From fb25aabd8032f488bdaec5fc1e9977ac345309b9 Mon Sep 17 00:00:00 2001
From: Rajesh Mallah <mallah.rajesh@gmail.com>
Date: Mon, 4 May 2020 05:06:03 +0530
Subject: [PATCH] escape values passed in API to server

---
 cpanfile                          | 1 +
 lib/API/BigBlueButton/Requests.pm | 5 +++--
 2 files changed, 4 insertions(+), 2 deletions(-)

diff --git a/cpanfile b/cpanfile
index 2962c9a..75ac827 100644
--- a/cpanfile
+++ b/cpanfile
@@ -5,6 +5,7 @@ requires 'base', '0';
 requires 'constant', '0';
 requires 'Digest::SHA1', '0';
 requires 'XML::Fast', '0';
+requires 'URI::Escape', '0';
 
 on 'test' => sub {
     requires 'Test::More', '0.98';
diff --git a/lib/API/BigBlueButton/Requests.pm b/lib/API/BigBlueButton/Requests.pm
index 70c4970..ebf8548 100644
--- a/lib/API/BigBlueButton/Requests.pm
+++ b/lib/API/BigBlueButton/Requests.pm
@@ -12,6 +12,7 @@ use warnings;
 
 use Digest::SHA1 qw/ sha1_hex /;
 use Carp qw/ confess /;
+use URI::Escape ;
 
 use constant {
     REQUIRE_CREATE_PARAMS => [ qw/ meetingID / ],
@@ -424,7 +425,7 @@ $params:
 sub generate_url_query {
     my ( $self, $params ) = @_;
 
-    my $string = CORE::join( '&', map { "$_=$params->{$_}" } sort keys %{ $params } );
+    my $string = CORE::join( '&', map { my $val = uri_escape ($params->{$_}); "$_=$val" } sort keys %{ $params } );
 
     return $string;
 }
@@ -468,4 +469,4 @@ Alexander Ruzhnikov E<lt>a.ruzhnikov@reg.ruE<gt>
 
 =cut
 
-1;
\ No newline at end of file
+1;