From dd51daf9d8b89096582fe7609ba52bd86185673c Mon Sep 17 00:00:00 2001 From: Julian Liu Date: Thu, 31 Dec 2020 08:23:46 +0800 Subject: [PATCH] [security] Fix user info leak in getSubscribe() getSubscribe() leaks all user info even password hash, fix it. --- app/Http/Controllers/User/UserController.php | 24 +++++++++++++++++++- 1 file changed, 23 insertions(+), 1 deletion(-) diff --git a/app/Http/Controllers/User/UserController.php b/app/Http/Controllers/User/UserController.php index 6d72a405..605e4d03 100755 --- a/app/Http/Controllers/User/UserController.php +++ b/app/Http/Controllers/User/UserController.php @@ -27,6 +27,9 @@ class UserController extends Controller public function changePassword(UserChangePassword $request) { $user = User::find($request->session()->get('id')); + if (!$user) { + abort(500, '该用户不存在'); + } if (!Helper::multiPasswordVerify( $user->password_algo, $request->input('old_password'), @@ -65,6 +68,9 @@ class UserController extends Controller 'telegram_id' ]) ->first(); + if (!$user) { + abort(500, '该用户不存在'); + } $user['avatar_url'] = 'https://cdn.v2ex.com/gravatar/' . md5($user->email) . '?s=64&d=identicon'; return response([ 'data' => $user @@ -90,7 +96,20 @@ class UserController extends Controller public function getSubscribe(Request $request) { - $user = User::find($request->session()->get('id')); + $user = User::where('id', $request->session()->get('id')) + ->select([ + 'id', + 'plan_id', + 'token', + 'expired_at', + 'u', + 'd', + 'transfer_enable' + ]) + ->first(); + if (!$user) { + abort(500, '该用户不存在'); + } if ($user->plan_id) { $user['plan'] = Plan::find($user->plan_id); if (!$user['plan']) { @@ -107,6 +126,9 @@ class UserController extends Controller public function resetSecurity(Request $request) { $user = User::find($request->session()->get('id')); + if (!$user) { + abort(500, '该用户不存在'); + } $user->uuid = Helper::guid(true); $user->token = Helper::guid(); if (!$user->save()) {