From 1809f93f8b1c15a2681769abb23772e157a6b814 Mon Sep 17 00:00:00 2001
From: SiboVG <sibo.vangool@hotmail.com>
Date: Tue, 14 Feb 2023 02:59:59 +0000
Subject: [PATCH] [#2051] Sanitize some XML content

---
 .../net/sf/openrocket/file/openrocket/OpenRocketSaver.java  | 2 +-
 .../file/openrocket/savers/RocketComponentSaver.java        | 5 +++--
 core/src/net/sf/openrocket/util/TextUtil.java               | 6 +++++-
 3 files changed, 9 insertions(+), 4 deletions(-)

diff --git a/core/src/net/sf/openrocket/file/openrocket/OpenRocketSaver.java b/core/src/net/sf/openrocket/file/openrocket/OpenRocketSaver.java
index 0aa872706..a330a497d 100644
--- a/core/src/net/sf/openrocket/file/openrocket/OpenRocketSaver.java
+++ b/core/src/net/sf/openrocket/file/openrocket/OpenRocketSaver.java
@@ -627,7 +627,7 @@ public class OpenRocketSaver extends RocketSaver {
 	private void writeElement(String element, Object content) throws IOException {
 		if (content == null)
 			content = "";
-		writeln("<" + element + ">" + content + "</" + element + ">");
+		writeln("<" + element + ">" + TextUtil.escapeXML(content) + "</" + element + ">");
 	}
 	
 	
diff --git a/core/src/net/sf/openrocket/file/openrocket/savers/RocketComponentSaver.java b/core/src/net/sf/openrocket/file/openrocket/savers/RocketComponentSaver.java
index 5b273dff7..04d031cd9 100644
--- a/core/src/net/sf/openrocket/file/openrocket/savers/RocketComponentSaver.java
+++ b/core/src/net/sf/openrocket/file/openrocket/savers/RocketComponentSaver.java
@@ -40,8 +40,9 @@ public class RocketComponentSaver {
 		ComponentPreset preset = c.getPresetComponent();
 		if (preset != null) {
 			elements.add("<preset type=\"" + preset.getType() +
-					"\" manufacturer=\"" + preset.getManufacturer().getSimpleName() +
-					"\" partno=\"" + preset.getPartNo() + "\" digest=\"" + preset.getDigest() + "\"/>");
+					"\" manufacturer=\"" + TextUtil.escapeXML(preset.getManufacturer().getSimpleName()) +
+					"\" partno=\"" + TextUtil.escapeXML(preset.getPartNo()) + "\" digest=\"" +
+					preset.getDigest() + "\"/>");
 		}
 
 		// Save outside appearance
diff --git a/core/src/net/sf/openrocket/util/TextUtil.java b/core/src/net/sf/openrocket/util/TextUtil.java
index 0f31002ac..0e4748a07 100644
--- a/core/src/net/sf/openrocket/util/TextUtil.java
+++ b/core/src/net/sf/openrocket/util/TextUtil.java
@@ -156,7 +156,11 @@ public class TextUtil {
 	 * 
 	 * The result is both valid XML and HTML 2.0.  The majority of characters are left unchanged.
 	 */
-	public static String escapeXML(String s) {
+	public static String escapeXML(Object obj) {
+		if (obj == null) {
+			return "";
+		}
+		String s = obj.toString();
 		StringBuilder sb = new StringBuilder(s.length());
 		
 		for (int i = 0; i < s.length(); i++) {