From 2aedff65649b4601d5998696fac2ccf33ff1ba9b Mon Sep 17 00:00:00 2001
From: Christian Pointner <equinox@helsinki.at>
Date: Tue, 28 Jul 2015 21:41:34 +0200
Subject: use external lib for xml quoting


diff --git a/README b/README
index 30c0845..997eebb 100644
--- a/README
+++ b/README
@@ -30,7 +30,7 @@ LICENSE
 Installation
 ============
 
-# sudo aptitude install apache2 libapache2-mod-perl2 libconfig-inifiles-perl libdbd-mysql-perl libjson-pp-perl librhrd-perl libjs-jquery rivendell-server
+# sudo aptitude install apache2 libapache2-mod-perl2 libconfig-inifiles-perl libdbd-mysql-perl libjson-pp-perl libxml-quote-perl librhrd-perl libjs-jquery rivendell-server
 # sudo a2enmod ssl authnz_ldap perl proxy_wstunnel
 # sudo /etc/init.d/apache2 restart
 
diff --git a/rh-bin/listdropboxes.cgi b/rh-bin/listdropboxes.cgi
index 53da91b..b30ff50 100755
--- a/rh-bin/listdropboxes.cgi
+++ b/rh-bin/listdropboxes.cgi
@@ -22,6 +22,7 @@
 
 use strict;
 use CGI;
+use XML::Quote;
 use RHRD::rddb;
 
 my $status = 'ERROR';
@@ -58,33 +59,33 @@ print "Content-type: application/xml; charset=UTF-8\n\n";
 
 if($responsecode != 200) {
   print "<RDWebResult>\n";
-  print "  <ResponseCode>" . $responsecode . "</ResponseCode>\n";
-  print "  <ErrorString>" . $errorstring . "</ErrorString>\n";
+  print "  <ResponseCode>" . xml_quote($responsecode) . "</ResponseCode>\n";
+  print "  <ErrorString>" . xml_quote($errorstring) . "</ErrorString>\n";
   print "</RDWebResult>\n";
 } else {
   print "<dropboxList>\n";
   for my $href (@dropboxes) {
     print "  <dropbox>\n";
-    print "    <group>" . $href->{'GROUP'} . "</group>\n";
-    print "    <group-description>" . $href->{'GROUPDESC'} . "</group-description>\n";
-    print "    <group-low-cart>" . $href->{'GROUPLOWCART'} . "</group-low-cart>\n";
-    print "    <group-high-cart>" . $href->{'GROUPHIGHCART'} . "</group-high-cart>\n";
-    print "    <normalization-level>" . $href->{'NORMLEVEL'} . "</normalization-level>\n";
-    print "    <autotrim-level>" . $href->{'TRIMLEVEL'} . "</autotrim-level>\n";
-    print "    <parameters>" . $href->{'PARAM'} . "</parameters>\n";
-    print "    <type>" . $href->{'TYPE'} . "</type>\n";
+    print "    <group>" . xml_quote($href->{'GROUP'}) . "</group>\n";
+    print "    <group-description>" . xml_quote($href->{'GROUPDESC'}) . "</group-description>\n";
+    print "    <group-low-cart>" . xml_quote($href->{'GROUPLOWCART'}) . "</group-low-cart>\n";
+    print "    <group-high-cart>" . xml_quote($href->{'GROUPHIGHCART'}) . "</group-high-cart>\n";
+    print "    <normalization-level>" . xml_quote($href->{'NORMLEVEL'}) . "</normalization-level>\n";
+    print "    <autotrim-level>" . xml_quote($href->{'TRIMLEVEL'}) . "</autotrim-level>\n";
+    print "    <parameters>" . xml_quote($href->{'PARAM'}) . "</parameters>\n";
+    print "    <type>" . xml_quote($href->{'TYPE'}) . "</type>\n";
     if($href->{'TYPE'} eq "show") {
-      print "    <show-id>" . $href->{'SHOWID'} . "</show-id>\n";
-      print "    <show-title>" . $href->{'SHOWTITLE'} . "</show-title>\n";
-      print "    <show-log>" . $href->{'SHOWLOG'} . "</show-log>\n";
-      print "    <show-rhythm>" . $href->{'SHOWRHYTHM'} . "</show-rhythm>\n";
-      print "    <show-dayofweek>" . $href->{'SHOWDOW'} . "</show-dayofweek>\n";
-      print "    <show-starttime>" . $href->{'SHOWSTARTTIME'} . "</show-starttime>\n";
-      print "    <show-length>" . $href->{'SHOWLEN'} . "</show-length>\n";
+      print "    <show-id>" . xml_quote($href->{'SHOWID'}) . "</show-id>\n";
+      print "    <show-title>" . xml_quote($href->{'SHOWTITLE'}) . "</show-title>\n";
+      print "    <show-log>" . xml_quote($href->{'SHOWLOG'}) . "</show-log>\n";
+      print "    <show-rhythm>" . xml_quote($href->{'SHOWRHYTHM'}) . "</show-rhythm>\n";
+      print "    <show-dayofweek>" . xml_quote($href->{'SHOWDOW'}) . "</show-dayofweek>\n";
+      print "    <show-starttime>" . xml_quote($href->{'SHOWSTARTTIME'}) . "</show-starttime>\n";
+      print "    <show-length>" . xml_quote($href->{'SHOWLEN'}) . "</show-length>\n";
     } elsif($href->{'TYPE'} eq "jingle") {
-      print "    <jingle-title>" . $href->{'JINGLETITLE'} . "</jingle-title>\n";
+      print "    <jingle-title>" . xml_quote($href->{'JINGLETITLE'}) . "</jingle-title>\n";
     } elsif($href->{'TYPE'} eq "musicpool") {
-      print "    <musicpool-title>" . $href->{'MUSICPOOLTITLE'} . "</musicpool-title>\n";
+      print "    <musicpool-title>" . xml_quote($href->{'MUSICPOOLTITLE'}) . "</musicpool-title>\n";
     }
     print "  </dropbox>\n";
   }
-- 
cgit v0.10.2