If I add html_page_top() and html_page_bottom() to line 628 and 634 in access_api.php, at the access_denied function, then the xml parse error goes but the page cannot redirect anymore.

+html_page_top( null, $result ? $t_redirect_url : null );

echo '<p class="center">' . error_string( ERROR_ACCESS_DENIED ) . '
';

echo '<p class="center">';

print_bracket_link( helper_mantis_url( 'main_page.php' ), lang_get( 'proceed' ) );

echo '
';

+html_page_bottom();

I was not able to reproduce this issue on the master branch.

which is normal if you're using my 13x branch as I fixed it there