MirrorHub/gitea
0
0
Fork 0
mirror of https://github.com/go-gitea/gitea synced 2024-11-05 21:59:20 +01:00
Code Issues Releases Wiki Activity

Stop sanitizing full name in API (#17396)

Browse source 
The API convert.toUser function makes the incorrect assumption that full names could
be rendered as is without being escaped. It therefore runs the names through
markup.Sanitize which leads to a double escape of user full names. This
pr stops this.

Signed-off-by: Andrew Thornton <art27@cantab.net>

Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
This commit is contained in:
zeripath 2021-10-22 08:17:35 +01:00 committed by GitHub
parent 23d36929bc
commit af96286f22
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
1 changed files with 1 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
modules/convert/user.go
View file

@ -6,7 +6,6 @@ package convert
import ( import (
"code.gitea.io/gitea/models" "code.gitea.io/gitea/models"
"code.gitea.io/gitea/modules/markup"
api "code.gitea.io/gitea/modules/structs" api "code.gitea.io/gitea/modules/structs"
) )
@ -49,7 +48,7 @@ func toUser(user *models.User, signed, authed bool) *api.User {
result := &api.User{ result := &api.User{
ID: user.ID, ID: user.ID,
UserName: user.Name, UserName: user.Name,
FullName: markup.Sanitize(user.FullName), FullName: user.FullName,
Email: user.GetEmail(), Email: user.GetEmail(),
AvatarURL: user.AvatarLink(), AvatarURL: user.AvatarLink(),
Created: user.CreatedUnix.AsTime(), Created: user.CreatedUnix.AsTime(),