faultString in xmlrpc responses is not properly escaped
|Reported by:||josephscott||Owned by:||josephscott|
The xmlrpc spec indicates that < and & be encoded as < and & in strings. When an error is returned from an xmlrpc call the IXR class doesn't attempt to encode these as it does with regular string values.
I'm inclined to have IXR make use of htmlspecialchars() for this as it does for regular string values.