a1batross
/
pleroma
1
0
Fork 0
Code Issues 1 Pull Requests Releases Wiki Activity

Sanitize `reason` param in POST /api/v1/accounts

This commit is contained in:
Alex Gleason 2020-07-16 20:25:53 -05:00
parent 02cc42e72c
commit 5e74556703
No known key found for this signature in database
GPG Key ID: 7211D1F99744FBB7
1 changed files with 2 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
lib/pleroma/web/twitter_api/twitter_api.ex
View File

@ -7,6 +7,7 @@ defmodule Pleroma.Web.TwitterAPI.TwitterAPI do
alias Pleroma.Emails.Mailer
alias Pleroma.Emails.UserEmail
alias Pleroma.HTML
alias Pleroma.Repo
alias Pleroma.User
alias Pleroma.UserInviteToken
@ -19,7 +20,7 @@ defmodule Pleroma.Web.TwitterAPI.TwitterAPI do
|> Map.put(:nickname, params[:username])
|> Map.put(:name, Map.get(params, :fullname, params[:username]))
|> Map.put(:password_confirmation, params[:password])
|> Map.put(:registration_reason, params[:reason])
|> Map.put(:registration_reason, HTML.strip_tags(params[:reason]))
if Pleroma.Config.get([:instance, :registrations_open]) do
create_user(params, opts)