From 7b1924a8996518fc5df5f706d4b309815c8e150a Mon Sep 17 00:00:00 2001
From: root <root@DESKTOP-V9DGVF3.localdomain>
Date: Wed, 21 Jan 2026 02:11:49 +0400
Subject: [PATCH] fix: sanitize host configuration to prevent HTTP header
 injection

---
 src/server/client.rs | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/src/server/client.rs b/src/server/client.rs
index 699db58..e8bddc0 100644
--- a/src/server/client.rs
+++ b/src/server/client.rs
@@ -46,8 +46,13 @@ pub struct Client {
 
 impl Client {
     pub fn new(host: &str, port: u16) -> Self {
+        // Sanitize host to prevent CRLF injection
+        let clean_host: String = host.chars()
+            .filter(|c| !matches!(c, '\r' | '\n' | '\0'))
+            .collect();
+            
         Self {
-            base_url: format!("http://{}:{}", host, port),
+            base_url: format!("http://{}:{}", clean_host, port),
         }
     }