From: Brian Wolff <bawolff+wn@gmail.com>
Date: Sun, 17 Feb 2019 11:23:50 +0000 (+0000)
Subject: Use htmlspecialchars() not htmlentities in xml export for validity
X-Git-Tag: 1.34.0-rc.0~2669^2
X-Git-Url: https://git.cyclocoop.org/%7B%24www_url%7Dadmin/compta/banques/ajouter.php?a=commitdiff_plain;h=a848eae6796d2b0824d0d606303286ae25003cd1;p=lhc%2Fweb%2Fwiklou.git

Use htmlspecialchars() not htmlentities in xml export for validity

htmlentities() can output entity references that are invalid in XML.
Use htmlspecialchars() instead.

Additionally, cast user-id to int for phan-taint-check

Bug: T216348
Change-Id: Idf781f5a3ffc3c6463969b3f5af63f0f08ae837c
---

diff --git a/includes/export/WikiExporter.php b/includes/export/WikiExporter.php
index e6b9719edd..88282bd78c 100644
--- a/includes/export/WikiExporter.php
+++ b/includes/export/WikiExporter.php
@@ -233,10 +233,10 @@ class WikiExporter {
 		foreach ( $res as $row ) {
 			$this->author_list .= "<contributor>" .
 				"<username>" .
-				htmlentities( $row->rev_user_text ) .
+				htmlspecialchars( $row->rev_user_text ) .
 				"</username>" .
 				"<id>" .
-				$row->rev_user .
+				( (int)$row->rev_user ) .
 				"</id>" .
 				"</contributor>";
 		}