/**
* Converts $text into safe XML text
*
* @param string $text
* @return string
*/
function safe_xml($text, $to_utf8 = false)
{
$out = '';
$pos = 0;
while (($pos = strpos($text, '&')) !== false) {
if (preg_match('/^&([^ <>;&]+);/', substr($text, $pos), $m)) {
$out .= htmlspecialchars(substr($text, 0, $pos), ENT_NOQUOTES) . "&{$m[1]};";
$text = substr($text, $pos + 2 + strlen($m[1]));
continue;
}
$out .= htmlspecialchars(substr($text, 0, $pos + 1));
$text = substr($text, $pos + 1);
}
$out = Ent::replace_html($out . htmlspecialchars($text, ENT_NOQUOTES));
return $to_utf8 ? utf8_encode($out) : $out;
}
