xml sanitize allow $1 and $2

Continue to remove any ${variables}  in this format

resources/classes/xml.php

@@ -1,16 +1,17 @@
 <?php
 
 if (!class_exists('xml')) {
-    class xml {
+	class xml {
 
-        /**
-         * Escapes xml special characters to html entities and sanitze switch special chars.
-         */
-        static function sanitize($string) {
-            return str_replace('$', '', htmlspecialchars($string, ENT_XML1));
-        }
+		/**
+		 * Escapes xml special characters to html entities and sanitze switch special chars.
+		 */
+		static function sanitize($string) {
+			$string = preg_replace('/\$\{[^}]+\}/', '', $string);
+			return htmlspecialchars($string, ENT_XML1);
+		}
 
-    }
+	}
 }
 
-?>
+?>