Fix User.registration_reason HTML sanitizing issues
This commit is contained in:
parent
f43518eb74
commit
f688c8df82
@ -8,6 +8,7 @@ defmodule Pleroma.Emails.AdminEmail do
|
||||
import Swoosh.Email
|
||||
|
||||
alias Pleroma.Config
|
||||
alias Pleroma.HTML
|
||||
alias Pleroma.Web.Router.Helpers
|
||||
|
||||
defp instance_config, do: Config.get(:instance)
|
||||
@ -86,7 +87,7 @@ def report(to, reporter, account, statuses, comment) do
|
||||
def new_unapproved_registration(to, account) do
|
||||
html_body = """
|
||||
<p>New account for review: <a href="#{user_url(account)}">@#{account.nickname}</a></p>
|
||||
<blockquote>#{account.registration_reason}</blockquote>
|
||||
<blockquote>#{HTML.strip_tags(account.registration_reason)}</blockquote>
|
||||
<a href="#{Pleroma.Web.base_url()}/pleroma/admin">Visit AdminFE</a>
|
||||
"""
|
||||
|
||||
|
@ -7,7 +7,6 @@ defmodule Pleroma.Web.TwitterAPI.TwitterAPI do
|
||||
|
||||
alias Pleroma.Emails.Mailer
|
||||
alias Pleroma.Emails.UserEmail
|
||||
alias Pleroma.HTML
|
||||
alias Pleroma.Repo
|
||||
alias Pleroma.User
|
||||
alias Pleroma.UserInviteToken
|
||||
@ -20,7 +19,7 @@ def register_user(params, opts \\ []) do
|
||||
|> Map.put(:nickname, params[:username])
|
||||
|> Map.put(:name, Map.get(params, :fullname, params[:username]))
|
||||
|> Map.put(:password_confirmation, params[:password])
|
||||
|> Map.put(:registration_reason, HTML.strip_tags(params[:reason]))
|
||||
|> Map.put(:registration_reason, params[:reason])
|
||||
|
||||
if Pleroma.Config.get([:instance, :registrations_open]) do
|
||||
create_user(params, opts)
|
||||
|
@ -1017,7 +1017,7 @@ test "Account registration via app with account_approval_required", %{conn: conn
|
||||
password: "PlzDontHackLain",
|
||||
bio: "Test Bio",
|
||||
agreement: true,
|
||||
reason: "I am a cool dude, bro"
|
||||
reason: "I'm a cool dude, bro"
|
||||
})
|
||||
|
||||
%{
|
||||
@ -1035,7 +1035,7 @@ test "Account registration via app with account_approval_required", %{conn: conn
|
||||
assert token_from_db.user.confirmation_pending
|
||||
assert token_from_db.user.approval_pending
|
||||
|
||||
assert token_from_db.user.registration_reason == "I am a cool dude, bro"
|
||||
assert token_from_db.user.registration_reason == "I'm a cool dude, bro"
|
||||
end
|
||||
|
||||
test "returns error when user already registred", %{conn: conn, valid_params: valid_params} do
|
||||
|
Loading…
Reference in New Issue
Block a user