Permalink
Browse files

Escape special characters in XML.

Fixes #2188.
  • Loading branch information...
1 parent 54aef72 commit a51626840e660ef771658f2de7342bf1fb0333b9 @ingk ingk committed with markstory Nov 24, 2011
Showing with 10 additions and 1 deletion.
  1. +10 −1 lib/Cake/Utility/Xml.php
View
11 lib/Cake/Utility/Xml.php
@@ -200,7 +200,16 @@ protected static function _fromArray($dom, $node, &$data, $format) {
continue;
}
if ($key[0] !== '@' && $format === 'tags') {
- $child = $dom->createElement($key, $value);
+ $child = null;
+ if (!is_numeric($value)) {
+ // Escape special characters
+ // http://www.w3.org/TR/REC-xml/#syntax
+ // https://bugs.php.net/bug.php?id=36795
+ $child = $dom->createElement($key, '');
+ $child->appendChild(new DOMText($value));
+ } else {
+ $child = $dom->createElement($key, $value);
+ }
$node->appendChild($child);
} else {
if ($key[0] === '@') {

0 comments on commit a516268

Please sign in to comment.