From 032b9593468a41cb6911f4f4e3eaebdfa2fb0ad9 Mon Sep 17 00:00:00 2001
From: "lpsolit%gmail.com" <>
Date: Tue, 30 Dec 2008 01:38:48 +0000
Subject: Bug 105960: xml.cgi generates invalid XML - Patch by Kip Hampton
 <khampton@totalcinema.com> r/a=mkanat

---
 Bugzilla/Util.pm | 10 ++++++++++
 1 file changed, 10 insertions(+)

(limited to 'Bugzilla/Util.pm')

diff --git a/Bugzilla/Util.pm b/Bugzilla/Util.pm
index a8ba2d81c..982e34c93 100644
--- a/Bugzilla/Util.pm
+++ b/Bugzilla/Util.pm
@@ -201,6 +201,16 @@ sub xml_quote {
     $var =~ s/>/\&gt;/g;
     $var =~ s/\"/\&quot;/g;
     $var =~ s/\'/\&apos;/g;
+    
+    # the following nukes characters disallowed by the XML 1.0
+    # spec, Production 2.2. 1.0 declares that only the following 
+    # are valid:
+    # (#x9 | #xA | #xD | [#x20-#xD7FF] | [#xE000-#xFFFD] | [#x10000-#x10FFFF])
+    $var =~ s/([\x{0001}-\x{0008}]|
+               [\x{000B}-\x{000C}]|
+               [\x{000E}-\x{0019}]|
+               [\x{D800}-\x{DFFF}]|
+               [\x{FFFE}-\x{FFFF}])//gx;
     return $var;
 }
 
-- 
cgit v1.2.3-24-g4f1b