fix escaping in faculty notes, refs #3888

Change-Id: Ia5ff98778570059bab62b64152285dd68b734024 Reviewed-on: https://gerrit.instructure.com/2419 Tested-by: Hudson <hudson@instructure.com> Reviewed-by: Bracken Mosbacker <bracken@instructure.com> Reviewed-by: Brian Palmer <brianp@instructure.com>
2011-02-23 16:13:03 -07:00 · 2011-02-23 16:13:03 -07:00 · ba7b585193
parent 099fe50e72
commit ba7b585193
3 changed files with 12 additions and 4 deletions
--- a/app/controllers/user_notes_controller.rb
+++ b/app/controllers/user_notes_controller.rb
@ -59,6 +59,11 @@ class UserNotesController < ApplicationController

  def create
    params[:user_note][:user] = User.find(params[:user_note].delete(:user_id))
+    # We want notes to be an html field, but we're only using a plaintext box for now. That's why we're
+    # doing the trip to html now, instead of on the way out. This should be removed once the user notes
+    # entry form is replaced with the rich text editor.
+    self.extend TextHelper
+    params[:user_note][:note] = format_message(params[:user_note][:note]).first
    @user_note = UserNote.new(params[:user_note])
    @user_note.creator = @current_user
    
--- a/app/models/user_note.rb
+++ b/app/models/user_note.rb
@ -55,8 +55,8 @@ class UserNote < ActiveRecord::Base
  
  def formatted_note(truncate=nil)
    self.extend TextHelper
-    res = format_message(note).first
-    res = truncate_html(res, :max_length => truncate, :words => true) if truncate
+    res = self.note
+    res = truncate_html(self.note, :max_length => truncate, :words => true) if truncate
    res
  end
  
@ -83,6 +83,9 @@ class UserNote < ActiveRecord::Base
        note.note += "In reply to: #{root_note.subject}\nFrom: #{root_note.user.name}\n\n"
        note.note += root_note.body
      end
+      # The note content built up above is all plaintext, but note is an html field.
+      self.extend TextHelper
+      note.note = format_message(note.note).first
      note.save
    end
  end
--- a/app/views/user_notes/_user_note.html.erb
+++ b/app/views/user_notes/_user_note.html.erb
@ -27,8 +27,8 @@
    <div class="clear"></div>
  </div>
  <div class="content">
-    <div class="inner_content formatted_note">
-      <%= user_note.try_rescue(:formatted_note) || nbsp %>
+    <div class="inner_content user_content formatted_note">
+      <%= user_content(user_note.try_rescue(:formatted_note) || nbsp, user_note.try(:user).try(:asset_string), nil) %>
    </div>
  </div>
 </div>