From a51626840e660ef771658f2de7342bf1fb0333b9 Mon Sep 17 00:00:00 2001
From: Christian Hieke <christian.hieke@googlemail.com>
Date: Thu, 24 Nov 2011 10:09:35 +0100
Subject: [PATCH] Escape special characters in XML.

Fixes #2188.
---
 lib/Cake/Utility/Xml.php | 11 ++++++++++-
 1 file changed, 10 insertions(+), 1 deletion(-)

diff --git a/lib/Cake/Utility/Xml.php b/lib/Cake/Utility/Xml.php
index 965d0516f..ee9bfe90b 100644
--- a/lib/Cake/Utility/Xml.php
+++ b/lib/Cake/Utility/Xml.php
@@ -200,7 +200,16 @@ class Xml {
 						continue;
 					}
 					if ($key[0] !== '@' && $format === 'tags') {
-						$child = $dom->createElement($key, $value);
+						$child = null;
+						if (!is_numeric($value)) {
+							// Escape special characters
+							// http://www.w3.org/TR/REC-xml/#syntax
+							// https://bugs.php.net/bug.php?id=36795
+							$child = $dom->createElement($key, '');
+							$child->appendChild(new DOMText($value));
+						} else {
+							$child = $dom->createElement($key, $value);
+						}
 						$node->appendChild($child);
 					} else {
 						if ($key[0] === '@') {