Cutlery/invoiceninja
1
0
Fork 0
mirror of https://github.com/invoiceninja/invoiceninja.git synced 2025-07-09 03:14:30 -04:00
Code Issues Packages Projects Releases Wiki Activity

Clean input for custom css

Browse Source
This commit is contained in:
David Bomba 2022-11-19 10:58:32 +11:00
parent eaedcba6d0
commit 1c89a39d56
3 changed files with 20 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
app/Http/Requests/Company/UpdateCompanyRequest.php
View File

@ -22,6 +22,14 @@ class UpdateCompanyRequest extends Request
{ {
use MakesHash; use MakesHash;
private array $protected_input = [
'client_portal_privacy_policy',
'client_portal_terms',
'portal_custom_footer',
'portal_custom_css',
'portal_custom_head'
];
/** /**
* Determine if the user is authorized to make this request. * Determine if the user is authorized to make this request.
* *
@ -32,6 +40,8 @@ class UpdateCompanyRequest extends Request
return auth()->user()->can('edit', $this->company); return auth()->user()->can('edit', $this->company);
} }
public function rules() public function rules()
{ {
$input = $this->all(); $input = $this->all();
@ -90,6 +100,14 @@ class UpdateCompanyRequest extends Request
{ {
$account = $this->company->account; $account = $this->company->account;
if(Ninja::isHosted())
{
foreach($this->protected_input as $protected_var)
{
$settings[$protected_var] = str_replace("script", "", $settings[$protected_var]);
}
}
if (! $account->isFreeHostedClient()) { if (! $account->isFreeHostedClient()) {
return $settings; return $settings;
} }

2
resources/views/portal/ninja2020/layout/app.blade.php
View File

@ -163,7 +163,7 @@
@yield('footer') @yield('footer')
@stack('footer') @stack('footer')
@if((bool) \App\Utils\Ninja::isSelfHost() && !empty($client->getSetting('portal_custom_footer'))) @if($company && $company->account->isPaid() && !empty($client->getSetting('portal_custom_footer')))
<div class="py-1 text-sm text-center text-white bg-primary"> <div class="py-1 text-sm text-center text-white bg-primary">
{!! $client->getSetting('portal_custom_footer') !!} {!! $client->getSetting('portal_custom_footer') !!}
</div> </div>

2
resources/views/portal/ninja2020/layout/vendor_app.blade.php
View File

@ -164,7 +164,7 @@
@yield('footer') @yield('footer')
@stack('footer') @stack('footer')
@if((bool) \App\Utils\Ninja::isSelfHost() && !empty($settings->portal_custom_footer)) @if($company && $company->account->isPaid() && !empty($settings->portal_custom_footer))
<div class="py-1 text-sm text-center text-white bg-primary"> <div class="py-1 text-sm text-center text-white bg-primary">
{!! $settings->portal_custom_footer !!} {!! $settings->portal_custom_footer !!}
</div> </div>