make linking of notes with <speci"a'l> chars work

[grauphel.git] / lib / notestorage.php

diff --git a/lib/notestorage.php b/lib/notestorage.php
index 7ecf049af02a21fb3e351201c65e4ebcc91d5995..0aeef9e63e86f30a5a27ef7f7446c9e3e6e1c611 100644 (file)
--- a/lib/notestorage.php
+++ b/lib/notestorage.php
@@ -246,9 +246,13 @@ class NoteStorage
     }
 
     /**
     }
 
     /**

-     * Load a GUID of a note by the note title
+     * Load a GUID of a note by the note title.

      *
      *

-     * @param string  $title Note title
+     * The note title is stored html-escaped in the database because we
+     * get it that way from tomboy. Thus we have to escape the search
+     * input, too.
+     *
+     * @param string $title Note title.

      *
      * @return string GUID, NULL if note could not be found
      */
      *
      * @return string GUID, NULL if note could not be found
      */


@@ -257,7 +261,7 @@ class NoteStorage
         $row = \OC_DB::executeAudited(
             'SELECT note_guid FROM `*PREFIX*grauphel_notes`'
             . ' WHERE `note_user` = ? AND `note_title` = ?',
         $row = \OC_DB::executeAudited(
             'SELECT note_guid FROM `*PREFIX*grauphel_notes`'
             . ' WHERE `note_user` = ? AND `note_title` = ?',

-            array($this->username, $title)
+            array($this->username, htmlspecialchars($title))

         )->fetchRow();
 
         if ($row === false) {
         )->fetchRow();
 
         if ($row === false) {