Fix User.registration_reason HTML sanitizing issues

author Alex Gleason <alex@alexgleason.me>

Tue, 28 Jul 2020 01:36:31 +0000 (20:36 -0500)

committer Alex Gleason <alex@alexgleason.me>

Tue, 28 Jul 2020 01:36:31 +0000 (20:36 -0500)
author Alex Gleason <alex@alexgleason.me>
Tue, 28 Jul 2020 01:36:31 +0000 (20:36 -0500)
committer Alex Gleason <alex@alexgleason.me>
Tue, 28 Jul 2020 01:36:31 +0000 (20:36 -0500)
diff --git a/lib/pleroma/emails/admin_email.ex b/lib/pleroma/emails/admin_email.ex

index fae7faf007cd9026a6c387ceab366d18205e4398..c27ad10657519915c2b6fd8757576c1475d93709 100644 (file)
--- a/lib/pleroma/emails/admin_email.ex
+++ b/lib/pleroma/emails/admin_email.ex
@@ -8,6 +8,7 @@ defmodule Pleroma.Emails.AdminEmail do
    import Swoosh.Email
  
    alias Pleroma.Config
+  alias Pleroma.HTML
    alias Pleroma.Web.Router.Helpers
  
    defp instance_config, do: Config.get(:instance)
@@ -86,7 +87,7 @@ defmodule Pleroma.Emails.AdminEmail do
    def new_unapproved_registration(to, account) do
      html_body = """
      <p>New account for review: <a href="#{user_url(account)}">@#{account.nickname}</a></p>
-    <blockquote>#{account.registration_reason}</blockquote>
+    <blockquote>#{HTML.strip_tags(account.registration_reason)}</blockquote>
      <a href="#{Pleroma.Web.base_url()}/pleroma/admin">Visit AdminFE</a>
      """
  
diff --git a/lib/pleroma/web/twitter_api/twitter_api.ex b/lib/pleroma/web/twitter_api/twitter_api.ex

index 424a705ddaa679196a169948705409e1b8ad48d6..2294d9d0dd82f800cc9e88c383d6a19beee3c330 100644 (file)
--- a/lib/pleroma/web/twitter_api/twitter_api.ex
+++ b/lib/pleroma/web/twitter_api/twitter_api.ex
@@ -7,7 +7,6 @@ defmodule Pleroma.Web.TwitterAPI.TwitterAPI do
  
    alias Pleroma.Emails.Mailer
    alias Pleroma.Emails.UserEmail
-  alias Pleroma.HTML
    alias Pleroma.Repo
    alias Pleroma.User
    alias Pleroma.UserInviteToken
@@ -20,7 +19,7 @@ defmodule Pleroma.Web.TwitterAPI.TwitterAPI do
        |> Map.put(:nickname, params[:username])
        |> Map.put(:name, Map.get(params, :fullname, params[:username]))
        |> Map.put(:password_confirmation, params[:password])
-      |> Map.put(:registration_reason, HTML.strip_tags(params[:reason]))
+      |> Map.put(:registration_reason, params[:reason])
  
      if Pleroma.Config.get([:instance, :registrations_open]) do
        create_user(params, opts)
diff --git a/test/web/mastodon_api/controllers/account_controller_test.exs b/test/web/mastodon_api/controllers/account_controller_test.exs

index 1ba5bc964b2e427e539a4f1139ff1a995abaa6a2..e6b283aab390790074cb911678363b60f21038fa 100644 (file)
--- a/test/web/mastodon_api/controllers/account_controller_test.exs
+++ b/test/web/mastodon_api/controllers/account_controller_test.exs
@@ -1017,7 +1017,7 @@ defmodule Pleroma.Web.MastodonAPI.AccountControllerTest do
            password: "PlzDontHackLain",
            bio: "Test Bio",
            agreement: true,
-          reason: "I am a cool dude, bro"
+          reason: "I'm a cool dude, bro"
          })
  
        %{
@@ -1035,7 +1035,7 @@ defmodule Pleroma.Web.MastodonAPI.AccountControllerTest do
        assert token_from_db.user.confirmation_pending
        assert token_from_db.user.approval_pending
  
-      assert token_from_db.user.registration_reason == "I am a cool dude, bro"
+      assert token_from_db.user.registration_reason == "I'm a cool dude, bro"
      end
  
      test "returns error when user already registred", %{conn: conn, valid_params: valid_params} do
author	Alex Gleason <alex@alexgleason.me>
	Tue, 28 Jul 2020 01:36:31 +0000 (20:36 -0500)
committer	Alex Gleason <alex@alexgleason.me>
	Tue, 28 Jul 2020 01:36:31 +0000 (20:36 -0500)
lib/pleroma/emails/admin_email.ex		patch \| blob \| history
lib/pleroma/web/twitter_api/twitter_api.ex		patch \| blob \| history
test/web/mastodon_api/controllers/account_controller_test.exs		patch \| blob \| history