From 4174e3d0705343839cc0f3c194205559a1c55088 Mon Sep 17 00:00:00 2001 From: Essem Date: Wed, 19 Jul 2023 19:53:07 -0500 Subject: [PATCH] Fix report emails and modmail sanitization --- .../api/endpoints/admin/send-mod-mail.ts | 2 +- .../api/endpoints/users/report-abuse.ts | 25 +++++++++++-------- 2 files changed, 15 insertions(+), 12 deletions(-) diff --git a/packages/backend/src/server/api/endpoints/admin/send-mod-mail.ts b/packages/backend/src/server/api/endpoints/admin/send-mod-mail.ts index f7a9ad7782..db12ab6c23 100644 --- a/packages/backend/src/server/api/endpoints/admin/send-mod-mail.ts +++ b/packages/backend/src/server/api/endpoints/admin/send-mod-mail.ts @@ -1,4 +1,4 @@ -import * as sanitizeHtml from "sanitize-html"; +import sanitizeHtml from "sanitize-html"; import define from "../../define.js"; import { Users, UserProfiles } from "@/models/index.js"; import { ApiError } from "../../error.js"; diff --git a/packages/backend/src/server/api/endpoints/users/report-abuse.ts b/packages/backend/src/server/api/endpoints/users/report-abuse.ts index 44d3f9b500..1368f9e2b9 100644 --- a/packages/backend/src/server/api/endpoints/users/report-abuse.ts +++ b/packages/backend/src/server/api/endpoints/users/report-abuse.ts @@ -1,12 +1,14 @@ -import * as sanitizeHtml from "sanitize-html"; +import * as mfm from "mfm-js"; +import sanitizeHtml from "sanitize-html"; import { publishAdminStream } from "@/services/stream.js"; -import { AbuseUserReports, Users } from "@/models/index.js"; +import { AbuseUserReports, UserProfiles, Users } from "@/models/index.js"; import { genId } from "@/misc/gen-id.js"; import { sendEmail } from "@/services/send-email.js"; import { fetchMeta } from "@/misc/fetch-meta.js"; import { getUser } from "../../common/getters.js"; import { ApiError } from "../../error.js"; import define from "../../define.js"; +import { toHtml } from "@/mfm/to-html.js"; export const meta = { tags: ["users"], @@ -84,6 +86,7 @@ export default define(meta, paramDef, async (ps, me) => { ], }); + const meta = await fetchMeta(); for (const moderator of moderators) { publishAdminStream(moderator.id, "newAbuseUserReport", { id: report.id, @@ -91,16 +94,16 @@ export default define(meta, paramDef, async (ps, me) => { reporterId: report.reporterId, comment: report.comment, }); - } - const meta = await fetchMeta(); - if (meta.email) { - sendEmail( - meta.email, - "New abuse report", - sanitizeHtml(ps.comment), - sanitizeHtml(ps.comment), - ); + const profile = await UserProfiles.findOneBy({ userId: moderator.id }); + if (profile?.email) { + sendEmail( + profile.email, + "New abuse report", + sanitizeHtml(toHtml(mfm.parse(ps.comment))!), + sanitizeHtml(toHtml(mfm.parse(ps.comment))!), + ); + } } }); });