diff --git a/app/Domain/Canvas/Controllers/BoardDialog.php b/app/Domain/Canvas/Controllers/BoardDialog.php
index 1a0575143..a91c46bc3 100644
--- a/app/Domain/Canvas/Controllers/BoardDialog.php
+++ b/app/Domain/Canvas/Controllers/BoardDialog.php
@@ -74,7 +74,7 @@ public function run()
$message = sprintf(
$this->language->__('email_notifications.canvas_created_message'),
session('userdata.name'),
- "".$values['title'].''
+ "".strip_tags($values['title']).''
);
$mailer->setHtml($message);
diff --git a/app/Domain/Canvas/Controllers/EditCanvasItem.php b/app/Domain/Canvas/Controllers/EditCanvasItem.php
index afd24961c..3d00c31c5 100644
--- a/app/Domain/Canvas/Controllers/EditCanvasItem.php
+++ b/app/Domain/Canvas/Controllers/EditCanvasItem.php
@@ -184,7 +184,7 @@ public function post($params)
$message = sprintf(
$this->language->__('email_notifications.canvas_item_update_message'),
session('userdata.name'),
- $canvasItem['description']
+ strip_tags($canvasItem['description'])
);
$notification = app()->make(NotificationModel::class);
@@ -236,7 +236,7 @@ public function post($params)
$message = sprintf(
$this->language->__('email_notifications.canvas_item_created_message'),
session('userdata.name'),
- $canvasItem['description']
+ strip_tags($canvasItem['description'])
);
$notification = app()->make(NotificationModel::class);
diff --git a/app/Domain/Canvas/Controllers/ShowCanvas.php b/app/Domain/Canvas/Controllers/ShowCanvas.php
index 6c056846a..4a06a6981 100644
--- a/app/Domain/Canvas/Controllers/ShowCanvas.php
+++ b/app/Domain/Canvas/Controllers/ShowCanvas.php
@@ -115,7 +115,7 @@ public function run()
$message = sprintf(
$this->language->__('email_notifications.canvas_created_message'),
session('userdata.name'),
- "".$values['title'].''
+ "".strip_tags($values['title']).''
);
$mailer->setHtml($message);
@@ -232,7 +232,7 @@ public function run()
$message = sprintf(
$this->language->__('email_notifications.canvas_imported_message'),
session('userdata.name'),
- "".$canvas[0]['title'].''
+ "".strip_tags($canvas[0]['title']).''
);
$mailer->setHtml($message);
diff --git a/app/Domain/Comments/Services/Comments.php b/app/Domain/Comments/Services/Comments.php
index 2820429c9..30ae7e407 100644
--- a/app/Domain/Comments/Services/Comments.php
+++ b/app/Domain/Comments/Services/Comments.php
@@ -66,14 +66,14 @@ public function addComment($values, $module, $entityId, $entity): bool
switch ($module) {
case 'ticket':
- $subject = sprintf($this->language->__('email_notifications.new_comment_todo_with_type_subject'), $this->language->__('label.'.strtolower($entity->type)), $entity->id, $entity->headline);
- $message = sprintf($this->language->__('email_notifications.new_comment_todo_with_type_message'), session('userdata.name'), $this->language->__('label.'.strtolower($entity->type)), $entity->headline, $values['text']);
+ $subject = sprintf($this->language->__('email_notifications.new_comment_todo_with_type_subject'), $this->language->__('label.'.strtolower($entity->type)), $entity->id, strip_tags($entity->headline));
+ $message = sprintf($this->language->__('email_notifications.new_comment_todo_with_type_message'), session('userdata.name'), $this->language->__('label.'.strtolower($entity->type)), strip_tags($entity->headline), strip_tags($values['text']));
$linkLabel = $this->language->__('email_notifications.new_comment_todo_cta');
$currentUrl = BASE_URL.'#/tickets/showTicket/'.$entity->id;
break;
case 'project':
- $subject = sprintf($this->language->__('email_notifications.new_comment_project_subject'), $entityId, $entity['name']);
- $message = sprintf($this->language->__('email_notifications.new_comment_project_message'), session('userdata.name'), $entity['name']);
+ $subject = sprintf($this->language->__('email_notifications.new_comment_project_subject'), $entityId, strip_tags($entity['name']));
+ $message = sprintf($this->language->__('email_notifications.new_comment_project_message'), session('userdata.name'), strip_tags($entity['name']));
$linkLabel = $this->language->__('email_notifications.new_comment_project_cta');
break;
default:
diff --git a/app/Domain/Files/Services/Files.php b/app/Domain/Files/Services/Files.php
index 5e7e8ceef..1dd4bdc53 100644
--- a/app/Domain/Files/Services/Files.php
+++ b/app/Domain/Files/Services/Files.php
@@ -51,8 +51,8 @@ public function uploadFile($file, $module, $entityId, $entity = null): array|boo
switch ($module) {
case 'ticket':
- $subject = sprintf($this->language->__('email_notifications.new_file_todo_subject'), $entity->id, $entity->headline);
- $message = sprintf($this->language->__('email_notifications.new_file_todo_subject'), session('userdata.name'), $entity->headline);
+ $subject = sprintf($this->language->__('email_notifications.new_file_todo_subject'), $entity->id, strip_tags($entity->headline));
+ $message = sprintf($this->language->__('email_notifications.new_file_todo_subject'), session('userdata.name'), strip_tags($entity->headline));
$linkLabel = $this->language->__('email_notifications.new_file_todo_cta');
break;
default:
diff --git a/app/Domain/Goalcanvas/Controllers/Dashboard.php b/app/Domain/Goalcanvas/Controllers/Dashboard.php
index 12373950e..21b4efc5b 100644
--- a/app/Domain/Goalcanvas/Controllers/Dashboard.php
+++ b/app/Domain/Goalcanvas/Controllers/Dashboard.php
@@ -162,7 +162,7 @@ public function run()
$message = sprintf(
$this->language->__('email_notifications.canvas_created_message'),
session('userdata.name'),
- "".$values['title'].''
+ "".strip_tags($values['title']).''
);
$mailer->setHtml($message);
@@ -279,7 +279,7 @@ public function run()
$message = sprintf(
$this->language->__('email_notifications.canvas_imported_message'),
session('userdata.name'),
- "".$canvas[0]['title'].''
+ "".strip_tags($canvas[0]['title']).''
);
$mailer->setHtml($message);
diff --git a/app/Domain/Goalcanvas/Controllers/EditCanvasItem.php b/app/Domain/Goalcanvas/Controllers/EditCanvasItem.php
index 29919601a..03aee65a6 100644
--- a/app/Domain/Goalcanvas/Controllers/EditCanvasItem.php
+++ b/app/Domain/Goalcanvas/Controllers/EditCanvasItem.php
@@ -227,7 +227,7 @@ public function post($params): Response
$message = sprintf(
$this->language->__('email_notifications.canvas_item_update_message'),
session('userdata.name'),
- $canvasItem['description']
+ strip_tags($canvasItem['description'])
);
$notification = app()->make(NotificationModel::class);
@@ -280,7 +280,7 @@ public function post($params): Response
$message = sprintf(
$this->language->__('email_notifications.canvas_item_created_message'),
session('userdata.name'),
- $canvasItem['description']
+ strip_tags($canvasItem['description'])
);
$notification = app()->make(NotificationModel::class);
diff --git a/app/Domain/Goalcanvas/Controllers/ShowCanvas.php b/app/Domain/Goalcanvas/Controllers/ShowCanvas.php
index d4a656744..e48b74de7 100644
--- a/app/Domain/Goalcanvas/Controllers/ShowCanvas.php
+++ b/app/Domain/Goalcanvas/Controllers/ShowCanvas.php
@@ -116,7 +116,7 @@ public function run()
$message = sprintf(
$this->language->__('email_notifications.canvas_created_message'),
session('userdata.name'),
- "".$values['title'].''
+ "".strip_tags($values['title']).''
);
$mailer->setHtml($message);
@@ -232,7 +232,7 @@ public function run()
$message = sprintf(
$this->language->__('email_notifications.canvas_imported_message'),
session('userdata.name'),
- "".$canvas[0]['title'].''
+ "".strip_tags($canvas[0]['title']).''
);
$mailer->setHtml($message);
diff --git a/app/Domain/Ideas/Controllers/AdvancedBoards.php b/app/Domain/Ideas/Controllers/AdvancedBoards.php
index b4363bcfa..812b43ba1 100644
--- a/app/Domain/Ideas/Controllers/AdvancedBoards.php
+++ b/app/Domain/Ideas/Controllers/AdvancedBoards.php
@@ -73,7 +73,7 @@ public function run()
$users = $this->projectService->getUsersToNotify(session('currentProject'));
$mailer->setSubject($this->language->__('email_notifications.idea_board_created_subject'));
- $message = sprintf($this->language->__('email_notifications.idea_board_created_message'), session('userdata.name'), "".$values['title'].'.
');
+ $message = sprintf($this->language->__('email_notifications.idea_board_created_message'), session('userdata.name'), "".strip_tags($values['title']).'.
');
$mailer->setHtml($message);
// $mailer->sendMail($users, session("userdata.name"));
diff --git a/app/Domain/Ideas/Controllers/BoardDialog.php b/app/Domain/Ideas/Controllers/BoardDialog.php
index 138f544c6..9f6072031 100644
--- a/app/Domain/Ideas/Controllers/BoardDialog.php
+++ b/app/Domain/Ideas/Controllers/BoardDialog.php
@@ -73,7 +73,7 @@ public function run()
$message = sprintf(
$this->language->__('email_notifications.canvas_created_message'),
session('userdata.name'),
- "".$values['title'].''
+ "".strip_tags($values['title']).''
);
$mailer->setHtml($message);
diff --git a/app/Domain/Ideas/Controllers/IdeaDialog.php b/app/Domain/Ideas/Controllers/IdeaDialog.php
index 7044665f4..afbbbebd5 100644
--- a/app/Domain/Ideas/Controllers/IdeaDialog.php
+++ b/app/Domain/Ideas/Controllers/IdeaDialog.php
@@ -190,7 +190,7 @@ public function post($params)
$message = sprintf(
$this->language->__('notification.idea_edited'),
session('userdata.name'),
- $params['description']
+ strip_tags($params['description'])
);
$notification = app()->make(NotificationModel::class);
@@ -232,7 +232,7 @@ public function post($params)
$subject = $this->language->__('email_notifications.idea_created_subject');
$actual_link = BASE_URL.'#/ideas/ideaDialog/'.$id;
- $message = sprintf($this->language->__('email_notifications.idea_created_message'), session('userdata.name'), $params['description']);
+ $message = sprintf($this->language->__('email_notifications.idea_created_message'), session('userdata.name'), strip_tags($params['description']));
$notification = app()->make(NotificationModel::class);
$notification->url = [
diff --git a/app/Domain/Ideas/Controllers/ShowBoards.php b/app/Domain/Ideas/Controllers/ShowBoards.php
index 5ce19e620..bdcb2b790 100644
--- a/app/Domain/Ideas/Controllers/ShowBoards.php
+++ b/app/Domain/Ideas/Controllers/ShowBoards.php
@@ -80,7 +80,7 @@ public function run()
$users = $this->projectService->getUsersToNotify(session('currentProject'));
$mailer->setSubject($this->language->__('email_notifications.idea_board_created_subject'));
- $message = sprintf($this->language->__('email_notifications.idea_board_created_message'), session('userdata.name'), "".$values['title'].'.
');
+ $message = sprintf($this->language->__('email_notifications.idea_board_created_message'), session('userdata.name'), "".strip_tags($values['title']).'.
');
$mailer->setHtml($message);
// $mailer->sendMail($users, session("userdata.name"));
diff --git a/app/Domain/Projects/Controllers/NewProject.php b/app/Domain/Projects/Controllers/NewProject.php
index 3d33161d5..312f3bdc5 100644
--- a/app/Domain/Projects/Controllers/NewProject.php
+++ b/app/Domain/Projects/Controllers/NewProject.php
@@ -123,7 +123,7 @@ public function run()
$mailer->setContext('project_created');
$mailer->setSubject($this->language->__('email_notifications.project_created_subject'));
$actual_link = BASE_URL.'/projects/showProject/'.$id.'';
- $message = sprintf($this->language->__('email_notifications.project_created_message'), $actual_link, $id, $projectName, session('userdata.name'));
+ $message = sprintf($this->language->__('email_notifications.project_created_message'), $actual_link, $id, strip_tags($projectName), session('userdata.name'));
$mailer->setHtml($message);
$to = [];
diff --git a/app/Domain/Projects/Controllers/ShowProject.php b/app/Domain/Projects/Controllers/ShowProject.php
index 0c0b873df..df5e5b496 100644
--- a/app/Domain/Projects/Controllers/ShowProject.php
+++ b/app/Domain/Projects/Controllers/ShowProject.php
@@ -249,7 +249,7 @@ public function run()
$message = sprintf(
$this->language->__('email_notifications.project_update_message'),
session('userdata.name'),
- $values['name']
+ strip_tags($values['name'])
);
$linkLabel = $this->language->__('email_notifications.project_update_cta');
diff --git a/app/Domain/Tickets/Services/Tickets.php b/app/Domain/Tickets/Services/Tickets.php
index 72f697991..c88eb90be 100644
--- a/app/Domain/Tickets/Services/Tickets.php
+++ b/app/Domain/Tickets/Services/Tickets.php
@@ -1300,7 +1300,7 @@ public function quickAddTicket($params): array|bool
if ($result > 0) {
$values['id'] = $result;
$actual_link = BASE_URL.'/dashboard/home#/tickets/showTicket/'.$result;
- $message = sprintf($this->language->__('email_notifications.new_todo_message'), session('userdata.name'), $params['headline']);
+ $message = sprintf($this->language->__('email_notifications.new_todo_message'), session('userdata.name'), strip_tags($params['headline']));
$subject = $this->language->__('email_notifications.new_todo_subject');
$notification = app()->make(NotificationModel::class);
@@ -1445,9 +1445,9 @@ public function addTicket($values): array|int|bool
if ($addTicketResponse !== false) {
$values['id'] = $addTicketResponse;
- $subject = sprintf($this->language->__('email_notifications.new_todo_subject'), $addTicketResponse, $values['headline']);
+ $subject = sprintf($this->language->__('email_notifications.new_todo_subject'), $addTicketResponse, strip_tags($values['headline']));
$actual_link = BASE_URL.'/dashboard/home#/tickets/showTicket/'.$addTicketResponse;
- $message = sprintf($this->language->__('email_notifications.new_todo_message'), session('userdata.name'), $values['headline']);
+ $message = sprintf($this->language->__('email_notifications.new_todo_message'), session('userdata.name'), strip_tags($values['headline']));
$notification = app()->make(NotificationModel::class);
$notification->url = [
@@ -1545,7 +1545,7 @@ public function updateTicket($values): array|bool
// Update Ticket
if ($this->ticketRepository->updateTicket($values, $values['id']) === true) {
- $subject = sprintf($this->language->__('email_notifications.todo_update_subject'), $values['id'], $values['headline']);
+ $subject = sprintf($this->language->__('email_notifications.todo_update_subject'), $values['id'], strip_tags($values['headline']));
$actual_link = BASE_URL.'/dashboard/home#/tickets/showTicket/'.$values['id'];
$message = sprintf($this->language->__('email_notifications.todo_update_message'), session('userdata.name'), $values['headline']);
@@ -1590,9 +1590,9 @@ public function patch($id, $params): bool
// Todo: create events and move notification logic to notification module
if (isset($params['status']) && $return) {
$ticket = $this->getTicket($id);
- $subject = sprintf($this->language->__('email_notifications.todo_update_subject'), $id, $ticket->headline);
+ $subject = sprintf($this->language->__('email_notifications.todo_update_subject'), $id, strip_tags($ticket->headline));
$actual_link = BASE_URL.'/dashboard/home#/tickets/showTicket/'.$id;
- $message = sprintf($this->language->__('email_notifications.todo_update_message'), session('userdata.name'), $ticket->headline);
+ $message = sprintf($this->language->__('email_notifications.todo_update_message'), session('userdata.name'), strip_tags($ticket->headline));
$notification = app()->make(NotificationModel::class);
$notification->url = [
@@ -1797,9 +1797,9 @@ public function updateTicketStatusAndSorting($params, $handler = null): bool
$ticket = $this->getTicket($id);
if ($ticket) {
- $subject = sprintf($this->language->__('email_notifications.todo_update_subject'), $id, $ticket->headline);
+ $subject = sprintf($this->language->__('email_notifications.todo_update_subject'), $id, strip_tags($ticket->headline));
$actual_link = BASE_URL.'/dashboard/home#/tickets/showTicket/'.$id;
- $message = sprintf($this->language->__('email_notifications.todo_update_message'), session('userdata.name'), $ticket->headline);
+ $message = sprintf($this->language->__('email_notifications.todo_update_message'), session('userdata.name'), strip_tags($ticket->headline));
$notification = app()->make(NotificationModel::class);
$notification->url = [