MDL-14137, replace htmlentities with htmlspecialchars, merged from MOODLE_19_STABLE

diff --git a/mod/data/lib.php b/mod/data/lib.php
index 53ba3293361add9f4de53d74d925d594f08f2a98..750b42343546874950300a63f60a8f2ad8bd60e6 100755 (executable)
--- a/mod/data/lib.php
+++ b/mod/data/lib.php
@@ -1812,7 +1812,7 @@ function data_presets_export($course, $cm, $data) {
 
     $presetxml .= "<settings>\n";
     foreach ($settingssaved as $setting) {
-        $presetxml .= "<$setting>".htmlentities($data->$setting)."</$setting>\n";
+        $presetxml .= "<$setting>".htmlspecialchars($data->$setting, ENT_QUOTES)."</$setting>\n";
     }
     $presetxml .= "</settings>\n\n";
 
@@ -1822,7 +1822,7 @@ function data_presets_export($course, $cm, $data) {
             $presetxml .= "<field>\n";
             foreach ($field as $key => $value) {
                 if ($value != '' && $key != 'id' && $key != 'dataid') {
-                    $presetxml .= "<$key>".htmlentities($value)."</$key>\n";
+                    $presetxml .= "<$key>".htmlspecialchars($value, ENT_QUOTES)."</$key>\n";
                 }
             }
             $presetxml .= "</field>\n\n";