Metrics
0
Watch 669 Star 1.8K Fork 1K

Discuz! / DiscuzXPHP

Merged
!111 修复 管理批量邀请链接的一系列问题

Discuz!:fix/inviteDiscuz!:master

Coxxs Created on: 2017-08-12 03:07
  1. 修复管理批量邀请链接签名判断可被绕过的问题(http://coxxs.me/528)
  2. 修复管理员获得批量邀请链接后,失去邀请权限(如降用户组)后链接仍然有效的问题
  3. 修复不存在的 uid 生成邀请链接签名后,仍能注册的问题(防止漏洞修复前爆破出的链接可用于继续注册)

此 pr 不再改动 space_key 函数。

2 comments, 2 participants 1182890_coxxs 428142_jzbar

Show action logs Hide action logs
Discuz! merged Pull Request 2017-08-21 10:52
428142_jzbar
建筑资源吧 2017-08-12 07:55

OK,已经修正

1182890_coxxs
Coxxs 2017-08-12 11:32

@建筑资源吧 不要在git@osc水贴,这里不是论坛 :persevere:

Sign in and comment

2017-08-12

(2)
Coxxs committed 2017-08-12 03:15
upload/source/function/function_member.php
@@ -184,14 +184,14 @@ function getinvite() {
$appid = intval($cookies[2]);
$invite_code = space_key($uid, $appid);
if($code == $invite_code) {
$inviteprice = 0;
if($code === $invite_code) {
$member = getuserbyuid($uid);
if($member) {
$usergroup = C::t('common_usergroup')->fetch($member['groupid']);
$inviteprice = $usergroup['inviteprice'];
if(!$usergroup['allowinvite'] || $usergroup['inviteprice'] > 0) return array();
} else {
return array();
}
if($inviteprice > 0) return array();
$result['uid'] = $uid;
$result['appid'] = $appid;
}
upload/source/module/home/home_invite.php
@@ -66,12 +66,12 @@ if($id) {
$id = 0;
$invite_code = space_key($uid, $appid);
if($_GET['c'] != $invite_code) {
if($_GET['c'] !== $invite_code) {
showmessage('invite_code_error', '', array(), array('return' => true));
}
$inviteuser = getuserbyuid($uid);
loadcache('usergroup_'.$inviteuser['groupid']);
if(!empty($_G['cache']['usergroup_'.$inviteuser['groupid']]) && $_G['cache']['usergroup_'.$inviteuser['groupid']]['inviteprice']) {
if(!empty($_G['cache']['usergroup_'.$inviteuser['groupid']]) && (!$_G['cache']['usergroup_'.$inviteuser['groupid']]['allowinvite'] || $_G['cache']['usergroup_'.$inviteuser['groupid']]['inviteprice'])) {
showmessage('invite_code_error', '', array(), array('return' => true));
}

Help Search