Fix User.registration_reason HTML sanitizing issues

author: Alex Gleason <alex@alexgleason.me> 2020-07-27 20:36:31 -0500
committer: Alex Gleason <alex@alexgleason.me> 2020-07-27 20:36:31 -0500
commit: f688c8df82b955b50552b3198ddc153a716451c2 (patch)
tree: f7235592a050ca8b43b484cab238e486ee2e58fd
parent: f43518eb7433a6c50d635d6536c3fbe3a37ea82b (diff)
download: pleroma-f688c8df82b955b50552b3198ddc153a716451c2.tar.gz
3 files changed, 5 insertions, 5 deletions
diff --git a/lib/pleroma/emails/admin_email.ex b/lib/pleroma/emails/admin_email.ex
index fae7faf00..c27ad1065 100644
--- a/lib/pleroma/emails/admin_email.ex
+++ b/lib/pleroma/emails/admin_email.ex
@@ -8,6 +8,7 @@ defmodule Pleroma.Emails.AdminEmail do
   import Swoosh.Email
 
   alias Pleroma.Config
+  alias Pleroma.HTML
   alias Pleroma.Web.Router.Helpers
 
   defp instance_config, do: Config.get(:instance)
@@ -86,7 +87,7 @@ defmodule Pleroma.Emails.AdminEmail do
   def new_unapproved_registration(to, account) do
     html_body = """
     <p>New account for review: <a href="#{user_url(account)}">@#{account.nickname}</a></p>
-    <blockquote>#{account.registration_reason}</blockquote>
+    <blockquote>#{HTML.strip_tags(account.registration_reason)}</blockquote>
     <a href="#{Pleroma.Web.base_url()}/pleroma/admin">Visit AdminFE</a>
     """
 
diff --git a/lib/pleroma/web/twitter_api/twitter_api.ex b/lib/pleroma/web/twitter_api/twitter_api.ex
index 424a705dd..2294d9d0d 100644
--- a/lib/pleroma/web/twitter_api/twitter_api.ex
+++ b/lib/pleroma/web/twitter_api/twitter_api.ex
@@ -7,7 +7,6 @@ defmodule Pleroma.Web.TwitterAPI.TwitterAPI do
 
   alias Pleroma.Emails.Mailer
   alias Pleroma.Emails.UserEmail
-  alias Pleroma.HTML
   alias Pleroma.Repo
   alias Pleroma.User
   alias Pleroma.UserInviteToken
@@ -20,7 +19,7 @@ defmodule Pleroma.Web.TwitterAPI.TwitterAPI do
       |> Map.put(:nickname, params[:username])
       |> Map.put(:name, Map.get(params, :fullname, params[:username]))
       |> Map.put(:password_confirmation, params[:password])
-      |> Map.put(:registration_reason, HTML.strip_tags(params[:reason]))
+      |> Map.put(:registration_reason, params[:reason])
 
     if Pleroma.Config.get([:instance, :registrations_open]) do
       create_user(params, opts)
diff --git a/test/web/mastodon_api/controllers/account_controller_test.exs b/test/web/mastodon_api/controllers/account_controller_test.exs
index 1ba5bc964..e6b283aab 100644
--- a/test/web/mastodon_api/controllers/account_controller_test.exs
+++ b/test/web/mastodon_api/controllers/account_controller_test.exs
@@ -1017,7 +1017,7 @@ defmodule Pleroma.Web.MastodonAPI.AccountControllerTest do
           password: "PlzDontHackLain",
           bio: "Test Bio",
           agreement: true,
-          reason: "I am a cool dude, bro"
+          reason: "I'm a cool dude, bro"
         })
 
       %{
@@ -1035,7 +1035,7 @@ defmodule Pleroma.Web.MastodonAPI.AccountControllerTest do
       assert token_from_db.user.confirmation_pending
       assert token_from_db.user.approval_pending
 
-      assert token_from_db.user.registration_reason == "I am a cool dude, bro"
+      assert token_from_db.user.registration_reason == "I'm a cool dude, bro"
     end
 
     test "returns error when user already registred", %{conn: conn, valid_params: valid_params} do
author	Alex Gleason <alex@alexgleason.me>	2020-07-27 20:36:31 -0500
committer	Alex Gleason <alex@alexgleason.me>	2020-07-27 20:36:31 -0500
commit	f688c8df82b955b50552b3198ddc153a716451c2 (patch)
tree	f7235592a050ca8b43b484cab238e486ee2e58fd
parent	f43518eb7433a6c50d635d6536c3fbe3a37ea82b (diff)
download	pleroma-f688c8df82b955b50552b3198ddc153a716451c2.tar.gz