Fix notice when accessing HTML or XML version of a note.

[grauphel.git] / controller / notescontroller.php

diff --git a/controller/notescontroller.php b/controller/notescontroller.php
index c599e7590d9ad4898596bb686bfe4ffb7c35e91b..b81e1627424f4e6d2e2f08b12bb996a54fa3b112 100644 (file)
--- a/controller/notescontroller.php
+++ b/controller/notescontroller.php
@@ -16,6 +16,7 @@ namespace OCA\Grauphel\Controller;
 use \OCP\AppFramework\Controller;
 use \OCP\AppFramework\Http\TemplateResponse;
 use \OCA\Grauphel\Lib\Client;
+use \OCA\Grauphel\Lib\Dependencies;
 use \OCA\Grauphel\Lib\TokenStorage;
 use \OCA\Grauphel\Lib\Response\ErrorResponse;
 
@@ -41,7 +42,8 @@ class NotesController extends Controller
     public function __construct($appName, \OCP\IRequest $request, $user)
     {
         parent::__construct($appName, $request);
-        $this->user   = $user;
+        $this->user = $user;
+        $this->deps = Dependencies::get();
 
         //default http header: we assume something is broken
         header('HTTP/1.0 500 Internal Server Error');
@@ -77,7 +79,10 @@ class NotesController extends Controller
 
         //head
         $xw->startElement('head');
-        $xw->writeElement('title', $note->title);
+        $xw->writeElement(
+            'title',
+            htmlspecialchars_decode($note->title, ENT_QUOTES | ENT_HTML5)
+        );
 
         $xw->startElement('meta');
         $xw->writeAttribute('name', 'author');
@@ -112,8 +117,9 @@ class NotesController extends Controller
 
         //body
         $xw->startElement('body');
-
-        $xw->writeElement('h1', $note->title);
+        $xw->writeElement(
+            'h1', htmlspecialchars_decode($note->title, ENT_QUOTES | ENT_HTML5)
+        );
 
         $converter = new \OCA\Grauphel\Converter\CleanHtml();
         $converter->internalLinkHandler = array($this, 'htmlNoteLinkHandler');
@@ -159,8 +165,9 @@ class NotesController extends Controller
         $converter = new \OCA\Grauphel\Converter\ReStructuredText();
         $converter->internalLinkHandler = array($this, 'textNoteLinkHandler');
         try {
-            $text = $note->title . "\n"
-                . str_repeat('*', strlen($note->title)) . "\n"
+            $title = htmlspecialchars_decode($note->title, ENT_QUOTES | ENT_HTML5);
+            $text = $title . "\n"
+                . str_repeat('*', strlen($title)) . "\n"
                 . "\n";
             $text .= $converter->convert($note->{'note-content'});
             return new \OCA\Grauphel\Response\TextResponse($text);
@@ -233,7 +240,7 @@ class NotesController extends Controller
     protected function getNotes()
     {
         $username = $this->user->getUid();
-        $notes  = new \OCA\Grauphel\Lib\NoteStorage($this->urlGen);
+        $notes  = new \OCA\Grauphel\Lib\NoteStorage($this->deps->urlGen);
         $notes->setUsername($username);
         return $notes;
     }