修复个人信息修改漏洞

2019-01-08 15:56:49 +08:00
parent 0c76d45349
commit dd37524b04
4 changed files with 48 additions and 37 deletions
--- a/ruoyi-admin/src/main/resources/templates/system/user/profile/avatar.html
+++ b/ruoyi-admin/src/main/resources/templates/system/user/profile/avatar.html
@ -4,7 +4,6 @@
 <title>用户头像修改</title>
 <link th:href="@{/ajax/libs/cropbox/cropbox.css}" rel="stylesheet"/>
 <body class="white-bg">
-    <input name="userId" id="userId" type="hidden"  th:value="${user.userId}" />
    <div class="container"> 
        <div class="imageBox"> 
 	        <div class="thumbBox"></div> 
@ -68,7 +67,6 @@ function submitHandler() {
    var img = cropper.getBlob();
    var formdata = new FormData();
    formdata.append("avatarfile", img);
-    formdata.append("userId", $("#userId").val());
    $.ajax({
        url: ctx + "system/user/profile/updateAvatar",
        data: formdata,
--- a/ruoyi-admin/src/main/resources/templates/system/user/profile/profile.html
+++ b/ruoyi-admin/src/main/resources/templates/system/user/profile/profile.html
@ -58,20 +58,19 @@
    
    <div th:include="include::footer"></div>
    <script>
-        var userId = [[${user.userId}]];
 	    /*用户信息-修改*/
 	    function edit() {
-	        var url = ctx + "system/user/profile/edit/" + userId;
+	        var url = ctx + 'system/user/profile/edit';
 	        $.modal.open("修改用户", url);
 	    }
 	    /*用户管理-重置密码*/
 	    function resetPwd() {
-	        var url = ctx + 'system/user/profile/resetPwd/' + userId;
+	        var url = ctx + 'system/user/profile/resetPwd';
 	        $.modal.open("重置密码", url, '800', '500');
 	    }
 	    /*用户管理-头像*/
 	    function avatar() {
-	        var url = ctx + 'system/user/profile/avatar/' + userId;
+	        var url = ctx + 'system/user/profile/avatar';
 	        $.modal.open("修改头像", url);
 	    }
 	</script>
--- a/ruoyi-admin/src/main/resources/templates/system/user/profile/resetPwd.html
+++ b/ruoyi-admin/src/main/resources/templates/system/user/profile/resetPwd.html
@ -21,7 +21,7 @@
 			<div class="form-group">
 				<label class="col-sm-3 control-label">新密码：</label>
 				<div class="col-sm-8">
-					<input class="form-control" type="password" name="password" id="password">
+					<input class="form-control" type="password" name="newPassword" id="newPassword">
 				</div>
 			</div>
 			<div class="form-group">
@ -51,14 +51,14 @@
 	                    }
 	                }
 				},
-				password: {
+				newPassword: {
 	                required: true,
 	                minlength: 5,
 	    			maxlength: 20
 	            },
 	            confirm: {
 	                required: true,
-	                equalTo: "#password"
+	                equalTo: "#newPassword"
 	            }
 			},
 			messages: {
@ -66,7 +66,7 @@
 	                required: "请输入原密码",
 	                remote: "原密码错误"
 	            },
-	            password: {
+	            newPassword: {
 	                required: "请输入新密码",
 	                minlength: "密码不能小于6个字符",
 	                maxlength: "密码不能大于20个字符"