From 74b9324001433539c9cc1c92831916259d4a0bca Mon Sep 17 00:00:00 2001
From: Khushboo Verma <43381712+vermakhushboo@users.noreply.github.com>
Date: Thu, 11 Jan 2024 21:58:21 +0530
Subject: [PATCH] Use strip_tags in post request too

---
 app/controllers/api/account.php | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/app/controllers/api/account.php b/app/controllers/api/account.php
index 5154c6f404..6ca11f054b 100644
--- a/app/controllers/api/account.php
+++ b/app/controllers/api/account.php
@@ -1389,11 +1389,11 @@ App::post('/v1/account/sessions/phone')
         $messageContent
             ->setParam('{{project}}', $project->getAttribute('name'))
             ->setParam('{{secret}}', $secret);
+        $messageContent = \strip_tags($messageContent->render());
+        $message = $message->setParam('{{token}}', $messageContent);
 
-        $message = $message->setParam('{{token}}', $messageContent->render(true, Template::FILTER_ESCAPE));
         $message = $message->render();
 
-
         $messageDoc = new Document([
             '$id' => $token->getId(),
             'data' => [
@@ -3122,8 +3122,8 @@ App::post('/v1/account/verification/phone')
             ->setParam('{{project}}', $project->getAttribute('name'))
             ->setParam('{{secret}}', $secret);
         $messageContent = \strip_tags($messageContent->render());
-
         $message = $message->setParam('{{token}}', $messageContent);
+
         $message = $message->render();
 
         $messageDoc = new Document([