daichao
/
law-office-system
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

!275 fix Issue #I42GRW 任意账户越权漏洞 

Merge pull request !275 from lagXkjy/master
This commit is contained in:
Ricky 2021-07-27 02:08:04 +00:00 committed by Gitee
parent 9b1883988b 3347ca4d74
commit 4095a1b6ee
1 changed files with 4 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
ruoyi-admin/src/main/java/com/ruoyi/web/controller/system/SysProfileController.java
View File

@ -71,9 +71,12 @@ public class SysProfileController extends BaseController
{ {
return AjaxResult.error("修改用户'" + user.getUserName() + "'失败,邮箱账号已存在"); return AjaxResult.error("修改用户'" + user.getUserName() + "'失败,邮箱账号已存在");
} }
LoginUser loginUser = tokenService.getLoginUser(ServletUtils.getRequest());
SysUser sysUser = loginUser.getUser();
user.setUserId(sysUser.getUserId());
user.setPassword(null);
if (userService.updateUserProfile(user) > 0) if (userService.updateUserProfile(user) > 0)
{ {
LoginUser loginUser = tokenService.getLoginUser(ServletUtils.getRequest());
// 更新缓存用户信息 // 更新缓存用户信息
loginUser.getUser().setNickName(user.getNickName()); loginUser.getUser().setNickName(user.getNickName());
loginUser.getUser().setPhonenumber(user.getPhonenumber()); loginUser.getUser().setPhonenumber(user.getPhonenumber());