diff options
| author | Christian Weiske <cweiske@cweiske.de> | 2014-10-24 07:39:12 +0200 |
|---|---|---|
| committer | Christian Weiske <cweiske@cweiske.de> | 2014-10-24 07:39:12 +0200 |
| commit | 93298095b3c4455aa1a4c676d6e2f9915ca06caa (patch) | |
| tree | 5b040a0eac9ef780e4af4160f76f5553c51cc866 /lib | |
| parent | 8ee6bfe97633d31c6b89cebbc434837eca04d6dd (diff) | |
| download | grauphel-93298095b3c4455aa1a4c676d6e2f9915ca06caa.tar.gz grauphel-93298095b3c4455aa1a4c676d6e2f9915ca06caa.zip | |
make linking of notes with <speci"a'l> chars work
Diffstat (limited to 'lib')
| -rw-r--r-- | lib/notestorage.php | 10 |
1 files changed, 7 insertions, 3 deletions
diff --git a/lib/notestorage.php b/lib/notestorage.php index 7ecf049..0aeef9e 100644 --- a/lib/notestorage.php +++ b/lib/notestorage.php @@ -246,9 +246,13 @@ class NoteStorage } /** - * Load a GUID of a note by the note title + * Load a GUID of a note by the note title. * - * @param string $title Note title + * The note title is stored html-escaped in the database because we + * get it that way from tomboy. Thus we have to escape the search + * input, too. + * + * @param string $title Note title. * * @return string GUID, NULL if note could not be found */ @@ -257,7 +261,7 @@ class NoteStorage $row = \OC_DB::executeAudited( 'SELECT note_guid FROM `*PREFIX*grauphel_notes`' . ' WHERE `note_user` = ? AND `note_title` = ?', - array($this->username, $title) + array($this->username, htmlspecialchars($title)) )->fetchRow(); if ($row === false) { |