blackteay/ThinkAdmin
1
0
Fork 0
mirror of https://gitee.com/zoujingli/ThinkAdmin.git synced 2025-04-05 19:41:44 +08:00
Code Issues Projects Releases Wiki Activity

update app/admin/controller/Index.php.

Browse Source 
用户资料接口;存在安全隐患;用户模拟请求可以修改权限和名称;导致用户可以获取最高权限

Signed-off-by: coffee <724179447@qq.com>
This commit is contained in:
coffee 2022-09-07 02:47:17 +00:00 committed by Gitee
parent da56f560dc
commit 9dd584d68b
No known key found for this signature in database
GPG Key ID: 173E9B9CA92EEF8F
1 changed files with 14 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
app/admin/controller/Index.php
View File

@ -77,7 +77,20 @@ class Index extends Controller
} }
} }
} }
/**
* 表单数据处理
* @param array $data
* @throws \think\db\exception\DataNotFoundException
* @throws \think\db\exception\DbException
* @throws \think\db\exception\ModelNotFoundException
*/
protected function _form_filter(array &$data)
{
if ($this->request->isPost()) {
unset($data['username']);
unset($data['authorize']);
}
}
/** /**
* 修改用户资料 * 修改用户资料
* @login true * @login true