X-Git-Url: http://these/git/?a=blobdiff_plain;f=crates%2Fapi_crud%2Fsrc%2Fpost%2Fcreate.rs;h=07e2cc27b6143f8a0f5b13da4aad9307c546393a;hb=969f8b2ce9cd80492eb5e556ce3bda95c9b892b3;hp=16a6f0004389cebb54c8a4676de9abe72014b13e;hpb=5d23ef960e3361d1cc38c1aff1d907d8da58b90f;p=lemmy.git

diff --git a/crates/api_crud/src/post/create.rs b/crates/api_crud/src/post/create.rs
index 16a6f000..07e2cc27 100644
--- a/crates/api_crud/src/post/create.rs
+++ b/crates/api_crud/src/post/create.rs
@@ -14,6 +14,8 @@ use lemmy_api_common::{
     local_site_to_slur_regex,
     local_user_view_from_jwt,
     mark_post_as_read,
+    sanitize_html,
+    sanitize_html_opt,
     EndpointType,
   },
 };
@@ -91,6 +93,21 @@ pub async fn create_post(
     .map(|u| (u.title, u.description, u.embed_video_url))
     .unwrap_or_default();
 
+  let name = sanitize_html(data.name.trim());
+  let body = sanitize_html_opt(&data.body);
+  let embed_title = sanitize_html_opt(&embed_title);
+  let embed_description = sanitize_html_opt(&embed_description);
+
+  // Only need to check if language is allowed in case user set it explicitly. When using default
+  // language, it already only returns allowed languages.
+  CommunityLanguage::is_allowed_community_language(
+    &mut context.pool(),
+    data.language_id,
+    community_id,
+  )
+  .await?;
+
+  // attempt to set default language if none was provided
   let language_id = match data.language_id {
     Some(lid) => Some(lid),
     None => {
@@ -102,13 +119,11 @@ pub async fn create_post(
       .await?
     }
   };
-  CommunityLanguage::is_allowed_community_language(&mut context.pool(), language_id, community_id)
-    .await?;
 
   let post_form = PostInsertForm::builder()
-    .name(data.name.trim().to_owned())
+    .name(name)
     .url(url)
-    .body(data.body.clone())
+    .body(body)
     .community_id(data.community_id)
     .creator_id(local_user_view.person.id)
     .nsfw(data.nsfw)
@@ -133,7 +148,10 @@ pub async fn create_post(
   let updated_post = Post::update(
     &mut context.pool(),
     inserted_post_id,
-    &PostUpdateForm::builder().ap_id(Some(apub_id)).build(),
+    &PostUpdateForm {
+      ap_id: Some(apub_id),
+      ..Default::default()
+    },
   )
   .await
   .with_lemmy_type(LemmyErrorType::CouldntCreatePost)?;
@@ -179,7 +197,5 @@ pub async fn create_post(
     }
   };
 
-  Ok(Json(
-    build_post_response(&context, community_id, person_id, post_id).await?,
-  ))
+  build_post_response(&context, community_id, person_id, post_id).await
 }