From 80f1387215893f6eb01b33fa4829f6b6f5d32957 Mon Sep 17 00:00:00 2001
From: Blair2004 <carlosjohnsonluv2004@gmail.com>
Date: Wed, 17 Mar 2021 11:34:39 +0100
Subject: [PATCH] Update - Fixed : striping tags that are inputed by the end
 user.

---
 app/Forms/UserProfileForm.php                     | 2 +-
 app/Http/Controllers/Dashboard/CrudController.php | 4 ++--
 app/Services/Options.php                          | 2 +-
 app/Services/UserOptions.php                      | 2 +-
 4 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/app/Forms/UserProfileForm.php b/app/Forms/UserProfileForm.php
index 0157f70d4..f72cd405d 100755
--- a/app/Forms/UserProfileForm.php
+++ b/app/Forms/UserProfileForm.php
@@ -59,7 +59,7 @@ public function processAttribute( $request )
     
             foreach( $request->input( 'attribute' ) as $key => $value ) {
                 if ( in_array( $key, $allowedInputs ) ) {
-                    $user->$key     =   preg_replace( '#<script(.*?)>(.*?)</script>#is', '', $value );
+                    $user->$key     =   strip_tags( $value );
                 }
             }
     
diff --git a/app/Http/Controllers/Dashboard/CrudController.php b/app/Http/Controllers/Dashboard/CrudController.php
index e27fe26bd..1acf63b0d 100755
--- a/app/Http/Controllers/Dashboard/CrudController.php
+++ b/app/Http/Controllers/Dashboard/CrudController.php
@@ -120,7 +120,7 @@ public function crudPost( String $namespace, CrudPostRequest $request )
              * all script tags
              */
             if ( ! empty( $entry->$name ) ) {
-                $entry->$name       =   preg_replace( '#<script(.*?)>(.*?)</script>#is', null, $entry->$name );
+                $entry->$name       =   strip_tags( $entry->$name );
             }
         }
         
@@ -243,7 +243,7 @@ public function crudPut( String $namespace, $id, CrudPutRequest $request  )
              * all script tags
              */
             if ( ! empty( $entry->$name ) ) {
-                $entry->$name       =   preg_replace( '#<script(.*?)>(.*?)</script>#is', null, $entry->$name );
+                $entry->$name       =   strip_tags( $entry->$name );
             }
         }
         
diff --git a/app/Services/Options.php b/app/Services/Options.php
index 036723584..77884a7b7 100755
--- a/app/Services/Options.php
+++ b/app/Services/Options.php
@@ -154,7 +154,7 @@ public function beforeSave( $option )
         * sanitizing input to remove
         * all script tags
         */
-        $option->value      =   preg_replace( '#<script(.*?)>(.*?)</script>#is', '', $option->value );
+        $option->value      =   strip_tags( $option->value );
 
         return $option;
     }
diff --git a/app/Services/UserOptions.php b/app/Services/UserOptions.php
index ab26fecc5..00bec7be3 100755
--- a/app/Services/UserOptions.php
+++ b/app/Services/UserOptions.php
@@ -27,7 +27,7 @@ public function beforeSave( $option )
         * sanitizing input to remove
         * all script tags
         */
-        $option->value      =   preg_replace( '#<script(.*?)>(.*?)</script>#is', '', $option->value );   
+        $option->value      =   strip_tags( $option->value );   
 
         return $option;
     }