Skip to content
Permalink
Browse files Browse the repository at this point in the history
Update AdminCommentController.php
  • Loading branch information
bobimicroweber committed Mar 9, 2022
1 parent b2baab6 commit e022446
Showing 1 changed file with 3 additions and 10 deletions.
Expand Up @@ -18,18 +18,16 @@
use MicroweberPackages\Comment\Models\Comment;
use MicroweberPackages\Comment\Events\NewComment;
use MicroweberPackages\Comment\Notifications\NewCommentNotification;
use MicroweberPackages\Helper\HTMLClean;
use MicroweberPackages\User\Models\User;
use MicroweberPackages\Utils\Mail\MailSender;


class AdminCommentController extends AdminController
{
public function index(Request $request)
{

$contents = $this->getComments($request);


return $this->view('comment::admin.comments.index', ['contents' => $contents]);
}

Expand All @@ -42,7 +40,6 @@ public function getComments(Request $request)
$contents = $contents->filter($filter);
}


$contents = $contents->paginate($request->get('limit', 30))
->appends($request->except('page'));

Expand Down Expand Up @@ -148,12 +145,8 @@ public function saveCommentEdit(Request $request)

$comment_body = $data['comment_body'];

// Claer HTML
$comment_body = $this->app->format->clean_html($comment_body);

// Clear XSS
$evil = ['(?<!\w)on\w*', 'xmlns', 'formaction', 'xlink:href', 'FSCommand', 'seekSegmentTime'];
$comment_body = $this->app->format->clean_xss($comment_body, true, $evil, 'removeEvilAttributes');
$cleanHtml = new HTMLClean();
$comment_body = $cleanHtml->onlyTags($comment_body);

if (!empty($comment_body) and !empty($data['format']) and $data['format'] == 'markdown') {
$comment_body = Markdown::convertToHtml($comment_body);
Expand Down

0 comments on commit e022446

Please sign in to comment.