Fix User.registration_reason HTML sanitizing issues
This commit is contained in:
parent
f43518eb74
commit
f688c8df82
3 changed files with 5 additions and 5 deletions
|
@ -8,6 +8,7 @@ defmodule Pleroma.Emails.AdminEmail do
|
||||||
import Swoosh.Email
|
import Swoosh.Email
|
||||||
|
|
||||||
alias Pleroma.Config
|
alias Pleroma.Config
|
||||||
|
alias Pleroma.HTML
|
||||||
alias Pleroma.Web.Router.Helpers
|
alias Pleroma.Web.Router.Helpers
|
||||||
|
|
||||||
defp instance_config, do: Config.get(:instance)
|
defp instance_config, do: Config.get(:instance)
|
||||||
|
@ -86,7 +87,7 @@ defmodule Pleroma.Emails.AdminEmail do
|
||||||
def new_unapproved_registration(to, account) do
|
def new_unapproved_registration(to, account) do
|
||||||
html_body = """
|
html_body = """
|
||||||
<p>New account for review: <a href="#{user_url(account)}">@#{account.nickname}</a></p>
|
<p>New account for review: <a href="#{user_url(account)}">@#{account.nickname}</a></p>
|
||||||
<blockquote>#{account.registration_reason}</blockquote>
|
<blockquote>#{HTML.strip_tags(account.registration_reason)}</blockquote>
|
||||||
<a href="#{Pleroma.Web.base_url()}/pleroma/admin">Visit AdminFE</a>
|
<a href="#{Pleroma.Web.base_url()}/pleroma/admin">Visit AdminFE</a>
|
||||||
"""
|
"""
|
||||||
|
|
||||||
|
|
|
@ -7,7 +7,6 @@ defmodule Pleroma.Web.TwitterAPI.TwitterAPI do
|
||||||
|
|
||||||
alias Pleroma.Emails.Mailer
|
alias Pleroma.Emails.Mailer
|
||||||
alias Pleroma.Emails.UserEmail
|
alias Pleroma.Emails.UserEmail
|
||||||
alias Pleroma.HTML
|
|
||||||
alias Pleroma.Repo
|
alias Pleroma.Repo
|
||||||
alias Pleroma.User
|
alias Pleroma.User
|
||||||
alias Pleroma.UserInviteToken
|
alias Pleroma.UserInviteToken
|
||||||
|
@ -20,7 +19,7 @@ defmodule Pleroma.Web.TwitterAPI.TwitterAPI do
|
||||||
|> Map.put(:nickname, params[:username])
|
|> Map.put(:nickname, params[:username])
|
||||||
|> Map.put(:name, Map.get(params, :fullname, params[:username]))
|
|> Map.put(:name, Map.get(params, :fullname, params[:username]))
|
||||||
|> Map.put(:password_confirmation, params[:password])
|
|> Map.put(:password_confirmation, params[:password])
|
||||||
|> Map.put(:registration_reason, HTML.strip_tags(params[:reason]))
|
|> Map.put(:registration_reason, params[:reason])
|
||||||
|
|
||||||
if Pleroma.Config.get([:instance, :registrations_open]) do
|
if Pleroma.Config.get([:instance, :registrations_open]) do
|
||||||
create_user(params, opts)
|
create_user(params, opts)
|
||||||
|
|
|
@ -1017,7 +1017,7 @@ defmodule Pleroma.Web.MastodonAPI.AccountControllerTest do
|
||||||
password: "PlzDontHackLain",
|
password: "PlzDontHackLain",
|
||||||
bio: "Test Bio",
|
bio: "Test Bio",
|
||||||
agreement: true,
|
agreement: true,
|
||||||
reason: "I am a cool dude, bro"
|
reason: "I'm a cool dude, bro"
|
||||||
})
|
})
|
||||||
|
|
||||||
%{
|
%{
|
||||||
|
@ -1035,7 +1035,7 @@ defmodule Pleroma.Web.MastodonAPI.AccountControllerTest do
|
||||||
assert token_from_db.user.confirmation_pending
|
assert token_from_db.user.confirmation_pending
|
||||||
assert token_from_db.user.approval_pending
|
assert token_from_db.user.approval_pending
|
||||||
|
|
||||||
assert token_from_db.user.registration_reason == "I am a cool dude, bro"
|
assert token_from_db.user.registration_reason == "I'm a cool dude, bro"
|
||||||
end
|
end
|
||||||
|
|
||||||
test "returns error when user already registred", %{conn: conn, valid_params: valid_params} do
|
test "returns error when user already registred", %{conn: conn, valid_params: valid_params} do
|
||||||
|
|
Loading…
Reference in a new issue