Fixes #303: Escape html special chars when updating time entries (#304)

Author: daften

src/Redmine/Api/TimeEntry.php

@@ -114,7 +114,7 @@ public function update($id, array $params)
             if ('custom_fields' === $k && is_array($v)) {
                 $this->attachCustomFieldXML($xml, $v);
             } else {
-                $xml->addChild($k, $v);
+                $xml->addChild($k, htmlspecialchars($v));
             }
         }