escape the XML special characters

diff --git a/Changes b/Changes
index e362b8e..060a1a6 100644 (file)
--- a/Changes
+++ b/Changes
@@ -15,3 +15,7 @@
 0.05 Sun Jun 27 16:54:23 EDT 2010
    -  Correct de-nastification to handle single item dt_assoc
       (eg belongs_to_rsp response)
+
+0.06 Thu Sep 16 00:21:06 EDT 2010
+   -  escape the XML special characters
+

diff --git a/lib/Net/OpenSRS.pm b/lib/Net/OpenSRS.pm
index 07f2e3e..34303ab 100644 (file)
--- a/lib/Net/OpenSRS.pm
+++ b/lib/Net/OpenSRS.pm
@@ -150,7 +150,7 @@ use XML::Simple;
 use Digest::MD5;
 use Date::Calc qw/ Add_Delta_Days Today This_Year /;
 
-our $VERSION = '0.05';
+our $VERSION = '0.06';
 my $rv;
 *hash = \&Digest::MD5::md5_hex;
 
@@ -1194,6 +1194,24 @@ XML
     return $self->last_response(1);
 }
 
+# encode special characters
+
+my %encode_hash = (
+  '<' => '&lt;',
+  '>' => '&gt;',
+  "'" => '&apos;',
+  '"' => '&quot;',
+  '&' => '&amp;',
+);
+
+sub _encode
+{
+  my $arg = shift;
+  return $arg unless ($arg =~/\<|\>|\'|\"|\&/);
+  $arg =~ s/(\<|\>|\'|\"|\&)/$encode_hash{$1}/ge;
+  $arg
+}
+
 # format perl structs into opensrs XML
 sub _format
 {
@@ -1207,7 +1225,7 @@ sub _format
         my $c = 0;
         $xml .= "$sp<item key=\"$_\">\n";
         $xml .= "$sp  <dt_array>\n";
-        foreach (sort @$val) {
+        foreach (map { _encode($_) } sort @$val) {
             $xml .= "$sp    <item key=\"$c\">$_</item>\n";
             $c++;
         }
@@ -1226,6 +1244,7 @@ sub _format
     }
 
     else {
+        $val = _encode($val);
         $xml .= "$sp<item key=\"$_\">$val</item>\n";
     }