diff --git a/api/XMLDocument.inc b/api/XMLDocument.inc index 0552822a..608aab66 100644 --- a/api/XMLDocument.inc +++ b/api/XMLDocument.inc @@ -141,7 +141,7 @@ class XMLDocument { $document = $this->createDOMDocument(); // Load from XML or create the root node. isset($xml) ? - $document->loadXML($xml) : + $document->loadXML(islandora_sanitize_input_for_valid_xml($xml)) : $document->appendChild(new DOMElement($root_name, NULL, $namespaces->getDefaultURI())); $this->namespaces->addNamespacesAttributesTo($document->documentElement); return $document; diff --git a/api/XMLFormProcessor.inc b/api/XMLFormProcessor.inc index 648e0031..61e50bf6 100644 --- a/api/XMLFormProcessor.inc +++ b/api/XMLFormProcessor.inc @@ -46,7 +46,7 @@ class XMLFormProcessAction { public function __construct(ActionInterface $action, FormElement $element, $value = NULL) { $this->action = $action; $this->element = $element; - $this->value = $value; + $this->value = islandora_sanitize_input_for_valid_xml($value); } /** diff --git a/builder/includes/datastream.form.inc b/builder/includes/datastream.form.inc index caf85842..b0616955 100644 --- a/builder/includes/datastream.form.inc +++ b/builder/includes/datastream.form.inc @@ -155,6 +155,7 @@ function xml_form_builder_datastream_form_metadata_form(array $form, array &$for $form['update'] = array( '#type' => 'submit', '#value' => t('Update'), + '#suffix' => '
' . t('All hidden characters will be filtered and not saved.') . '
', '#name' => 'update', '#submit' => array('xml_form_builder_datastream_form_metadata_form_submit'), );