From 36fef6beb35ec9f9db1528b138cd67f1aafdb801 Mon Sep 17 00:00:00 2001
From: David Bomba <turbo124@gmail.com>
Date: Tue, 6 Aug 2024 18:21:03 +1000
Subject: [PATCH] Improvements for twig

---
 app/PaymentDrivers/Stripe/Jobs/ChargeRefunded.php | 5 +++++
 app/Services/Template/TemplateService.php         | 5 ++++-
 2 files changed, 9 insertions(+), 1 deletion(-)

diff --git a/app/PaymentDrivers/Stripe/Jobs/ChargeRefunded.php b/app/PaymentDrivers/Stripe/Jobs/ChargeRefunded.php
index 405f696742e4..524139527e03 100644
--- a/app/PaymentDrivers/Stripe/Jobs/ChargeRefunded.php
+++ b/app/PaymentDrivers/Stripe/Jobs/ChargeRefunded.php
@@ -59,6 +59,11 @@ class ChargeRefunded implements ShouldQueue
 
         $payment_hash_key = $source['metadata']['payment_hash'] ?? null;
 
+        if(is_null($payment_hash_key)){
+            nlog("charge.refunded not found");
+            return;
+        }
+
         $payment_hash = PaymentHash::query()->where('hash', $payment_hash_key)->first();
         $company_gateway = $payment_hash->payment->company_gateway;
 
diff --git a/app/Services/Template/TemplateService.php b/app/Services/Template/TemplateService.php
index f30302435dc1..016a91783fd0 100644
--- a/app/Services/Template/TemplateService.php
+++ b/app/Services/Template/TemplateService.php
@@ -124,7 +124,7 @@ class TemplateService
         $this->twig->addFilter($filter);
 
         $allowedTags = ['if', 'for', 'set', 'filter'];
-        $allowedFilters = ['escape', 'e', 'upper', 'lower', 'capitalize', 'filter', 'length', 'merge','format_currency', 'format_number','format_percent_number','map', 'join', 'first', 'date', 'sum', 'number_format','nl2br'];
+        $allowedFilters = ['replace', 'escape', 'e', 'upper', 'lower', 'capitalize', 'filter', 'length', 'merge','format_currency', 'format_number','format_percent_number','map', 'join', 'first', 'date', 'sum', 'number_format','nl2br'];
         $allowedFunctions = ['range', 'cycle', 'constant', 'date',];
         $allowedProperties = ['type_id'];
         $allowedMethods = ['img','t'];
@@ -323,6 +323,9 @@ class TemplateService
             $template = $template->render($this->data);
 
             $f = $this->document->createDocumentFragment();
+
+            $template = htmlspecialchars($template, ENT_XML1, 'UTF-8');
+
             $f->appendXML(html_entity_decode($template));
 
             $replacements[] = $f;