Also, escape the library short name and call number labels in XML holdings.
The entityize() omission was killing marcxml-full unAPI output, but the
function is used heavily through the code base. Will test further before
backporting in case the angle brackets are manually escaped in other
uses.
git-svn-id: svn://svn.open-ils.org/ILS/trunk@14283
dcc99617-32d9-48b4-a31d-
7c20da2025e4
$string = NFC($string);
}
- # Convert raw ampersands to ampersand entities
+ # Convert raw ampersands and angle brackets to entities
$string =~ s/&(?!\S+;)/&/gso;
+ $string =~ s/</</gso;
+ $string =~ s/>/>/gso;
+ # Convert Unicode characters to entities
$string =~ s/([\x{0080}-\x{fffd}])/sprintf('&#x%X;',ord($1))/sgoe;
+
return $string;
}
my $xml = '<volume xmlns="http://open-ils.org/spec/holdings/v1" ';
$xml .= 'id="tag:open-ils.org:asset-call_number/' . $self->obj->id . '" ';
- $xml .= 'lib="' . $self->obj->owning_lib->shortname . '" ';
- $xml .= 'label="' . $self->obj->label . '">';
+ $xml .= 'lib="' . $self->escape( $self->obj->owning_lib->shortname ) . '" ';
+ $xml .= 'label="' . $self->escape( $self->obj->label ) . '">';
if (!$args->{no_copies}) {
if (ref($self->obj->copies) && @{ $self->obj->copies }) {
projects / contrib / Conifer.git / commitdiff