* forgot htmlspecialchars in release notes

author Stig Bakken <ssb@php.net>

Sat, 6 Apr 2002 00:58:22 +0000 (00:58 +0000)

committer Stig Bakken <ssb@php.net>

Sat, 6 Apr 2002 00:58:22 +0000 (00:58 +0000)
author Stig Bakken <ssb@php.net>
Sat, 6 Apr 2002 00:58:22 +0000 (00:58 +0000)
committer Stig Bakken <ssb@php.net>
Sat, 6 Apr 2002 00:58:22 +0000 (00:58 +0000)
diff --git a/pear/PEAR/Common.php b/pear/PEAR/Common.php

index 320cc528e404cd5b52d6923376ced0d0384a8b1d..5ff230c4b2aab5ee7acb1881627cf2a4ffc28811 100644 (file)
--- a/pear/PEAR/Common.php
+++ b/pear/PEAR/Common.php
@@ -716,6 +716,7 @@ class PEAR_Common extends PEAR
       */
      function _makeReleaseXml($pkginfo, $changelog = false)
      {
+        // XXX QUOTE ENTITIES IN PCDATA, OR EMBED IN CDATA BLOCKS!!
          $indent = $changelog ? "  " : "";
          $ret = "$indent  <release>\n";
          if (!empty($pkginfo['version'])) {
@@ -731,7 +732,7 @@ class PEAR_Common extends PEAR
              $ret .= "$indent    <state>$pkginfo[release_state]</state>\n";
          }
          if (!empty($pkginfo['release_notes'])) {
-            $ret .= "$indent    <notes>$pkginfo[release_notes]</notes>\n";
+            $ret .= "$indent    <notes>".htmlspecialchars($pkginfo['release_notes'])."</notes>\n";
          }
          if (isset($pkginfo['release_deps']) && sizeof($pkginfo['release_deps']) > 0) {
              $ret .= "$indent    <deps>\n";
author	Stig Bakken <ssb@php.net>
	Sat, 6 Apr 2002 00:58:22 +0000 (00:58 +0000)
committer	Stig Bakken <ssb@php.net>
	Sat, 6 Apr 2002 00:58:22 +0000 (00:58 +0000)