wrap ListEntry::update() values in htmlspecialchars()

cornernote · web-flow · commit 30416d02289c · 2016-08-23T14:01:44.000+09:30
fixes #157 ref: http://stackoverflow.com/a/29679217/599477
diff --git a/src/Google/Spreadsheet/ListEntry.php b/src/Google/Spreadsheet/ListEntry.php
@@ -91,7 +91,7 @@ public function update($values)
         $entry->addChild("id", $this->xml->id->__toString());
 
         foreach($values as $colName => $value) {
-            $entry->addChild("xmlns:gsx:$colName", $value);
+            $entry->addChild("xmlns:gsx:$colName", htmlspecialchars($value));
         }
 
         ServiceRequestFactory::getInstance()->put($this->getEditUrl(), $entry->asXML());
@@ -114,4 +114,4 @@ public function getEditUrl()
     {
         return Util::getLinkHref($this->xml, 'edit');
     }
-}
+}

Original file line number	Diff line number	Diff line change
`@@ -91,7 +91,7 @@ public function update($values)`
`91`	`91`	`$entry->addChild("id", $this->xml->id->__toString());`
`92`	`92`
`93`	`93`	`foreach($values as $colName => $value) {`
`94`		`- $entry->addChild("xmlns:gsx:$colName", $value);`
	`94`	`+ $entry->addChild("xmlns:gsx:$colName", htmlspecialchars($value));`
`95`	`95`	`}`
`96`	`96`
`97`	`97`	`ServiceRequestFactory::getInstance()->put($this->getEditUrl(), $entry->asXML());`
`@@ -114,4 +114,4 @@ public function getEditUrl()`
`114`	`114`	`{`
`115`	`115`	`return Util::getLinkHref($this->xml, 'edit');`
`116`	`116`	`}`
`117`		`-}`
	`117`	`+}`