Fix missing XML Escaping in Password String

Fixes #5060

dnsapi/dns_inwx.sh

@@ -160,6 +160,15 @@ _inwx_check_cookie() {
   return 1
 }
 
+_htmlEscape() {
+  local s
+  s=${1//&/&}
+  s=${s//</&lt;}
+  s=${s//>/&gt;}
+  s=${s//'"'/&quot;}
+  printf -- %s "$s"
+}
+
 _inwx_login() {
 
   if _inwx_check_cookie; then
@@ -167,6 +176,8 @@ _inwx_login() {
     return 0
   fi
 
+  XML_PASS=$(_htmlEscape "$INWX_Password")
+
   xml_content=$(printf '<?xml version="1.0" encoding="UTF-8"?>
   <methodCall>
   <methodName>account.login</methodName>
@@ -190,7 +201,7 @@ _inwx_login() {
     </value>
    </param>
   </params>
-  </methodCall>' "$INWX_User" "$INWX_Password")
+  </methodCall>' "$INWX_User" "$XML_PASS")
 
   response="$(_post "$xml_content" "$INWX_Api" "" "POST")"