$cs=$xml->createElement("Customer");
$cs->setAttribute("id",$res[0]["customerid"]);
$cs->setAttribute("name",$res[0]["name"]);
- $cs->appendChild($xml->createElement("Address",$res[0]["address"]));
- $cs->appendChild($xml->createElement("Contact",$res[0]["contact"]));
- $cs->appendChild($xml->createElement("Comment",$res[0]["comments"]));
+ $cs->appendChild($xml->createElement("Address",xq($res[0]["address"])));
+ $cs->appendChild($xml->createElement("Contact",xq($res[0]["contact"])));
+ $cs->appendChild($xml->createElement("Comment",xq($res[0]["comments"])));
$res=$db->select("webuser","email","customerid=".$db->escapeInt($cid));
if(count($res)>0)
$cs->setAttribute("mail",$res[0]["email"]);
$root=$xml->createElement("EventList");
if(count($all)>0)
foreach($all as $k => $ev){
- $nod=$xml->createElement("Event",$ev["title"]);
+ $nod=$xml->createElement("Event",xq($ev["title"]));
//set direct attributes
$nod->setAttribute("id",$ev["eventid"]);
$nod->setAttribute("start",$ev["starttime"]);
$nod->setAttribute("capacity",$ev->getCapacity());
$nod->setAttribute("defaultprice",$ev->getDefaultPrice());
$nod->setAttribute("cancelled",$ev->isCancelled()?"true":"false");
- $nod->appendChild($xml->createElement("Title",$ev->getTitle()));
- $nod->appendChild($xml->createElement("Artist",$ev->getArtist()));
+ $nod->appendChild($xml->createElement("Title",xq($ev->getTitle())));
+ $nod->appendChild($xml->createElement("Artist",xq($ev->getArtist())));
$nod->appendChild($xml->createElement("Room",$ev->getRoomId()));
- $nod->appendChild($xml->createElement("Description",$ev->getDescription()));
+ $nod->appendChild($xml->createElement("Description",xq($ev->getDescription())));
if($ev->isCancelled())
- $nod->appendChild($xml->createElement("CancelReason",$ev->getCancelReason()));
+ $nod->appendChild($xml->createElement("CancelReason",xq($ev->getCancelReason())));
$root->appendChild($nod);
}
$xml->appendChild($root);
//add other data and dump XML
if($dumpxml){
- $ord->appendChild($xml->createElement("DeliveryAddress",$this->deliveryaddress));
- $ord->appendChild($xml->createElement("Comment",$this->comment));
+ $ord->appendChild($xml->createElement("DeliveryAddress",xq($this->deliveryaddress)));
+ $ord->appendChild($xml->createElement("Comment",xq($this->comment)));
$ord->setAttribute("status",$ostat);
$ord->setAttribute("totalprice",$totalprice);
$xml->appendChild($ord);
$doc->setAttribute("totalprice",$totalprice);
//add static fields
- $doc->appendChild($xml->createElement("DeliveryAddress",$this->deliveryaddress));
- $doc->appendChild($xml->createElement("Comment",$this->comment));
+ $doc->appendChild($xml->createElement("DeliveryAddress",xq($this->deliveryaddress)));
+ $doc->appendChild($xml->createElement("Comment",xq($this->comment)));
//dump
$xml->appendChild($doc);
$room->setAttribute("capacity",$rm["capacity"]);
$id=$xml->createElement("ID",$rm["roomid"]);
$room->appendChild($id);
- $des=$xml->createElement("Description",$rm["description"]);
+ $des=$xml->createElement("Description",xq($rm["description"]));
$room->appendChild($des);
$root->appendChild($room);
}
$dom=new DomDocument;
$root=$dom->createElement("Users");
for($i=0;$i<count($res);$i++){
- $usr=$dom->createElement("User",$res[$i]["description"]);
+ $usr=$dom->createElement("User",xq($res[$i]["description"]));
$usr->setAttributeNode(new DOMAttr("name",$res[$i]["uname"]));
$root->appendChild($usr);
}
//create new
$db->insert("users",array("uname"=>$usr[$i]["name"],"description"=>$usr[$i]["descr"],"passwd"=>$usr[$i]["passwd"]));
//print data
- $udm=$dom->createElement("User",$usr[$i]["descr"]);
+ $udm=$dom->createElement("User",xq($usr[$i]["descr"]));
$udm->setAttributeNode(new DOMAttr("name",$usr[$i]["name"]));
$root->appendChild($udm);
}
/** translate() also takes a context*/
function translate($context,$str,$comment=""){return $str;}
+
+/**XML translation: & -> &, < -> < etc.pp.*/
+function xq($str){return htmlspecialchars($str,ENT_NOQUOTES,"UTF-8");}
+
?>
\ No newline at end of file
projects / konrad/smoke.git / commitdiff