#5666 closed defect (bug) (fixed)
faultString in xmlrpc responses is not properly escaped
Reported by: | josephscott | Owned by: | josephscott |
---|---|---|---|
Milestone: | 2.5.1 | Priority: | normal |
Severity: | normal | Version: | 2.3.2 |
Component: | XML-RPC | Keywords: | has-patch |
Focuses: | Cc: |
Description
The xmlrpc spec indicates that < and & be encoded as < and & in strings. When an error is returned from an xmlrpc call the IXR class doesn't attempt to encode these as it does with regular string values.
I'm inclined to have IXR make use of htmlspecialchars() for this as it does for regular string values.
Attachments (1)
Note: See
TracTickets for help on using
tickets.
Provide patch to the XML-RPC library (IXR) for escaping error text.