[Koha-patches] [PATCH 3/3] bug 5301: improve escaping of XML characters in bib output
Galen Charlton
gmcharlt at gmail.com
Wed Oct 27 14:24:04 CEST 2010
<, >, ', or " in an item call number will no longer make
the bib displays break when using XSLT mode.
Added a new routine to C4::Koha, xml_escape(), to implement
converting &, <, >, ', and " to their corresponding
entities.
Patch loosely based on work done by Daniel Latrémolière <daniel.latremoliere at bulac.fr>
Signed-off-by: Galen Charlton <gmcharlt at gmail.com>
---
C4/Koha.pm | 20 ++++++++++++++++++++
C4/XSLT.pm | 5 ++---
t/Koha.t | 8 +++++++-
3 files changed, 29 insertions(+), 4 deletions(-)
diff --git a/C4/Koha.pm b/C4/Koha.pm
index dc2bcfa..bd5f5e7 100644
--- a/C4/Koha.pm
+++ b/C4/Koha.pm
@@ -61,6 +61,7 @@ BEGIN {
&GetNormalizedISBN
&GetNormalizedEAN
&GetNormalizedOCLCNumber
+ &xml_escape
$DEBUG
);
@@ -1190,6 +1191,25 @@ sub GetKohaAuthorisedValuesFromField {
}
}
+=head2 xml_escape
+
+ my $escaped_string = C4::Koha::xml_escape($string);
+
+Convert &, <, >, ', and " in a string to XML entities
+
+=cut
+
+sub xml_escape {
+ my $str = shift;
+ return '' unless defined $str;
+ $str =~ s/&/&/g;
+ $str =~ s/</</g;
+ $str =~ s/>/>/g;
+ $str =~ s/'/'/g;
+ $str =~ s/"/"/g;
+ return $str;
+}
+
=head2 display_marc_indicators
my $display_form = C4::Koha::display_marc_indicators($field);
diff --git a/C4/XSLT.pm b/C4/XSLT.pm
index 1c45e44..ddc9077 100644
--- a/C4/XSLT.pm
+++ b/C4/XSLT.pm
@@ -210,9 +210,8 @@ sub buildKohaItemsNamespace {
} else {
$status = "available";
}
- my $homebranch = $branches->{$item->{homebranch}}->{'branchname'};
- my $itemcallnumber = $item->{itemcallnumber} || '';
- $itemcallnumber =~ s/\&/\&\;/g;
+ my $homebranch = xml_escape($branches->{$item->{homebranch}}->{'branchname'});
+ my $itemcallnumber = xml_escape($item->{itemcallnumber});
$xml.= "<item><homebranch>$homebranch</homebranch>".
"<status>$status</status>".
"<itemcallnumber>".$itemcallnumber."</itemcallnumber>"
diff --git a/t/Koha.t b/t/Koha.t
index c06a406..a042f47 100755
--- a/t/Koha.t
+++ b/t/Koha.t
@@ -2,7 +2,7 @@
use strict;
use warnings;
-use Test::More tests => 2;
+use Test::More tests => 5;
use_ok('C4::Koha');
@@ -13,3 +13,9 @@ my $date = "01/01/2002";
my $newdate = &slashifyDate("2002-01-01");
ok($date eq $newdate, 'slashifyDate');
+
+my $undef = undef;
+is(xml_escape($undef), '', 'xml_escape() returns empty string on undef input');
+my $str = q{'"&<>'};
+is(xml_escape($str), ''"&<>'', 'xml_escape() works as expected');
+is($str, q{'"&<>'}, '... and does not change input in place');
--
1.7.0
More information about the Koha-patches
mailing list