Reject registration application if sanitizing the username modifies it
This removes the possibility of using a mix of sanitized and non-sanitized values for `username` in code. Signed-off-by: Apple Sheeple <AppleSheeple@github>
This commit is contained in:
parent
b431c9bdf9
commit
5fff7504e5
1 changed files with 5 additions and 2 deletions
|
@ -89,7 +89,10 @@ pub async fn register(
|
|||
let slur_regex = local_site_to_slur_regex(&local_site);
|
||||
check_slurs(&data.username, &slur_regex)?;
|
||||
check_slurs_opt(&data.answer, &slur_regex)?;
|
||||
let username = sanitize_html_api(&data.username);
|
||||
|
||||
if sanitize_html_api(&data.username) != data.username {
|
||||
Err(LemmyErrorType::InvalidName)?;
|
||||
}
|
||||
|
||||
let actor_keypair = generate_actor_keypair()?;
|
||||
is_valid_actor_name(&data.username, local_site.actor_name_max_length as usize)?;
|
||||
|
@ -109,7 +112,7 @@ pub async fn register(
|
|||
|
||||
// Register the new person
|
||||
let person_form = PersonInsertForm::builder()
|
||||
.name(username)
|
||||
.name(data.username.clone())
|
||||
.actor_id(Some(actor_id.clone()))
|
||||
.private_key(Some(actor_keypair.private_key))
|
||||
.public_key(actor_keypair.public_key)
|
||||
|
|
Loading…
Reference in a new issue