gdc: escape special characters for XML (#44048)
This commit is contained in:
parent
3b4d90c918
commit
336e5455ea
|
@ -62,16 +62,21 @@ class Gdc(BaseResource):
|
|||
verbose_name = _('GDC Web Service')
|
||||
|
||||
def call_soap(self, action, *args, **kwargs):
|
||||
|
||||
def escape(s):
|
||||
return force_text(s).replace('&', '&').replace('>', '>').replace('<', '<')
|
||||
|
||||
params = []
|
||||
for i, arg in enumerate(args):
|
||||
params.append('<v%(i)s xsi:type="xsd:string">%(value)s</v%(i)s>' % {'i': i + 1, 'value': arg})
|
||||
params.append('<v%(i)s xsi:type="xsd:string">%(value)s</v%(i)s>' % {
|
||||
'i': i + 1, 'value': escape(arg)})
|
||||
for key, value in kwargs.items():
|
||||
if value is None:
|
||||
params.append('<%s xsi:null="1"/>' % key)
|
||||
continue
|
||||
type_ = 'int' if isinstance(value, int) else 'string'
|
||||
params.append('<%(key)s xsi:type="xsd:%(type)s">%(value)s</%(key)s>' % {
|
||||
'key': key, 'type': type_, 'value': value})
|
||||
'key': key, 'type': type_, 'value': escape(value)})
|
||||
|
||||
data = """<?xml version="1.0" encoding="UTF-8"?>
|
||||
<SOAP-ENV:Envelope
|
||||
|
|
Loading…
Reference in New Issue