Merge pull request #184 from JanisE/master

Escape all text values for any XML element properly

Author: kbsali

lib/Redmine/Api/Issue.php

@@ -91,14 +91,10 @@ private function buildXML(array $params = array())
                         $upload_item->addChild($upload_k, $upload_v);
                     }
                 }
-            } elseif ('description' === $k && (strpos($v, "\n") !== false || strpos($v, PHP_EOL) !== false)) {
-                // surround the description with CDATA if there is any '\n' in the description
-                $node = $xml->addChild($k);
-                $domNode = dom_import_simplexml($node);
-                $no = $domNode->ownerDocument;
-                $domNode->appendChild($no->createCDATASection($v));
             } else {
-                $xml->addChild($k, $v);
+                // "addChild" does not escape text for XML value, but the setter does.
+                // http://stackoverflow.com/a/555039/99904
+                $xml->$k = $v;
             }
         }
 

test/Redmine/Tests/IssueXmlTest.php

@@ -135,8 +135,8 @@ public function testCreateComplexWithLineBreakInDescription()
         $xml = '<?xml version="1.0"?>
 <issue>
     <subject>test api (xml) 3</subject>
-    <description><![CDATA[line1
-line2]]></description>
+    <description>line1
+line2</description>
     <project_id>test</project_id>
     <assigned_to_id>1</assigned_to_id>
     <custom_fields type="array">