Sanitize html (#3708)

[lemmy.git] / crates / api_crud / src / custom_emoji / update.rs

diff --git a/crates/api_crud/src/custom_emoji/update.rs b/crates/api_crud/src/custom_emoji/update.rs
index 6233cbe3c53126104519d083333ec5d868230f91..93708c379d7a083e48076115c00c47662d00a214 100644 (file)
--- a/crates/api_crud/src/custom_emoji/update.rs
+++ b/crates/api_crud/src/custom_emoji/update.rs
@@ -3,7 +3,7 @@ use actix_web::web::Data;
 use lemmy_api_common::{
   context::LemmyContext,
   custom_emoji::{CustomEmojiResponse, EditCustomEmoji},
-  utils::{get_local_user_view_from_jwt, is_admin},
+  utils::{is_admin, local_user_view_from_jwt, sanitize_html},
 };
 use lemmy_db_schema::source::{
   custom_emoji::{CustomEmoji, CustomEmojiUpdateForm},
@@ -11,34 +11,32 @@ use lemmy_db_schema::source::{
   local_site::LocalSite,
 };
 use lemmy_db_views::structs::CustomEmojiView;
-use lemmy_utils::{error::LemmyError, ConnectionId};
+use lemmy_utils::error::LemmyError;
 
 #[async_trait::async_trait(?Send)]
 impl PerformCrud for EditCustomEmoji {
   type Response = CustomEmojiResponse;
 
-  #[tracing::instrument(skip(self, context, _websocket_id))]
-  async fn perform(
-    &self,
-    context: &Data<LemmyContext>,
-    _websocket_id: Option<ConnectionId>,
-  ) -> Result<CustomEmojiResponse, LemmyError> {
+  #[tracing::instrument(skip(self, context))]
+  async fn perform(&self, context: &Data<LemmyContext>) -> Result<CustomEmojiResponse, LemmyError> {
     let data: &EditCustomEmoji = self;
-    let local_user_view =
-      get_local_user_view_from_jwt(&data.auth, context.pool(), context.secret()).await?;
+    let local_user_view = local_user_view_from_jwt(&data.auth, context).await?;
 
-    let local_site = LocalSite::read(context.pool()).await?;
+    let local_site = LocalSite::read(&mut context.pool()).await?;
     // Make sure user is an admin
     is_admin(&local_user_view)?;
 
+    let alt_text = sanitize_html(&data.alt_text);
+    let category = sanitize_html(&data.category);
+
     let emoji_form = CustomEmojiUpdateForm::builder()
       .local_site_id(local_site.id)
-      .alt_text(data.alt_text.to_string())
-      .category(data.category.to_string())
+      .alt_text(alt_text)
+      .category(category)
       .image_url(data.clone().image_url.into())
       .build();
-    let emoji = CustomEmoji::update(context.pool(), data.id, &emoji_form).await?;
-    CustomEmojiKeyword::delete(context.pool(), data.id).await?;
+    let emoji = CustomEmoji::update(&mut context.pool(), data.id, &emoji_form).await?;
+    CustomEmojiKeyword::delete(&mut context.pool(), data.id).await?;
     let mut keywords = vec![];
     for keyword in &data.keywords {
       let keyword_form = CustomEmojiKeywordInsertForm::builder()
@@ -47,8 +45,8 @@ impl PerformCrud for EditCustomEmoji {
         .build();
       keywords.push(keyword_form);
     }
-    CustomEmojiKeyword::create(context.pool(), keywords).await?;
-    let view = CustomEmojiView::get(context.pool(), emoji.id).await?;
+    CustomEmojiKeyword::create(&mut context.pool(), keywords).await?;
+    let view = CustomEmojiView::get(&mut context.pool(), emoji.id).await?;
     Ok(CustomEmojiResponse { custom_emoji: view })
   }
 }