Export/Ebics: Escape client and member names

Elwig/Helpers/Export/Ebics.cs

@@ -5,6 +5,7 @@ using System.Collections.Generic;
 using System.Diagnostics;
 using System.IO;
 using System.Linq;
+using System.Security;
 using System.Threading.Tasks;
 
 namespace Elwig.Helpers.Export {
@@ -52,7 +53,7 @@ namespace Elwig.Helpers.Export {
                    <CreDtTm>{DateTime.UtcNow:o}</CreDtTm>
                    <NbOfTxs>{nbOfTxs}</NbOfTxs>
                    <CtrlSum>{Transaction.FormatAmount(ctrlSum)}</CtrlSum>
-                   <InitgPty><Nm>{App.Client.NameFull}</Nm></InitgPty>
+                   <InitgPty><Nm>{SecurityElement.Escape(App.Client.NameFull)}</Nm></InitgPty>
                   </GrpHdr>
                   <PmtInf>
                    <PmtInfId>{pmtInfId}</PmtInfId>
@@ -60,7 +61,7 @@ namespace Elwig.Helpers.Export {
                    <NbOfTxs>{nbOfTxs}</NbOfTxs>
                    <CtrlSum>{Transaction.FormatAmount(ctrlSum)}</CtrlSum>
                    <ReqdExctnDt>{(Version >= 8 ? "<Dt>" : "")}{Date:yyyy-MM-dd}{(Version >= 8 ? "</Dt>" : "")}</ReqdExctnDt>
-                   <Dbtr><Nm>{App.Client.NameFull}</Nm></Dbtr>
+                   <Dbtr><Nm>{SecurityElement.Escape(App.Client.NameFull)}</Nm></Dbtr>
                    <DbtrAcct><Id><IBAN>{App.Client.Iban!.Replace(" ", "")}</IBAN></Id></DbtrAcct>
                    <DbtrAgt><FinInstnId>{(Version >= 4 ? "<BICFI>" : "<BIC>")}{App.Client.Bic ?? "NOTPROVIDED"}{(Version >= 4 ? "</BICFI>" : "</BIC>")}</FinInstnId></DbtrAgt>
                 """);
@@ -76,15 +77,15 @@ namespace Elwig.Helpers.Export {
                         <PmtId><EndToEndId>{id}</EndToEndId></PmtId>
                         <Amt><InstdAmt Ccy="{tx.Currency}">{Transaction.FormatAmount(tx.Amount)}</InstdAmt></Amt>
                         <Cdtr>
-                         <Nm>{a.Name[..Math.Min(140, a.Name.Length)]}</Nm>
+                         <Nm>{SecurityElement.Escape(a.Name[..Math.Min(140, a.Name.Length)])}</Nm>
                          <PstlAdr>
-                          <StrtNm>{a1?[..Math.Min(70, a1.Length)]}</StrtNm><BldgNb>{a2?[..Math.Min(16, a2.Length)]}</BldgNb>
-                          <PstCd>{a.PostalDest.AtPlz?.Plz}</PstCd><TwnNm>{a.PostalDest.AtPlz?.Ort.Name}</TwnNm>
+                          <StrtNm>{a1?[..Math.Min(70, a1.Length)]}</StrtNm><BldgNb>{SecurityElement.Escape(a2?[..Math.Min(16, a2.Length)])}</BldgNb>
+                          <PstCd>{a.PostalDest.AtPlz?.Plz}</PstCd><TwnNm>{SecurityElement.Escape(a.PostalDest.AtPlz?.Ort.Name)}</TwnNm>
                           <Ctry>{a.PostalDest.Country.Alpha2}</Ctry>
                          </PstlAdr>
                         </Cdtr>
                         <CdtrAcct><Id><IBAN>{tx.Member.Iban!}</IBAN></Id></CdtrAcct>
-                        <RmtInf><Ustrd>{info}</Ustrd></RmtInf>
+                        <RmtInf><Ustrd>{SecurityElement.Escape(info)}</Ustrd></RmtInf>
                        </CdtTrfTxInf>
                     """);
                 progress?.Report(100.0 * ++i / count);

Tests/Resources/Sql/Insert.sql

@@ -68,3 +68,7 @@ INSERT INTO member (mgnr, given_name, family_name, zwstid, volllieferant, buchf
 (102, 'Wernhardt', 'Weinbauer',   'X', FALSE, FALSE, 40, 222303524, 'Winzerstraße 2',    06109, 'AT123456789012345678'),
 (103, 'Matthäus',  'Musterbauer', 'X', FALSE, FALSE, 40, 212005138, 'Brünner Straße 10', 15224, 'AT123456789012345678'),
 (104, 'Waltraud',  'Winzer',      'X', FALSE, FALSE, 40, 212005138, 'Wiener Straße 15',  15224, 'AT123456789012345678');
+
+INSERT INTO member_billing_address (mgnr, name, country, postal_dest, address) VALUES
+(102, 'W&B Weinbauer GesbR',          40, 222303524, 'Winzerstraße 2'),
+(104, 'Weinbau Waltraud Winzer GmbH', 40, 212205137, 'Hauptstraße 1');