Check for dangerous markup in about text or ToS

2020-11-10 12:36:36 +00:00 · 2020-11-10 12:36:36 +00:00 · 3019846433
parent 67ea679887
commit 3019846433
1 changed files with 11 additions and 8 deletions
--- a/daemon.py
+++ b/daemon.py
@ -191,6 +191,7 @@ from utils import isSuspended
 from manualapprove import manualDenyFollowRequest
 from manualapprove import manualApproveFollowRequest
 from announce import createAnnounce
+from content import dangerousMarkup
 from content import replaceEmojiFromTags
 from content import addHtmlTags
 from content import extractMediaInFormPOST
@ -2913,6 +2914,7 @@ class PubServer(BaseHTTPRequestHandler):
            if nickname == adminNickname:
                if fields.get('editedAbout'):
                    aboutStr = fields['editedAbout']
+                    if not dangerousMarkup(aboutStr):
                        aboutFile = open(aboutFilename, "w+")
                        if aboutFile:
                            aboutFile.write(aboutStr)
@ -2923,6 +2925,7 @@ class PubServer(BaseHTTPRequestHandler):

                if fields.get('editedTOS'):
                    TOSStr = fields['editedTOS']
+                    if not dangerousMarkup(TOSStr):
                        TOSFile = open(TOSFilename, "w+")
                        if TOSFile:
                            TOSFile.write(TOSStr)