Skip to content

Commit

Permalink
Update
Browse files Browse the repository at this point in the history
- Fixed : striping tags that are inputed by the end user.
  • Loading branch information
Blair2004 committed Mar 17, 2021
1 parent a7dbdd7 commit 80f1387
Show file tree
Hide file tree
Showing 4 changed files with 5 additions and 5 deletions.
2 changes: 1 addition & 1 deletion app/Forms/UserProfileForm.php
Original file line number Diff line number Diff line change
Expand Up @@ -59,7 +59,7 @@ public function processAttribute( $request )

foreach( $request->input( 'attribute' ) as $key => $value ) {
if ( in_array( $key, $allowedInputs ) ) {
$user->$key = preg_replace( '#<script(.*?)>(.*?)</script>#is', '', $value );
$user->$key = strip_tags( $value );
}
}

Expand Down
4 changes: 2 additions & 2 deletions app/Http/Controllers/Dashboard/CrudController.php
Original file line number Diff line number Diff line change
Expand Up @@ -120,7 +120,7 @@ public function crudPost( String $namespace, CrudPostRequest $request )
* all script tags
*/
if ( ! empty( $entry->$name ) ) {
$entry->$name = preg_replace( '#<script(.*?)>(.*?)</script>#is', null, $entry->$name );
$entry->$name = strip_tags( $entry->$name );
}
}

Expand Down Expand Up @@ -243,7 +243,7 @@ public function crudPut( String $namespace, $id, CrudPutRequest $request )
* all script tags
*/
if ( ! empty( $entry->$name ) ) {
$entry->$name = preg_replace( '#<script(.*?)>(.*?)</script>#is', null, $entry->$name );
$entry->$name = strip_tags( $entry->$name );
}
}

Expand Down
2 changes: 1 addition & 1 deletion app/Services/Options.php
Original file line number Diff line number Diff line change
Expand Up @@ -154,7 +154,7 @@ public function beforeSave( $option )
* sanitizing input to remove
* all script tags
*/
$option->value = preg_replace( '#<script(.*?)>(.*?)</script>#is', '', $option->value );
$option->value = strip_tags( $option->value );

return $option;
}
Expand Down
2 changes: 1 addition & 1 deletion app/Services/UserOptions.php
Original file line number Diff line number Diff line change
Expand Up @@ -27,7 +27,7 @@ public function beforeSave( $option )
* sanitizing input to remove
* all script tags
*/
$option->value = preg_replace( '#<script(.*?)>(.*?)</script>#is', '', $option->value );
$option->value = strip_tags( $option->value );

return $option;
}
Expand Down

0 comments on commit 80f1387

Please sign in to comment.