Escape values before sending xml

stevebartholomew · Jun 18, 2010 · ddbe09c · ddbe09c
1 parent 39870d7
commit ddbe09c
Show file tree

Hide file tree

Showing 5 changed files with 14 additions and 8 deletions.
diff --git a/VERSION b/VERSION
@@ -1 +1 @@
-0.0.7
+0.0.9
diff --git a/lib/solve360.rb b/lib/solve360.rb
@@ -2,7 +2,7 @@
 require "configify"
 require "active_support/inflector"
 require "active_support/core_ext/hash"
-
+require "cgi"
 
 ["item", "config", "contact", "company"].each do |lib|
   require File.join(File.dirname(__FILE__), "solve360", lib)

diff --git a/lib/solve360/item.rb b/lib/solve360/item.rb
@@ -75,7 +75,7 @@ def new_record?
     def to_request
       xml = "<request>"
 
-      xml << map_human_fields.collect {|key, value| "<#{key}>#{value}</#{key}>"}.join("")
+      xml << map_human_fields.collect {|key, value| "<#{key}>#{CGI.escapeHTML(value)}</#{key}>"}.join("")
 
       if related_items_to_add.size > 0
         xml << "<relateditems>"

diff --git a/solve360.gemspec b/solve360.gemspec
@@ -5,11 +5,11 @@
 
 Gem::Specification.new do |s|
   s.name = %q{solve360}
-  s.version = "0.0.7"
+  s.version = "0.0.9"
 
   s.required_rubygems_version = Gem::Requirement.new(">= 0") if s.respond_to? :required_rubygems_version=
   s.authors = ["Stephen Bartholomew"]
-  s.date = %q{2010-02-04}
+  s.date = %q{2010-06-18}
   s.description = %q{}
   s.email = %q{Stephen Bartholomew}
   s.extra_rdoc_files = [
@@ -32,8 +32,8 @@ Gem::Specification.new do |s|
      "spec/fixtures/contacts/find-company-success.json",
      "spec/fixtures/contacts/find-success.json",
      "spec/fixtures/contacts/index.json",
+     "spec/fixtures/contacts/save-failed.json",
      "spec/fixtures/contacts/show-success.json",
-     "spec/fixtures/contacts/update-failed.json",
      "spec/fixtures/contacts/update-success.json",
      "spec/solve360/item_spec.rb",
      "spec/spec.opts",
@@ -42,7 +42,7 @@ Gem::Specification.new do |s|
   s.homepage = %q{http://github.com/curve21/solve360}
   s.rdoc_options = ["--charset=UTF-8"]
   s.require_paths = ["lib"]
-  s.rubygems_version = %q{1.3.5}
+  s.rubygems_version = %q{1.3.6}
   s.summary = %q{Libary for working with the Solve360 CRM API}
   s.test_files = [
     "spec/solve360/item_spec.rb",

diff --git a/spec/solve360/item_spec.rb b/spec/solve360/item_spec.rb
@@ -204,7 +204,6 @@ class Car
   end
 
   it "should contain all contacts" do
-    puts @contacts.inspect
     @contacts.size.should == 2
     first = @contacts.first
     first.class.should == Solve360::Contact
@@ -224,4 +223,11 @@ class Car
       @contact.save
     }.should raise_error(Solve360::SaveFailure)
   end
+end
+
+describe "CGI Converting values" do
+  it "should convert html entities" do
+    @contact = Solve360::Contact.new(:fields => {"First Name" => "Steve & Cat"})
+    @contact.to_request.should match(/Steve \&amp\; Cat/)
+  end
 end