Sanitize reason param in POST /api/v1/accounts

This commit is contained in:
Alex Gleason 2020-07-16 20:25:53 -05:00
parent 02cc42e72c
commit 5e74556703
No known key found for this signature in database
GPG key ID: 7211D1F99744FBB7

View file

@ -7,6 +7,7 @@ defmodule Pleroma.Web.TwitterAPI.TwitterAPI do
alias Pleroma.Emails.Mailer alias Pleroma.Emails.Mailer
alias Pleroma.Emails.UserEmail alias Pleroma.Emails.UserEmail
alias Pleroma.HTML
alias Pleroma.Repo alias Pleroma.Repo
alias Pleroma.User alias Pleroma.User
alias Pleroma.UserInviteToken alias Pleroma.UserInviteToken
@ -19,7 +20,7 @@ def register_user(params, opts \\ []) do
|> Map.put(:nickname, params[:username]) |> Map.put(:nickname, params[:username])
|> Map.put(:name, Map.get(params, :fullname, params[:username])) |> Map.put(:name, Map.get(params, :fullname, params[:username]))
|> Map.put(:password_confirmation, params[:password]) |> Map.put(:password_confirmation, params[:password])
|> Map.put(:registration_reason, params[:reason]) |> Map.put(:registration_reason, HTML.strip_tags(params[:reason]))
if Pleroma.Config.get([:instance, :registrations_open]) do if Pleroma.Config.get([:instance, :registrations_open]) do
create_user(params, opts) create_user(params, opts)