I missed using ENT_NOQUOTES since XML only needs & and <> to be replaced in tags, spotted by @mkuron
@@ -22,7 +22,7 @@ try {
$stmt = $pdo->prepare("SELECT `name` FROM `mailbox` WHERE `username`= :username");
$stmt->execute(array(':username' => $email));
$MailboxData = $stmt->fetch(PDO::FETCH_ASSOC);
- $displayname = htmlspecialchars(empty($MailboxData['name']) ? $email : $MailboxData['name']);
+ $displayname = htmlspecialchars(empty($MailboxData['name']) ? $email : $MailboxData['name'], ENT_NOQUOTES);
}
catch(PDOException $e) {
$displayname = $email;
emericklaw