mirror of
https://github.com/MHSanaei/3x-ui.git
synced 2026-07-04 20:04:20 +00:00
fb3a1559b2
A support URL saved without a scheme (e.g. "t.me/handle") is served verbatim in the subscription Support-Url header and page data, and client apps resolve it relative to the subscription domain — clicking it lands on "https://panel.example/t.me/handle". Same hazard for the profile URL. Default the scheme to https:// when none is present, both when saving the settings and when reading already-stored values, so existing databases are covered without a migration. Deliberate non-http schemes (tg://, mailto:, tel:) pass through untouched, which is why these two fields don't go through SanitizeHTTPURL's http(s)-only validation. Closes #5738
22 lines
666 B
Go
22 lines
666 B
Go
package common
|
|
|
|
import "strings"
|
|
|
|
// EnsureURLScheme prepends https:// to a URL that carries no scheme, so
|
|
// subscription apps and browsers don't resolve it relative to the panel's own
|
|
// domain (e.g. "t.me/support" turning into "https://panel.example/t.me/support").
|
|
// Values with an explicit scheme (https://, tg://, mailto:, tel:) and empty
|
|
// strings pass through untouched.
|
|
func EnsureURLScheme(raw string) string {
|
|
trimmed := strings.TrimSpace(raw)
|
|
if trimmed == "" {
|
|
return ""
|
|
}
|
|
if strings.Contains(trimmed, "://") ||
|
|
strings.HasPrefix(trimmed, "mailto:") ||
|
|
strings.HasPrefix(trimmed, "tel:") {
|
|
return trimmed
|
|
}
|
|
return "https://" + trimmed
|
|
}
|