Sanitize text fields
This commit is contained in:
parent
debb028a7d
commit
cc6a1195b3
|
@ -139,3 +139,15 @@ function footer($key)
|
||||||
}
|
}
|
||||||
return $title;
|
return $title;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
function strip_tags_except_allowed_protocols($str) {
|
||||||
|
preg_match_all('/<a[^>]+>(.*?)<\/a>/i', $str, $matches, PREG_SET_ORDER);
|
||||||
|
|
||||||
|
foreach ($matches as $val) {
|
||||||
|
if (!preg_match('/href=["\'](http:|https:|mailto:|tel:)[^"\']*["\']/', $val[0])) {
|
||||||
|
$str = str_replace($val[0], $val[1], $str);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
return $str;
|
||||||
|
}
|
|
@ -264,9 +264,13 @@ class UserController extends Controller
|
||||||
'button_id' => "42",
|
'button_id' => "42",
|
||||||
]);
|
]);
|
||||||
}elseif($linkType->typename == "text"){
|
}elseif($linkType->typename == "text"){
|
||||||
|
$sanitizedText = $request->text;
|
||||||
|
$sanitizedText = strip_tags($sanitizedText, '<a><p><strong><i><ul><ol><li><blockquote><h2><h3><h4>');
|
||||||
|
$sanitizedText = preg_replace("/<a([^>]*)>/i", "<a $1 rel=\"noopener noreferrer nofollow\">", $sanitizedText);
|
||||||
|
$sanitizedText = strip_tags_except_allowed_protocols($sanitizedText);
|
||||||
$OrigLink->update([
|
$OrigLink->update([
|
||||||
'button_id' => "93",
|
'button_id' => "93",
|
||||||
'title' => $request->text,
|
'title' => $sanitizedText,
|
||||||
]);
|
]);
|
||||||
}elseif($linkType->typename == "email"){
|
}elseif($linkType->typename == "email"){
|
||||||
$LinkURL = "mailto:".$LinkURL;
|
$LinkURL = "mailto:".$LinkURL;
|
||||||
|
@ -387,8 +391,12 @@ class UserController extends Controller
|
||||||
}elseif($linkType->typename == "heading"){
|
}elseif($linkType->typename == "heading"){
|
||||||
$links->button_id = "42";
|
$links->button_id = "42";
|
||||||
}elseif($linkType->typename == "text"){
|
}elseif($linkType->typename == "text"){
|
||||||
|
$sanitizedText = $request->text;
|
||||||
|
$sanitizedText = strip_tags($sanitizedText, '<a><p><strong><i><ul><ol><li><blockquote><h2><h3><h4>');
|
||||||
|
$sanitizedText = preg_replace("/<a([^>]*)>/i", "<a $1 rel=\"noopener noreferrer nofollow\">", $sanitizedText);
|
||||||
|
$sanitizedText = strip_tags_except_allowed_protocols($sanitizedText);
|
||||||
$links->button_id = "93";
|
$links->button_id = "93";
|
||||||
$links->title = $request->text;
|
$links->title = $sanitizedText;
|
||||||
}elseif($linkType->typename == "email"){
|
}elseif($linkType->typename == "email"){
|
||||||
$links->link = "mailto:".$links->link;
|
$links->link = "mailto:".$links->link;
|
||||||
$links->button_id = $button?->id;
|
$links->button_id = $button?->id;
|
||||||
|
@ -789,6 +797,7 @@ class UserController extends Controller
|
||||||
$pageName = $request->littlelink_name;
|
$pageName = $request->littlelink_name;
|
||||||
$pageDescription = strip_tags($request->pageDescription, '<a><p><strong><i><ul><ol><li><blockquote><h2><h3><h4>');
|
$pageDescription = strip_tags($request->pageDescription, '<a><p><strong><i><ul><ol><li><blockquote><h2><h3><h4>');
|
||||||
$pageDescription = preg_replace("/<a([^>]*)>/i", "<a $1 rel=\"noopener noreferrer nofollow\">", $pageDescription);
|
$pageDescription = preg_replace("/<a([^>]*)>/i", "<a $1 rel=\"noopener noreferrer nofollow\">", $pageDescription);
|
||||||
|
$pageDescription = strip_tags_except_allowed_protocols($pageDescription);
|
||||||
$name = $request->name;
|
$name = $request->name;
|
||||||
$checkmark = $request->checkmark;
|
$checkmark = $request->checkmark;
|
||||||
$sharebtn = $request->sharebtn;
|
$sharebtn = $request->sharebtn;
|
||||||
|
|
Loading…
Reference in New Issue