From 512c864327ec0b086970735a284d8cc5a2db5fa4 Mon Sep 17 00:00:00 2001
From: Aevann <randomname42029@gmail.com>
Date: Tue, 27 Dec 2022 07:18:46 +0200
Subject: [PATCH] fix xss on banning domains (only admins could use it)

---
 files/routes/admin.py | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/files/routes/admin.py b/files/routes/admin.py
index 66bbedacaa..8f10d03807 100644
--- a/files/routes/admin.py
+++ b/files/routes/admin.py
@@ -1518,6 +1518,11 @@ def ban_domain(v):
 	reason=request.values.get("reason", "").strip()
 	if not reason: abort(400, 'Reason is required!')
 
+	if len(reason) > 100:
+		abort(400, 'Reason is too long (max 100 characters)!')
+
+	reason = filter_emojis_only(reason)
+
 	if len(reason) > 100:
 		abort(400, 'Reason is too long (max 100 characters)!')