From 0a99f67862624a4bbd368498296ea465a4e01edd Mon Sep 17 00:00:00 2001
From: Jakub Vrana <jakubv@fb.com>
Date: Wed, 15 Feb 2012 10:33:37 -0800
Subject: [PATCH] Invalid escaping in renderBaseAttrs()

Summary:
Second parameter of htmlspecialchars() is flags (int), not bool.
Value true is understood as 1 which means: quote single quotes, not double quotes

Test Plan:
New test
---
 php-lib/html.php       | 2 +-
 tests/attr-quotes.phpt | 9 +++++++++
 2 files changed, 10 insertions(+), 1 deletion(-)
 create mode 100644 tests/attr-quotes.phpt

diff --git a/php-lib/html.php b/php-lib/html.php
index 00e84615..466227a0 100644
--- a/php-lib/html.php
+++ b/php-lib/html.php
@@ -65,7 +65,7 @@ protected final function renderBaseAttrs() {
     $buf = '<'.$this->tagName;
     foreach ($this->getAttributes() as $key => $val) {
       if ($val !== null && $val !== false) {
-        $buf .= ' ' . htmlspecialchars($key) . '="' . htmlspecialchars($val, true) . '"';
+        $buf .= ' ' . htmlspecialchars($key) . '="' . htmlspecialchars($val) . '"';
       }
     }
     return $buf;
diff --git a/tests/attr-quotes.phpt b/tests/attr-quotes.phpt
new file mode 100644
index 00000000..12daa483
--- /dev/null
+++ b/tests/attr-quotes.phpt
@@ -0,0 +1,9 @@
+--TEST--
+Quotes in attribute
+--FILE--
+<?php
+class xhp_a {}
+$quote = '"';
+echo <a b={$quote}>c</a>;
+--EXPECT--
+<a b="&quot;">c</a>