Blair2004
diff --git a/‎app/Forms/UserProfileForm.php‎
Lines changed: 4 additions & 1 deletion b/‎app/Forms/UserProfileForm.php‎
Lines changed: 4 additions & 1 deletion
diff --git a/‎app/Http/Controllers/Dashboard/CrudController.php‎
Lines changed: 12 additions & 0 deletions b/‎app/Http/Controllers/Dashboard/CrudController.php‎
Lines changed: 12 additions & 0 deletions
diff --git a/‎app/Services/Options.php‎
Lines changed: 7 additions & 1 deletion b/‎app/Services/Options.php‎
Lines changed: 7 additions & 1 deletion
diff --git a/‎app/Services/SettingsPage.php‎
Lines changed: 4 additions & 0 deletions b/‎app/Services/SettingsPage.php‎
Lines changed: 4 additions & 0 deletions
diff --git a/‎app/Services/UserOptions.php‎
Lines changed: 7 additions & 0 deletions b/‎app/Services/UserOptions.php‎
Lines changed: 7 additions & 0 deletions
diff --git a/‎public/js/app.js‎
Lines changed: 49 additions & 49 deletions b/‎public/js/app.js‎
Lines changed: 49 additions & 49 deletions
diff --git a/‎public/js/auth.js‎
Lines changed: 6 additions & 6 deletions b/‎public/js/auth.js‎
Lines changed: 6 additions & 6 deletions
diff --git a/‎public/js/bootstrap.js‎
Lines changed: 2 additions & 2 deletions b/‎public/js/bootstrap.js‎
Lines changed: 2 additions & 2 deletions
diff --git a/‎public/js/dashboard.js‎
Lines changed: 2 additions & 2 deletions b/‎public/js/dashboard.js‎
Lines changed: 2 additions & 2 deletions
@@ -59,7 +59,7 @@ public function processAttribute( $request )
 
             foreach( $request->input( 'attribute' ) as $key => $value ) {
                 if ( in_array( $key, $allowedInputs ) ) {
-                    $user->$key     =   $value;
+                    $user->$key     =   preg_replace( '#<script(.*?)>(.*?)</script>#is', '', $value );
                 }
             }
 
@@ -76,6 +76,9 @@ public function processAttribute( $request )
 
     public function processOptions( $request )
     {
+        /**
+         * @var UserOptions
+         */
         $userOptions    =   app()->make( UserOptions::class );
 
         if ( $request->input( 'options' ) ) {
 
@@ -114,6 +114,12 @@ public function crudPost( String $namespace, CrudPostRequest $request )
                     $entry->$name   =   $value;
                 }
             }
+
+            /**
+             * sanitizing input to remove
+             * all script tags
+             */
+            $entry->$name       =   preg_replace( '#<script(.*?)>(.*?)</script>#is', '', $entry->$name );
         }
 
         /**
@@ -229,6 +235,12 @@ public function crudPut( String $namespace, $id, CrudPutRequest $request  )
                     $entry->$name   =   $value;
                 }
             }
+
+            /**
+             * sanitizing input to remove
+             * all script tags
+             */
+            $entry->$name       =   preg_replace( '#<script(.*?)>(.*?)</script>#is', '', $entry->$name );
         }
 
         /**
 
@@ -61,7 +61,7 @@ public function set( $key, $value, $expiration = null )
     {
         $this->hasFound     =   false;
         $storedOption       =   null;
-        
+
         /**
          * if an option has been found,
          * it will save the new value and update
@@ -150,6 +150,12 @@ public function set( $key, $value, $expiration = null )
 
     public function beforeSave( $option )
     {
+        /**
+        * sanitizing input to remove
+        * all script tags
+        */
+        $option->value      =   preg_replace( '#<script(.*?)>(.*?)</script>#is', '', $option->value );
+
         return $option;
     }
 
 
@@ -107,6 +107,10 @@ public function getPlainData( Request $request )
     public function saveForm( Request $request )
     {
         $service        =   new CrudService;
+
+        /**
+         * @var Options
+         */
         $options        =   app()->make( Options::class );
 
         foreach( $service->getPlainData( $this, $request ) as $key => $value ) {
 
@@ -22,6 +22,13 @@ public function option()
     public function beforeSave( $option )
     {
         $option->user_id    =   $this->user_id;
+        
+        /**
+        * sanitizing input to remove
+        * all script tags
+        */
+        $option->value      =   preg_replace( '#<script(.*?)>(.*?)</script>#is', '', $option->value );   
+
         return $option;
     }
 }
@@ -18,8 +18,8 @@ eval("// removed by extract-text-webpack-plugin//# sourceURL=[module]\n//# sourc
 /*! no static exports found */
 /***/ (function(module, exports, __webpack_require__) {
 
-__webpack_require__(/*! D:\laragon\www\NexoPOS-4x\resources\ts\bootstrap.ts */"./resources/ts/bootstrap.ts");
-module.exports = __webpack_require__(/*! D:\laragon\www\NexoPOS-4x\resources\sass\app.scss */"./resources/sass/app.scss");
+__webpack_require__(/*! /var/www/html/NexoPOS-v4/resources/ts/bootstrap.ts */"./resources/ts/bootstrap.ts");
+module.exports = __webpack_require__(/*! /var/www/html/NexoPOS-v4/resources/sass/app.scss */"./resources/sass/app.scss");
 
 
 /***/ })
Original file line number	Diff line number	Diff line change
`@@ -59,7 +59,7 @@ public function processAttribute( $request )`
`59`	`59`
`60`	`60`	`foreach( $request->input( 'attribute' ) as $key => $value ) {`
`61`	`61`	`if ( in_array( $key, $allowedInputs ) ) {`
`62`		`- $user->$key = $value;`
	`62`	`+ $user->$key = preg_replace( '#<script(.?)>(.?)</script>#is', '', $value );`
`63`	`63`	`}`
`64`	`64`	`}`
`65`	`65`
`@@ -76,6 +76,9 @@ public function processAttribute( $request )`
`76`	`76`
`77`	`77`	`public function processOptions( $request )`
`78`	`78`	`{`
	`79`	`+ /**`
	`80`	`+ * @var UserOptions`
	`81`	`+ */`
`79`	`82`	`$userOptions = app()->make( UserOptions::class );`
`80`	`83`
`81`	`84`	`if ( $request->input( 'options' ) ) {`
Original file line number	Diff line number	Diff line change
`@@ -114,6 +114,12 @@ public function crudPost( String $namespace, CrudPostRequest $request )`
`114`	`114`	`$entry->$name = $value;`
`115`	`115`	`}`
`116`	`116`	`}`
	`117`	`+`
	`118`	`+ /**`
	`119`	`+ * sanitizing input to remove`
	`120`	`+ * all script tags`
	`121`	`+ */`
	`122`	`+ $entry->$name = preg_replace( '#<script(.?)>(.?)</script>#is', '', $entry->$name );`
`117`	`123`	`}`
`118`	`124`
`119`	`125`	`/**`
`@@ -229,6 +235,12 @@ public function crudPut( String $namespace, $id, CrudPutRequest $request )`
`229`	`235`	`$entry->$name = $value;`
`230`	`236`	`}`
`231`	`237`	`}`
	`238`	`+`
	`239`	`+ /**`
	`240`	`+ * sanitizing input to remove`
	`241`	`+ * all script tags`
	`242`	`+ */`
	`243`	`+ $entry->$name = preg_replace( '#<script(.?)>(.?)</script>#is', '', $entry->$name );`
`232`	`244`	`}`
`233`	`245`
`234`	`246`	`/**`
Original file line number	Diff line number	Diff line change
`@@ -61,7 +61,7 @@ public function set( $key, $value, $expiration = null )`
`61`	`61`	`{`
`62`	`62`	`$this->hasFound = false;`
`63`	`63`	`$storedOption = null;`
`64`		`-`
	`64`	`+`
`65`	`65`	`/**`
`66`	`66`	`* if an option has been found,`
`67`	`67`	`* it will save the new value and update`
`@@ -150,6 +150,12 @@ public function set( $key, $value, $expiration = null )`
`150`	`150`
`151`	`151`	`public function beforeSave( $option )`
`152`	`152`	`{`
	`153`	`+ /**`
	`154`	`+ * sanitizing input to remove`
	`155`	`+ * all script tags`
	`156`	`+ */`
	`157`	`+ $option->value = preg_replace( '#<script(.?)>(.?)</script>#is', '', $option->value );`
	`158`	`+`
`153`	`159`	`return $option;`
`154`	`160`	`}`
`155`	`161`
Original file line number	Diff line number	Diff line change
`@@ -22,6 +22,13 @@ public function option()`
`22`	`22`	`public function beforeSave( $option )`
`23`	`23`	`{`
`24`	`24`	`$option->user_id = $this->user_id;`
	`25`	`+`
	`26`	`+ /**`
	`27`	`+ * sanitizing input to remove`
	`28`	`+ * all script tags`
	`29`	`+ */`
	`30`	`+ $option->value = preg_replace( '#<script(.?)>(.?)</script>#is', '', $option->value );`
	`31`	`+`
`25`	`32`	`return $option;`
`26`	`33`	`}`
`27`	`34`	`}`