XML escape for templateprocessor setValue

[evotodi]

PHPWord Version 0.12.0
Setting a value with an & in the string will cause Word to think the document is corrupt.

Add the below function to TemplateProcessor.php:
/**
* @param string $string
* @return string
*/
private function xmlEscape($string) {
return str_replace(array('&', '<', '>', '\'', '"'), array('&amp;', '&lt;', '&gt;', '&apos;', '&quot;'), $string);
}

Add this to the first line of public function setValue in TemplateProcessor.php:
$replace = $this->xmlEscape($replace);

[pv451]

Actually you may just call setValue as it done in samples setValue('some',htmlspecialchars($some));

#671 (comment).

[SadPencil]

@pv451 I don't agree. Take an example, ￠£¥€§©®™×÷
these character shouldn't be converted to html entities.
Only "'&<> should be converted.
htmlentities() is not suitable. str_replace()is better.