xml sanitize allow $1 and $2

Continue to remove any ${variables}  in this format

resources/classes/xml.php

@@ -7,7 +7,8 @@ if (!class_exists('xml')) {
 		 * Escapes xml special characters to html entities and sanitze switch special chars.
 		 */
 		static function sanitize($string) {
-            return str_replace('$', '', htmlspecialchars($string, ENT_XML1));
+			$string = preg_replace('/\$\{[^}]+\}/', '', $string);
+			return htmlspecialchars($string, ENT_XML1);
 		}
 
 	}