From 14b147a15befcc996716d5ceaacf76abea9d12b5 Mon Sep 17 00:00:00 2001 From: GitHub Date: Tue, 9 Apr 2024 00:18:14 +0800 Subject: [PATCH] fix https://freedit.eu/post/1/5#4 --- Cargo.lock | 30 +++++++++++++++--------------- src/controller/admin.rs | 2 +- src/controller/fmt.rs | 1 + src/controller/inn.rs | 2 +- src/controller/mod.rs | 15 +-------------- 5 files changed, 19 insertions(+), 31 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index 9caa314..74af045 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -217,7 +217,7 @@ dependencies = [ "rustversion", "serde", "serde_urlencoded", - "sync_wrapper 1.0.0", + "sync_wrapper 1.0.1", "tokio", "tower", "tower-layer", @@ -406,9 +406,9 @@ dependencies = [ [[package]] name = "bumpalo" -version = "3.15.4" +version = "3.16.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "7ff69b9dd49fd426c69a0db9fc04dd934cdb6645ff000864d98f7e2af8830eaa" +checksum = "79296716171880943b8470b5f8d03aa55eb2e645a4874bdbb28adb49162e012c" [[package]] name = "bytemuck" @@ -430,9 +430,9 @@ checksum = "514de17de45fdb8dc022b1a7975556c53c86f9f0aa5f534b98977b171857c2c9" [[package]] name = "cached" -version = "0.49.2" +version = "0.49.3" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "f251fd1e72720ca07bf5d8e310f54a193fd053479a1f6342c6663ee4fa01cf96" +checksum = "8e8e463fceca5674287f32d252fb1d94083758b8709c160efae66d263e5f4eba" dependencies = [ "ahash 0.8.11", "cached_proc_macro", @@ -476,9 +476,9 @@ dependencies = [ [[package]] name = "cc" -version = "1.0.90" +version = "1.0.92" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "8cd6604a82acf3039f1144f54b8eb34e91ffba622051189e71b781822d5ee1f5" +checksum = "2678b2e3449475e95b0aa6f9b506a28e61b3dc8996592b983695e8ebb58a8b41" dependencies = [ "jobserver", "libc", @@ -735,9 +735,9 @@ dependencies = [ [[package]] name = "downcast-rs" -version = "1.2.0" +version = "1.2.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "9ea835d29036a4087793836fa931b08837ad5e957da9e23886b29586fb9b6650" +checksum = "75b325c5dbd37f80359721ad39aca5a29fb04c89279657cffdda8736d0c0b9d2" [[package]] name = "dunce" @@ -1008,9 +1008,9 @@ dependencies = [ [[package]] name = "getrandom" -version = "0.2.13" +version = "0.2.14" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "a06fddc2749e0528d2813f95e050e87e52c8cbbae56223b9babf73b3e53b0cc6" +checksum = "94b22e06ecb0110981051723910cbf0b5f5e09a2062dd7663334ee79a9d1286c" dependencies = [ "cfg-if", "libc", @@ -2286,9 +2286,9 @@ dependencies = [ [[package]] name = "rustversion" -version = "1.0.14" +version = "1.0.15" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "7ffc183a10b4478d04cbbbfc96d0873219d962dd5accaff2ffbd4ceb7df837f4" +checksum = "80af6f9131f277a45a3fba6ce8e2258037bb0477a67e610d3c1fe046ab31de47" [[package]] name = "ryu" @@ -2541,9 +2541,9 @@ checksum = "2047c6ded9c721764247e62cd3b03c09ffc529b2ba5b10ec482ae507a4a70160" [[package]] name = "sync_wrapper" -version = "1.0.0" +version = "1.0.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "384595c11a4e2969895cad5a8c4029115f5ab956a9e5ef4de79d11a426e5f20c" +checksum = "a7065abeca94b6a8a577f9bd45aa0867a2238b74e8eb67cf10d492bc39351394" [[package]] name = "syntect" diff --git a/src/controller/admin.rs b/src/controller/admin.rs index d061e50..0d3205f 100644 --- a/src/controller/admin.rs +++ b/src/controller/admin.rs @@ -123,7 +123,7 @@ pub(crate) async fn admin_view( "posts" => { let key = ivec_to_u32(&k); let (one, _): (Post, usize) = bincode::decode_from_slice(&v, standard())?; - let one_fmt = unescape(&format!("{}", one)).unwrap(); + let one_fmt = unescape(&format!("{:?}", one)).unwrap(); ones.push(format!("{key}: {one_fmt}")); } "post_comments" => { diff --git a/src/controller/fmt.rs b/src/controller/fmt.rs index eba131d..c79915c 100644 --- a/src/controller/fmt.rs +++ b/src/controller/fmt.rs @@ -115,6 +115,7 @@ impl<'a, I: Iterator>> Iterator for SyntaxPreprocessor<'a, I> { .into(), )); } + // for security reasons, we change all html tags to code blocks, but not `Event::InlineHtml` as @mention needs it Event::Html(html) => return Some(Event::Code(html)), other => return Some(other), }; diff --git a/src/controller/inn.rs b/src/controller/inn.rs index 0f20171..2551e12 100644 --- a/src/controller/inn.rs +++ b/src/controller/inn.rs @@ -784,7 +784,7 @@ pub(crate) async fn edit_post_post( iid, title: clean_html(&input.title), tags, - content: PostContent::Markdown(content), + content: PostContent::Markdown(clean_html(&content)), created_at, status: PostStatus::Normal, }; diff --git a/src/controller/mod.rs b/src/controller/mod.rs index ccea91c..2be014d 100644 --- a/src/controller/mod.rs +++ b/src/controller/mod.rs @@ -356,25 +356,12 @@ impl PostContent { impl Display for PostContent { fn fmt(&self, f: &mut std::fmt::Formatter<'_>) -> std::fmt::Result { match self { - PostContent::Markdown(c) => { - let s = md2html(c); - write!(f, "{s}") - } + PostContent::Markdown(c) => write!(f, "{c}"), PostContent::FeedItemId(id) => write!(f, "From item_id: {id}"), } } } -impl Display for Post { - fn fmt(&self, f: &mut std::fmt::Formatter<'_>) -> std::fmt::Result { - write!( - f, - "pid: {}, uid: {}, iid: {}, title: {}, tags: {:?}, content: {}, created_at: {}, status: {}", - self.pid, self.uid, self.iid, self.title, self.tags, self.content, self.created_at, self.status - ) - } -} - #[derive(Encode, Decode, Serialize, Debug)] struct Post { pid: u32,