createElement with special character

[istvanfodor]

Hi Andrew,

I found a small problem: when the billing company of the card data contains a special character(& sign), the code crashed. Bug place: Omnipay\Realex\Message\CreateCustomerRequest.php

70. line: $companyEl = $domTree->createElement('company', $card->getBillingCompany()); My solution was, replace all createElement to this: $companyEl = $domTree->createElement('company'); $companyEl->appendChild($domTree->createTextNode($card->getBillingCompany()));

[coatesap]

Hi Istvanfodor, I can see you've added these commits to PR #16. Are you able to open a separate PR for these, as the endpoint changes are likely to conflict with those in #17 which I'll probably merge, as the implementation seems slightly cleaner?

[joeHickson]

Hi @coatesap , This looks to be a slightly wider bug - all the text fields need escaping. Just hit this error in the wild with an '&' in the name field. This seems to be a common issue on multiple drivers though - we also have instances with secure trading, covered by this bug. https://github.com/meebio/omnipay-secure-trading/issues/5 The proposed fix on secure trading may work here too, using the createTextNode method to automatically escape text strings.

[coatesap]

Hi @joeHickson - agreed, I think I've seen the same thing. Do you have permissions to merge? If so, feel free to look at PR #16 and tweak or extract the relevant parts as needed.