Wrap items in htmlspecialchars

jasonvarga · jasonvarga · commit 268511f1d95c · 2015-02-19T10:50:35.000-05:00
diff --git a/src/Message/PurchaseRequest.php b/src/Message/PurchaseRequest.php
@@ -146,7 +146,7 @@ public function getData()
                 $itemsHtml .= "<li>{$item['quantity']} x {$item['name']}</li>";
             }
             $itemsHtml .= '</ul>';
-            $transaction->addChild('items', $itemsHtml);
+            $transaction->addChild('items', htmlspecialchars($itemsHtml));
         }
 
         if ('IDEAL' === $this->getGateway() && $this->getIssuer()) {

Original file line number	Diff line number	Diff line change
`@@ -146,7 +146,7 @@ public function getData()`
`146`	`146`	`$itemsHtml .= "<li>{$item['quantity']} x {$item['name']}</li>";`
`147`	`147`	`}`
`148`	`148`	`$itemsHtml .= '</ul>';`
`149`		`- $transaction->addChild('items', $itemsHtml);`
	`149`	`+ $transaction->addChild('items', htmlspecialchars($itemsHtml));`
`150`	`150`	`}`
`151`	`151`
`152`	`152`	`if ('IDEAL' === $this->getGateway() && $this->getIssuer()) {`