oadmin/sub2api
1
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects Releases Wiki Activity

fix: address audit findings for notify, websearch and security

Browse Source 
- Fix GetByKeyForAuth missing user.FieldEmail and user.FieldUsername (notifications sent to empty address)
- Guard against empty email in collectBalanceNotifyRecipients
- Remove non-atomic TotalRecharged read-modify-write in admin balance adjustment
- HTML-escape userName/siteName/accountName in notification email templates
- Fix timer leak in ProfileBalanceNotifyCard (add onUnmounted cleanup)
- Add warning log on websearch proxy URL resolution failure
This commit is contained in:
erio
2026-04-12 18:11:47 +08:00
parent eba289a7ff
commit 4e96a6faec
5 changed files with 15 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
frontend/src/components/user/profile/ProfileBalanceNotifyCard.vue
View File

@@ -93,7 +93,7 @@
</template>
<script setup lang="ts">
import { ref, watch } from 'vue'
import { ref, watch, onUnmounted } from 'vue'
import { useI18n } from 'vue-i18n'
import { useAuthStore } from '@/stores/auth'
import { useAppStore } from '@/stores/app'
@@ -122,6 +122,10 @@ const codeCountdown = ref(0)
let countdownTimer: ReturnType<typeof setInterval> | null = null
onUnmounted(() => {
if (countdownTimer) clearInterval(countdownTimer)
})
watch(() => props.enabled, (val) => { notifyEnabled.value = val })
watch(() => props.threshold, (val) => { customThreshold.value = val })
watch(() => props.extraEmails, (val) => { extraEmails.value = [...val] })