public/dataease
1
0
Fork 0
mirror of https://github.com/dataease/dataease.git synced 2026-05-14 04:12:11 +08:00
Code Issues Packages Projects Releases Wiki Activity

fix: 【漏洞】修复unauthorized command execution vulnerability

Browse Source
This commit is contained in:
tjlygdx
2026-05-13 17:28:30 +08:00
parent 22930a493d
commit 3efda9d29c
3 changed files with 79 additions and 24 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
core/core-backend/src/main/java/io/dataease/substitute/permissions/login/SubstituleLoginServer.java
View File

@@ -10,7 +10,6 @@ import io.dataease.auth.vo.TokenVO;
import io.dataease.exception.DEException;
import io.dataease.i18n.Translator;
import io.dataease.utils.LogUtil;
import io.dataease.utils.Md5Utils;
import io.dataease.utils.RsaUtils;
import org.apache.commons.lang3.StringUtils;
import org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean;
@@ -43,8 +42,7 @@ public class SubstituleLoginServer {
TokenUserBO tokenUserBO = new TokenUserBO();
tokenUserBO.setUserId(1L);
tokenUserBO.setDefaultOid(1L);
String md5Pwd = Md5Utils.md5(pwd);
return generate(tokenUserBO, md5Pwd);
return generate(tokenUserBO, SubstituleLoginConfig.getTokenSecret());
}