X-Git-Url: http://these/git/?a=blobdiff_plain;f=crates%2Fapi_crud%2Fsrc%2Fpost%2Fupdate.rs;h=f3be5f6af903a830a756d0e85a3c09e6d34cfb6d;hb=3471f3533cb724b2cf6953d563aadfcc9f66c1d2;hp=fbbadbc61278795aa0c4f730a286d1cadda5da05;hpb=2de994797e4fe8f569c903de35da55ccdf823fb8;p=lemmy.git diff --git a/crates/api_crud/src/post/update.rs b/crates/api_crud/src/post/update.rs index fbbadbc6..f3be5f6a 100644 --- a/crates/api_crud/src/post/update.rs +++ b/crates/api_crud/src/post/update.rs @@ -5,7 +5,12 @@ use lemmy_api_common::{ context::LemmyContext, post::{EditPost, PostResponse}, request::fetch_site_data, - utils::{check_community_ban, local_site_to_slur_regex, local_user_view_from_jwt}, + utils::{ + check_community_ban, + local_site_to_slur_regex, + local_user_view_from_jwt, + sanitize_html_opt, + }, }; use lemmy_db_schema::{ source::{ @@ -39,7 +44,6 @@ impl PerformCrud for EditPost { // TODO No good way to handle a clear. // Issue link: https://github.com/LemmyNet/lemmy/issues/2287 let url = Some(data_url.map(clean_url_params).map(Into::into)); - let body = diesel_option_overwrite(&data.body); let slur_regex = local_site_to_slur_regex(&local_site); check_slurs_opt(&data.name, &slur_regex)?; @@ -75,6 +79,12 @@ impl PerformCrud for EditPost { .map(|u| (Some(u.title), Some(u.description), Some(u.embed_video_url))) .unwrap_or_default(); + let name = sanitize_html_opt(&data.name); + let body = sanitize_html_opt(&data.body); + let body = diesel_option_overwrite(body); + let embed_title = embed_title.map(|e| sanitize_html_opt(&e)); + let embed_description = embed_description.map(|e| sanitize_html_opt(&e)); + let language_id = self.language_id; CommunityLanguage::is_allowed_community_language( &mut context.pool(), @@ -84,7 +94,7 @@ impl PerformCrud for EditPost { .await?; let post_form = PostUpdateForm::builder() - .name(data.name.clone()) + .name(name) .url(url) .body(body) .nsfw(data.nsfw)