Limit fields which can be updated in OpenController userSetupSave() function

Author: freescout-help-desk

app/Http/Controllers/OpenController.php

@@ -87,14 +87,15 @@ public function userSetupSave($hash, Request $request)
                         ->withInput();
         }
 
-        $request_data = $request->all();
-        // Do not allow user to set his role
-        if (isset($request_data['role'])) {
-            unset($request_data['role']);
-        }
-        if (isset($request_data['photo_url'])) {
-            unset($request_data['photo_url']);
-        }
+        $request_data = [
+            'email' => $request->email,
+            'password' => $request->password,
+            'job_title' => $request->job_title,
+            'phone' => $request->phone,
+            'timezone' => $request->timezone,
+            'time_format' => $request->time_format,
+        ];
+
         $user->fill($request_data);
 
         $user->password = bcrypt($request->password);