]> Untitled Git - lemmy.git/blobdiff - crates/api_crud/src/user/create.rs
Sanitize html (#3708)
[lemmy.git] / crates / api_crud / src / user / create.rs
index 2bfd48ef0c74c2c7aa7bfa8c65b8e973d80d0a9a..f2af6940e05867d6c92f846876401fc58c5c06b5 100644 (file)
@@ -11,6 +11,7 @@ use lemmy_api_common::{
     honeypot_check,
     local_site_to_slur_regex,
     password_length_check,
+    sanitize_html,
     send_new_applicant_email_to_admins,
     send_verification_email,
     EndpointType,
@@ -45,7 +46,7 @@ impl PerformCrud for Register {
   async fn perform(&self, context: &Data<LemmyContext>) -> Result<LoginResponse, LemmyError> {
     let data: &Register = self;
 
-    let site_view = SiteView::read_local(context.pool()).await?;
+    let site_view = SiteView::read_local(&mut context.pool()).await?;
     let local_site = site_view.local_site;
     let require_registration_application =
       local_site.registration_mode == RegistrationMode::RequireApplication;
@@ -74,7 +75,7 @@ impl PerformCrud for Register {
       if let Some(captcha_uuid) = &data.captcha_uuid {
         let uuid = uuid::Uuid::parse_str(captcha_uuid)?;
         let check = CaptchaAnswer::check_captcha(
-          context.pool(),
+          &mut context.pool(),
           CheckCaptchaAnswer {
             uuid,
             answer: data.captcha_answer.clone().unwrap_or_default(),
@@ -92,6 +93,7 @@ impl PerformCrud for Register {
     let slur_regex = local_site_to_slur_regex(&local_site);
     check_slurs(&data.username, &slur_regex)?;
     check_slurs_opt(&data.answer, &slur_regex)?;
+    let username = sanitize_html(&data.username);
 
     let actor_keypair = generate_actor_keypair()?;
     is_valid_actor_name(&data.username, local_site.actor_name_max_length as usize)?;
@@ -102,7 +104,7 @@ impl PerformCrud for Register {
     )?;
 
     if let Some(email) = &data.email {
-      if LocalUser::is_email_taken(context.pool(), email).await? {
+      if LocalUser::is_email_taken(&mut context.pool(), email).await? {
         return Err(LemmyErrorType::EmailAlreadyExists)?;
       }
     }
@@ -111,7 +113,7 @@ impl PerformCrud for Register {
 
     // Register the new person
     let person_form = PersonInsertForm::builder()
-      .name(data.username.clone())
+      .name(username)
       .actor_id(Some(actor_id.clone()))
       .private_key(Some(actor_keypair.private_key))
       .public_key(actor_keypair.public_key)
@@ -123,7 +125,7 @@ impl PerformCrud for Register {
       .build();
 
     // insert the person
-    let inserted_person = Person::create(context.pool(), &person_form)
+    let inserted_person = Person::create(&mut context.pool(), &person_form)
       .await
       .with_lemmy_type(LemmyErrorType::UserAlreadyExists)?;
 
@@ -138,9 +140,10 @@ impl PerformCrud for Register {
       .password_encrypted(data.password.to_string())
       .show_nsfw(Some(data.show_nsfw))
       .accepted_application(accepted_application)
+      .default_listing_type(Some(local_site.default_post_listing_type))
       .build();
 
-    let inserted_local_user = LocalUser::create(context.pool(), &local_user_form).await?;
+    let inserted_local_user = LocalUser::create(&mut context.pool(), &local_user_form).await?;
 
     if local_site.site_setup && require_registration_application {
       // Create the registration application
@@ -150,12 +153,12 @@ impl PerformCrud for Register {
         answer: data.answer.clone().expect("must have an answer"),
       };
 
-      RegistrationApplication::create(context.pool(), &form).await?;
+      RegistrationApplication::create(&mut context.pool(), &form).await?;
     }
 
     // Email the admins
     if local_site.application_email_admins {
-      send_new_applicant_email_to_admins(&data.username, context.pool(), context.settings())
+      send_new_applicant_email_to_admins(&data.username, &mut context.pool(), context.settings())
         .await?;
     }
 
@@ -191,8 +194,13 @@ impl PerformCrud for Register {
           .clone()
           .expect("email was provided");
 
-        send_verification_email(&local_user_view, &email, context.pool(), context.settings())
-          .await?;
+        send_verification_email(
+          &local_user_view,
+          &email,
+          &mut context.pool(),
+          context.settings(),
+        )
+        .await?;
         login_response.verify_email_sent = true;
       }