Sanitize html (#3708)

[lemmy.git] / crates / api / src / site / purge / person.rs

diff --git a/crates/api/src/site/purge/person.rs b/crates/api/src/site/purge/person.rs
index f0cbc7e8dd8c55f7544d4fda1eb2cee96c75dcc3..838b36070d364611f8344f6280beb261eb3b7ec5 100644 (file)
--- a/crates/api/src/site/purge/person.rs
+++ b/crates/api/src/site/purge/person.rs
@@ -4,7 +4,7 @@ use lemmy_api_common::{
   context::LemmyContext,
   request::purge_image_from_pictrs,
   site::{PurgeItemResponse, PurgePerson},
-  utils::{is_admin, local_user_view_from_jwt, purge_image_posts_for_person},
+  utils::{is_admin, local_user_view_from_jwt, purge_image_posts_for_person, sanitize_html_opt},
 };
 use lemmy_db_schema::{
   source::{
@@ -29,7 +29,7 @@ impl Perform for PurgePerson {
 
     // Read the person to get their images
     let person_id = data.person_id;
-    let person = Person::read(context.pool(), person_id).await?;
+    let person = Person::read(&mut context.pool(), person_id).await?;
 
     if let Some(banner) = person.banner {
       purge_image_from_pictrs(context.client(), context.settings(), &banner)
@@ -45,22 +45,22 @@ impl Perform for PurgePerson {
 
     purge_image_posts_for_person(
       person_id,
-      context.pool(),
+      &mut context.pool(),
       context.settings(),
       context.client(),
     )
     .await?;
 
-    Person::delete(context.pool(), person_id).await?;
+    Person::delete(&mut context.pool(), person_id).await?;
 
     // Mod tables
-    let reason = data.reason.clone();
+    let reason = sanitize_html_opt(&data.reason);
     let form = AdminPurgePersonForm {
       admin_person_id: local_user_view.person.id,
       reason,
     };
 
-    AdminPurgePerson::create(context.pool(), &form).await?;
+    AdminPurgePerson::create(&mut context.pool(), &form).await?;
 
     Ok(PurgeItemResponse { success: true })
   }