Use htmlspecialchars() not htmlentities in xml export for validity

htmlentities() can output entity references that are invalid in XML.
Use htmlspecialchars() instead.

Additionally, cast user-id to int for phan-taint-check

Bug: T216348
Change-Id: Idf781f5a3ffc3c6463969b3f5af63f0f08ae837c

diff --git a/includes/export/WikiExporter.php b/includes/export/WikiExporter.php
index e6b9719..88282bd 100644 (file)
--- a/includes/export/WikiExporter.php
+++ b/includes/export/WikiExporter.php
@@ -233,10 +233,10 @@ class WikiExporter {
                foreach ( $res as $row ) {
                        $this->author_list .= "<contributor>" .
                                "<username>" .
-                               htmlentities( $row->rev_user_text ) .
+                               htmlspecialchars( $row->rev_user_text ) .
                                "</username>" .
                                "<id>" .
-                               $row->rev_user .
+                               ( (int)$row->rev_user ) .
                                "</id>" .
                                "</contributor>";
                }