diff --git a/VERSION.json b/VERSION.json index e994cd58a..c6acd32fa 100644 --- a/VERSION.json +++ b/VERSION.json @@ -1 +1 @@ -{"major":2, "minor":3, "hotfix":24} \ No newline at end of file +{"major":2, "minor":3, "hotfix":25} \ No newline at end of file diff --git a/app/View/Events/xml.ctp b/app/View/Events/xml.ctp index 32200d700..d70563182 100755 --- a/app/View/Events/xml.ctp +++ b/app/View/Events/xml.ctp @@ -1,11 +1,13 @@ ", "\"", "'"); +$escapeWith = array('&', '<', '>', '"', '''); foreach ($results as $result) { $result['Event']['Attribute'] = $result['Attribute']; $result['Event']['ShadowAttribute'] = $result['ShadowAttribute']; $result['Event']['RelatedEvent'] = $result['RelatedEvent']; + $result['Event']['info'] = preg_replace ('/[^\x{0009}\x{000a}\x{000d}\x{0020}-\x{D7FF}\x{E000}-\x{FFFD}]+/u', ' ', $result['Event']['info']); + $result['Event']['info'] = str_replace($toEscape, $escapeWith, $result['Event']['info']); // // cleanup the array from things we do not want to expose diff --git a/app/View/Events/xml/xml.ctp b/app/View/Events/xml/xml.ctp index 32200d700..d70563182 100644 --- a/app/View/Events/xml/xml.ctp +++ b/app/View/Events/xml/xml.ctp @@ -1,11 +1,13 @@ ", "\"", "'"); +$escapeWith = array('&', '<', '>', '"', '''); foreach ($results as $result) { $result['Event']['Attribute'] = $result['Attribute']; $result['Event']['ShadowAttribute'] = $result['ShadowAttribute']; $result['Event']['RelatedEvent'] = $result['RelatedEvent']; + $result['Event']['info'] = preg_replace ('/[^\x{0009}\x{000a}\x{000d}\x{0020}-\x{D7FF}\x{E000}-\x{FFFD}]+/u', ' ', $result['Event']['info']); + $result['Event']['info'] = str_replace($toEscape, $escapeWith, $result['Event']['info']); // // cleanup the array from things we do not want to expose