!275 fix Issue #I42GRW 任意账户越权漏洞

Merge pull request !275 from lagXkjy/master
This commit is contained in:
Ricky 2021-07-27 02:08:04 +00:00 committed by Gitee
commit 4095a1b6ee
1 changed files with 4 additions and 1 deletions

View File

@ -71,9 +71,12 @@ public class SysProfileController extends BaseController
{ {
return AjaxResult.error("修改用户'" + user.getUserName() + "'失败,邮箱账号已存在"); return AjaxResult.error("修改用户'" + user.getUserName() + "'失败,邮箱账号已存在");
} }
LoginUser loginUser = tokenService.getLoginUser(ServletUtils.getRequest());
SysUser sysUser = loginUser.getUser();
user.setUserId(sysUser.getUserId());
user.setPassword(null);
if (userService.updateUserProfile(user) > 0) if (userService.updateUserProfile(user) > 0)
{ {
LoginUser loginUser = tokenService.getLoginUser(ServletUtils.getRequest());
// 更新缓存用户信息 // 更新缓存用户信息
loginUser.getUser().setNickName(user.getNickName()); loginUser.getUser().setNickName(user.getNickName());
loginUser.getUser().setPhonenumber(user.getPhonenumber()); loginUser.getUser().setPhonenumber(user.getPhonenumber());