Refs #1517: only encode <,>, and & for strings in xml

author cash <cash@36083f99-b078-4883-b0ff-0f9b5a30f544>

Sun, 21 Feb 2010 20:30:13 +0000 (20:30 +0000)

committer cash <cash@36083f99-b078-4883-b0ff-0f9b5a30f544>

Sun, 21 Feb 2010 20:30:13 +0000 (20:30 +0000)
author cash <cash@36083f99-b078-4883-b0ff-0f9b5a30f544>
Sun, 21 Feb 2010 20:30:13 +0000 (20:30 +0000)
committer cash <cash@36083f99-b078-4883-b0ff-0f9b5a30f544>
Sun, 21 Feb 2010 20:30:13 +0000 (20:30 +0000)
diff --git a/engine/lib/xml.php b/engine/lib/xml.php

index cbc93655566681c0278595be8172270894cbb25e..f691b2475e58a8c3c0530fd3becb24c8ede3e32a 100644 (file)
--- a/engine/lib/xml.php
+++ b/engine/lib/xml.php
@@ -58,7 +58,7 @@
                         } else if (gettype($value) == "boolean") {
                                 $output .= $value ? "true" : "false";
                         } else {
-                               $output .= htmlentities($value);
+                               $output .= htmlspecialchars($value, ENT_NOQUOTES, 'UTF-8');
                         }
                         
                         $output .= "</$key>\n";
@@ -103,7 +103,7 @@
                         } else if (gettype($value) == "boolean") {
                                 $output .= $value ? "true" : "false";
                         } else {
-                               $output .= htmlentities($value);
+                               $output .= htmlspecialchars($value, ENT_NOQUOTES, 'UTF-8');
                         }
                         
                         $output .= "</$item>\n";
author	cash <cash@36083f99-b078-4883-b0ff-0f9b5a30f544>
	Sun, 21 Feb 2010 20:30:13 +0000 (20:30 +0000)
committer	cash <cash@36083f99-b078-4883-b0ff-0f9b5a30f544>
	Sun, 21 Feb 2010 20:30:13 +0000 (20:30 +0000)