3x-ui

mirror of https://github.com/MHSanaei/3x-ui.git synced 2026-06-07 13:44:24 +00:00

History

MHSanaei f9fe4b2e5e Add path traversal protection for custom geo Prevent path traversal when handling custom geo downloads by adding ErrCustomGeoPathTraversal and a validateDestPath() helper that ensures destination paths stay inside the bin folder. Call validateDestPath from downloadToPathOnce, Update and Delete paths and wrap errors appropriately. Reconstruct sanitized URLs in sanitizeURL to break taint propagation before use. Map the new path-traversal error to a user-facing i18n message in the controller.		2026-04-19 23:30:53 +02:00
..
api.go	Add custom geosite/geoip URL sources (#3980 )	2026-04-19 21:24:24 +02:00
base.go	docs: add comments for all functions	2025-09-20 09:35:50 +02:00
custom_geo.go	Add path traversal protection for custom geo	2026-04-19 23:30:53 +02:00
inbound.go	bug fix #3785	2026-02-11 22:21:09 +01:00
index.go	Add Go code analyzer workflow	2026-03-17 23:01:15 +01:00
server.go	Refactor code and fix linter warnings (#3627 )	2026-01-05 05:54:56 +01:00
setting.go	docs: add comments for all functions	2025-09-20 09:35:50 +02:00
util.go	Add custom geosite/geoip URL sources (#3980 )	2026-04-19 21:24:24 +02:00
websocket.go	fix: enhance WebSocket stability, resolve XHTTP configurations and fix UI loading shifts (#3997 )	2026-04-19 21:01:00 +02:00
xray_setting.go	fix security issue	2026-02-09 23:36:10 +01:00
xui.go	API improve security: returns 404 for unauthenticated API requests	2025-09-24 11:29:55 +02:00