Skip to content

o2oa
o2oa

weixin_42566577 / o2oa
与 Fork 源项目一致

Fork自 浙江兰德纵横网络技术股份有限公司 / o2oa

通知 1
Star 0
Fork 0
o2oa
o2oa

体验新版 GitCode,发现更多精彩内容 >>

提交 f4de043f 编写于 作者: 蔡祥熠
浏览文件
操作

Merge branch 'hotfix/修复发送短信验证码可能的漏洞' into 'master' 

Merge of hotfix/修复登录页发送短信验证码校验用户名可能枚举用户的漏洞  to master

See merge request o2oa/o2oa!1143

(cherry picked from commit 71536ec6)

eb100930 修复登录页发送短信验证码校验用户名可能枚举用户的漏洞
上级 0683a95d
隐藏空白更改
内联 并排
Showing with 14 addition and 10 deletion
o2web/source/o2_core/o2/xDesktop/Authentication.js
浏览文件 @ f4de043f
......@@ -1000,16 +1000,16 @@ MWF.xDesktop.Authentication.LoginForm = new Class({
credentialItem.setWarning(this.lp.inputYourUserName, "empty");
return;
} else {
this.actions.checkCredential(credential, function (json) {
if (!json.data.value) {
flag = false;
credentialItem.setWarning(this.lp.userNotExist, "invalid");
}
}.bind(this), function (errorObj) {
flag = false;
var error = JSON.parse(errorObj.responseText);
credentialItem.setWarning(error.message, "invalid");
}.bind(this), false)
// this.actions.checkCredential(credential, function (json) {
// if (!json.data.value) {
// flag = false;
// credentialItem.setWarning(this.lp.userNotExist, "invalid");
// }
// }.bind(this), function (errorObj) {
// flag = false;
// var error = JSON.parse(errorObj.responseText);
// credentialItem.setWarning(error.message, "invalid");
// }.bind(this), false)
}
if (!flag) {
return;
......@@ -1019,6 +1019,10 @@ MWF.xDesktop.Authentication.LoginForm = new Class({
this.actions.createCredentialCode(credential, function (json) {
}, function (errorObj) {
var error = JSON.parse(errorObj.responseText);
var codeAnswerItem = this.form.getItem("codeAnswer");
if(codeAnswerItem){
codeAnswerItem.clearWarning("empty");
}
this.setWarning(error.message);
flag = false
}.bind(this));
......
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册