邮件大小写导致的权限问题 #40

Gotric · 2018-12-20T07:35:02Z

insight/srcpm/app/src/views.py 漏洞列表、漏洞详细、漏洞操作的权限校验部分，由于email_dict['owner']做了小写处理，当注册用户邮件填写的是大写时，会触发弹403界面。

    if (current_user.email not in email_dict['owner']) and (current_user.email != 
   email_dict['department_manager']):
      					abort(403)

请改为将current_user.email做小写处理，

    if (current_user.email.lower() not in email_dict['owner']) and (current_user.email != 
   email_dict['department_manager']):
      					abort(403)

The text was updated successfully, but these errors were encountered:

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

邮件大小写导致的权限问题 #40

邮件大小写导致的权限问题 #40

Gotric commented Dec 20, 2018 •

edited

Loading

邮件大小写导致的权限问题 #40

邮件大小写导致的权限问题 #40

Comments

Gotric commented Dec 20, 2018 • edited Loading

insight/srcpm/app/src/views.py 漏洞列表、漏洞详细、漏洞操作的权限校验部分，由于email_dict['owner']做了小写处理，当注册用户邮件填写的是大写时，会触发弹403界面。

请改为将current_user.email做小写处理，

Gotric commented Dec 20, 2018 •

edited

Loading