From: Stig Bakken <ssb@php.net>
Date: Sat, 6 Apr 2002 00:58:22 +0000 (+0000)
Subject: * forgot htmlspecialchars in release notes
X-Git-Tag: php-4.3.0dev-ZendEngine2-Preview1~853
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=de1f6319ec48f11547b6377620a89146f11dbdf7;p=php

* forgot htmlspecialchars in release notes
---

diff --git a/pear/PEAR/Common.php b/pear/PEAR/Common.php
index 320cc528e4..5ff230c4b2 100644
--- a/pear/PEAR/Common.php
+++ b/pear/PEAR/Common.php
@@ -716,6 +716,7 @@ class PEAR_Common extends PEAR
      */
     function _makeReleaseXml($pkginfo, $changelog = false)
     {
+        // XXX QUOTE ENTITIES IN PCDATA, OR EMBED IN CDATA BLOCKS!!
         $indent = $changelog ? "  " : "";
         $ret = "$indent  <release>\n";
         if (!empty($pkginfo['version'])) {
@@ -731,7 +732,7 @@ class PEAR_Common extends PEAR
             $ret .= "$indent    <state>$pkginfo[release_state]</state>\n";
         }
         if (!empty($pkginfo['release_notes'])) {
-            $ret .= "$indent    <notes>$pkginfo[release_notes]</notes>\n";
+            $ret .= "$indent    <notes>".htmlspecialchars($pkginfo['release_notes'])."</notes>\n";
         }
         if (isset($pkginfo['release_deps']) && sizeof($pkginfo['release_deps']) > 0) {
             $ret .= "$indent    <deps>\n";