diff --git a/files/classes/mod_logs.py b/files/classes/mod_logs.py index 0a9146f16..45341872b 100644 --- a/files/classes/mod_logs.py +++ b/files/classes/mod_logs.py @@ -1,6 +1,7 @@ from sqlalchemy import * from sqlalchemy.orm import relationship from files.__main__ import Base +from files.helpers.sanitize import sanitize from .mix_ins import * import time @@ -68,9 +69,9 @@ class ModAction(Base, Stndrd, Age_times): @property def target_link(self): if self.target_user: - return f'{self.target_user.username}' + return f'{sanitize(self.target_user.username)}' elif self.target_post: - return f'{self.target_post.title}' + return f'{sanitize(self.target_post.title)}' elif self.target_comment: return f'comment' diff --git a/files/routes/admin.py b/files/routes/admin.py index fd7881e5d..30ac2dfbc 100644 --- a/files/routes/admin.py +++ b/files/routes/admin.py @@ -694,7 +694,7 @@ def ban_user(user_id, v): # check for number of days for suspension days = int(request.form.get("days")) if request.form.get('days') else 0 - reason = request.values.get("reason", "") + reason = sanitize(request.values.get("reason", "")) message = request.values.get("reason", "") if not user: abort(400) diff --git a/files/templates/followers.html b/files/templates/followers.html index f87687da7..5e33e710a 100644 --- a/files/templates/followers.html +++ b/files/templates/followers.html @@ -12,7 +12,7 @@ {% for user in users %}
Based Count: {{u.basedcount}}
{% endif %} {% if u.bio_html %}