createElement with special character

[istvanfodor]

Hi Andrew,

I found a small problem: when the billing company of the card data contains a special character(& sign), the code crashed.
Bug place:
Omnipay\Realex\Message\CreateCustomerRequest.php
70. line:
$companyEl = $domTree->createElement('company', $card->getBillingCompany());
My solution was, replace all createElement to this:
$companyEl = $domTree->createElement('company');
$companyEl->appendChild($domTree->createTextNode($card->getBillingCompany()));

[coatesap]

Hi Istvanfodor, I can see you've added these commits to PR #16. Are you able to open a separate PR for these, as the endpoint changes are likely to conflict with those in #17 which I'll probably merge, as the implementation seems slightly cleaner?

[joeHickson]

Hi @coatesap ,
This looks to be a slightly wider bug - all the text fields need escaping. Just hit this error in the wild with an '&' in the name field. This seems to be a common issue on multiple drivers though - we also have instances with secure trading, covered by this bug. digitickets/omnipay-secure-trading#5
The proposed fix on secure trading may work here too, using the createTextNode method to automatically escape text strings.

[coatesap]

Hi @joeHickson - agreed, I think I've seen the same thing. Do you have permissions to merge? If so, feel free to look at PR #16 and tweak or extract the relevant parts as needed.