use lemmy_api_common::{
context::LemmyContext,
post::{CreatePostReport, PostReportResponse},
- utils::{check_community_ban, local_user_view_from_jwt, send_new_report_email_to_admins},
+ utils::{
+ check_community_ban,
+ local_user_view_from_jwt,
+ sanitize_html,
+ send_new_report_email_to_admins,
+ },
};
use lemmy_db_schema::{
source::{
async fn perform(&self, context: &Data<LemmyContext>) -> Result<PostReportResponse, LemmyError> {
let data: &CreatePostReport = self;
let local_user_view = local_user_view_from_jwt(&data.auth, context).await?;
- let local_site = LocalSite::read(context.pool()).await?;
+ let local_site = LocalSite::read(&mut context.pool()).await?;
- let reason = self.reason.trim();
- check_report_reason(reason, &local_site)?;
+ let reason = sanitize_html(self.reason.trim());
+ check_report_reason(&reason, &local_site)?;
let person_id = local_user_view.person.id;
let post_id = data.post_id;
- let post_view = PostView::read(context.pool(), post_id, None, None).await?;
+ let post_view = PostView::read(&mut context.pool(), post_id, None, None).await?;
- check_community_ban(person_id, post_view.community.id, context.pool()).await?;
+ check_community_ban(person_id, post_view.community.id, &mut context.pool()).await?;
let report_form = PostReportForm {
creator_id: person_id,
original_post_name: post_view.post.name,
original_post_url: post_view.post.url,
original_post_body: post_view.post.body,
- reason: reason.to_owned(),
+ reason,
};
- let report = PostReport::report(context.pool(), &report_form)
+ let report = PostReport::report(&mut context.pool(), &report_form)
.await
.with_lemmy_type(LemmyErrorType::CouldntCreateReport)?;
- let post_report_view = PostReportView::read(context.pool(), report.id, person_id).await?;
+ let post_report_view = PostReportView::read(&mut context.pool(), report.id, person_id).await?;
// Email the admins
if local_site.reports_email_admins {
send_new_report_email_to_admins(
&post_report_view.creator.name,
&post_report_view.post_creator.name,
- context.pool(),
+ &mut context.pool(),
context.settings(),
)
.await?;