htmlentities() can output entity references that are invalid in XML.
Use htmlspecialchars() instead.
Additionally, cast user-id to int for phan-taint-check
Bug: T216348
Change-Id: Idf781f5a3ffc3c6463969b3f5af63f0f08ae837c
foreach ( $res as $row ) {
$this->author_list .= "<contributor>" .
"<username>" .
- htmlentities( $row->rev_user_text ) .
+ htmlspecialchars( $row->rev_user_text ) .
"</username>" .
"<id>" .
- $row->rev_user .
+ ( (int)$row->rev_user ) .
"</id>" .
"</contributor>";
}