From a848eae6796d2b0824d0d606303286ae25003cd1 Mon Sep 17 00:00:00 2001
From: Brian Wolff <bawolff+wn@gmail.com>
Date: Sun, 17 Feb 2019 11:23:50 +0000
Subject: [PATCH] Use htmlspecialchars() not htmlentities in xml export for
 validity

htmlentities() can output entity references that are invalid in XML.
Use htmlspecialchars() instead.

Additionally, cast user-id to int for phan-taint-check

Bug: T216348
Change-Id: Idf781f5a3ffc3c6463969b3f5af63f0f08ae837c
---
 includes/export/WikiExporter.php | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/includes/export/WikiExporter.php b/includes/export/WikiExporter.php
index e6b9719edd..88282bd78c 100644
--- a/includes/export/WikiExporter.php
+++ b/includes/export/WikiExporter.php
@@ -233,10 +233,10 @@ class WikiExporter {
 		foreach ( $res as $row ) {
 			$this->author_list .= "<contributor>" .
 				"<username>" .
-				htmlentities( $row->rev_user_text ) .
+				htmlspecialchars( $row->rev_user_text ) .
 				"</username>" .
 				"<id>" .
-				$row->rev_user .
+				( (int)$row->rev_user ) .
 				"</id>" .
 				"</contributor>";
 		}
-- 
2.20.1