Skip to content

Commit 9447d21

Browse files
JulianPrieberJulianPrieber
committed
Impoved validation for imports
1 parent cc6a119 commit 9447d21

File tree

1 file changed

+21
-1
lines changed

1 file changed

+21
-1
lines changed

app/Http/Controllers/UserController.php

+21-1
Original file line numberDiff line numberDiff line change
@@ -1169,12 +1169,32 @@ public function importData(Request $request)
11691169

11701170
// Loop through each link in $userData and create a new link for the user
11711171
foreach ($userData['links'] as $linkData) {
1172+
1173+
$validatedData = Validator::make($linkData, [
1174+
'link' => 'nullable|url',
1175+
]);
1176+
1177+
if ($validatedData->fails()) {
1178+
throw new \Exception('Invalid link');
1179+
}
1180+
11721181
$newLink = new Link();
11731182

11741183
// Copy over the link data from $linkData to $newLink
11751184
$newLink->button_id = $linkData['button_id'];
11761185
$newLink->link = $linkData['link'];
1177-
$newLink->title = $linkData['title'];
1186+
1187+
// Sanitize the title
1188+
if ($linkData['button_id'] == 93) {
1189+
$sanitizedText = strip_tags($linkData['title'], '<a><p><strong><i><ul><ol><li><blockquote><h2><h3><h4>');
1190+
$sanitizedText = preg_replace("/<a([^>]*)>/i", "<a $1 rel=\"noopener noreferrer nofollow\">", $sanitizedText);
1191+
$sanitizedText = strip_tags_except_allowed_protocols($sanitizedText);
1192+
1193+
$newLink->title = $sanitizedText;
1194+
} else {
1195+
$newLink->title = $linkData['title'];
1196+
}
1197+
11781198
$newLink->order = $linkData['order'];
11791199
$newLink->click_number = 0;
11801200
$newLink->up_link = $linkData['up_link'];

0 commit comments

Comments
 (0)