1 files changed, 20 insertions, 19 deletions

diff --git a/rh-bin/listdropboxes.cgi b/rh-bin/listdropboxes.cgi
index 53da91b..b30ff50 100755
--- a/rh-bin/listdropboxes.cgi
+++ b/rh-bin/listdropboxes.cgi
@@ -22,6 +22,7 @@
 
 use strict;
 use CGI;
+use XML::Quote;
 use RHRD::rddb;
 
 my $status = 'ERROR';
@@ -58,33 +59,33 @@ print "Content-type: application/xml; charset=UTF-8\n\n";
 
 if($responsecode != 200) {
   print "<RDWebResult>\n";
-  print "  <ResponseCode>" . $responsecode . "</ResponseCode>\n";
-  print "  <ErrorString>" . $errorstring . "</ErrorString>\n";
+  print "  <ResponseCode>" . xml_quote($responsecode) . "</ResponseCode>\n";
+  print "  <ErrorString>" . xml_quote($errorstring) . "</ErrorString>\n";
   print "</RDWebResult>\n";
 } else {
   print "<dropboxList>\n";
   for my $href (@dropboxes) {
     print "  <dropbox>\n";
-    print "    <group>" . $href->{'GROUP'} . "</group>\n";
-    print "    <group-description>" . $href->{'GROUPDESC'} . "</group-description>\n";
-    print "    <group-low-cart>" . $href->{'GROUPLOWCART'} . "</group-low-cart>\n";
-    print "    <group-high-cart>" . $href->{'GROUPHIGHCART'} . "</group-high-cart>\n";
-    print "    <normalization-level>" . $href->{'NORMLEVEL'} . "</normalization-level>\n";
-    print "    <autotrim-level>" . $href->{'TRIMLEVEL'} . "</autotrim-level>\n";
-    print "    <parameters>" . $href->{'PARAM'} . "</parameters>\n";
-    print "    <type>" . $href->{'TYPE'} . "</type>\n";
+    print "    <group>" . xml_quote($href->{'GROUP'}) . "</group>\n";
+    print "    <group-description>" . xml_quote($href->{'GROUPDESC'}) . "</group-description>\n";
+    print "    <group-low-cart>" . xml_quote($href->{'GROUPLOWCART'}) . "</group-low-cart>\n";
+    print "    <group-high-cart>" . xml_quote($href->{'GROUPHIGHCART'}) . "</group-high-cart>\n";
+    print "    <normalization-level>" . xml_quote($href->{'NORMLEVEL'}) . "</normalization-level>\n";
+    print "    <autotrim-level>" . xml_quote($href->{'TRIMLEVEL'}) . "</autotrim-level>\n";
+    print "    <parameters>" . xml_quote($href->{'PARAM'}) . "</parameters>\n";
+    print "    <type>" . xml_quote($href->{'TYPE'}) . "</type>\n";
     if($href->{'TYPE'} eq "show") {
-      print "    <show-id>" . $href->{'SHOWID'} . "</show-id>\n";
-      print "    <show-title>" . $href->{'SHOWTITLE'} . "</show-title>\n";
-      print "    <show-log>" . $href->{'SHOWLOG'} . "</show-log>\n";
-      print "    <show-rhythm>" . $href->{'SHOWRHYTHM'} . "</show-rhythm>\n";
-      print "    <show-dayofweek>" . $href->{'SHOWDOW'} . "</show-dayofweek>\n";
-      print "    <show-starttime>" . $href->{'SHOWSTARTTIME'} . "</show-starttime>\n";
-      print "    <show-length>" . $href->{'SHOWLEN'} . "</show-length>\n";
+      print "    <show-id>" . xml_quote($href->{'SHOWID'}) . "</show-id>\n";
+      print "    <show-title>" . xml_quote($href->{'SHOWTITLE'}) . "</show-title>\n";
+      print "    <show-log>" . xml_quote($href->{'SHOWLOG'}) . "</show-log>\n";
+      print "    <show-rhythm>" . xml_quote($href->{'SHOWRHYTHM'}) . "</show-rhythm>\n";
+      print "    <show-dayofweek>" . xml_quote($href->{'SHOWDOW'}) . "</show-dayofweek>\n";
+      print "    <show-starttime>" . xml_quote($href->{'SHOWSTARTTIME'}) . "</show-starttime>\n";
+      print "    <show-length>" . xml_quote($href->{'SHOWLEN'}) . "</show-length>\n";
     } elsif($href->{'TYPE'} eq "jingle") {
-      print "    <jingle-title>" . $href->{'JINGLETITLE'} . "</jingle-title>\n";
+      print "    <jingle-title>" . xml_quote($href->{'JINGLETITLE'}) . "</jingle-title>\n";
     } elsif($href->{'TYPE'} eq "musicpool") {
-      print "    <musicpool-title>" . $href->{'MUSICPOOLTITLE'} . "</musicpool-title>\n";
+      print "    <musicpool-title>" . xml_quote($href->{'MUSICPOOLTITLE'}) . "</musicpool-title>\n";
     }
     print "  </dropbox>\n";
   }