Skip to content

Commit e022446

Browse files
Update AdminCommentController.php
1 parent b2baab6 commit e022446

File tree

1 file changed

+3
-10
lines changed

1 file changed

+3
-10
lines changed

Diff for: src/MicroweberPackages/Comment/Http/Controllers/Admin/AdminCommentController.php

+3-10
Original file line numberDiff line numberDiff line change
@@ -18,18 +18,16 @@
1818
use MicroweberPackages\Comment\Models\Comment;
1919
use MicroweberPackages\Comment\Events\NewComment;
2020
use MicroweberPackages\Comment\Notifications\NewCommentNotification;
21+
use MicroweberPackages\Helper\HTMLClean;
2122
use MicroweberPackages\User\Models\User;
2223
use MicroweberPackages\Utils\Mail\MailSender;
2324

24-
2525
class AdminCommentController extends AdminController
2626
{
2727
public function index(Request $request)
2828
{
29-
3029
$contents = $this->getComments($request);
3130

32-
3331
return $this->view('comment::admin.comments.index', ['contents' => $contents]);
3432
}
3533

@@ -42,7 +40,6 @@ public function getComments(Request $request)
4240
$contents = $contents->filter($filter);
4341
}
4442

45-
4643
$contents = $contents->paginate($request->get('limit', 30))
4744
->appends($request->except('page'));
4845

@@ -148,12 +145,8 @@ public function saveCommentEdit(Request $request)
148145

149146
$comment_body = $data['comment_body'];
150147

151-
// Claer HTML
152-
$comment_body = $this->app->format->clean_html($comment_body);
153-
154-
// Clear XSS
155-
$evil = ['(?<!\w)on\w*', 'xmlns', 'formaction', 'xlink:href', 'FSCommand', 'seekSegmentTime'];
156-
$comment_body = $this->app->format->clean_xss($comment_body, true, $evil, 'removeEvilAttributes');
148+
$cleanHtml = new HTMLClean();
149+
$comment_body = $cleanHtml->onlyTags($comment_body);
157150

158151
if (!empty($comment_body) and !empty($data['format']) and $data['format'] == 'markdown') {
159152
$comment_body = Markdown::convertToHtml($comment_body);

0 commit comments

Comments
 (0)