revert: drop nginx safe string validation changes by ssongliu · Pull Request #12076 · 1Panel-dev/1Panel
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
OperateProxy now writes req.ProxyPass and req.ProxyHost directly into nginx directives, but request.WebsiteProxyConfig only enforces required and DumpDirective serializes parameters verbatim (no escaping), so inputs containing ; or newline can inject extra directives or leave the generated proxy config invalid. This is a regression from the previous validation path and allows a crafted API payload to alter nginx behavior beyond the intended proxy fields.
Useful? React with 👍 / 👎.