Check for dangerous markup in about text or ToS

2020-11-10 12:36:36 +00:00 · 2020-11-10 12:36:36 +00:00 · 3019846433
parent 67ea679887
commit 3019846433
1 changed files with 11 additions and 8 deletions
--- a/daemon.py
+++ b/daemon.py
@ -191,6 +191,7 @@ from utils import isSuspended
 from manualapprove import manualDenyFollowRequest
 from manualapprove import manualApproveFollowRequest
 from announce import createAnnounce
+from content import dangerousMarkup
 from content import replaceEmojiFromTags
 from content import addHtmlTags
 from content import extractMediaInFormPOST
@ -2913,20 +2914,22 @@ class PubServer(BaseHTTPRequestHandler):
            if nickname == adminNickname:
                if fields.get('editedAbout'):
                    aboutStr = fields['editedAbout']
-                    aboutFile = open(aboutFilename, "w+")
-                    if aboutFile:
-                        aboutFile.write(aboutStr)
-                        aboutFile.close()
+                    if not dangerousMarkup(aboutStr):
+                        aboutFile = open(aboutFilename, "w+")
+                        if aboutFile:
+                            aboutFile.write(aboutStr)
+                            aboutFile.close()
                else:
                    if os.path.isfile(aboutFilename):
                        os.remove(aboutFilename)

                if fields.get('editedTOS'):
                    TOSStr = fields['editedTOS']
-                    TOSFile = open(TOSFilename, "w+")
-                    if TOSFile:
-                        TOSFile.write(TOSStr)
-                        TOSFile.close()
+                    if not dangerousMarkup(TOSStr):
+                        TOSFile = open(TOSFilename, "w+")
+                        if TOSFile:
+                            TOSFile.write(TOSStr)
+                            TOSFile.close()
                else:
                    if os.path.isfile(TOSFilename):
                        os.remove(TOSFilename)