Reject registration application if sanitizing the username modifies it
This removes the possibility of using a mix of sanitized and non-sanitized values for `username` in code. Signed-off-by: Apple Sheeple <AppleSheeple@github>
This commit is contained in:
parent
b431c9bdf9
commit
5fff7504e5
1 changed files with 5 additions and 2 deletions
|
@ -89,7 +89,10 @@ pub async fn register(
|
||||||
let slur_regex = local_site_to_slur_regex(&local_site);
|
let slur_regex = local_site_to_slur_regex(&local_site);
|
||||||
check_slurs(&data.username, &slur_regex)?;
|
check_slurs(&data.username, &slur_regex)?;
|
||||||
check_slurs_opt(&data.answer, &slur_regex)?;
|
check_slurs_opt(&data.answer, &slur_regex)?;
|
||||||
let username = sanitize_html_api(&data.username);
|
|
||||||
|
if sanitize_html_api(&data.username) != data.username {
|
||||||
|
Err(LemmyErrorType::InvalidName)?;
|
||||||
|
}
|
||||||
|
|
||||||
let actor_keypair = generate_actor_keypair()?;
|
let actor_keypair = generate_actor_keypair()?;
|
||||||
is_valid_actor_name(&data.username, local_site.actor_name_max_length as usize)?;
|
is_valid_actor_name(&data.username, local_site.actor_name_max_length as usize)?;
|
||||||
|
@ -109,7 +112,7 @@ pub async fn register(
|
||||||
|
|
||||||
// Register the new person
|
// Register the new person
|
||||||
let person_form = PersonInsertForm::builder()
|
let person_form = PersonInsertForm::builder()
|
||||||
.name(username)
|
.name(data.username.clone())
|
||||||
.actor_id(Some(actor_id.clone()))
|
.actor_id(Some(actor_id.clone()))
|
||||||
.private_key(Some(actor_keypair.private_key))
|
.private_key(Some(actor_keypair.private_key))
|
||||||
.public_key(actor_keypair.public_key)
|
.public_key(actor_keypair.public_key)
|
||||||
|
|
Loading…
Reference in a new issue