[libgdata] core: Fix attribute escaping for GDataEntry

[Philip Withnall <pwithnall src gnome org>]

commit 87d003808596109dbb7ab4bf6f946898a9a53c0e
Author: Philip Withnall <philip tecnocode co uk>
Date:   Fri Dec 10 17:27:19 2010 +0000

    core: Fix attribute escaping for GDataEntry
    
    Helps: bgo#631033

 gdata/gdata-entry.c   |    4 +-
 gdata/tests/general.c |   61 +++++++++++++++++++++++++++++++++++++++++++++++++
 2 files changed, 63 insertions(+), 2 deletions(-)
---
diff --git a/gdata/gdata-entry.c b/gdata/gdata-entry.c
index e4f9069..d14f6fc 100644
--- a/gdata/gdata-entry.c
+++ b/gdata/gdata-entry.c
@@ -493,7 +493,7 @@ pre_get_xml (GDataParsable *parsable, GString *xml_string)
 
 	/* Add the entry's ETag, if available */
 	if (gdata_entry_get_etag (GDATA_ENTRY (parsable)) != NULL)
-		g_string_append_printf (xml_string, " gd:etag='%s'", priv->etag);
+		gdata_parser_string_append_escaped (xml_string, " gd:etag='", priv->etag, "'");
 }
 
 static void
@@ -505,7 +505,7 @@ get_xml (GDataParsable *parsable, GString *xml_string)
 	gdata_parser_string_append_escaped (xml_string, "<title type='text'>", priv->title, "</title>");
 
 	if (priv->id != NULL)
-		g_string_append_printf (xml_string, "<id>%s</id>", priv->id);
+		gdata_parser_string_append_escaped (xml_string, "<id>", priv->id, "</id>");
 
 	if (priv->updated != -1) {
 		gchar *updated = gdata_parser_int64_to_iso8601 (priv->updated);
diff --git a/gdata/tests/general.c b/gdata/tests/general.c
index ad7f662..e8b0c4e 100644
--- a/gdata/tests/general.c
+++ b/gdata/tests/general.c
@@ -359,6 +359,66 @@ test_entry_error_handling (void)
 }
 
 static void
+test_entry_escaping (void)
+{
+	GDataEntry *entry;
+	gchar *xml;
+	GError *error = NULL;
+
+	/* Since we can't construct a GDataEntry directly, we need to parse it from XML */
+	entry = GDATA_ENTRY (gdata_parsable_new_from_xml (GDATA_TYPE_ENTRY,
+		"<?xml version='1.0' encoding='UTF-8'?>"
+		"<entry xmlns='http://www.w3.org/2005/Atom'>"
+			"<title type='text'>Escaped content &amp; stuff</title>"
+			"<id>http://foo.com/?foo&amp;bar</id>"
+			"<updated>2010-12-10T17:21:24Z</updated>"
+			"<published>2010-12-10T17:21:24Z</published>"
+			"<summary type='text'>Summary &amp; stuff</summary>"
+			"<rights>Free &amp; open source</rights>"
+			"<content type='text'>Content &amp; things.</content>"
+		"</entry>", -1, &error));
+	g_assert_no_error (error);
+	g_assert (GDATA_IS_ENTRY (entry));
+
+	/* Check the outputted XML is escaped properly */
+	xml = gdata_parsable_get_xml (GDATA_PARSABLE (entry));
+	g_assert_cmpstr (xml, ==,
+		"<?xml version='1.0' encoding='UTF-8'?>"
+		"<entry xmlns='http://www.w3.org/2005/Atom' xmlns:gd='http://schemas.google.com/g/2005'>"
+			"<title type='text'>Escaped content &amp; stuff</title>"
+			"<id>http://foo.com/?foo&amp;bar</id>"
+			"<updated>2010-12-10T17:21:24Z</updated>"
+			"<published>2010-12-10T17:21:24Z</published>"
+			"<summary type='text'>Summary &amp; stuff</summary>"
+			"<rights>Free &amp; open source</rights>"
+			"<content type='text'>Content &amp; things.</content>"
+		"</entry>");
+	g_free (xml);
+	g_object_unref (entry);
+
+	/* Repeat with content given by a URI */
+	entry = GDATA_ENTRY (gdata_parsable_new_from_xml (GDATA_TYPE_ENTRY,
+		"<?xml version='1.0' encoding='UTF-8'?>"
+		"<entry xmlns='http://www.w3.org/2005/Atom'>"
+			"<title type='text'>Escaped content &amp; stuff</title>"
+			"<content type='text/plain' src='http://foo.com?foo&amp;bar'/>"
+		"</entry>", -1, &error));
+	g_assert_no_error (error);
+	g_assert (GDATA_IS_ENTRY (entry));
+
+	/* Check the outputted XML is escaped properly */
+	xml = gdata_parsable_get_xml (GDATA_PARSABLE (entry));
+	g_assert_cmpstr (xml, ==,
+		"<?xml version='1.0' encoding='UTF-8'?>"
+		"<entry xmlns='http://www.w3.org/2005/Atom' xmlns:gd='http://schemas.google.com/g/2005'>"
+			"<title type='text'>Escaped content &amp; stuff</title>"
+			"<content type='text/plain' src='http://foo.com?foo&amp;bar'/>"
+		"</entry>");
+	g_free (xml);
+	g_object_unref (entry);
+}
+
+static void
 test_feed_parse_xml (void)
 {
 	GDataFeed *feed;
@@ -3539,6 +3599,7 @@ main (int argc, char *argv[])
 	g_test_add_func ("/entry/get_xml", test_entry_get_xml);
 	g_test_add_func ("/entry/parse_xml", test_entry_parse_xml);
 	g_test_add_func ("/entry/error_handling", test_entry_error_handling);
+	g_test_add_func ("/entry/escaping", test_entry_escaping);
 
 	g_test_add_func ("/feed/parse_xml", test_feed_parse_xml);
 	g_test_add_func ("/feed/error_handling", test_feed_error_handling);