dromara/RuoYi-Cloud-Plus
1
0
Fork 0
mirror of https://gitee.com/dromara/RuoYi-Cloud-Plus.git synced 2025-09-06 20:38:35 +00:00
Code Issues Packages Projects Releases Wiki Activity

修复任意账户越权问题

Browse Source
This commit is contained in:
RuoYi
2021-07-27 13:08:37 +08:00
parent a044b0d205
commit 20ce9da509
1 changed files with 4 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
ruoyi-modules/ruoyi-system/src/main/java/com/ruoyi/system/controller/SysProfileController.java
View File

@@ -75,9 +75,12 @@ public class SysProfileController extends BaseController
{
return AjaxResult.error("修改用户'" + user.getUserName() + "'失败,邮箱账号已存在");
}
LoginUser loginUser = tokenService.getLoginUser();
SysUser sysUser = loginUser.getSysUser();
user.setUserId(sysUser.getUserId());
user.setPassword(null);
if (userService.updateUserProfile(user) > 0)
{
LoginUser loginUser = tokenService.getLoginUser();
// 更新缓存用户信息
loginUser.getSysUser().setNickName(user.getNickName());
loginUser.getSysUser().setPhonenumber(user.getPhonenumber());