use lemmy_api_common::{
context::LemmyContext,
custom_emoji::{CreateCustomEmoji, CustomEmojiResponse},
- utils::{is_admin, local_user_view_from_jwt},
+ utils::{is_admin, local_user_view_from_jwt, sanitize_html},
};
use lemmy_db_schema::source::{
custom_emoji::{CustomEmoji, CustomEmojiInsertForm},
let data: &CreateCustomEmoji = self;
let local_user_view = local_user_view_from_jwt(&data.auth, context).await?;
- let local_site = LocalSite::read(context.pool()).await?;
+ let local_site = LocalSite::read(&mut context.pool()).await?;
// Make sure user is an admin
is_admin(&local_user_view)?;
+ let shortcode = sanitize_html(data.shortcode.to_lowercase().trim());
+ let alt_text = sanitize_html(&data.alt_text);
+ let category = sanitize_html(&data.category);
+
let emoji_form = CustomEmojiInsertForm::builder()
.local_site_id(local_site.id)
- .shortcode(data.shortcode.to_lowercase().trim().to_string())
- .alt_text(data.alt_text.to_string())
- .category(data.category.to_string())
+ .shortcode(shortcode)
+ .alt_text(alt_text)
+ .category(category)
.image_url(data.clone().image_url.into())
.build();
- let emoji = CustomEmoji::create(context.pool(), &emoji_form).await?;
+ let emoji = CustomEmoji::create(&mut context.pool(), &emoji_form).await?;
let mut keywords = vec![];
for keyword in &data.keywords {
let keyword_form = CustomEmojiKeywordInsertForm::builder()
.build();
keywords.push(keyword_form);
}
- CustomEmojiKeyword::create(context.pool(), keywords).await?;
- let view = CustomEmojiView::get(context.pool(), emoji.id).await?;
+ CustomEmojiKeyword::create(&mut context.pool(), keywords).await?;
+ let view = CustomEmojiView::get(&mut context.pool(), emoji.id).await?;
Ok(CustomEmojiResponse { custom_emoji: view })
}
}