Sanitize html (#3708)

[lemmy.git] / crates / apub / src / activities / deletion / delete.rs

diff --git a/crates/apub/src/activities/deletion/delete.rs b/crates/apub/src/activities/deletion/delete.rs
index d083309287467fa2b870c266c6cd4b72924d0c44..06f7463ae0f12dfe163677153e726aaf846da746 100644 (file)
--- a/crates/apub/src/activities/deletion/delete.rs
+++ b/crates/apub/src/activities/deletion/delete.rs
@@ -3,12 +3,12 @@ use crate::{
     deletion::{receive_delete_action, verify_delete_activity, DeletableObjects},
     generate_activity_id,
   },
-  insert_activity,
+  insert_received_activity,
   objects::person::ApubPerson,
   protocol::{activities::deletion::delete::Delete, IdOrNestedObject},
 };
 use activitypub_federation::{config::Data, kinds::activity::DeleteType, traits::ActivityHandler};
-use lemmy_api_common::context::LemmyContext;
+use lemmy_api_common::{context::LemmyContext, utils::sanitize_html_opt};
 use lemmy_db_schema::{
   source::{
     comment::{Comment, CommentUpdateForm},
@@ -43,13 +43,13 @@ impl ActivityHandler for Delete {
 
   #[tracing::instrument(skip_all)]
   async fn verify(&self, context: &Data<Self::DataType>) -> Result<(), LemmyError> {
+    insert_received_activity(&self.id, context).await?;
     verify_delete_activity(self, self.summary.is_some(), context).await?;
     Ok(())
   }
 
   #[tracing::instrument(skip_all)]
   async fn receive(self, context: &Data<LemmyContext>) -> Result<(), LemmyError> {
-    insert_activity(&self.id, &self, false, false, context).await?;
     if let Some(reason) = self.summary {
       // We set reason to empty string if it doesn't exist, to distinguish between delete and
       // remove. Here we change it back to option, so we don't write it to db.
@@ -105,6 +105,8 @@ pub(in crate::activities) async fn receive_remove_action(
   reason: Option<String>,
   context: &Data<LemmyContext>,
 ) -> Result<(), LemmyError> {
+  let reason = sanitize_html_opt(&reason);
+
   match DeletableObjects::read_from_db(object, context).await? {
     DeletableObjects::Community(community) => {
       if community.local {
@@ -117,9 +119,9 @@ pub(in crate::activities) async fn receive_remove_action(
         reason,
         expires: None,
       };
-      ModRemoveCommunity::create(context.pool(), &form).await?;
+      ModRemoveCommunity::create(&mut context.pool(), &form).await?;
       Community::update(
-        context.pool(),
+        &mut context.pool(),
         community.id,
         &CommunityUpdateForm::builder().removed(Some(true)).build(),
       )
@@ -132,9 +134,9 @@ pub(in crate::activities) async fn receive_remove_action(
         removed: Some(true),
         reason,
       };
-      ModRemovePost::create(context.pool(), &form).await?;
+      ModRemovePost::create(&mut context.pool(), &form).await?;
       Post::update(
-        context.pool(),
+        &mut context.pool(),
         post.id,
         &PostUpdateForm::builder().removed(Some(true)).build(),
       )
@@ -147,9 +149,9 @@ pub(in crate::activities) async fn receive_remove_action(
         removed: Some(true),
         reason,
       };
-      ModRemoveComment::create(context.pool(), &form).await?;
+      ModRemoveComment::create(&mut context.pool(), &form).await?;
       Comment::update(
-        context.pool(),
+        &mut context.pool(),
         comment.id,
         &CommentUpdateForm::builder().removed(Some(true)).build(),
       )