HTMLEncode strings in wddx_serialize_value()

Summary: Strings returned through wddx_serialize_value should be HTMLEncode()'d during
serialization.

Fixes #4283

{sync, type="child", parent="internal", parentrevid="1691695", parentrevfbid="1537976659780590", parentdiffid="5726084"}

Reviewed By: @JoelMarcey

Differential Revision: D1691695

Signature: t1:1691695:1416530595:722bfcdaf7c0dbee379bea886cd4c43d997ca7dd

hphp/runtime/ext/wddx/ext_wddx.cpp

@@ -126,9 +126,13 @@ bool WddxPacket::recursiveAddVar(const String& varName,
 
   std::string varType = getDataTypeString(varVariant.getType()).data();
   if (!getWddxEncoded(varType, "", varName, false).empty()) {
-    std::string varValue = varVariant.toString().data();
+    std::string varValue;
     if (varType.compare("boolean") == 0) {
       varValue = varVariant.toBoolean() ? "true" : "false";
+    } else {
+      varValue = StringUtil::HtmlEncode(varVariant.toString(),
+                                        StringUtil::QuoteStyle::Double,
+                                        "UTF-8", false, false).toCppString();
     }
     m_packetString += getWddxEncoded(varType, varValue, varName, hasVarTag);
     return true;

hphp/test/slow/ext_wddx/htmlent.php

@@ -0,0 +1,5 @@
+<?php
+$s = wddx_serialize_value("Test for &");
+var_dump($s);
+$d = wddx_deserialize($s);
+var_dump($d);

hphp/test/slow/ext_wddx/htmlent.php.expect

@@ -0,0 +1,2 @@
+string(92) "<wddxPacket version='1.0'><header/><data><string>Test for &amp;</string></data></wddxPacket>"
+string(10) "Test for &"