use crate::{
activities::{verify_is_public, verify_person_in_community},
check_apub_id_valid_with_strictness,
- fetch_local_site_data,
+ local_site_data_cached,
objects::{read_from_string_or_source_opt, verify_is_remote_object},
protocol::{
objects::{
use lemmy_api_common::{
context::LemmyContext,
request::fetch_site_data,
- utils::{is_mod_or_admin, local_site_opt_to_sensitive, local_site_opt_to_slur_regex},
+ utils::{
+ is_mod_or_admin,
+ local_site_opt_to_sensitive,
+ local_site_opt_to_slur_regex,
+ sanitize_html,
+ sanitize_html_opt,
+ },
};
use lemmy_db_schema::{
self,
markdown::markdown_to_html,
slurs::{check_slurs_opt, remove_slurs},
time::convert_datetime,
+ validation::check_url_scheme,
},
};
use std::ops::Deref;
context: &Data<Self::DataType>,
) -> Result<Option<Self>, LemmyError> {
Ok(
- Post::read_from_apub_id(context.pool(), object_id)
+ Post::read_from_apub_id(&mut context.pool(), object_id)
.await?
.map(Into::into),
)
async fn delete(self, context: &Data<Self::DataType>) -> Result<(), LemmyError> {
if !self.deleted {
let form = PostUpdateForm::builder().deleted(Some(true)).build();
- Post::update(context.pool(), self.id, &form).await?;
+ Post::update(&mut context.pool(), self.id, &form).await?;
}
Ok(())
}
#[tracing::instrument(skip_all)]
async fn into_json(self, context: &Data<Self::DataType>) -> Result<Page, LemmyError> {
let creator_id = self.creator_id;
- let creator = Person::read(context.pool(), creator_id).await?;
+ let creator = Person::read(&mut context.pool(), creator_id).await?;
let community_id = self.community_id;
- let community = Community::read(context.pool(), community_id).await?;
- let language = LanguageTag::new_single(self.language_id, context.pool()).await?;
+ let community = Community::read(&mut context.pool(), community_id).await?;
+ let language = LanguageTag::new_single(self.language_id, &mut context.pool()).await?;
let page = Page {
kind: PageType::Page,
verify_is_remote_object(page.id.inner(), context.settings())?;
};
- let local_site_data = fetch_local_site_data(context.pool()).await?;
-
let community = page.community(context).await?;
- check_apub_id_valid_with_strictness(
- page.id.inner(),
- community.local,
- &local_site_data,
- context.settings(),
- )?;
+ check_apub_id_valid_with_strictness(page.id.inner(), community.local, context).await?;
verify_person_in_community(&page.creator()?, &community, context).await?;
+ let local_site_data = local_site_data_cached(&mut context.pool()).await?;
let slur_regex = &local_site_opt_to_slur_regex(&local_site_data.local_site);
check_slurs_opt(&page.name, slur_regex)?;
let creator = page.creator()?.dereference(context).await?;
let community = page.community(context).await?;
if community.posting_restricted_to_mods {
- is_mod_or_admin(context.pool(), creator.id, community.id).await?;
+ is_mod_or_admin(&mut context.pool(), creator.id, community.id).await?;
}
let mut name = page
.name
} else {
None
};
+ check_url_scheme(&url)?;
- let local_site = LocalSite::read(context.pool()).await.ok();
+ let local_site = LocalSite::read(&mut context.pool()).await.ok();
let allow_sensitive = local_site_opt_to_sensitive(&local_site);
let page_is_sensitive = page.sensitive.unwrap_or(false);
let include_image = allow_sensitive || !page_is_sensitive;
let body_slurs_removed =
read_from_string_or_source_opt(&page.content, &page.media_type, &page.source)
.map(|s| remove_slurs(&s, slur_regex));
- let language_id = LanguageTag::to_language_id_single(page.language, context.pool()).await?;
+ let language_id =
+ LanguageTag::to_language_id_single(page.language, &mut context.pool()).await?;
+
+ let name = sanitize_html(&name);
+ let embed_title = sanitize_html_opt(&embed_title);
+ let embed_description = sanitize_html_opt(&embed_description);
PostInsertForm {
name,
.build()
};
- let post = Post::create(context.pool(), &form).await?;
+ let post = Post::create(&mut context.pool(), &form).await?;
// write mod log entry for lock
if Page::is_locked_changed(&old_post, &page.comments_enabled) {
post_id: post.id,
locked: Some(post.locked),
};
- ModLockPost::create(context.pool(), &form).await?;
+ ModLockPost::create(&mut context.pool(), &form).await?;
}
Ok(post.into())
#[cfg(test)]
mod tests {
+ #![allow(clippy::unwrap_used)]
+ #![allow(clippy::indexing_slicing)]
+
use super::*;
use crate::{
objects::{
assert!(!post.featured_community);
assert_eq!(context.request_count(), 0);
- Post::delete(context.pool(), post.id).await.unwrap();
- Person::delete(context.pool(), person.id).await.unwrap();
- Community::delete(context.pool(), community.id)
+ Post::delete(&mut context.pool(), post.id).await.unwrap();
+ Person::delete(&mut context.pool(), person.id)
+ .await
+ .unwrap();
+ Community::delete(&mut context.pool(), community.id)
.await
.unwrap();
- Site::delete(context.pool(), site.id).await.unwrap();
+ Site::delete(&mut context.pool(), site.id).await.unwrap();
}
}