微擎1.5.4任意用户删除漏洞 修复
阿里云提示:微擎1.5.4任意用户删除漏洞
修复:
/web/source/founder/display.ctrl.php
搜索:
$founders = explode(',', $_W['config']['setting']['founder']);
后面添加:
$identity = uni_permission($_W['uid']);if ($identity != ACCOUNT_MANAGE_NAME_FOUNDER && $identity != ACCOUNT_MANAGE_NAME_VICE_FOUNDER) {
itoast('???????', referer(), 'error');
}
漏洞修复完成
页:
[1]