diff options
| author | Stanislau Wolski <stanislau.wolski@gmail.com> | 2014-01-21 15:56:20 +0300 |
|---|---|---|
| committer | Stanislau Wolski <stanislau.wolski@gmail.com> | 2014-01-21 15:56:20 +0300 |
| commit | 2c4f45027eda94f95b96b6d6563893613c125748 (patch) | |
| tree | 1c0017b3850fe3f2be249fdce73d2046e5f190e4 /codebase | |
| parent | 7037dcc6e75b2fef58d4af154ed5efb9b8da5f74 (diff) | |
| download | connector-php-2c4f45027eda94f95b96b6d6563893613c125748.zip connector-php-2c4f45027eda94f95b96b6d6563893613c125748.tar.gz connector-php-2c4f45027eda94f95b96b6d6563893613c125748.tar.bz2 | |
[fix] dataprocessor response attributes not escaped
Diffstat (limited to 'codebase')
| -rw-r--r-- | codebase/dataprocessor.php | 14 |
1 files changed, 13 insertions, 1 deletions
diff --git a/codebase/dataprocessor.php b/codebase/dataprocessor.php index 98ea63a..89a4460 100644 --- a/codebase/dataprocessor.php +++ b/codebase/dataprocessor.php @@ -488,11 +488,23 @@ class DataAction{ function to_xml(){
$str="<action type='{$this->status}' sid='{$this->id}' tid='{$this->nid}' ";
foreach ($this->attrs as $k => $v) {
- $str.=$k."='".$v."' ";
+ $str.=$k."='".$this->xmlentities($v)."' ";
}
$str.=">{$this->output}</action>";
return $str;
}
+
+ /*! replace xml unsafe characters
+
+ @param string
+ string to be escaped
+ @return
+ escaped string
+ */
+ public function xmlentities($string) {
+ return str_replace( array( '&', '"', "'", '<', '>', '’' ), array( '&' , '"', ''' , '<' , '>', ''' ), $string);
+ }
+
/*! convert self to string ( for logs )
@return
|