Refs #1517: only encode <,>, and & for strings in xml

git-svn-id: http://code.elgg.org/elgg/trunk@3961 36083f99-b078-4883-b0ff-0f9b5a30f544
author: cash <cash@36083f99-b078-4883-b0ff-0f9b5a30f544> 2010-02-21 20:30:13 +0000
committer: cash <cash@36083f99-b078-4883-b0ff-0f9b5a30f544> 2010-02-21 20:30:13 +0000
commit: ce915d40a3b9151dcf03067eeac23a581efff897 (patch)
tree: d4cb66e941f0f84001a8cc46e1081b35e89f2c38 /engine/lib/xml.php
parent: f8ffe33a5eb4d81d60c8ba5cc615ee49b1ea239d (diff)
download: elgg-ce915d40a3b9151dcf03067eeac23a581efff897.tar.gz
elgg-ce915d40a3b9151dcf03067eeac23a581efff897.tar.bz2
1 files changed, 2 insertions, 2 deletions
diff --git a/engine/lib/xml.php b/engine/lib/xml.php
index cbc936555..f691b2475 100644
--- a/engine/lib/xml.php
+++ b/engine/lib/xml.php
@@ -58,7 +58,7 @@
 			} else if (gettype($value) == "boolean") {
 				$output .= $value ? "true" : "false";
 			} else {
-				$output .= htmlentities($value);
+				$output .= htmlspecialchars($value, ENT_NOQUOTES, 'UTF-8');
 			}
 			
 			$output .= "</$key>\n";
@@ -103,7 +103,7 @@
 			} else if (gettype($value) == "boolean") {
 				$output .= $value ? "true" : "false";
 			} else {
-				$output .= htmlentities($value);
+				$output .= htmlspecialchars($value, ENT_NOQUOTES, 'UTF-8');
 			}
 			
 			$output .= "</$item>\n";
author	cash <cash@36083f99-b078-4883-b0ff-0f9b5a30f544>	2010-02-21 20:30:13 +0000
committer	cash <cash@36083f99-b078-4883-b0ff-0f9b5a30f544>	2010-02-21 20:30:13 +0000
commit	ce915d40a3b9151dcf03067eeac23a581efff897 (patch)
tree	d4cb66e941f0f84001a8cc46e1081b35e89f2c38 /engine/lib/xml.php
parent	f8ffe33a5eb4d81d60c8ba5cc615ee49b1ea239d (diff)
download	elgg-ce915d40a3b9151dcf03067eeac23a581efff897.tar.gz elgg-ce915d40a3b9151dcf03067eeac23a581efff897.tar.bz2