From f5c299f23c997d7e5c6deac737fb3472bfe301f3 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Igor=20Gali=C4=87?= <igalic@brainsware.at>
Date: Fri, 14 Sep 2018 15:14:24 +0200
Subject: [PATCH] make blog/instance description a SafeString

long_description & short_description's documentation say they can be
Markdown, but they are String, not SafeString.

This led to escaped strings being printed in the editor
https://github.com/Plume-org/Plume/issues/220
---
 plume-models/src/blogs.rs    | 5 +++--
 plume-models/src/instance.rs | 9 +++++----
 plume-models/src/users.rs    | 4 ++--
 src/routes/instance.rs       | 4 ++--
 src/setup.rs                 | 5 +++--
 5 files changed, 15 insertions(+), 12 deletions(-)

diff --git a/plume-models/src/blogs.rs b/plume-models/src/blogs.rs
index a992f748..9c73a7d6 100644
--- a/plume-models/src/blogs.rs
+++ b/plume-models/src/blogs.rs
@@ -22,6 +22,7 @@ use plume_common::activity_pub::{
     inbox::WithInbox,
     sign
 };
+use safe_string::SafeString;
 use instance::*;
 use users::User;
 use schema::blogs;
@@ -142,8 +143,8 @@ impl Blog {
                     name: inst.clone(),
                     local: false,
                     // We don't really care about all the following for remote instances
-                    long_description: String::new(),
-                    short_description: String::new(),
+                    long_description: SafeString::new(&<String>::new()),
+                    short_description: SafeString::new(&<String>::new()),
                     default_license: String::new(),
                     open_registrations: true,
                     short_description_html: String::new(),
diff --git a/plume-models/src/instance.rs b/plume-models/src/instance.rs
index 52830aa6..a2503062 100644
--- a/plume-models/src/instance.rs
+++ b/plume-models/src/instance.rs
@@ -3,6 +3,7 @@ use diesel::{self, QueryDsl, RunQueryDsl, ExpressionMethods, PgConnection};
 use std::iter::Iterator;
 
 use plume_common::utils::md_to_html;
+use safe_string::SafeString;
 use ap_url;
 use users::User;
 use schema::{instances, users};
@@ -16,8 +17,8 @@ pub struct Instance {
     pub blocked: bool,
     pub creation_date: NaiveDateTime,
     pub open_registrations: bool,
-    pub short_description: String,
-    pub long_description: String,
+    pub short_description: SafeString,
+    pub long_description: SafeString,
     pub default_license : String,
     pub long_description_html: String,
     pub short_description_html: String
@@ -30,8 +31,8 @@ pub struct NewInstance {
     pub name: String,
     pub local: bool,
     pub open_registrations: bool,
-    pub short_description: String,
-    pub long_description: String,
+    pub short_description: SafeString,
+    pub long_description: SafeString,
     pub default_license : String,
     pub long_description_html: String,
     pub short_description_html: String
diff --git a/plume-models/src/users.rs b/plume-models/src/users.rs
index 9cfad4e3..9c2c8113 100644
--- a/plume-models/src/users.rs
+++ b/plume-models/src/users.rs
@@ -205,8 +205,8 @@ impl User {
                     public_domain: inst.clone(),
                     local: false,
                     // We don't really care about all the following for remote instances
-                    long_description: String::new(),
-                    short_description: String::new(),
+                    long_description: SafeString::new(&<String>::new()),
+                    short_description: SafeString::new(&<String>::new()),
                     default_license: String::new(),
                     open_registrations: true,
                     short_description_html: String::new(),
diff --git a/src/routes/instance.rs b/src/routes/instance.rs
index 6905ecbc..6f2a970a 100644
--- a/src/routes/instance.rs
+++ b/src/routes/instance.rs
@@ -125,8 +125,8 @@ fn update_settings(conn: DbConn, admin: Admin, form: LenientForm<InstanceSetting
             instance.update(&*conn,
                 form.name.clone(),
                 form.open_registrations,
-                form.short_description.clone(),
-                form.long_description.clone());
+                form.short_description.clone().to_string(),
+                form.long_description.clone().to_string());
             Redirect::to(uri!(admin))
         })
         .map_err(|e| Template::render("instance/admin", json!({
diff --git a/src/setup.rs b/src/setup.rs
index 67a6d2fd..8bc0eca5 100644
--- a/src/setup.rs
+++ b/src/setup.rs
@@ -6,6 +6,7 @@ use std::io;
 use std::path::Path;
 use std::process::{exit, Command};
 use rpassword;
+use plume_models::safe_string::SafeString;
 
 use plume_models::{
     DB_URL,
@@ -152,8 +153,8 @@ fn quick_setup(conn: DbConn) {
         public_domain: domain,
         name: name,
         local: true,
-        long_description: String::new(),
-        short_description: String::new(),
+        long_description: SafeString::new(&<String>::new()),
+        short_description: SafeString::new(&<String>::new()),
         default_license: String::from("CC-0"),
         open_registrations: true,
         short_description_html: String::new(),