fix:Issue #I42GRW 修复任意账户越权漏洞

江强

2021-07-27 3347ca4d7484d9141b189462e169b2be4d324632

fix:Issue #I42GRW   修复任意账户越权漏洞

 ruoyi-admin/src/main/java/com/ruoyi/web/controller/system/SysProfileController.java

@@ -71,9 +71,12 @@
        {

            return AjaxResult.error("修改用户'" + user.getUserName() + "'失败，邮箱账号已存在");

        }

        LoginUser loginUser = tokenService.getLoginUser(ServletUtils.getRequest());

        SysUser sysUser = loginUser.getUser();

        user.setUserId(sysUser.getUserId());

        user.setPassword(null);

        if (userService.updateUserProfile(user) > 0)

        {

            LoginUser loginUser = tokenService.getLoginUser(ServletUtils.getRequest());

            // 更新缓存用户信息

            loginUser.getUser().setNickName(user.getNickName());

            loginUser.getUser().setPhonenumber(user.getPhonenumber());