3x-ui

mirror of https://github.com/MHSanaei/3x-ui.git synced 2026-06-07 05:34:17 +00:00

History

MHSanaei f9fe4b2e5e Add path traversal protection for custom geo Prevent path traversal when handling custom geo downloads by adding ErrCustomGeoPathTraversal and a validateDestPath() helper that ensures destination paths stay inside the bin folder. Call validateDestPath from downloadToPathOnce, Update and Delete paths and wrap errors appropriately. Reconstruct sanitized URLs in sanitizeURL to break taint propagation before use. Map the new path-traversal error to a user-facing i18n message in the controller.		2026-04-19 23:30:53 +02:00
..
assets	feat add clash yaml convert (#3916 )	2026-04-19 22:26:13 +02:00
controller	Add path traversal protection for custom geo	2026-04-19 23:30:53 +02:00
entity	Add SSRF protection for custom geo downloads	2026-04-19 23:20:37 +02:00
global	Refactor code and fix linter warnings (#3627 )	2026-01-05 05:54:56 +01:00
html	feat add clash yaml convert (#3916 )	2026-04-19 22:26:13 +02:00
job	revert: Disconnect client due to exceeded IP limit (#3948 )	2026-04-19 21:52:40 +02:00
locale	update dependencies	2026-03-04 13:05:29 +01:00
middleware	docs: add comments for all functions	2025-09-20 09:35:50 +02:00
network	docs: add comments for all functions	2025-09-20 09:35:50 +02:00
service	Add path traversal protection for custom geo	2026-04-19 23:30:53 +02:00
session	docs: add comments for all functions	2025-09-20 09:35:50 +02:00
translation	Add new hourly reset traffic (#3966 )	2026-04-19 21:37:34 +02:00
websocket	fix: enhance WebSocket stability, resolve XHTTP configurations and fix UI loading shifts (#3997 )	2026-04-19 21:01:00 +02:00
web.go	Fix geosite:ru rule (Normalization to RU vs lowercase ru) (#3971 )	2026-04-19 21:44:51 +02:00