fix(security): sanitize remote IP headers and escape log viewer output

#4135
2026-06-03 02:49:36 +00:00 · 2026-05-04 16:36:33 +02:00
parent 9f96ef83ec
commit c90f8a05bf
23 changed files with 147 additions and 85 deletions
--- a/web/html/form/protocol/shadowsocks.html
+++ b/web/html/form/protocol/shadowsocks.html
@@ -2,7 +2,7 @@
 <template v-if="inbound.isSSMultiUser">
  <a-collapse activeKey="0" v-for="(client, index) in inbound.settings.shadowsockses.slice(0,1)" v-if="!isEdit">
    <a-collapse-panel header='{{ i18n "pages.inbounds.client" }}'>
-      {{template "form/client"}}
+      {{template "form/client" .}}
    </a-collapse-panel>
  </a-collapse>
  <a-collapse v-else>