0ct0pu5/siyuan
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

🔒 API token 绕过校验漏洞 Fix https://github.com/siyuan-note/siyuan/issues/7507

Browse source
This commit is contained in:
Liang Ding 2023-02-28 09:20:43 +08:00
parent aa97f0df87
commit b03dbfcf27
No known key found for this signature in database
GPG key ID: 136F30F901A2231D
1 changed files with 1 additions and 7 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

8
kernel/model/session.go
View file

@ -204,7 +204,7 @@ func CheckAuth(c *gin.Context) {
}
}
if strings.HasSuffix(c.Request.RequestURI, "/check-auth") {
if "/check-auth" == c.Request.URL.Path { // 跳过访问授权页
c.Next()
return
}
@ -228,11 +228,5 @@ func CheckAuth(c *gin.Context) {
return
}
if u := c.Query("url"); "" != u {
c.Redirect(302, u)
c.Abort()
return
}
c.Next()
}