private function saveClientPortal()
{
$account = Auth::user()->account;
$account->fill(Input::all());
// Only allowed for pro Invoice Ninja users or white labeled self-hosted users
if (Auth::user()->account->hasFeature(FEATURE_CLIENT_PORTAL_CSS)) {
$input_css = Input::get('client_view_css');
if (Utils::isNinja()) {
// Allow referencing the body element
$input_css = preg_replace('/(?<![a-z0-9\\-\\_\\#\\.])body(?![a-z0-9\\-\\_])/i', '.body', $input_css);
//
// Inspired by http://stackoverflow.com/a/5209050/1721527, dleavitt <https://stackoverflow.com/users/362110/dleavitt>
//
// Create a new configuration object
$config = \HTMLPurifier_Config::createDefault();
$config->set('Filter.ExtractStyleBlocks', true);
$config->set('CSS.AllowImportant', true);
$config->set('CSS.AllowTricky', true);
$config->set('CSS.Trusted', true);
// Create a new purifier instance
$purifier = new \HTMLPurifier($config);
// Wrap our CSS in style tags and pass to purifier.
// we're not actually interested in the html response though
$html = $purifier->purify('<style>' . $input_css . '</style>');
// The "style" blocks are stored seperately
$output_css = $purifier->context->get('StyleBlocks');
// Get the first style block
$sanitized_css = count($output_css) ? $output_css[0] : '';
} else {
$sanitized_css = $input_css;
}
$account->client_view_css = $sanitized_css;
}
$account->save();
Session::flash('message', trans('texts.updated_settings'));
return Redirect::to('settings/' . ACCOUNT_CLIENT_PORTAL);
}