3x-ui

mirror of https://github.com/MHSanaei/3x-ui.git synced 2026-06-07 05:34:17 +00:00

History

MHSanaei f9fe4b2e5e Add path traversal protection for custom geo Prevent path traversal when handling custom geo downloads by adding ErrCustomGeoPathTraversal and a validateDestPath() helper that ensures destination paths stay inside the bin folder. Call validateDestPath from downloadToPathOnce, Update and Delete paths and wrap errors appropriately. Reconstruct sanitized URLs in sanitizeURL to break taint propagation before use. Map the new path-traversal error to a user-facing i18n message in the controller.		2026-04-19 23:30:53 +02:00
..
config.json	dokodemo-door, socks renamed to mixed, tunnel	2025-09-09 13:57:40 +02:00
custom_geo.go	Add path traversal protection for custom geo	2026-04-19 23:30:53 +02:00
custom_geo_test.go	Add SSRF protection for custom geo downloads	2026-04-19 23:20:37 +02:00
inbound.go	Add new hourly reset traffic (#3966 )	2026-04-19 21:37:34 +02:00
outbound.go	fix security issue	2026-02-09 23:36:10 +01:00
panel.go	docs: add comments for all functions	2025-09-20 09:35:50 +02:00
server.go	Fix geosite:ru rule (Normalization to RU vs lowercase ru) (#3971 )	2026-04-19 21:44:51 +02:00
setting.go	Add SSRF protection for custom geo downloads	2026-04-19 23:20:37 +02:00
tgbot.go	feat(tgbot): send connection links and qrs on client creation (closes #3320 )\n\n- Refactored inline keyboards into getCommonClientButtons to respect DRY\n- Extended SubmitAddClient callback handlers to dispatch individual links and QR codes to the bot chat on success. (#3888 )	2026-03-17 22:09:49 +01:00
user.go	Add Go code analyzer workflow	2026-03-17 23:01:15 +01:00
warp.go	docs: add comments for all functions	2025-09-20 09:35:50 +02:00
xray.go	fix: enhance WebSocket stability, resolve XHTTP configurations and fix UI loading shifts (#3997 )	2026-04-19 21:01:00 +02:00
xray_setting.go	docs: add comments for all functions	2025-09-20 09:35:50 +02:00