X-Git-Url: http://these/git/?a=blobdiff_plain;f=crates%2Fapi_crud%2Fsrc%2Fcustom_emoji%2Fcreate.rs;h=93e7114aef2cd875a3c0ab7a0ea75fc8aeb4045b;hb=3471f3533cb724b2cf6953d563aadfcc9f66c1d2;hp=5aaf56125d7646b9cdd41577a14e6b1e22bba5dc;hpb=3565ad984a0270c7dd29051a9ff6d15fc5a8ed47;p=lemmy.git

diff --git a/crates/api_crud/src/custom_emoji/create.rs b/crates/api_crud/src/custom_emoji/create.rs
index 5aaf5612..93e7114a 100644
--- a/crates/api_crud/src/custom_emoji/create.rs
+++ b/crates/api_crud/src/custom_emoji/create.rs
@@ -3,7 +3,7 @@ use actix_web::web::Data;
 use lemmy_api_common::{
   context::LemmyContext,
   custom_emoji::{CreateCustomEmoji, CustomEmojiResponse},
-  utils::{is_admin, local_user_view_from_jwt},
+  utils::{is_admin, local_user_view_from_jwt, sanitize_html},
 };
 use lemmy_db_schema::source::{
   custom_emoji::{CustomEmoji, CustomEmojiInsertForm},
@@ -22,18 +22,22 @@ impl PerformCrud for CreateCustomEmoji {
     let data: &CreateCustomEmoji = self;
     let local_user_view = local_user_view_from_jwt(&data.auth, context).await?;
 
-    let local_site = LocalSite::read(context.pool()).await?;
+    let local_site = LocalSite::read(&mut context.pool()).await?;
     // Make sure user is an admin
     is_admin(&local_user_view)?;
 
+    let shortcode = sanitize_html(data.shortcode.to_lowercase().trim());
+    let alt_text = sanitize_html(&data.alt_text);
+    let category = sanitize_html(&data.category);
+
     let emoji_form = CustomEmojiInsertForm::builder()
       .local_site_id(local_site.id)
-      .shortcode(data.shortcode.to_lowercase().trim().to_string())
-      .alt_text(data.alt_text.to_string())
-      .category(data.category.to_string())
+      .shortcode(shortcode)
+      .alt_text(alt_text)
+      .category(category)
       .image_url(data.clone().image_url.into())
       .build();
-    let emoji = CustomEmoji::create(context.pool(), &emoji_form).await?;
+    let emoji = CustomEmoji::create(&mut context.pool(), &emoji_form).await?;
     let mut keywords = vec![];
     for keyword in &data.keywords {
       let keyword_form = CustomEmojiKeywordInsertForm::builder()
@@ -42,8 +46,8 @@ impl PerformCrud for CreateCustomEmoji {
         .build();
       keywords.push(keyword_form);
     }
-    CustomEmojiKeyword::create(context.pool(), keywords).await?;
-    let view = CustomEmojiView::get(context.pool(), emoji.id).await?;
+    CustomEmojiKeyword::create(&mut context.pool(), keywords).await?;
+    let view = CustomEmojiView::get(&mut context.pool(), emoji.id).await?;
     Ok(CustomEmojiResponse { custom_emoji: view })
   }
 }