diff --git a/plume-models/src/blogs.rs b/plume-models/src/blogs.rs index a992f748..c825f6aa 100644 --- a/plume-models/src/blogs.rs +++ b/plume-models/src/blogs.rs @@ -22,6 +22,7 @@ use plume_common::activity_pub::{ inbox::WithInbox, sign }; +use safe_string::SafeString; use instance::*; use users::User; use schema::blogs; @@ -142,8 +143,8 @@ impl Blog { name: inst.clone(), local: false, // We don't really care about all the following for remote instances - long_description: String::new(), - short_description: String::new(), + long_description: SafeString::new(""), + short_description: SafeString::new(""), default_license: String::new(), open_registrations: true, short_description_html: String::new(), diff --git a/plume-models/src/instance.rs b/plume-models/src/instance.rs index 52830aa6..8466fa68 100644 --- a/plume-models/src/instance.rs +++ b/plume-models/src/instance.rs @@ -3,6 +3,7 @@ use diesel::{self, QueryDsl, RunQueryDsl, ExpressionMethods, PgConnection}; use std::iter::Iterator; use plume_common::utils::md_to_html; +use safe_string::SafeString; use ap_url; use users::User; use schema::{instances, users}; @@ -16,8 +17,8 @@ pub struct Instance { pub blocked: bool, pub creation_date: NaiveDateTime, pub open_registrations: bool, - pub short_description: String, - pub long_description: String, + pub short_description: SafeString, + pub long_description: SafeString, pub default_license : String, pub long_description_html: String, pub short_description_html: String @@ -30,8 +31,8 @@ pub struct NewInstance { pub name: String, pub local: bool, pub open_registrations: bool, - pub short_description: String, - pub long_description: String, + pub short_description: SafeString, + pub long_description: SafeString, pub default_license : String, pub long_description_html: String, pub short_description_html: String @@ -114,7 +115,7 @@ impl Instance { )) } - pub fn update(&self, conn: &PgConnection, name: String, open_registrations: bool, short_description: String, long_description: String) -> Instance { + pub fn update(&self, conn: &PgConnection, name: String, open_registrations: bool, short_description: SafeString, long_description: SafeString) -> Instance { let (sd, _) = md_to_html(short_description.as_ref()); let (ld, _) = md_to_html(long_description.as_ref()); diesel::update(self) diff --git a/plume-models/src/safe_string.rs b/plume-models/src/safe_string.rs index 98897434..4cadbd64 100644 --- a/plume-models/src/safe_string.rs +++ b/plume-models/src/safe_string.rs @@ -101,3 +101,15 @@ impl AsRef for SafeString { &self.value } } + +use rocket::request::FromFormValue; +use rocket::http::RawStr; + +impl<'v> FromFormValue<'v> for SafeString { + type Error = &'v RawStr; + + fn from_form_value(form_value: &'v RawStr) -> Result { + let val = String::from_form_value(form_value)?; + Ok(SafeString::new(&val)) + } +} diff --git a/plume-models/src/users.rs b/plume-models/src/users.rs index 9cfad4e3..d8addb19 100644 --- a/plume-models/src/users.rs +++ b/plume-models/src/users.rs @@ -205,8 +205,8 @@ impl User { public_domain: inst.clone(), local: false, // We don't really care about all the following for remote instances - long_description: String::new(), - short_description: String::new(), + long_description: SafeString::new(""), + short_description: SafeString::new(""), default_license: String::new(), open_registrations: true, short_description_html: String::new(), diff --git a/src/routes/instance.rs b/src/routes/instance.rs index 6905ecbc..25f56bb5 100644 --- a/src/routes/instance.rs +++ b/src/routes/instance.rs @@ -10,7 +10,9 @@ use plume_models::{ db_conn::DbConn, posts::Post, users::User, + safe_string::SafeString, instance::* + }; use inbox::Inbox; use routes::Page; @@ -110,8 +112,8 @@ struct InstanceSettingsForm { #[validate(length(min = "1"))] name: String, open_registrations: bool, - short_description: String, - long_description: String, + short_description: SafeString, + long_description: SafeString, #[validate(length(min = "1"))] default_license: String } diff --git a/src/setup.rs b/src/setup.rs index 67a6d2fd..83c86c5c 100644 --- a/src/setup.rs +++ b/src/setup.rs @@ -6,6 +6,7 @@ use std::io; use std::path::Path; use std::process::{exit, Command}; use rpassword; +use plume_models::safe_string::SafeString; use plume_models::{ DB_URL, @@ -152,8 +153,8 @@ fn quick_setup(conn: DbConn) { public_domain: domain, name: name, local: true, - long_description: String::new(), - short_description: String::new(), + long_description: SafeString::new(""), + short_description: SafeString::new(""), default_license: String::from("CC-0"), open_registrations: true, short_description_html: String::new(), diff --git a/templates/instance/admin.html.tera b/templates/instance/admin.html.tera index b35ddcdd..a3fc592f 100644 --- a/templates/instance/admin.html.tera +++ b/templates/instance/admin.html.tera @@ -23,10 +23,10 @@ - + - + {{ macros::input(name="default_license", label="Default license", errors=errors, form=form, props='minlenght="1"', default=instance) }}