* htmlspecialchars doesn't take care of apostrophes, so attributes should be quoted.

git-svn-id: svn://netflint.net/xmpphp@77 ef36c318-a008-4979-b6e8-6b496270793b
This commit is contained in:
fritzy 2009-07-26 17:09:57 +00:00
parent b576ef97bd
commit 1e76ca74de

View File

@ -171,7 +171,7 @@ class XMPPHP_XMPP extends XMPPHP_XMLStream {
$body = htmlspecialchars($body); $body = htmlspecialchars($body);
$subject = htmlspecialchars($subject); $subject = htmlspecialchars($subject);
$out = "<message from='{$this->fulljid}' to='$to' type='$type'>"; $out = "<message from=\"{$this->fulljid}\" to=\"$to\" type='$type'>";
if($subject) $out .= "<subject>$subject</subject>"; if($subject) $out .= "<subject>$subject</subject>";
$out .= "<body>$body</body>"; $out .= "<body>$body</body>";
if($payload) $out .= $payload; if($payload) $out .= $payload;
@ -194,7 +194,7 @@ class XMPPHP_XMPP extends XMPPHP_XMLStream {
if($show == 'unavailable') $type = 'unavailable'; if($show == 'unavailable') $type = 'unavailable';
$out = "<presence"; $out = "<presence";
if($to) $out .= " to='$to'"; if($to) $out .= " to=\"$to\"";
if($type) $out .= " type='$type'"; if($type) $out .= " type='$type'";
if($show == 'available' and !$status) { if($show == 'available' and !$status) {
$out .= "/>"; $out .= "/>";