GitHub/3x-ui
1
0
Fork 0
mirror of https://github.com/MHSanaei/3x-ui.git synced 2026-06-04 03:19:34 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix(clients): reject spaces, '/', '\' and control chars in client email

Browse Source 
Client emails containing a slash broke the path-param routes
(edit/delete/view returned 404 / "client not found"), leaving stale
records that could only be cleared with manual SQLite edits. Validate
the email on both the backend (Create + Update, which also covers the
bulk paths) and the frontend (Zod) so these characters are rejected at
save time with a clear, localized message across all 13 locales.

Closes #4695
This commit is contained in:
MHSanaei
2026-05-30 22:40:48 +02:00
parent d1882c7f29
commit a0865a67fd
16 changed files with 74 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

15
frontend/src/schemas/client.ts
View File

@@ -119,8 +119,21 @@ export const GroupSummarySchema = z.object({
export const GroupSummaryListSchema = z.array(GroupSummarySchema).nullable().transform((v) => v ?? []);
export function emailHasForbiddenChars(value: string): boolean {
if (value.includes('/') || value.includes('\\') || value.includes(' ')) return true;
for (let i = 0; i < value.length; i++) {
const code = value.charCodeAt(i);
if (code < 0x20 || code === 0x7f) return true;
}
return false;
}
export const ClientFormSchema = z.object({
email: z.string().trim().min(1, 'pages.clients.email'),
email: z
.string()
.trim()
.min(1, 'pages.clients.email')
.refine((v) => !emailHasForbiddenChars(v), 'pages.clients.emailInvalidChars'),
subId: z.string(),
uuid: z.string(),
password: z.string(),