X-Git-Url: http://these/git/?a=blobdiff_plain;f=crates%2Fapi_crud%2Fsrc%2Fsite%2Fcreate.rs;h=98d111a1de8e22cb1ef27f61d32415b71cc5c20a;hb=3471f3533cb724b2cf6953d563aadfcc9f66c1d2;hp=ed433ad9de78ea49b35348158711e14c76a90866;hpb=ef9dc5d0b6f727cc78ab4df214e6e65ec77c3b9e;p=lemmy.git

diff --git a/crates/api_crud/src/site/create.rs b/crates/api_crud/src/site/create.rs
index ed433ad9..98d111a1 100644
--- a/crates/api_crud/src/site/create.rs
+++ b/crates/api_crud/src/site/create.rs
@@ -12,6 +12,8 @@ use lemmy_api_common::{
     is_admin,
     local_site_rate_limit_to_rate_limit_config,
     local_user_view_from_jwt,
+    sanitize_html,
+    sanitize_html_opt,
   },
 };
 use lemmy_db_schema::{
@@ -49,7 +51,7 @@ impl PerformCrud for CreateSite {
   async fn perform(&self, context: &Data<LemmyContext>) -> Result<SiteResponse, LemmyError> {
     let data: &CreateSite = self;
     let local_user_view = local_user_view_from_jwt(&data.auth, context).await?;
-    let local_site = LocalSite::read(context.pool()).await?;
+    let local_site = LocalSite::read(&mut context.pool()).await?;
 
     // Make sure user is an admin; other types of users should not create site data...
     is_admin(&local_user_view)?;
@@ -59,10 +61,14 @@ impl PerformCrud for CreateSite {
     let actor_id: DbUrl = Url::parse(&context.settings().get_protocol_and_hostname())?.into();
     let inbox_url = Some(generate_site_inbox_url(&actor_id)?);
     let keypair = generate_actor_keypair()?;
+    let name = sanitize_html(&data.name);
+    let sidebar = sanitize_html_opt(&data.sidebar);
+    let description = sanitize_html_opt(&data.description);
+
     let site_form = SiteUpdateForm::builder()
-      .name(Some(data.name.clone()))
-      .sidebar(diesel_option_overwrite(&data.sidebar))
-      .description(diesel_option_overwrite(&data.description))
+      .name(Some(name))
+      .sidebar(diesel_option_overwrite(sidebar))
+      .description(diesel_option_overwrite(description))
       .icon(diesel_option_overwrite_to_url(&data.icon)?)
       .banner(diesel_option_overwrite_to_url(&data.banner)?)
       .actor_id(Some(actor_id))
@@ -74,7 +80,11 @@ impl PerformCrud for CreateSite {
 
     let site_id = local_site.site_id;
 
-    Site::update(context.pool(), site_id, &site_form).await?;
+    Site::update(&mut context.pool(), site_id, &site_form).await?;
+
+    let application_question = sanitize_html_opt(&data.application_question);
+    let default_theme = sanitize_html_opt(&data.default_theme);
+    let legal_information = sanitize_html_opt(&data.legal_information);
 
     let local_site_form = LocalSiteUpdateForm::builder()
       // Set the site setup to true
@@ -84,22 +94,22 @@ impl PerformCrud for CreateSite {
       .enable_nsfw(data.enable_nsfw)
       .community_creation_admin_only(data.community_creation_admin_only)
       .require_email_verification(data.require_email_verification)
-      .application_question(diesel_option_overwrite(&data.application_question))
+      .application_question(diesel_option_overwrite(application_question))
       .private_instance(data.private_instance)
-      .default_theme(data.default_theme.clone())
+      .default_theme(default_theme)
       .default_post_listing_type(data.default_post_listing_type)
-      .legal_information(diesel_option_overwrite(&data.legal_information))
+      .legal_information(diesel_option_overwrite(legal_information))
       .application_email_admins(data.application_email_admins)
       .hide_modlog_mod_names(data.hide_modlog_mod_names)
       .updated(Some(Some(naive_now())))
-      .slur_filter_regex(diesel_option_overwrite(&data.slur_filter_regex))
+      .slur_filter_regex(diesel_option_overwrite(data.slur_filter_regex.clone()))
       .actor_name_max_length(data.actor_name_max_length)
       .federation_enabled(data.federation_enabled)
       .captcha_enabled(data.captcha_enabled)
       .captcha_difficulty(data.captcha_difficulty.clone())
       .build();
 
-    LocalSite::update(context.pool(), &local_site_form).await?;
+    LocalSite::update(&mut context.pool(), &local_site_form).await?;
 
     let local_site_rate_limit_form = LocalSiteRateLimitUpdateForm::builder()
       .message(data.rate_limit_message)
@@ -116,12 +126,12 @@ impl PerformCrud for CreateSite {
       .search_per_second(data.rate_limit_search_per_second)
       .build();
 
-    LocalSiteRateLimit::update(context.pool(), &local_site_rate_limit_form).await?;
+    LocalSiteRateLimit::update(&mut context.pool(), &local_site_rate_limit_form).await?;
 
-    let site_view = SiteView::read_local(context.pool()).await?;
+    let site_view = SiteView::read_local(&mut context.pool()).await?;
 
     let new_taglines = data.taglines.clone();
-    let taglines = Tagline::replace(context.pool(), local_site.id, new_taglines).await?;
+    let taglines = Tagline::replace(&mut context.pool(), local_site.id, new_taglines).await?;
 
     let rate_limit_config =
       local_site_rate_limit_to_rate_limit_config(&site_view.local_site_rate_limit);
@@ -183,6 +193,9 @@ fn validate_create_payload(local_site: &LocalSite, create_site: &CreateSite) ->
 
 #[cfg(test)]
 mod tests {
+  #![allow(clippy::unwrap_used)]
+  #![allow(clippy::indexing_slicing)]
+
   use crate::site::create::validate_create_payload;
   use lemmy_api_common::site::CreateSite;
   use lemmy_db_schema::{source::local_site::LocalSite, ListingType, RegistrationMode};