admin/Xboard
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
13756956a6f34ea0793ef935402a9ec5ac2179f5
Xboard/app/Services
T
History
Valentin Lobstein 121511523f Fix: CVE-2026-39912 - Magic link token leak in loginWithMailLink (#873) 
The loginWithMailLink endpoint returns the magic login link in the
HTTP response body, allowing unauthenticated account takeover.

The fix returns true instead of the link. The email delivery is
the authentication factor.

Bug inherited from V2Board commit bdb10bed (2022-06-27).
2026-04-10 02:44:20 +08:00
..
Auth
Fix: CVE-2026-39912 - Magic link token leak in loginWithMailLink (#873)
2026-04-10 02:44:20 +08:00
Plugin
feat(plugin): auto-decode JSON config values by type in PluginManager
2025-10-20 18:56:44 +08:00
AuthService.php
refactor: comment out update-check routes and refactor findUserByBearerToken, calcResetDayByMonthFirstDay, calcResetDayByExpireDay
2025-05-24 20:47:27 +08:00
CaptchaService.php
feat: plugin controller config system with guest_comm_config hook integration
2025-06-29 01:42:48 +08:00
CouponService.php
fix(coupon): correct knows issues
2025-01-23 14:48:12 +08:00
DeviceStateService.php
fix: resolve device sync issues and refactor WebSocket server
2026-03-26 03:33:01 +08:00
GiftCardService.php
fix: exchange gift card type error
2025-10-30 21:08:39 +08:00
MailService.php
feat: Add admin bulk-mail placeholder variables and template rendering
2026-03-19 05:02:16 +08:00
NodeRegistry.php
feat: introduce WebSocket sync for XBoard nodes
2026-03-15 09:49:11 +08:00
NodeSyncService.php
feat: ws notify nodes when user traffic is exhausted
2026-03-25 01:44:55 +08:00
OrderService.php
feat: introduce WebSocket sync for XBoard nodes
2026-03-15 09:49:11 +08:00
PaymentService.php
feat: introduce WebSocket sync for XBoard nodes
2026-03-15 09:49:11 +08:00
PlanService.php
fix: resolve PHPStan static analysis warnings
2025-05-07 19:48:19 +08:00
ServerService.php
fix: stop sending VLESS decryption when encryption is disabled
2026-04-08 11:05:55 +08:00
SettingService.php
Initial commit
2023-11-17 14:44:01 +08:00
StatisticalService.php
fix: resolve PHPStan static analysis warnings
2025-05-07 19:48:19 +08:00
TelegramService.php
Revert "fix: escape Telegram Markdown special characters (fix #450)"
2026-03-29 17:48:49 +08:00
ThemeService.php
fix: preserve theme config when upgrading theme
2025-11-07 19:25:40 +08:00
TicketService.php
feat: enhance plugin management
2025-07-26 18:49:58 +08:00
TrafficResetService.php
fix: improve date calculation for month-end reset schedules
2025-08-31 20:30:02 +08:00
UpdateService.php
fix: avoid getCurrentCommit on cache hit
2025-09-26 19:04:17 +08:00
UserService.php
fix: apply device_limit from plan when assigning via gift card (#630)
2026-03-09 06:51:10 +08:00