From ecc89234458e4a01e9362cce86934dd35deb6879 Mon Sep 17 00:00:00 2001
From: Luke Pulverenti <luke.pulverenti@gmail.com>
Date: Fri, 8 Nov 2013 16:39:57 -0500
Subject: [PATCH] encode review input

---
 MediaBrowser.Api/PackageReviewService.cs | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/MediaBrowser.Api/PackageReviewService.cs b/MediaBrowser.Api/PackageReviewService.cs
index cb3c80a839..e0d52ee8a8 100644
--- a/MediaBrowser.Api/PackageReviewService.cs
+++ b/MediaBrowser.Api/PackageReviewService.cs
@@ -1,5 +1,6 @@
 using System.Collections.Generic;
 using System.Globalization;
+using System.Net;
 using System.Threading;
 using System.Threading.Tasks;
 using MediaBrowser.Common.Constants;
@@ -140,13 +141,16 @@ namespace MediaBrowser.Api
 
         public void Post(CreateReviewRequest request)
         {
+            var reviewText = WebUtility.HtmlEncode(request.Review ?? string.Empty);
+            var title = WebUtility.HtmlEncode(request.Title ?? string.Empty);
+
             var review = new Dictionary<string, string>
                              { { "id", request.Id.ToString(CultureInfo.InvariantCulture) },
                                { "mac", _netManager.GetMacAddress() },
                                { "rating", request.Rating.ToString(CultureInfo.InvariantCulture) },
                                { "recommend", request.Recommend.ToString() },
-                               { "title", request.Title },
-                               { "review", request.Review },
+                               { "title", title },
+                               { "review", reviewText },
                              };
 
             Task.WaitAll(_httpClient.Post(Constants.MbAdminUrl + "/service/packageReview/update", review, CancellationToken.None));