[Koha-patches] [PATCH 3/3] bug 5301: improve escaping of XML characters in bib output

Galen Charlton gmcharlt at gmail.com
Wed Oct 27 14:24:04 CEST 2010 

<, >, ', or " in an item call number will no longer make
the bib displays break when using XSLT mode.

Added a new routine to C4::Koha, xml_escape(), to implement
converting &, <, >, ', and " to their corresponding
entities.

Patch loosely based on work done by Daniel Latrémolière <daniel.latremoliere at bulac.fr>

Signed-off-by: Galen Charlton <gmcharlt at gmail.com>
---
 C4/Koha.pm |   20 ++++++++++++++++++++
 C4/XSLT.pm |    5 ++---
 t/Koha.t   |    8 +++++++-
 3 files changed, 29 insertions(+), 4 deletions(-)

diff --git a/C4/Koha.pm b/C4/Koha.pm
index dc2bcfa..bd5f5e7 100644
--- a/C4/Koha.pm
+++ b/C4/Koha.pm
@@ -61,6 +61,7 @@ BEGIN {
 		&GetNormalizedISBN
 		&GetNormalizedEAN
 		&GetNormalizedOCLCNumber
+        &xml_escape
 
 		$DEBUG
 	);
@@ -1190,6 +1191,25 @@ sub GetKohaAuthorisedValuesFromField {
   }
 }
 
+=head2 xml_escape
+
+  my $escaped_string = C4::Koha::xml_escape($string);
+
+Convert &, <, >, ', and " in a string to XML entities
+
+=cut
+
+sub xml_escape {
+    my $str = shift;
+    return '' unless defined $str;
+    $str =~ s/&/&amp;/g;
+    $str =~ s/</&lt;/g;
+    $str =~ s/>/&gt;/g;
+    $str =~ s/'/&apos;/g;
+    $str =~ s/"/&quot;/g;
+    return $str;
+}
+
 =head2 display_marc_indicators
 
   my $display_form = C4::Koha::display_marc_indicators($field);
diff --git a/C4/XSLT.pm b/C4/XSLT.pm
index 1c45e44..ddc9077 100644
--- a/C4/XSLT.pm
+++ b/C4/XSLT.pm
@@ -210,9 +210,8 @@ sub buildKohaItemsNamespace {
         } else {
             $status = "available";
         }
-        my $homebranch = $branches->{$item->{homebranch}}->{'branchname'};
-	 my $itemcallnumber = $item->{itemcallnumber} || '';
-        $itemcallnumber =~ s/\&/\&amp\;/g;
+        my $homebranch = xml_escape($branches->{$item->{homebranch}}->{'branchname'});
+	    my $itemcallnumber = xml_escape($item->{itemcallnumber});
         $xml.= "<item><homebranch>$homebranch</homebranch>".
 		"<status>$status</status>".
 		"<itemcallnumber>".$itemcallnumber."</itemcallnumber>"
diff --git a/t/Koha.t b/t/Koha.t
index c06a406..a042f47 100755
--- a/t/Koha.t
+++ b/t/Koha.t
@@ -2,7 +2,7 @@
 use strict;
 use warnings;
 
-use Test::More tests => 2;
+use Test::More tests => 5;
 
 use_ok('C4::Koha');
 
@@ -13,3 +13,9 @@ my $date = "01/01/2002";
 my $newdate = &slashifyDate("2002-01-01");
 
 ok($date eq $newdate, 'slashifyDate');
+
+my $undef = undef;
+is(xml_escape($undef), '', 'xml_escape() returns empty string on undef input');
+my $str = q{'"&<>'};
+is(xml_escape($str), '&apos;&quot;&amp;&lt;&gt;&apos;', 'xml_escape() works as expected');
+is($str, q{'"&<>'}, '... and does not change input in place');
-- 
1.7.0

More information about the Koha-patches mailing list