X-Git-Url: http://these/git/?a=blobdiff_plain;f=crates%2Fapi%2Fsrc%2Fpost_report%2Fcreate.rs;h=a4081015ca6152dc3b79298c3e35838036756113;hb=3471f3533cb724b2cf6953d563aadfcc9f66c1d2;hp=0915a0a8e044efa0aff3a4d4ae666d672068e6f1;hpb=93225e5ddfd48e613afe51984243112a1bedfcc2;p=lemmy.git

diff --git a/crates/api/src/post_report/create.rs b/crates/api/src/post_report/create.rs
index 0915a0a8..a4081015 100644
--- a/crates/api/src/post_report/create.rs
+++ b/crates/api/src/post_report/create.rs
@@ -3,7 +3,12 @@ use actix_web::web::Data;
 use lemmy_api_common::{
   context::LemmyContext,
   post::{CreatePostReport, PostReportResponse},
-  utils::{check_community_ban, local_user_view_from_jwt, send_new_report_email_to_admins},
+  utils::{
+    check_community_ban,
+    local_user_view_from_jwt,
+    sanitize_html,
+    send_new_report_email_to_admins,
+  },
 };
 use lemmy_db_schema::{
   source::{
@@ -24,16 +29,16 @@ impl Perform for CreatePostReport {
   async fn perform(&self, context: &Data<LemmyContext>) -> Result<PostReportResponse, LemmyError> {
     let data: &CreatePostReport = self;
     let local_user_view = local_user_view_from_jwt(&data.auth, context).await?;
-    let local_site = LocalSite::read(context.pool()).await?;
+    let local_site = LocalSite::read(&mut context.pool()).await?;
 
-    let reason = self.reason.trim();
-    check_report_reason(reason, &local_site)?;
+    let reason = sanitize_html(self.reason.trim());
+    check_report_reason(&reason, &local_site)?;
 
     let person_id = local_user_view.person.id;
     let post_id = data.post_id;
-    let post_view = PostView::read(context.pool(), post_id, None, None).await?;
+    let post_view = PostView::read(&mut context.pool(), post_id, None, None).await?;
 
-    check_community_ban(person_id, post_view.community.id, context.pool()).await?;
+    check_community_ban(person_id, post_view.community.id, &mut context.pool()).await?;
 
     let report_form = PostReportForm {
       creator_id: person_id,
@@ -41,21 +46,21 @@ impl Perform for CreatePostReport {
       original_post_name: post_view.post.name,
       original_post_url: post_view.post.url,
       original_post_body: post_view.post.body,
-      reason: reason.to_owned(),
+      reason,
     };
 
-    let report = PostReport::report(context.pool(), &report_form)
+    let report = PostReport::report(&mut context.pool(), &report_form)
       .await
       .with_lemmy_type(LemmyErrorType::CouldntCreateReport)?;
 
-    let post_report_view = PostReportView::read(context.pool(), report.id, person_id).await?;
+    let post_report_view = PostReportView::read(&mut context.pool(), report.id, person_id).await?;
 
     // Email the admins
     if local_site.reports_email_admins {
       send_new_report_email_to_admins(
         &post_report_view.creator.name,
         &post_report_view.post_creator.name,
-        context.pool(),
+        &mut context.pool(),
         context.settings(),
       )
       .await?;