Skip to content
This repository has been archived by the owner on May 19, 2022. It is now read-only.

文章的标签数可以通过hack超过5个 #8

Closed
PChou opened this issue Aug 21, 2014 · 1 comment
Closed

文章的标签数可以通过hack超过5个 #8

PChou opened this issue Aug 21, 2014 · 1 comment
Labels
bug

Comments

@PChou
Copy link

PChou commented Aug 21, 2014

被hack的文章[http://beta.segmentfault.com/blog/p_chou/1190000000644115]

复现步骤:
在编辑文章的过程中,利用/api/draft接口,将ajax复制成curl,并添加post中的tag[]。文章会被保存成草稿,此时的草稿就是超过5个标签,然后提交文章。文章就有超过5个标签了。

实际结果:标签可超过6个
期望结果:draft接口应当验证标签的数量

测试用curl命令:

$ curl "http://beta.segmentfault.com/api/draft?_=f7d54c0227629dab3e5f49d942fe30b2" -H "Pragma: no-cache" -H "Origin: http://beta.segmentfault.com" -H "Accept-Encoding: gzip,deflate,sdch" -H "Accept-Language: zh,en-US;q=0.8,en;q=0.6,zh-CN;q=0.4,de;q=0.2,ja;q=0.2,zh-TW;q=0.2" -H "User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/36.0.1985.125 Safari/537.36" -H "Content-Type: application/x-www-form-urlencoded; charset=UTF-8" -H "Accept: */*" -H "Cache-Control: no-cache" -H "X-Requested-With: XMLHttpRequest" -H "Cookie: __utma=224849432.1675849558.1388304226.1396257644.1396314514.98; __utmz=224849432.1395978970.89.26.utmcsr=blog.segmentfault.com|utmccn=(referral)|utmcmd=referral|utmcct=/p_chou; PHPSESSID=lc0b76kpal4muq9bebaornb0h3; sfsess=eu7aiv.dc66c9987ce94159aa49337cbf23f5aa.a; Hm_lvt_e23800c454aa573c0ccb16b52665ac26=1408430341,1408495820,1408496848,1408595455; Hm_lpvt_e23800c454aa573c0ccb16b52665ac26=1408609585; _ga=GA1.2.1675849558.1388304226" -H "Connection: keep-alive" -H "Referer: http://beta.segmentfault.com/write?draftId=1220000000644067" --data "do=saveArticle&type=article&title="%"E6"%"96"%"B0"%"E6"%"B5"%"AASAE"%"E4"%"BD"%"BF"%"E7"%"94"%"A8"%"E7"%"BB"%"8F"%"E9"%"AA"%"8C&text="%"E5"%"95"%"8A122&weibo=0&blogId=1200000000373814&id=1220000000644067&tags"%"5B"%"5D=1040000000089658&tags"%"5B"%"5D=1040000000089399&tags"%"5B"%"5D=1040000000090145&tags"%"5B"%"5D=1040000000089436&tags"%"5B"%"5D=1040000000089387&tags"%"5B"%"5D=1040000000137810" --compressed

{"status":0,"data":"1220000000644067","message":""}
@lvye
Copy link

lvye commented Aug 21, 2014

已fix,感谢

2014-08-21 17:06 GMT+08:00 PChou notifications@github.com:

被hack的文章[http://beta.segmentfault.com/blog/p_chou/1190000000644115]

复现步骤:

在编辑文章的过程中,利用/api/draft接口,将ajax复制成curl,并添加post中的tag[]。文章会被保存成草稿,此时的草稿就是超过5个标签,然后提交文章。文章就有超过5个标签了。

实际结果:标签可超过6个
期望结果:draft接口应当验证标签的数量

测试用curl命令:

$ curl "http://beta.segmentfault.com/api/draft?_=f7d54c0227629dab3e5f49d942fe30b2" -H "Pragma: no-cache" -H "Origin: http://beta.segmentfault.com" -H "Accept-Encoding: gzip,deflate,sdch" -H "Accept-Language: zh,en-US;q=0.8,en;q=0.6,zh-CN;q=0.4,de;q=0.2,ja;q=0.2,zh-TW;q=0.2" -H "User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/36.0.1985.125 Safari/537.36" -H "Content-Type: application/x-www-form-urlencoded; charset=UTF-8" -H "Accept: /" -H "Cache-Control: no-cache" -H "X-Requested-With: XMLHttpRequest" -H "Cookie: __utma=224849432.1675849558.1388304226.1396257644.1396314514.98; __utmz=224849432.1395978970.89.26.utmcsr=blog.segmentfault.com|utmccn=(referral)|utmcmd=referral|utmcct=/p_chou; PHPSESSID=lc0b76kpal4muq9bebaornb0h3; sfsess=eu7aiv.dc66c9987ce94159aa49337cbf23f5aa.a; Hm_lvt_e23800c454aa573c0ccb16b52665ac26=1408430341,1408495820,1408496848,1408595455; Hm_lpvt_e23800c454aa573c0ccb16b52665ac26=1408609585; _ga=GA1.2.1675849558.1388304226" -H "Connection: keep-alive" -H "Referer: http://beta.segmentfault.com/write?draftId=1220000000644067" --data "do=saveArticle&type=article&title="%"E6"%"96"%"B0"%"E6"%"B5"%"AASAE"%"E4"%"BD"%"BF"%"E7"%"94"%"A8"%"E7"%"BB"%"8F"%"E9"%"AA"%"8C&text="%"E5"%"95"%"8A122&weibo=0&blogId=1200000000373814&id=1220000000644067&tags"%"5B"%"5D=1040000000089658&tags"%"5B"%"5D=1040000000089399&tags"%"5B"%"5D=1040000000090145&tags"%"5B"%"5D=1040000000089436&tags"%"5B"%"5D=1040000000089387&tags"%"5B"%"5D=1040000000137810" --compressed

{"status":0,"data":"1220000000644067","message":""}


Reply to this email directly or view it on GitHub
#8.

@lvye lvye closed this as completed Aug 22, 2014
@jeffie jeffie mentioned this issue Aug 19, 2014
Closed
@fenbox fenbox added the bug label Sep 19, 2014
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
bug
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@fenbox @PChou @lvye