X-Git-Url: http://these/git/?a=blobdiff_plain;f=crates%2Fapi%2Fsrc%2Flocal_user%2Fsave_settings.rs;h=152c11ad12e1e9c6c0840bb82603ad905d1a1369;hb=3471f3533cb724b2cf6953d563aadfcc9f66c1d2;hp=4176a3f4c511014b0d959d43609b4bf12cdd28d3;hpb=9b5e765364ecf7de64c9cbc7a452ccfaabce5449;p=lemmy.git

diff --git a/crates/api/src/local_user/save_settings.rs b/crates/api/src/local_user/save_settings.rs
index 4176a3f4..152c11ad 100644
--- a/crates/api/src/local_user/save_settings.rs
+++ b/crates/api/src/local_user/save_settings.rs
@@ -3,7 +3,7 @@ use actix_web::web::Data;
 use lemmy_api_common::{
   context::LemmyContext,
   person::{LoginResponse, SaveUserSettings},
-  utils::{local_user_view_from_jwt, send_verification_email},
+  utils::{local_user_view_from_jwt, sanitize_html_opt, send_verification_email},
 };
 use lemmy_db_schema::{
   source::{
@@ -37,13 +37,16 @@ impl Perform for SaveUserSettings {
     let local_user_view = local_user_view_from_jwt(&data.auth, context).await?;
     let site_view = SiteView::read_local(&mut context.pool()).await?;
 
+    let bio = sanitize_html_opt(&data.bio);
+    let display_name = sanitize_html_opt(&data.display_name);
+
     let avatar = diesel_option_overwrite_to_url(&data.avatar)?;
     let banner = diesel_option_overwrite_to_url(&data.banner)?;
-    let bio = diesel_option_overwrite(&data.bio);
-    let display_name = diesel_option_overwrite(&data.display_name);
-    let matrix_user_id = diesel_option_overwrite(&data.matrix_user_id);
+    let bio = diesel_option_overwrite(bio);
+    let display_name = diesel_option_overwrite(display_name);
+    let matrix_user_id = diesel_option_overwrite(data.matrix_user_id.clone());
     let email_deref = data.email.as_deref().map(str::to_lowercase);
-    let email = diesel_option_overwrite(&email_deref);
+    let email = diesel_option_overwrite(email_deref.clone());
 
     if let Some(Some(email)) = &email {
       let previous_email = local_user_view.local_user.email.clone().unwrap_or_default();
@@ -85,6 +88,7 @@ impl Perform for SaveUserSettings {
     let person_id = local_user_view.person.id;
     let default_listing_type = data.default_listing_type;
     let default_sort_type = data.default_sort_type;
+    let theme = sanitize_html_opt(&data.theme);
 
     let person_form = PersonUpdateForm::builder()
       .display_name(display_name)
@@ -124,11 +128,13 @@ impl Perform for SaveUserSettings {
       .show_new_post_notifs(data.show_new_post_notifs)
       .send_notifications_to_email(data.send_notifications_to_email)
       .show_nsfw(data.show_nsfw)
+      .blur_nsfw(data.blur_nsfw)
+      .auto_expand(data.auto_expand)
       .show_bot_accounts(data.show_bot_accounts)
       .show_scores(data.show_scores)
       .default_sort_type(default_sort_type)
       .default_listing_type(default_listing_type)
-      .theme(data.theme.clone())
+      .theme(theme)
       .interface_language(data.interface_language.clone())
       .totp_2fa_secret(totp_2fa_secret)
       .totp_2fa_url(totp_2fa_url)