From 9447d2193582317348920c6081f1340d52a8e672 Mon Sep 17 00:00:00 2001 From: Julian Prieber Date: Mon, 5 Feb 2024 19:23:28 +0100 Subject: [PATCH] Impoved validation for imports --- app/Http/Controllers/UserController.php | 22 +++++++++++++++++++++- 1 file changed, 21 insertions(+), 1 deletion(-) diff --git a/app/Http/Controllers/UserController.php b/app/Http/Controllers/UserController.php index 2fbfd0d..1c7db71 100755 --- a/app/Http/Controllers/UserController.php +++ b/app/Http/Controllers/UserController.php @@ -1169,12 +1169,32 @@ class UserController extends Controller // Loop through each link in $userData and create a new link for the user foreach ($userData['links'] as $linkData) { + + $validatedData = Validator::make($linkData, [ + 'link' => 'nullable|url', + ]); + + if ($validatedData->fails()) { + throw new \Exception('Invalid link'); + } + $newLink = new Link(); // Copy over the link data from $linkData to $newLink $newLink->button_id = $linkData['button_id']; $newLink->link = $linkData['link']; - $newLink->title = $linkData['title']; + + // Sanitize the title + if ($linkData['button_id'] == 93) { + $sanitizedText = strip_tags($linkData['title'], '