Update UserController.php

JulianPrieber · JulianPrieber · commit 324a9433af29 · 2024-02-05T20:50:58.000+01:00
diff --git a/app/Http/Controllers/UserController.php b/app/Http/Controllers/UserController.php
@@ -1149,7 +1149,11 @@ public function importData(Request $request)
                 $user->littlelink_name = $userData['littlelink_name'];
             }
             if (isset($userData['littlelink_description'])) {
-                $user->littlelink_description = $userData['littlelink_description'];
+                $sanitizedText = $userData['littlelink_description'];
+                $sanitizedText = strip_tags($sanitizedText, '<a><p><strong><i><ul><ol><li><blockquote><h2><h3><h4>');
+                $sanitizedText = preg_replace("/<a([^>]*)>/i", "<a $1 rel=\"noopener noreferrer nofollow\">", $sanitizedText);
+                $sanitizedText = strip_tags_except_allowed_protocols($sanitizedText);
+                $user->littlelink_description = $sanitizedText;
             }
             if (isset($userData['image_data'])) {
                 // Decode the image data from Base64

Original file line number	Diff line number	Diff line change
`@@ -1149,7 +1149,11 @@ public function importData(Request $request)`
`1149`	`1149`	`$user->littlelink_name = $userData['littlelink_name'];`
`1150`	`1150`	`}`
`1151`	`1151`	`if (isset($userData['littlelink_description'])) {`
`1152`		`- $user->littlelink_description = $userData['littlelink_description'];`
	`1152`	`+ $sanitizedText = $userData['littlelink_description'];`
	`1153`	`+ $sanitizedText = strip_tags($sanitizedText, '<a><p><strong><i><ul><ol><li><blockquote><h2><h3><h4>');`
	`1154`	`+ $sanitizedText = preg_replace("/<a([^>]*)>/i", "<a $1 rel=\"noopener noreferrer nofollow\">", $sanitizedText);`
	`1155`	`+ $sanitizedText = strip_tags_except_allowed_protocols($sanitizedText);`
	`1156`	`+ $user->littlelink_description = $sanitizedText;`
`1153`	`1157`	`}`
`1154`	`1158`	`if (isset($userData['image_data'])) {`
`1155`	`1159`	`// Decode the image data from Base64`