X-Git-Url: http://these/git/?a=blobdiff_plain;f=crates%2Fapi%2Fsrc%2Fprivate_message_report%2Fcreate.rs;h=4ca1d7cd6265c58b24fd6ed787fbcb1660f56652;hb=3471f3533cb724b2cf6953d563aadfcc9f66c1d2;hp=d732b41af3f9a83067b7d25e010759680d6c42bc;hpb=93225e5ddfd48e613afe51984243112a1bedfcc2;p=lemmy.git

diff --git a/crates/api/src/private_message_report/create.rs b/crates/api/src/private_message_report/create.rs
index d732b41a..4ca1d7cd 100644
--- a/crates/api/src/private_message_report/create.rs
+++ b/crates/api/src/private_message_report/create.rs
@@ -3,7 +3,7 @@ use actix_web::web::Data;
 use lemmy_api_common::{
   context::LemmyContext,
   private_message::{CreatePrivateMessageReport, PrivateMessageReportResponse},
-  utils::{local_user_view_from_jwt, send_new_report_email_to_admins},
+  utils::{local_user_view_from_jwt, sanitize_html, send_new_report_email_to_admins},
 };
 use lemmy_db_schema::{
   source::{
@@ -23,35 +23,35 @@ impl Perform for CreatePrivateMessageReport {
   #[tracing::instrument(skip(context))]
   async fn perform(&self, context: &Data<LemmyContext>) -> Result<Self::Response, LemmyError> {
     let local_user_view = local_user_view_from_jwt(&self.auth, context).await?;
-    let local_site = LocalSite::read(context.pool()).await?;
+    let local_site = LocalSite::read(&mut context.pool()).await?;
 
-    let reason = self.reason.trim();
-    check_report_reason(reason, &local_site)?;
+    let reason = sanitize_html(self.reason.trim());
+    check_report_reason(&reason, &local_site)?;
 
     let person_id = local_user_view.person.id;
     let private_message_id = self.private_message_id;
-    let private_message = PrivateMessage::read(context.pool(), private_message_id).await?;
+    let private_message = PrivateMessage::read(&mut context.pool(), private_message_id).await?;
 
     let report_form = PrivateMessageReportForm {
       creator_id: person_id,
       private_message_id,
       original_pm_text: private_message.content,
-      reason: reason.to_owned(),
+      reason: reason.clone(),
     };
 
-    let report = PrivateMessageReport::report(context.pool(), &report_form)
+    let report = PrivateMessageReport::report(&mut context.pool(), &report_form)
       .await
       .with_lemmy_type(LemmyErrorType::CouldntCreateReport)?;
 
     let private_message_report_view =
-      PrivateMessageReportView::read(context.pool(), report.id).await?;
+      PrivateMessageReportView::read(&mut context.pool(), report.id).await?;
 
     // Email the admins
     if local_site.reports_email_admins {
       send_new_report_email_to_admins(
         &private_message_report_view.creator.name,
         &private_message_report_view.private_message_creator.name,
-        context.pool(),
+        &mut context.pool(),
         context.settings(),
       )
       .await?;