From c0fe4d03c04f20f78118b8e4f42f97459423c041 Mon Sep 17 00:00:00 2001
From: justcool393 <justcool393@gmail.com>
Date: Thu, 20 Oct 2022 18:24:03 -0500
Subject: [PATCH] message: sanitize replies too

---
 files/routes/users.py | 4 +---
 1 file changed, 1 insertion(+), 3 deletions(-)

diff --git a/files/routes/users.py b/files/routes/users.py
index 10f2f6976..9d36cf222 100644
--- a/files/routes/users.py
+++ b/files/routes/users.py
@@ -582,9 +582,7 @@ def message2(v, username):
 @limiter.limit("1/second;6/minute;50/hour;200/day", key_func=lambda:f'{SITE}-{session.get("lo_user")}')
 @auth_required
 def messagereply(v):
-	body = request.values.get("body", "").strip().replace('‎','')
-	body = body.replace('\r\n', '\n')[:COMMENT_BODY_LENGTH_LIMIT]
-
+	body = sanitize_raw_body(request.values.get("body"), False)
 	if not body and not request.files.get("file"): abort(400, "Message is empty!")
 
 	if 'linkedin.com' in body: abort(403, "This domain 'linkedin.com' is banned")