diff options
| author | Christian Weiske <cweiske@cweiske.de> | 2014-10-24 07:39:12 +0200 |
|---|---|---|
| committer | Christian Weiske <cweiske@cweiske.de> | 2014-10-24 07:39:12 +0200 |
| commit | 93298095b3c4455aa1a4c676d6e2f9915ca06caa (patch) | |
| tree | 5b040a0eac9ef780e4af4160f76f5553c51cc866 | |
| parent | 8ee6bfe97633d31c6b89cebbc434837eca04d6dd (diff) | |
| download | grauphel-93298095b3c4455aa1a4c676d6e2f9915ca06caa.tar.gz grauphel-93298095b3c4455aa1a4c676d6e2f9915ca06caa.zip | |
make linking of notes with <speci"a'l> chars work
| -rw-r--r-- | README.rst | 11 | ||||
| -rw-r--r-- | lib/notestorage.php | 10 | ||||
| -rw-r--r-- | templates/gui-note.php | 2 | ||||
| -rw-r--r-- | templates/tag.php | 2 |
4 files changed, 20 insertions, 5 deletions
@@ -72,3 +72,14 @@ Home page __ http://apps.owncloud.com/content/show.php?action=content&content=166654 __ http://git.cweiske.de/grauphel.git/ __ https://github.com/cweiske/grauphel + + +================= +Development hints +================= +* JSON coming from Tomboy: Title is html-escaped already + (e.g. ``>`` is ``>``). + We store it that way in the database, so there is no need to escape the + output. +* ``latest-sync-revision`` sent from Tomboy during PUT sync is already + incremented by 1. diff --git a/lib/notestorage.php b/lib/notestorage.php index 7ecf049..0aeef9e 100644 --- a/lib/notestorage.php +++ b/lib/notestorage.php @@ -246,9 +246,13 @@ class NoteStorage } /** - * Load a GUID of a note by the note title + * Load a GUID of a note by the note title. * - * @param string $title Note title + * The note title is stored html-escaped in the database because we + * get it that way from tomboy. Thus we have to escape the search + * input, too. + * + * @param string $title Note title. * * @return string GUID, NULL if note could not be found */ @@ -257,7 +261,7 @@ class NoteStorage $row = \OC_DB::executeAudited( 'SELECT note_guid FROM `*PREFIX*grauphel_notes`' . ' WHERE `note_user` = ? AND `note_title` = ?', - array($this->username, $title) + array($this->username, htmlspecialchars($title)) )->fetchRow(); if ($row === false) { diff --git a/templates/gui-note.php b/templates/gui-note.php index a7e0587..296a0d2 100644 --- a/templates/gui-note.php +++ b/templates/gui-note.php @@ -6,7 +6,7 @@ <script type="text/javascript" src="<?php p(OCP\Util::linkTo('grauphel','js/grauphel.js')); ?>"></script> <div id="app-content" class="content"> - <h1><?php p($_['note']->title); ?></h1> + <h1><?php echo ($_['note']->title); ?></h1> <p class="muted"> Last modified: <?php p(\OCP\Util::formatDate(strtotime($_['note']->{'last-change-date'}))); ?> diff --git a/templates/tag.php b/templates/tag.php index 8c7eecc..850b034 100644 --- a/templates/tag.php +++ b/templates/tag.php @@ -18,7 +18,7 @@ <?php foreach ($_['notes'] as $note) { ?> <tr id="note-<?php p($note['guid']); ?>"> <td> - <a class="cellclick" href="<?php p(OCP\Util::linkToRoute('grauphel.gui.note', array('guid' => $note['guid']))); ?>"><?php p($note['title']); ?></a> + <a class="cellclick" href="<?php p(OCP\Util::linkToRoute('grauphel.gui.note', array('guid' => $note['guid']))); ?>"><?php echo ($note['title']); ?></a> </td> <td> </td> |