Added protection against use of JS in users page description

This commit is contained in:
Julian Prieber 2022-11-10 21:48:48 +01:00
parent 4dd317b641
commit 3564cfff74
1 changed files with 2 additions and 1 deletions

View File

@ -526,7 +526,8 @@ class UserController extends Controller
$profilePhoto = $request->file('image'); $profilePhoto = $request->file('image');
$pageName = $request->pageName; $pageName = $request->pageName;
$pageDescription = $request->pageDescription; $pageDescription = strip_tags($request->pageDescription,'<a><p><strong><i><ul><ol><li><blockquote><h2><h3><h4>');
$pageDescription = preg_replace("/<a([^>]*)>/i", "<a $1 rel=\"noopener noreferrer nofollow\">", $pageDescription);
$name = $request->Name; $name = $request->Name;
User::where('id', $userId)->update(['littlelink_name' => $pageName, 'littlelink_description' => $pageDescription, 'name' => $name]); User::where('id', $userId)->update(['littlelink_name' => $pageName, 'littlelink_description' => $pageDescription, 'name' => $name]);