Update UserController.php

2024-02-05 20:50:58 +01:00 · 2024-02-05 20:50:58 +01:00 · 324a9433af
parent 9447d21935
commit 324a9433af
1 changed files with 5 additions and 1 deletions
--- a/app/Http/Controllers/UserController.php
+++ b/app/Http/Controllers/UserController.php
@ -1149,7 +1149,11 @@ class UserController extends Controller
                $user->littlelink_name = $userData['littlelink_name'];
            }
            if (isset($userData['littlelink_description'])) {
-                $user->littlelink_description = $userData['littlelink_description'];
+                $sanitizedText = $userData['littlelink_description'];
+                $sanitizedText = strip_tags($sanitizedText, '<a><p><strong><i><ul><ol><li><blockquote><h2><h3><h4>');
+                $sanitizedText = preg_replace("/<a([^>]*)>/i", "<a $1 rel=\"noopener noreferrer nofollow\">", $sanitizedText);
+                $sanitizedText = strip_tags_except_allowed_protocols($sanitizedText);
+                $user->littlelink_description = $sanitizedText;
            }
            if (isset($userData['image_data'])) {
                // Decode the image data from Base64