[libgdata] core: Fix attribute escaping for GDataAccessRule

[Philip Withnall <pwithnall src gnome org>]

commit 56b33358f94c325dca0fee75a9028247ef5ad896
Author: Philip Withnall <philip tecnocode co uk>
Date:   Fri Dec 10 17:45:20 2010 +0000

    core: Fix attribute escaping for GDataAccessRule
    
    Helps: bgo#631033

 gdata/gdata-access-rule.c |   17 ++++++++++-------
 gdata/tests/general.c     |   26 ++++++++++++++++++++++++++
 2 files changed, 36 insertions(+), 7 deletions(-)
---
diff --git a/gdata/gdata-access-rule.c b/gdata/gdata-access-rule.c
index d6a67f6..9386d57 100644
--- a/gdata/gdata-access-rule.c
+++ b/gdata/gdata-access-rule.c
@@ -330,16 +330,19 @@ get_xml (GDataParsable *parsable, GString *xml_string)
 	/* Chain up to the parent class */
 	GDATA_PARSABLE_CLASS (gdata_access_rule_parent_class)->get_xml (parsable, xml_string);
 
-	if (priv->role != NULL)
+	if (priv->role != NULL) {
 		/* gAcl:role */
-		g_string_append_printf (xml_string, "<gAcl:role value='%s'/>", priv->role);
+		gdata_parser_string_append_escaped (xml_string, "<gAcl:role value='", priv->role, "'/>");
+	}
 
-	if (priv->scope_value != NULL){
+	if (priv->scope_value != NULL) {
 		/* gAcl:scope */
-		if (priv->scope_type != NULL)
-			g_string_append_printf (xml_string, "<gAcl:scope type='%s' value='%s'/>", priv->scope_type, priv->scope_value);
-		else
-			g_string_append_printf (xml_string, "<gAcl:scope value='%s'/>", priv->scope_value);
+		if (priv->scope_type != NULL) {
+			gdata_parser_string_append_escaped (xml_string, "<gAcl:scope type='", priv->scope_type, "'");
+			gdata_parser_string_append_escaped (xml_string, " value='", priv->scope_value, "'/>");
+		} else {
+			gdata_parser_string_append_escaped (xml_string, "<gAcl:scope value='", priv->scope_value, "'/>");
+		}
 	}
 }
 
diff --git a/gdata/tests/general.c b/gdata/tests/general.c
index e8b0c4e..34b7391 100644
--- a/gdata/tests/general.c
+++ b/gdata/tests/general.c
@@ -933,6 +933,31 @@ test_access_rule_error_handling (void)
 }
 
 static void
+test_access_rule_escaping (void)
+{
+	GDataAccessRule *rule;
+	gchar *xml;
+
+	rule = gdata_access_rule_new (NULL);
+	gdata_access_rule_set_role (rule, "<role>");
+	gdata_access_rule_set_scope (rule, "<scope>", "<value>");
+
+	/* Check the outputted XML is escaped properly */
+	xml = gdata_parsable_get_xml (GDATA_PARSABLE (rule));
+	g_assert_cmpstr (xml, ==,
+		"<?xml version='1.0' encoding='UTF-8'?>"
+		"<entry xmlns='http://www.w3.org/2005/Atom' xmlns:gd='http://schemas.google.com/g/2005' "
+		       "xmlns:gAcl='http://schemas.google.com/acl/2007'>"
+			"<title type='text'>&lt;role&gt;</title>"
+			"<category term='http://schemas.google.com/acl/2007#accessRule' scheme='http://schemas.google.com/g/2005#kind'/>"
+			"<gAcl:role value='&lt;role&gt;'/>"
+			"<gAcl:scope type='&lt;scope&gt;' value='&lt;value&gt;'/>"
+		"</entry>");
+	g_free (xml);
+	g_object_unref (rule);
+}
+
+static void
 test_comparable (void)
 {
 	GDataComparable *category = GDATA_COMPARABLE (gdata_category_new ("term", "http://scheme";, "label"));
@@ -3610,6 +3635,7 @@ main (int argc, char *argv[])
 
 	g_test_add_func ("/access-rule/get_xml", test_access_rule_get_xml);
 	g_test_add_func ("/access-rule/error_handling", test_access_rule_error_handling);
+	g_test_add_func ("/access-rule/escaping", test_access_rule_escaping);
 
 	g_test_add_func ("/comparable", test_comparable);