From e1a1b1b1cf26d8fc62aed953ce5811d7a86b89da Mon Sep 17 00:00:00 2001
From: Andrey Grinenko <andrey012@gmail.com>
Date: Fri, 20 Feb 2015 23:49:54 +0300
Subject: [PATCH] minor tweaks: treat XML as editable file use htmlentities to
 escape textarea content

---
 lib/file-control.php | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/lib/file-control.php b/lib/file-control.php
index d7be68a..0e07ba9 100644
--- a/lib/file-control.php
+++ b/lib/file-control.php
@@ -82,11 +82,11 @@ if ($_GET['action']=="load") {
 			if (array_search($fileExt,array("gif","jpg","jpeg","png"))!==false) {$finfo = "image";};
 			if (array_search($fileExt,array("doc","docx","ppt","rtf","pdf","zip","tar","gz","swf","asx","asf","midi","mp3","wav","aiff","mov","qt","wmv","mp4","odt","odg","odp"))!==false) {$finfo = "other";};
 		}
-		if (strpos($finfo,"text")===0 || strpos($finfo,"empty")!==false) {
+		if (strpos($finfo,"text")===0 || strpos($finfo, "application/xml")===0 || strpos($finfo,"empty")!==false) {
 			echo 'fileType="text";';
 			echo 'top.ICEcoder.shortURL = top.ICEcoder.thisFileFolderLink = "'.$fileLoc."/".$fileName.'";';
 			$loadedFile = toUTF8noBOM(file_get_contents($file,false,$context),true);
-			echo '</script><textarea name="loadedFile" id="loadedFile">'.str_replace("</textarea>","<ICEcoder:/:textarea>",str_replace("&","&amp;",$loadedFile)).'</textarea><script>';
+			echo '</script><textarea name="loadedFile" id="loadedFile">'.htmlentities($loadedFile).'</textarea><script>';
 			// Run our custom processes
 			include_once("../processes/on-file-load.php");
 		} else if (strpos($finfo,"image")===0) {