[open-ils-commits] r14283 - trunk/Open-ILS/src/perlmods/OpenILS/Application (dbs)

svn at svn.open-ils.org svn at svn.open-ils.org
Tue Oct 6 13:15:17 EDT 2009 

Author: dbs
Date: 2009-10-06 13:15:13 -0400 (Tue, 06 Oct 2009)
New Revision: 14283

Modified:
   trunk/Open-ILS/src/perlmods/OpenILS/Application/AppUtils.pm
   trunk/Open-ILS/src/perlmods/OpenILS/Application/SuperCat.pm
Log:
Extend entityize() escaping behaviour to also convert raw angle brackets to entities.

Also, escape the library short name and call number labels in XML holdings.

The entityize() omission was killing marcxml-full unAPI output, but the
function is used heavily through the code base. Will test further before
backporting in case the angle brackets are manually escaped in other
uses.


Modified: trunk/Open-ILS/src/perlmods/OpenILS/Application/AppUtils.pm
===================================================================
--- trunk/Open-ILS/src/perlmods/OpenILS/Application/AppUtils.pm	2009-10-06 17:12:59 UTC (rev 14282)
+++ trunk/Open-ILS/src/perlmods/OpenILS/Application/AppUtils.pm	2009-10-06 17:15:13 UTC (rev 14283)
@@ -1381,10 +1381,14 @@
 		$string = NFC($string);
 	}
 
-	# Convert raw ampersands to ampersand entities
+	# Convert raw ampersands and angle brackets to entities
 	$string =~ s/&(?!\S+;)/&/gso;
+	$string =~ s/</&lt;/gso;
+	$string =~ s/>/&gt;/gso;
 
+	# Convert Unicode characters to entities
 	$string =~ s/([\x{0080}-\x{fffd}])/sprintf('&#x%X;',ord($1))/sgoe;
+
 	return $string;
 }
 

Modified: trunk/Open-ILS/src/perlmods/OpenILS/Application/SuperCat.pm
===================================================================
--- trunk/Open-ILS/src/perlmods/OpenILS/Application/SuperCat.pm	2009-10-06 17:12:59 UTC (rev 14282)
+++ trunk/Open-ILS/src/perlmods/OpenILS/Application/SuperCat.pm	2009-10-06 17:15:13 UTC (rev 14283)
@@ -1724,8 +1724,8 @@
     my $xml = '<volume xmlns="http://open-ils.org/spec/holdings/v1" ';
 
     $xml .= 'id="tag:open-ils.org:asset-call_number/' . $self->obj->id . '" ';
-    $xml .= 'lib="' . $self->obj->owning_lib->shortname . '" ';
-    $xml .= 'label="' . $self->obj->label . '">';
+    $xml .= 'lib="' . $self->escape( $self->obj->owning_lib->shortname ) . '" ';
+    $xml .= 'label="' . $self->escape( $self->obj->label ) . '">';
 
     if (!$args->{no_copies}) {
         if (ref($self->obj->copies) && @{ $self->obj->copies }) {

More information about the open-ils-commits mailing list