Andreas/siyuan
1
0
Fork 0
mirror of https://github.com/siyuan-note/siyuan.git synced 2025-12-17 23:20:13 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

🔒 API token 绕过校验漏洞 Fix https://github.com/siyuan-note/siyuan/issues/7507

Browse source
This commit is contained in:
Liang Ding 2023-02-28 09:20:43 +08:00
parent aa97f0df87
commit b03dbfcf27
No known key found for this signature in database
GPG key ID: 136F30F901A2231D
1 changed files with 1 additions and 7 deletions
Download patch file Download diff file Expand all files Collapse all files

8
kernel/model/session.go
View file

@ -204,7 +204,7 @@ func CheckAuth(c *gin.Context) {
} }
} }
if strings.HasSuffix(c.Request.RequestURI, "/check-auth") { if "/check-auth" == c.Request.URL.Path { // 跳过访问授权页
c.Next() c.Next()
return return
} }
@ -228,11 +228,5 @@ func CheckAuth(c *gin.Context) {
return return
} }
if u := c.Query("url"); "" != u {
c.Redirect(302, u)
c.Abort()
return
}
c.Next() c.Next()
} }