Akatsukiro/XF_Index
1
0
Fork 0
forked from XiaoLFeng/XF_Index
Code Pull Requests Activity

漏洞补丁

Browse Source 
Cookie设置位置错误导致Laravel进行throw Exceptions

Signed-off-by: XiaoLFeng <gm@x-lf.cn>
This commit is contained in:
筱锋xiao_lfeng 2023-07-05 17:04:16 +08:00
parent dd061e26f8
commit b753676fbf
2 changed files with 12 additions and 56 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
app/Http/Controllers/Function/Link.php
View File

@ -445,7 +445,6 @@ public function apiCustomBlogVerify(HttpRequest $request): JsonResponse
]);
// 验证数据是否合法
if (!$dataCheck->fails()) {
$cookie = cookie('friend_edit', '', -1, '/');
// 检查内容是否存在
$resultBlog = DB::table('blog_link')
->select('id', 'blogOwnEmail')
@ -479,6 +478,8 @@ public function apiCustomBlogVerify(HttpRequest $request): JsonResponse
'id' => $resultBlog->id
],
];
return Response::json($returnData, $returnData['code'])
->cookie($cookie);
} else {
// 验证码验证失败
$returnData = [
@ -539,8 +540,7 @@ public function apiCustomBlogVerify(HttpRequest $request): JsonResponse
],
];
}
return Response::json($returnData, $returnData['code'])
->cookie($cookie);
return Response::json($returnData, $returnData['code']);
}
protected function viewEditFriend(HttpRequest $request, $friendId): Application|Factory|View|RedirectResponse

62
resources/views/function/edit-check.blade.php
View File

@ -21,58 +21,6 @@ class="relative left-[calc(50%-11rem)] aspect-[1155/678] w-[36.125rem] -translat
style="clip-path: polygon(74.1% 44.1%, 100% 61.6%, 97.5% 26.9%, 85.5% 0.1%, 80.7% 2%, 72.5% 32.5%, 60.2% 62.4%, 52.4% 68.1%, 47.5% 58.3%, 45.2% 34.5%, 27.5% 76.7%, 0.1% 64.9%, 17.9% 100%, 27.6% 76.8%, 76.1% 97.7%, 74.1% 44.1%)"></div>
</div>
<div class="mx-auto my-10 max-w-4xl py-8 sm:py-16 lg:py-16">
<div class="flex">
<label for="location_search" class="mb-2 text-sm font-medium text-gray-900 sr-only dark:text-white">Your
Email</label>
<button id="dropdown-button-2" data-dropdown-toggle="dropdown-search-city"
class="flex-shrink-0 z-10 inline-flex items-center py-2.5 px-4 text-sm font-medium text-center text-gray-500 bg-gray-100 border border-gray-300 rounded-l-lg hover:bg-gray-200 focus:ring-4 focus:outline-none focus:ring-gray-100 dark:bg-gray-700 dark:hover:bg-gray-600 dark:focus:ring-gray-700 dark:text-white dark:border-gray-600"
type="button">
<span id="search-data">
<i class="bi bi-arrow-up-circle pe-1"></i>综合搜索
</span>
<svg aria-hidden="true" class="w-4 h-4 ml-1" fill="currentColor" viewBox="0 0 20 20"
xmlns="http://www.w3.org/2000/svg">
<path fill-rule="evenodd"
d="M5.293 7.293a1 1 0 011.414 0L10 10.586l3.293-3.293a1 1 0 111.414 1.414l-4 4a1 1 0 01-1.414 0l-4-4a1 1 0 010-1.414z"
clip-rule="evenodd"></path>
</svg>
</button>
<div id="dropdown-search-city"
class="z-10 hidden bg-white divide-y divide-gray-100 rounded-lg shadow w-44 dark:bg-gray-700">
<ul class="py-2 text-sm text-gray-700 dark:text-gray-200" aria-labelledby="dropdown-button-2">
<li>
<button type="button" onclick="Check.Click(1)"
class="inline-flex w-full px-4 py-2 text-sm text-gray-700 hover:bg-gray-100 dark:text-gray-400 dark:hover:bg-gray-600 dark:hover:text-white"
role="menuitem">
<div class="inline-flex items-center">
<i class="bi bi-1-circle pe-1"></i>博客名字
</div>
</button>
</li>
<li>
<button type="button" onclick="Check.Click(2)"
class="inline-flex w-full px-4 py-2 text-sm text-gray-700 hover:bg-gray-100 dark:text-gray-400 dark:hover:bg-gray-600 dark:hover:text-white"
role="menuitem">
<div class="inline-flex items-center">
<i class="bi bi-2-circle pe-1"></i>博客地址
</div>
</button>
</li>
</ul>
</div>
<div class="relative w-full">
<input type="search" id="location_search" name="location_search"
class="block p-2.5 w-full z-20 text-sm text-gray-900 bg-gray-50 rounded-r-lg border-l-gray-50 border-l-2 border border-gray-300 focus:ring-blue-500 focus:border-blue-500 dark:bg-gray-700 dark:border-l-gray-700 dark:border-gray-600 dark:placeholder-gray-400 dark:text-white dark:focus:border-blue-500"
placeholder="输入内容进行友链筛查" required>
<button onclick="Search.ajax()"
class="absolute top-0 right-0 p-2.5 text-sm font-medium text-white bg-blue-700 rounded-r-lg border border-blue-700 hover:bg-blue-800 focus:ring-4 focus:outline-none focus:ring-blue-300 dark:bg-blue-600 dark:hover:bg-blue-700 dark:focus:ring-blue-800">
<i class="bi bi-search"></i>
<span class="sr-only">搜索</span>
</button>
</div>
</div>
</div>
<div class="mx-auto my-10 max-w-4xl pb-8 sm:pb-16 lg:pb-16">
<form id="FormData" action="#" onsubmit="return false" method="POST">
<div
class="col-span-10 lg:col-span-7 items-center justify-center rounded bg-gray-50 dark:bg-gray-800 shadow">
@ -250,6 +198,9 @@ class Check {
success: function (returnData) {
if (returnData.output === "Success") {
Toast.toggle(returnData.data.message, '<i class="bi bi-check-circle text-green-500"></i>');
$('#sendCheckCode').prop('disabled', true);
$('#sendCheckCode').removeClass('bg-green-700').addClass('bg-green-800');
$('#sendCheckCode').html('<i class="bi bi-check-circle"></i><span class="ps-1">验证通过</span>');
setTimeout(function () {
location.href = '{{ route('function.edit-friend','') }}/' + returnData.data.id
@ -261,7 +212,12 @@ class Check {
}
},
error: function (returnData) {
Toast.toggle(returnData.responseJSON.data.message, '<i class="bi bi-x-circle text-red-500"></i>')
Toast.set('其他错误', '<i class="bi bi-x-circle text-red-500"></i>');
if (returnData.responseJSON.output !== 'SendingTimeTooFast') {
Toast.toggle(returnData.responseJSON.data.message, '<i class="bi bi-x-circle text-red-500"></i>');
$('#sendCheckCode').prop('disabled', false);
$('#sendCheckCode').html('<i class="bi bi-send"></i><span class="ps-1">验证</span>');
}
}
});
}