From 37789ebf45abf838db838bb773f4458084fda09d Mon Sep 17 00:00:00 2001
From: Fomafix <fomafix@googlemail.com>
Date: Wed, 24 Feb 2016 18:22:43 +0000
Subject: [PATCH] Xml.php: Do not escape double quotes in $contents of
 Xml::element()

There is no need to escape double quotes in content of XML.
Html::element() also does not escape double quotes in content.

ENT_NOQUOTES escapes '<', '>' and '&' but not "'" and '"'.
https://secure.php.net/manual/en/function.htmlspecialchars.php

Change-Id: I3b585c43e532cca1a8951d6c9e8b4825fc3b012d
---
 includes/Xml.php                                       | 2 +-
 tests/phpunit/includes/XmlTest.php                     | 4 ++--
 tests/phpunit/includes/api/format/ApiFormatXmlTest.php | 2 +-
 3 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/includes/Xml.php b/includes/Xml.php
index 10d0d8b913..4f2720ed85 100644
--- a/includes/Xml.php
+++ b/includes/Xml.php
@@ -49,7 +49,7 @@ class Xml {
 			if ( $allowShortTag && $contents === '' ) {
 				$out .= ' />';
 			} else {
-				$out .= '>' . htmlspecialchars( $contents ) . "</$element>";
+				$out .= '>' . htmlspecialchars( $contents, ENT_NOQUOTES ) . "</$element>";
 			}
 		}
 		return $out;
diff --git a/tests/phpunit/includes/XmlTest.php b/tests/phpunit/includes/XmlTest.php
index e46fc67f73..4556473af1 100644
--- a/tests/phpunit/includes/XmlTest.php
+++ b/tests/phpunit/includes/XmlTest.php
@@ -97,8 +97,8 @@ class XmlTest extends MediaWikiTestCase {
 	 */
 	public function testElementEscaping() {
 		$this->assertEquals(
-			'<element>hello &lt;there&gt; you &amp; you</element>',
-			Xml::element( 'element', null, 'hello <there> you & you' ),
+			'<element>"hello &lt;there&gt; your\'s &amp; you"</element>',
+			Xml::element( 'element', null, '"hello <there> your\'s & you"' ),
 			'Element with no attributes and content that needs escaping'
 		);
 	}
diff --git a/tests/phpunit/includes/api/format/ApiFormatXmlTest.php b/tests/phpunit/includes/api/format/ApiFormatXmlTest.php
index 915fb5c564..443833258b 100644
--- a/tests/phpunit/includes/api/format/ApiFormatXmlTest.php
+++ b/tests/phpunit/includes/api/format/ApiFormatXmlTest.php
@@ -109,7 +109,7 @@ class ApiFormatXmlTest extends ApiFormatTestBase {
 				[ 'xslt' => 'DoesNotExist' ] ],
 			[ [], '<?xml version="1.0"?><api><warnings><xml xml:space="preserve">Stylesheet should be in the MediaWiki namespace.</xml></warnings></api>',
 				[ 'xslt' => 'ApiFormatXmlTest' ] ],
-			[ [], '<?xml version="1.0"?><api><warnings><xml xml:space="preserve">Stylesheet should have &quot;.xsl&quot; extension.</xml></warnings></api>',
+			[ [], '<?xml version="1.0"?><api><warnings><xml xml:space="preserve">Stylesheet should have ".xsl" extension.</xml></warnings></api>',
 				[ 'xslt' => 'MediaWiki:ApiFormatXmlTest' ] ],
 			[ [],
 				'<?xml version="1.0"?><?xml-stylesheet href="' .
-- 
2.20.1