Escape special characters in XML.

Fixes #2188.
cakephp · Nov 26, 2011 · a516268 · a516268
1 parent 54aef72
commit a516268
Showing 1 changed file with 10 additions and 1 deletion.
diff --git a/lib/Cake/Utility/Xml.php b/lib/Cake/Utility/Xml.php
@@ -200,7 +200,16 @@ protected static function _fromArray($dom, $node, &$data, $format) {
 						continue;
 					}
 					if ($key[0] !== '@' && $format === 'tags') {
-						$child = $dom->createElement($key, $value);
+						$child = null;
+						if (!is_numeric($value)) {
+							// Escape special characters
+							// http://www.w3.org/TR/REC-xml/#syntax
+							// https://bugs.php.net/bug.php?id=36795
+							$child = $dom->createElement($key, '');
+							$child->appendChild(new DOMText($value));
+						} else {
+							$child = $dom->createElement($key, $value);
+						}
 						$node->appendChild($child);
 					} else {
 						if ($key[0] === '@') {