Skip to content

Commit

Permalink
fix: htmlentities() of values being passed into Group query
Browse files Browse the repository at this point in the history
  • Loading branch information
brianreichtcs committed Dec 18, 2024
1 parent c958368 commit b2dcf5c
Show file tree
Hide file tree
Showing 2 changed files with 57 additions and 2 deletions.
55 changes: 55 additions & 0 deletions example/ReadGroupByName.php
Original file line number Diff line number Diff line change
@@ -0,0 +1,55 @@
<?php

/**
* A script for looking up SmarterU Groups by name.
*
* To use the script, run it from the command line with the group name as the
* first argument. If your group name includes spaces or control characters,
* wrap it in quotes.
*
* Examples:
* php ListUsersLiveTest.php "Group Name"
* php ListUsersLiveTest.php GroupName
*
* The script will render the print_r() version of your group so you can see
* the value of it's properties.
*
* @author CORE Software Team
* @copyright $year$ Core Business Solutions
* @license Proprietary
* @since 2024/12/18
* @version $version$
*/

declare(strict_types=1);

namespace CBS\SmarterU\Tests\Usability;

require_once(__DIR__ . '/../vendor/autoload.php');

use CBS\SmarterU\Client;

$accountKey = getenv('SMARTERU_ACCOUNT_KEY') ?? 'No Account Key Provided';
$userKey = getenv('SMARTERU_USER_KEY') ?? 'No User Key Provided';

/**
* The first argument to the script should be the group name.
*
* @var string|null
*/
$groupNameToFind = $argv[1] ?? null;

// If no arguments, then show usage.
if (empty($groupNameToFind)) {
echo "Usage: php ListUsersLiveTest.php [groupName]\n";
exit(1);
}

try {
print_r(
(new Client($accountKey, $userKey))
->readGroupByName($groupNameToFind)
);
} catch (\Exception $error) {
var_dump($error);
}
4 changes: 2 additions & 2 deletions src/XMLGenerator.php
Original file line number Diff line number Diff line change
Expand Up @@ -664,9 +664,9 @@ public function getGroup(
$parameters = $xml->addChild('Parameters');
$group = $parameters->addChild('Group');
if ($query->getName() !== null) {
$group->addChild('Name', $query->getName());
$group->addChild('Name', htmlentities($query->getName()));
} else if ($query->getGroupId() !== null) {
$group->addChild('GroupID', $query->getGroupId());
$group->addChild('GroupID', htmlentities($query->getGroupId()));
} else {
throw new MissingValueException(
'Group identifier must be specified when creating a GetGroupQuery.'
Expand Down

0 comments on commit b2dcf5c

Please sign in to comment.