From c69af021e58972d4f97c9c0078b65bad106b4bf0 Mon Sep 17 00:00:00 2001 From: Mahesh Patel Date: Thu, 9 Apr 2026 15:05:46 +0530 Subject: [PATCH 1/3] output in XML without escaping --- src/wp-trackback.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/wp-trackback.php b/src/wp-trackback.php index c9149363e1c59..14af2939bd7b6 100644 --- a/src/wp-trackback.php +++ b/src/wp-trackback.php @@ -34,7 +34,7 @@ function trackback_response( $error = 0, $error_message = '' ) { echo '\n"; echo "\n"; echo "1\n"; - echo "$error_message\n"; + echo "" . wp_kses_post( $error_message ) . "\n"; echo ''; die(); } else { From 10f34d799ed75dc153efc3ffe0495df5fdff847a Mon Sep 17 00:00:00 2001 From: Mahesh Patel Date: Thu, 9 Apr 2026 15:31:27 +0530 Subject: [PATCH 2/3] Update code --- src/wp-trackback.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/wp-trackback.php b/src/wp-trackback.php index 14af2939bd7b6..b4844cbd1f562 100644 --- a/src/wp-trackback.php +++ b/src/wp-trackback.php @@ -34,7 +34,7 @@ function trackback_response( $error = 0, $error_message = '' ) { echo '\n"; echo "\n"; echo "1\n"; - echo "" . wp_kses_post( $error_message ) . "\n"; + echo "" . esc_html ( $error_message ) . "\n"; echo ''; die(); } else { From 68e669232b1f620f8c9c7b6cd8146a0fab8616dc Mon Sep 17 00:00:00 2001 From: maheshpatel27 Date: Wed, 15 Apr 2026 08:54:22 +0530 Subject: [PATCH 3/3] Update src/wp-trackback.php Co-authored-by: Stephen A. Bernhardt --- src/wp-trackback.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/wp-trackback.php b/src/wp-trackback.php index b4844cbd1f562..4f8f227c58792 100644 --- a/src/wp-trackback.php +++ b/src/wp-trackback.php @@ -34,7 +34,7 @@ function trackback_response( $error = 0, $error_message = '' ) { echo '\n"; echo "\n"; echo "1\n"; - echo "" . esc_html ( $error_message ) . "\n"; + echo "" . esc_xml( $error_message ) . "\n"; echo ''; die(); } else {