Also escape call number in responses
authorJeff Godin <jgodin@tadl.org>
Fri, 21 Mar 2014 17:09:23 +0000 (13:09 -0400)
committerJeff Godin <jgodin@tadl.org>
Thu, 15 May 2014 18:49:43 +0000 (14:49 -0400)
Also escape call number value in XML responses.

Still a strong desire to move away from heredocs for generating xml.

Signed-off-by: Jeff Godin <jgodin@tadl.org>
iNCIPit.cgi

index 9a45e0a..6c793c4 100644 (file)
@@ -869,10 +869,11 @@ sub item_request {
         }
     }
 
-    # Avoid generating invalid XML responses by encoding title/author
+    # Avoid generating invalid XML responses by encoding title/author/callnumber
     # TODO: Move away from heredocs for generating XML
        $title  = HTML::Entities::encode($title);
        $author = HTML::Entities::encode($author);
+       $callnumber = HTML::Entities::encode($callnumber);
 
     my $hd = <<ITEMREQ;
 Content-type: text/xml