Skip to content

Commit

Permalink
Browse files Browse the repository at this point in the history
Parameter verification / 参数校验
  • Loading branch information
star7th committed Nov 20, 2021
1 parent b1247be commit 335afc7
Show file tree
Hide file tree
Showing 5 changed files with 18 additions and 4 deletions.
2 changes: 1 addition & 1 deletion web/index.html
Expand Up @@ -15,4 +15,4 @@
'server': window.location.protocol + '//' + window.location.host + window.location.pathname + '../server/index.php?s=',
// "lang" :'en'
'lang': 'zh-cn'
}</script><link href=./static/css/app.3478df3187bb5aac4b65130abcf7e669.css rel=stylesheet></head><body class=grey-bg><div id=app></div><div style=display:none>本网站基于开源版showdoc搭建,仅供私人使用。如需访问showdoc官网,请在搜索引擎里搜索showdoc字样或者直接访问showdoc.com.cn</div><script type=text/javascript src=./static/js/manifest.3ad1d5771e9b13dbdad2.js></script><script type=text/javascript src=./static/js/vendor.1eb6213d11eb61d1bd46.js></script><script type=text/javascript src=./static/js/app.92a2084db2edf20e74d0.js></script></body></html>
}</script><link href=./static/css/app.802854fe34ede925b040b29916b3ccff.css rel=stylesheet></head><body class=grey-bg><div id=app></div><div style=display:none>本网站基于开源版showdoc搭建,仅供私人使用。如需访问showdoc官网,请在搜索引擎里搜索showdoc字样或者直接访问showdoc.com.cn</div><script type=text/javascript src=./static/js/manifest.3ad1d5771e9b13dbdad2.js></script><script type=text/javascript src=./static/js/vendor.1eb6213d11eb61d1bd46.js></script><script type=text/javascript src=./static/js/app.094d08313226972d1cce.js></script></body></html>

Large diffs are not rendered by default.

1 change: 1 addition & 0 deletions web/static/js/app.094d08313226972d1cce.js

Large diffs are not rendered by default.

1 change: 0 additions & 1 deletion web/static/js/app.92a2084db2edf20e74d0.js

This file was deleted.

14 changes: 14 additions & 0 deletions web_src/src/components/user/Login.vue
Expand Up @@ -85,6 +85,13 @@ export default {
if (this.is_show_alert) {
return
}
// 对redirect参数进行校验,以防止钓鱼跳转
if (this.$route.query.redirect) {
// 如果含有点号,则应该为绝对地址。此时禁止。
if (this.$route.query.redirect.indexOf('.') > -1) {
return false
}
}
// this.$message.success(this.username);
var that = this
var url = DocConfig.server + '/api/user/login'
Expand Down Expand Up @@ -147,6 +154,13 @@ export default {
},
mounted() {
var that = this
// 对redirect参数进行校验,以防止钓鱼跳转
if (this.$route.query.redirect) {
// 如果含有点号,则应该为绝对地址。此时禁止。
if (this.$route.query.redirect.indexOf('.') > -1) {
return false
}
}
this.get_user_info(function(response) {
if (response.data.error_code === 0) {
let redirect = decodeURIComponent(
Expand Down

0 comments on commit 335afc7

Please sign in to comment.