diff --git a/app/Forms/UserProfileForm.php b/app/Forms/UserProfileForm.php index 0157f70d4..f72cd405d 100755 --- a/app/Forms/UserProfileForm.php +++ b/app/Forms/UserProfileForm.php @@ -59,7 +59,7 @@ public function processAttribute( $request ) foreach( $request->input( 'attribute' ) as $key => $value ) { if ( in_array( $key, $allowedInputs ) ) { - $user->$key = preg_replace( '#(.*?)#is', '', $value ); + $user->$key = strip_tags( $value ); } } diff --git a/app/Http/Controllers/Dashboard/CrudController.php b/app/Http/Controllers/Dashboard/CrudController.php index e27fe26bd..1acf63b0d 100755 --- a/app/Http/Controllers/Dashboard/CrudController.php +++ b/app/Http/Controllers/Dashboard/CrudController.php @@ -120,7 +120,7 @@ public function crudPost( String $namespace, CrudPostRequest $request ) * all script tags */ if ( ! empty( $entry->$name ) ) { - $entry->$name = preg_replace( '#(.*?)#is', null, $entry->$name ); + $entry->$name = strip_tags( $entry->$name ); } } @@ -243,7 +243,7 @@ public function crudPut( String $namespace, $id, CrudPutRequest $request ) * all script tags */ if ( ! empty( $entry->$name ) ) { - $entry->$name = preg_replace( '#(.*?)#is', null, $entry->$name ); + $entry->$name = strip_tags( $entry->$name ); } } diff --git a/app/Services/Options.php b/app/Services/Options.php index 036723584..77884a7b7 100755 --- a/app/Services/Options.php +++ b/app/Services/Options.php @@ -154,7 +154,7 @@ public function beforeSave( $option ) * sanitizing input to remove * all script tags */ - $option->value = preg_replace( '#(.*?)#is', '', $option->value ); + $option->value = strip_tags( $option->value ); return $option; } diff --git a/app/Services/UserOptions.php b/app/Services/UserOptions.php index ab26fecc5..00bec7be3 100755 --- a/app/Services/UserOptions.php +++ b/app/Services/UserOptions.php @@ -27,7 +27,7 @@ public function beforeSave( $option ) * sanitizing input to remove * all script tags */ - $option->value = preg_replace( '#(.*?)#is', '', $option->value ); + $option->value = strip_tags( $option->value ); return $option; }