_filename = $sitename . 'wordpress.' . $date . '.xml';
+	/**
+	 * Filter the export filename.
+	 *
+	 * @since 4.4.0
+	 *
+	 * @param string $wp_filename The name of the file for download.
+	 * @param string $sitename    The site name.
+	 * @param string $date        Today's date, formatted.
+	 */
+	$filename = apply_filters( 'export_wp_filename', $wp_filename, $sitename, $date );
 
 	header( 'Content-Description: File Transfer' );
 	header( 'Content-Disposition: attachment; filename=' . $filename );
@@ -72,7 +88,7 @@ function export_wp( $args = array() ) {
 		}
 	}
 
-	if ( 'post' == $args['content'] || 'page' == $args['content'] ) {
+	if ( 'post' == $args['content'] || 'page' == $args['content'] || 'attachment' == $args['content'] ) {
 		if ( $args['author'] )
 			$where .= $wpdb->prepare( " AND {$wpdb->posts}.post_author = %d", $args['author'] );
 
@@ -95,7 +111,7 @@ function export_wp( $args = array() ) {
 		$cat = get_term( $term['term_id'], 'category' );
 		$cats = array( $cat->term_id => $cat );
 		unset( $term, $cat );
-	} else if ( 'all' == $args['content'] ) {
+	} elseif ( 'all' == $args['content'] ) {
 		$categories = (array) get_categories( array( 'get' => 'all' ) );
 		$tags = (array) get_tags( array( 'get' => 'all' ) );
 
@@ -130,9 +146,9 @@ function export_wp( $args = array() ) {
 	 * @return string
 	 */
 	function wxr_cdata( $str ) {
-		if ( seems_utf8( $str ) == false )
+		if ( ! seems_utf8( $str ) ) {
 			$str = utf8_encode( $str );
-
+		}
 		// $str = ent2ncr(esc_html($str));
 		$str = '<![CDATA[' . str_replace( ']]>', ']]]]><![CDATA[>', $str ) . ']]>';
 
@@ -244,6 +260,8 @@ function export_wp( $args = array() ) {
 	 *
 	 * @since 3.1.0
 	 *
+	 * @global wpdb $wpdb WordPress database abstraction object.
+	 *
 	 * @param array $post_ids Array of post IDs to filter the query by. Optional.
 	 */
 	function wxr_authors_list( array $post_ids = null ) {
@@ -265,12 +283,12 @@ function export_wp( $args = array() ) {
 
 		foreach ( $authors as $author ) {
 			echo "\t<wp:author>";
-			echo '<wp:author_id>' . $author->ID . '</wp:author_id>';
-			echo '<wp:author_login>' . $author->user_login . '</wp:author_login>';
-			echo '<wp:author_email>' . $author->user_email . '</wp:author_email>';
+			echo '<wp:author_id>' . intval( $author->ID ) . '</wp:author_id>';
+			echo '<wp:author_login>' . wxr_cdata( $author->user_login ) . '</wp:author_login>';
+			echo '<wp:author_email>' . wxr_cdata( $author->user_email ) . '</wp:author_email>';
 			echo '<wp:author_display_name>' . wxr_cdata( $author->display_name ) . '</wp:author_display_name>';
-			echo '<wp:author_first_name>' . wxr_cdata( $author->user_firstname ) . '</wp:author_first_name>';
-			echo '<wp:author_last_name>' . wxr_cdata( $author->user_lastname ) . '</wp:author_last_name>';
+			echo '<wp:author_first_name>' . wxr_cdata( $author->first_name ) . '</wp:author_first_name>';
+			echo '<wp:author_last_name>' . wxr_cdata( $author->last_name ) . '</wp:author_last_name>';
 			echo "</wp:author>\n";
 		}
 	}
@@ -286,7 +304,10 @@ function export_wp( $args = array() ) {
 			return;
 
 		foreach ( $nav_menus as $menu ) {
-			echo "\t<wp:term><wp:term_id>{$menu->term_id}</wp:term_id><wp:term_taxonomy>nav_menu</wp:term_taxonomy><wp:term_slug>{$menu->slug}</wp:term_slug>";
+			echo "\t<wp:term>";
+			echo '<wp:term_id>' . intval( $menu->term_id ) . '</wp:term_id>';
+			echo '<wp:term_taxonomy>nav_menu</wp:term_taxonomy>';
+			echo '<wp:term_slug>' . wxr_cdata( $menu->slug ) . '</wp:term_slug>';
 			wxr_term_name( $menu );
 			echo "</wp:term>\n";
 		}
@@ -310,6 +331,12 @@ function export_wp( $args = array() ) {
 		}
 	}
 
+	/**
+	 *
+	 * @param bool   $return_me
+	 * @param string $meta_key
+	 * @return bool
+	 */
 	function wxr_filter_postmeta( $return_me, $meta_key ) {
 		if ( '_edit_lock' == $meta_key )
 			$return_me = true;
@@ -359,13 +386,13 @@ function export_wp( $args = array() ) {
 <?php wxr_authors_list( $post_ids ); ?>
 
 <?php foreach ( $cats as $c ) : ?>
-	<wp:category><wp:term_id><?php echo $c->term_id ?></wp:term_id><wp:category_nicename><?php echo $c->slug; ?></wp:category_nicename><wp:category_parent><?php echo $c->parent ? $cats[$c->parent]->slug : ''; ?></wp:category_parent><?php wxr_cat_name( $c ); ?><?php wxr_category_description( $c ); ?></wp:category>
+	<wp:category><wp:term_id><?php echo intval( $c->term_id ); ?></wp:term_id><wp:category_nicename><?php echo wxr_cdata( $c->slug ); ?></wp:category_nicename><wp:category_parent><?php echo wxr_cdata( $c->parent ? $cats[$c->parent]->slug : '' ); ?></wp:category_parent><?php wxr_cat_name( $c ); ?><?php wxr_category_description( $c ); ?></wp:category>
 <?php endforeach; ?>
 <?php foreach ( $tags as $t ) : ?>
-	<wp:tag><wp:term_id><?php echo $t->term_id ?></wp:term_id><wp:tag_slug><?php echo $t->slug; ?></wp:tag_slug><?php wxr_tag_name( $t ); ?><?php wxr_tag_description( $t ); ?></wp:tag>
+	<wp:tag><wp:term_id><?php echo intval( $t->term_id ); ?></wp:term_id><wp:tag_slug><?php echo wxr_cdata( $t->slug ); ?></wp:tag_slug><?php wxr_tag_name( $t ); ?><?php wxr_tag_description( $t ); ?></wp:tag>
 <?php endforeach; ?>
 <?php foreach ( $terms as $t ) : ?>
-	<wp:term><wp:term_id><?php echo $t->term_id ?></wp:term_id><wp:term_taxonomy><?php echo $t->taxonomy; ?></wp:term_taxonomy><wp:term_slug><?php echo $t->slug; ?></wp:term_slug><wp:term_parent><?php echo $t->parent ? $terms[$t->parent]->slug : ''; ?></wp:term_parent><?php wxr_term_name( $t ); ?><?php wxr_term_description( $t ); ?></wp:term>
+	<wp:term><wp:term_id><?php echo wxr_cdata( $t->term_id ); ?></wp:term_id><wp:term_taxonomy><?php echo wxr_cdata( $t->taxonomy ); ?></wp:term_taxonomy><wp:term_slug><?php echo wxr_cdata( $t->slug ); ?></wp:term_slug><wp:term_parent><?php echo wxr_cdata( $t->parent ? $terms[$t->parent]->slug : '' ); ?></wp:term_parent><?php wxr_term_name( $t ); ?><?php wxr_term_description( $t ); ?></wp:term>
 <?php endforeach; ?>
 <?php if ( 'all' == $args['content'] ) wxr_nav_menu_terms(); ?>
 
@@ -375,6 +402,9 @@ function export_wp( $args = array() ) {
 	?>
 
 <?php if ( $post_ids ) {
+	/**
+	 * @global WP_Query $wp_query
+	 */
 	global $wp_query;
 
 	// Fake being in the loop.
@@ -420,20 +450,20 @@ function export_wp( $args = array() ) {
 			 */
 			echo wxr_cdata( apply_filters( 'the_excerpt_export', $post->post_excerpt ) );
 		?></excerpt:encoded>
-		<wp:post_id><?php echo $post->ID; ?></wp:post_id>
-		<wp:post_date><?php echo $post->post_date; ?></wp:post_date>
-		<wp:post_date_gmt><?php echo $post->post_date_gmt; ?></wp:post_date_gmt>
-		<wp:comment_status><?php echo $post->comment_status; ?></wp:comment_status>
-		<wp:ping_status><?php echo $post->ping_status; ?></wp:ping_status>
-		<wp:post_name><?php echo $post->post_name; ?></wp:post_name>
-		<wp:status><?php echo $post->post_status; ?></wp:status>
-		<wp:post_parent><?php echo $post->post_parent; ?></wp:post_parent>
-		<wp:menu_order><?php echo $post->menu_order; ?></wp:menu_order>
-		<wp:post_type><?php echo $post->post_type; ?></wp:post_type>
-		<wp:post_password><?php echo $post->post_password; ?></wp:post_password>
-		<wp:is_sticky><?php echo $is_sticky; ?></wp:is_sticky>
+		<wp:post_id><?php echo intval( $post->ID ); ?></wp:post_id>
+		<wp:post_date><?php echo wxr_cdata( $post->post_date ); ?></wp:post_date>
+		<wp:post_date_gmt><?php echo wxr_cdata( $post->post_date_gmt ); ?></wp:post_date_gmt>
+		<wp:comment_status><?php echo wxr_cdata( $post->comment_status ); ?></wp:comment_status>
+		<wp:ping_status><?php echo wxr_cdata( $post->ping_status ); ?></wp:ping_status>
+		<wp:post_name><?php echo wxr_cdata( $post->post_name ); ?></wp:post_name>
+		<wp:status><?php echo wxr_cdata( $post->post_status ); ?></wp:status>
+		<wp:post_parent><?php echo intval( $post->post_parent ); ?></wp:post_parent>
+		<wp:menu_order><?php echo intval( $post->menu_order ); ?></wp:menu_order>
+		<wp:post_type><?php echo wxr_cdata( $post->post_type ); ?></wp:post_type>
+		<wp:post_password><?php echo wxr_cdata( $post->post_password ); ?></wp:post_password>
+		<wp:is_sticky><?php echo intval( $is_sticky ); ?></wp:is_sticky>
 <?php	if ( $post->post_type == 'attachment' ) : ?>
-		<wp:attachment_url><?php echo wp_get_attachment_url( $post->ID ); ?></wp:attachment_url>
+		<wp:attachment_url><?php echo wxr_cdata( wp_get_attachment_url( $post->ID ) ); ?></wp:attachment_url>
 <?php 	endif; ?>
 <?php 	wxr_post_taxonomy(); ?>
 <?php	$postmeta = $wpdb->get_results( $wpdb->prepare( "SELECT * FROM $wpdb->postmeta WHERE post_id = %d", $post->ID ) );
@@ -454,26 +484,27 @@ function export_wp( $args = array() ) {
 				continue;
 		?>
 		<wp:postmeta>
-			<wp:meta_key><?php echo $meta->meta_key; ?></wp:meta_key>
+			<wp:meta_key><?php echo wxr_cdata( $meta->meta_key ); ?></wp:meta_key>
 			<wp:meta_value><?php echo wxr_cdata( $meta->meta_value ); ?></wp:meta_value>
 		</wp:postmeta>
 <?php	endforeach;
 
-		$comments = $wpdb->get_results( $wpdb->prepare( "SELECT * FROM $wpdb->comments WHERE comment_post_ID = %d AND comment_approved <> 'spam'", $post->ID ) );
+		$_comments = $wpdb->get_results( $wpdb->prepare( "SELECT * FROM $wpdb->comments WHERE comment_post_ID = %d AND comment_approved <> 'spam'", $post->ID ) );
+		$comments = array_map( 'get_comment', $_comments );
 		foreach ( $comments as $c ) : ?>
 		<wp:comment>
-			<wp:comment_id><?php echo $c->comment_ID; ?></wp:comment_id>
+			<wp:comment_id><?php echo intval( $c->comment_ID ); ?></wp:comment_id>
 			<wp:comment_author><?php echo wxr_cdata( $c->comment_author ); ?></wp:comment_author>
-			<wp:comment_author_email><?php echo $c->comment_author_email; ?></wp:comment_author_email>
+			<wp:comment_author_email><?php echo wxr_cdata( $c->comment_author_email ); ?></wp:comment_author_email>
 			<wp:comment_author_url><?php echo esc_url_raw( $c->comment_author_url ); ?></wp:comment_author_url>
-			<wp:comment_author_IP><?php echo $c->comment_author_IP; ?></wp:comment_author_IP>
-			<wp:comment_date><?php echo $c->comment_date; ?></wp:comment_date>
-			<wp:comment_date_gmt><?php echo $c->comment_date_gmt; ?></wp:comment_date_gmt>
+			<wp:comment_author_IP><?php echo wxr_cdata( $c->comment_author_IP ); ?></wp:comment_author_IP>
+			<wp:comment_date><?php echo wxr_cdata( $c->comment_date ); ?></wp:comment_date>
+			<wp:comment_date_gmt><?php echo wxr_cdata( $c->comment_date_gmt ); ?></wp:comment_date_gmt>
 			<wp:comment_content><?php echo wxr_cdata( $c->comment_content ) ?></wp:comment_content>
-			<wp:comment_approved><?php echo $c->comment_approved; ?></wp:comment_approved>
-			<wp:comment_type><?php echo $c->comment_type; ?></wp:comment_type>
-			<wp:comment_parent><?php echo $c->comment_parent; ?></wp:comment_parent>
-			<wp:comment_user_id><?php echo $c->user_id; ?></wp:comment_user_id>
+			<wp:comment_approved><?php echo wxr_cdata( $c->comment_approved ); ?></wp:comment_approved>
+			<wp:comment_type><?php echo wxr_cdata( $c->comment_type ); ?></wp:comment_type>
+			<wp:comment_parent><?php echo intval( $c->comment_parent ); ?></wp:comment_parent>
+			<wp:comment_user_id><?php echo intval( $c->user_id ); ?></wp:comment_user_id>
 <?php		$c_meta = $wpdb->get_results( $wpdb->prepare( "SELECT * FROM $wpdb->commentmeta WHERE comment_id = %d", $c->comment_ID ) );
 			foreach ( $c_meta as $meta ) :
 				/**
@@ -493,7 +524,7 @@ function export_wp( $args = array() ) {
 				}
 			?>
 			<wp:commentmeta>
-				<wp:meta_key><?php echo $meta->meta_key; ?></wp:meta_key>
+				<wp:meta_key><?php echo wxr_cdata( $meta->meta_key ); ?></wp:meta_key>
 				<wp:meta_value><?php echo wxr_cdata( $meta->meta_value ); ?></wp:meta_value>
 			</wp:commentmeta>
 <?php		endforeach; ?>