fix:Issue #I42GRW 修复任意账户越权漏洞
This commit is contained in:
parent
9b1883988b
commit
3347ca4d74
|
@ -71,9 +71,12 @@ public class SysProfileController extends BaseController
|
||||||
{
|
{
|
||||||
return AjaxResult.error("修改用户'" + user.getUserName() + "'失败,邮箱账号已存在");
|
return AjaxResult.error("修改用户'" + user.getUserName() + "'失败,邮箱账号已存在");
|
||||||
}
|
}
|
||||||
|
LoginUser loginUser = tokenService.getLoginUser(ServletUtils.getRequest());
|
||||||
|
SysUser sysUser = loginUser.getUser();
|
||||||
|
user.setUserId(sysUser.getUserId());
|
||||||
|
user.setPassword(null);
|
||||||
if (userService.updateUserProfile(user) > 0)
|
if (userService.updateUserProfile(user) > 0)
|
||||||
{
|
{
|
||||||
LoginUser loginUser = tokenService.getLoginUser(ServletUtils.getRequest());
|
|
||||||
// 更新缓存用户信息
|
// 更新缓存用户信息
|
||||||
loginUser.getUser().setNickName(user.getNickName());
|
loginUser.getUser().setNickName(user.getNickName());
|
||||||
loginUser.getUser().setPhonenumber(user.getPhonenumber());
|
loginUser.getUser().setPhonenumber(user.getPhonenumber());
|
||||||
|
|
Loading…
Reference in New Issue