* htmlspecialchars doesn't take care of apostrophes, so attributes should be quoted.

git-svn-id: svn://netflint.net/xmpphp@77 ef36c318-a008-4979-b6e8-6b496270793b
This commit is contained in:
fritzy 2009-07-26 17:09:57 +00:00
parent b576ef97bd
commit 1e76ca74de

View File

@ -171,7 +171,7 @@ class XMPPHP_XMPP extends XMPPHP_XMLStream {
$body = htmlspecialchars($body);
$subject = htmlspecialchars($subject);
$out = "<message from='{$this->fulljid}' to='$to' type='$type'>";
$out = "<message from=\"{$this->fulljid}\" to=\"$to\" type='$type'>";
if($subject) $out .= "<subject>$subject</subject>";
$out .= "<body>$body</body>";
if($payload) $out .= $payload;
@ -194,7 +194,7 @@ class XMPPHP_XMPP extends XMPPHP_XMLStream {
if($show == 'unavailable') $type = 'unavailable';
$out = "<presence";
if($to) $out .= " to='$to'";
if($to) $out .= " to=\"$to\"";
if($type) $out .= " type='$type'";
if($show == 'available' and !$status) {
$out .= "/>";