squeegily
/
pleroma
1
0
Fork 0
Code Issues 0 Pull Requests 0 Releases 42 Wiki Activity
Browse Source

Fix User.registration_reason HTML sanitizing issues

chore/update-floki-find-usage
Alex Gleason 3 years ago
parent
f43518eb74
commit
f688c8df82
No known key found for this signature in database GPG Key ID: 7211D1F99744FBB7
3 changed files with 5 additions and 5 deletions
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. +2
    -1
      lib/pleroma/emails/admin_email.ex
  2. +1
    -2
      lib/pleroma/web/twitter_api/twitter_api.ex
  3. +2
    -2
      test/web/mastodon_api/controllers/account_controller_test.exs

+ 2
- 1
lib/pleroma/emails/admin_email.ex View File

@@ -8,6 +8,7 @@ defmodule Pleroma.Emails.AdminEmail do
import Swoosh.Email

alias Pleroma.Config
alias Pleroma.HTML
alias Pleroma.Web.Router.Helpers

defp instance_config, do: Config.get(:instance)
@@ -86,7 +87,7 @@ defmodule Pleroma.Emails.AdminEmail do
def new_unapproved_registration(to, account) do
html_body = """
<p>New account for review: <a href="#{user_url(account)}">@#{account.nickname}</a></p>
<blockquote>#{account.registration_reason}</blockquote>
<blockquote>#{HTML.strip_tags(account.registration_reason)}</blockquote>
<a href="#{Pleroma.Web.base_url()}/pleroma/admin">Visit AdminFE</a>
"""



+ 1
- 2
lib/pleroma/web/twitter_api/twitter_api.ex View File

@@ -7,7 +7,6 @@ defmodule Pleroma.Web.TwitterAPI.TwitterAPI do

alias Pleroma.Emails.Mailer
alias Pleroma.Emails.UserEmail
alias Pleroma.HTML
alias Pleroma.Repo
alias Pleroma.User
alias Pleroma.UserInviteToken
@@ -20,7 +19,7 @@ defmodule Pleroma.Web.TwitterAPI.TwitterAPI do
|> Map.put(:nickname, params[:username])
|> Map.put(:name, Map.get(params, :fullname, params[:username]))
|> Map.put(:password_confirmation, params[:password])
|> Map.put(:registration_reason, HTML.strip_tags(params[:reason]))
|> Map.put(:registration_reason, params[:reason])

if Pleroma.Config.get([:instance, :registrations_open]) do
create_user(params, opts)


+ 2
- 2
test/web/mastodon_api/controllers/account_controller_test.exs View File

@@ -1017,7 +1017,7 @@ defmodule Pleroma.Web.MastodonAPI.AccountControllerTest do
password: "PlzDontHackLain",
bio: "Test Bio",
agreement: true,
reason: "I am a cool dude, bro"
reason: "I'm a cool dude, bro"
})

%{
@@ -1035,7 +1035,7 @@ defmodule Pleroma.Web.MastodonAPI.AccountControllerTest do
assert token_from_db.user.confirmation_pending
assert token_from_db.user.approval_pending

assert token_from_db.user.registration_reason == "I am a cool dude, bro"
assert token_from_db.user.registration_reason == "I'm a cool dude, bro"
end

test "returns error when user already registred", %{conn: conn, valid_params: valid_params} do


Write Preview
Loading…
Cancel
Save