diff -ruN /home/dan/moodle/moodle/backup/backuplib.php ./backup/backuplib.php
--- /home/dan/moodle/moodle/backup/backuplib.php	2008-01-17 15:09:39.000000000 +0000
+++ ./backup/backuplib.php	2008-01-21 22:13:57.000000000 +0000
@@ -460,18 +460,6 @@
         return $st.$co.$et;
     }
 
-
-    function xml_tag_safe_content($content) {
-        global $CFG;
-        //If enabled, we strip all the control chars (\x0-\x1f) from the text but tabs (\x9),
-        //newlines (\xa) and returns (\xd). The delete control char (\x7f) is also included.
-        //because they are forbiden in XML 1.0 specs. The expression below seems to be
-        //UTF-8 safe too because it simply ignores the rest of characters.
-        $content = preg_replace("/[\x-\x8\xb-\xc\xe-\x1f\x7f]/is","",$content);
-        $content = preg_replace("/\r\n|\r/", "\n", htmlspecialchars($content));
-        return $content;
-    }
-
     //Prints General info about the course
     //name, moodle_version (internal and release), backup_version, date, info in file...
     function backup_general_info ($bf,$preferences) {
diff -ruN /home/dan/moodle/moodle/lib/weblib.php ./lib/weblib.php
--- /home/dan/moodle/moodle/lib/weblib.php	2008-01-21 15:55:08.000000000 +0000
+++ ./lib/weblib.php	2008-01-21 22:18:03.000000000 +0000
@@ -6972,6 +6972,23 @@
     return ($inpopup);
 }
 
+/**
+ * Returns a string safe to be used within an xml file
+ *
+ * We strip all the control chars (\x0-\x1f) from the text but tabs (\x9),
+ * newlines (\xa) and returns (\xd). The delete control char (\x7f) is also included.
+ * because they are forbiden in XML 1.0 specs. The expression below seems to be
+ * UTF-8 safe too because it simply ignores the rest of characters.
+ *
+ * @param string content which is to be used within xml 
+ * @return string xml safe string 
+ *
+ */
+function xml_tag_safe_content($content) {
+    $content = preg_replace("/[\x-\x8\xb-\xc\xe-\x1f\x7f]/is","",$content);
+    $content = preg_replace("/\r\n|\r/", "\n", htmlspecialchars($content));
+    return $content;
+}
 
 // vim:autoindent:expandtab:shiftwidth=4:tabstop=4:tw=140:
 ?>
diff -ruN /home/dan/moodle/moodle/mod/data/lib.php ./mod/data/lib.php
--- /home/dan/moodle/moodle/mod/data/lib.php	2008-01-17 15:10:11.000000000 +0000
+++ ./mod/data/lib.php	2008-01-21 22:18:05.000000000 +0000
@@ -1827,7 +1827,9 @@
 
     $presetxml .= "<settings>\n";
     foreach ($settingssaved as $setting) {
-        $presetxml .= "<$setting>{$data->$setting}</$setting>\n";
+        $presetxml.= '<'.xml_tag_safe_content($setting).'>';
+        $presetxml.= xml_tag_safe_content($data->$setting);
+        $presetxml.= '</'.xml_tag_safe_content($setting).">\n";
     }
     $presetxml .= "</settings>\n\n";
 
@@ -1837,7 +1839,9 @@
             $presetxml .= "<field>\n";
             foreach ($field as $key => $value) {
                 if ($value != '' && $key != 'id' && $key != 'dataid') {
-                    $presetxml .= "<$key>$value</$key>\n";
+                    $presetxml.= '<'.xml_tag_safe_content($key).'>';
+                    $presetxml.= xml_tag_safe_content($value);
+                    $presetxml.= '</'.xml_tag_safe_content($key).">\n";
                 }
             }
             $presetxml .= "</field>\n\n";