From: cash <cash@36083f99-b078-4883-b0ff-0f9b5a30f544>
Date: Sun, 21 Feb 2010 20:30:13 +0000 (+0000)
Subject: Refs #1517: only encode <,>, and & for strings in xml
X-Git-Url: https://gitweb.fluxo.info/?a=commitdiff_plain;h=ce915d40a3b9151dcf03067eeac23a581efff897;p=lorea%2Felgg.git

Refs #1517: only encode <,>, and & for strings in xml


git-svn-id: http://code.elgg.org/elgg/trunk@3961 36083f99-b078-4883-b0ff-0f9b5a30f544
---

diff --git a/engine/lib/xml.php b/engine/lib/xml.php
index cbc936555..f691b2475 100644
--- a/engine/lib/xml.php
+++ b/engine/lib/xml.php
@@ -58,7 +58,7 @@
 			} else if (gettype($value) == "boolean") {
 				$output .= $value ? "true" : "false";
 			} else {
-				$output .= htmlentities($value);
+				$output .= htmlspecialchars($value, ENT_NOQUOTES, 'UTF-8');
 			}
 			
 			$output .= "</$key>\n";
@@ -103,7 +103,7 @@
 			} else if (gettype($value) == "boolean") {
 				$output .= $value ? "true" : "false";
 			} else {
-				$output .= htmlentities($value);
+				$output .= htmlspecialchars($value, ENT_NOQUOTES, 'UTF-8');
 			}
 			
 			$output .= "</$item>\n";