From 2f67e95b60271178544b274d7eab9571536a4378 Mon Sep 17 00:00:00 2001
From: Sergey <gluschenko@retailcrm.ru>
Date: Thu, 1 Jun 2017 14:22:51 +0300
Subject: [PATCH] Escaping special characters in names

---
 MoySkladICMLParser.php | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/MoySkladICMLParser.php b/MoySkladICMLParser.php
index 376b34d..5353a56 100644
--- a/MoySkladICMLParser.php
+++ b/MoySkladICMLParser.php
@@ -404,7 +404,7 @@ class MoySkladICMLParser
         if (count($categories)) {
             $categoriesXml = $this->icmlAdd($xml->shop, 'categories', '');
             foreach ($categories as $category) {
-                $categoryXml = $this->icmlAdd($categoriesXml, 'category', $category['name']);
+                $categoryXml = $this->icmlAdd($categoriesXml, 'category', htmlspecialchars($category['name']));
                 $categoryXml->addAttribute('id', $category['externalCode']);
 
                 if (!empty($category['parentId'])) {
@@ -422,8 +422,8 @@ class MoySkladICMLParser
             $this->icmlAdd($offerXml, 'xmlId', $product['xmlId']);
             $this->icmlAdd($offerXml, 'price', number_format($product['price'], 2, '.', ''));
             $this->icmlAdd($offerXml, 'purchasePrice', number_format($product['purchasePrice'], 2, '.', ''));
-            $this->icmlAdd($offerXml, 'name', $product['name']);
-            $this->icmlAdd($offerXml, 'productName', $product['productName']);
+            $this->icmlAdd($offerXml, 'name', htmlspecialchars($product['name']));
+            $this->icmlAdd($offerXml, 'productName', htmlspecialchars($product['productName']));
             $this->icmlAdd($offerXml, 'vatRate',$product['effectiveVat']);
 
             if ($product['unit'] != '') {