Reject registration application if sanitizing the username modifies it

This removes the possibility of using a mix of sanitized and
 non-sanitized values for `username` in code.

Signed-off-by: Apple Sheeple <AppleSheeple@github>
This commit is contained in:
Apple Sheeple 2023-09-18 22:31:27 +03:00
parent b431c9bdf9
commit 5fff7504e5

View File

@ -89,7 +89,10 @@ pub async fn register(
let slur_regex = local_site_to_slur_regex(&local_site);
check_slurs(&data.username, &slur_regex)?;
check_slurs_opt(&data.answer, &slur_regex)?;
let username = sanitize_html_api(&data.username);
if sanitize_html_api(&data.username) != data.username {
Err(LemmyErrorType::InvalidName)?;
}
let actor_keypair = generate_actor_keypair()?;
is_valid_actor_name(&data.username, local_site.actor_name_max_length as usize)?;
@ -109,7 +112,7 @@ pub async fn register(
// Register the new person
let person_form = PersonInsertForm::builder()
.name(username)
.name(data.username.clone())
.actor_id(Some(actor_id.clone()))
.private_key(Some(actor_keypair.private_key))
.public_key(actor_keypair.public_key)