From 5401ab5354dd2c93cba40afac8bb46743b54edec Mon Sep 17 00:00:00 2001
From: David Bomba <turbo124@gmail.com>
Date: Mon, 18 Dec 2023 07:06:20 +1100
Subject: [PATCH] filter custom email styles

---
 app/Http/Requests/Company/UpdateCompanyRequest.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/app/Http/Requests/Company/UpdateCompanyRequest.php b/app/Http/Requests/Company/UpdateCompanyRequest.php
index abd670f6b02f..1d9d5be91871 100644
--- a/app/Http/Requests/Company/UpdateCompanyRequest.php
+++ b/app/Http/Requests/Company/UpdateCompanyRequest.php
@@ -115,7 +115,7 @@ class UpdateCompanyRequest extends Request
         }
 
         if (isset($settings['email_style_custom'])) {
-            $settings['email_style_custom'] = str_replace(['{{','}}'], ['',''], $settings['email_style_custom']);
+            $settings['email_style_custom'] = str_replace(['{!!','!!}','{{','}}','@if(','@endif','@isset','@unless','@auth','@empty','@guest','@env','@section','@switch', '@foreach', '@while', '@include', '@each', '@once', '@push', '@use', '@forelse', '@verbatim', '<?php', '@php', '@for'], '', $settings['email_style_custom']);
         }
 
         if (! $account->isFreeHostedClient()) {