825 Star 2.8K Fork 1.3K

Discuz / DiscuzX

Merged
!363 修复 邮件验证链接有效期内可以强制修改用户邮箱的Bug

老周部落:PR_Fix_Emailcheck_Force_Update Discuz:master

老周部落 Created on: 2020-02-21 17:07
缺陷/BUG
安全/security

此PR来源于DxGit Forker群内日常交流,感谢 咸鱼老徐 向我们反馈此Bug。

具体请参考:https://www.bilibili.com/video/av89021303

此PR复用了修改密码、用户激活所使用的的用户论坛字段表内authstr字段,通过保存并校验token和时间戳实现邮件链接不可重复使用,从而修复邮件验证链接有效期内可以强制修改用户邮箱的Bug。

3 comments, 2 participants 1773794 laozhoubuluo 1594507411 73465 cc12655 admin 1578916332

Show action logs Hide action logs
oldhuhu merged Pull Request 2020-02-27 14:20
oldhuhu check passed 2020-02-27 14:20
老周部落 assigned reviewer 湖中沉 2020-02-21 17:07
老周部落 assigned reviewer oldhuhu 2020-02-21 17:07
老周部落 assigned reviewer monkeye 2020-02-21 17:07
老周部落 assigned reviewer Discuz! 2020-02-21 17:07
老周部落 assigned reviewer LooTan 2020-02-21 17:07
老周部落 assigned reviewer comsenz-service 2020-02-21 17:07
老周部落 assigned reviewer DiscuzX 2020-02-21 17:07
老周部落 set priority to Secondary 2020-02-21 17:07
老周部落 added label security 2020-02-21 17:07
老周部落 added label bug 2020-02-21 17:07
PHP
1
https://gitee.com/Discuz/DiscuzX.git
git@gitee.com:Discuz/DiscuzX.git
Discuz
DiscuzX
DiscuzX

Search

102255 3a0e046c 1850385 102255 7aaa926c 1850385