From 3347ca4d7484d9141b189462e169b2be4d324632 Mon Sep 17 00:00:00 2001
From: 江强 <jiangq@powerlbs.com>
Date: 星期二, 27 七月 2021 09:33:12 +0800
Subject: [PATCH] fix:Issue #I42GRW   修复任意账户越权漏洞

---
 ruoyi-ui/src/components/HeaderSearch/index.vue |    4 +++-
 1 files changed, 3 insertions(+), 1 deletions(-)

diff --git a/ruoyi-ui/src/components/HeaderSearch/index.vue b/ruoyi-ui/src/components/HeaderSearch/index.vue
index ae952a9..0931184 100644
--- a/ruoyi-ui/src/components/HeaderSearch/index.vue
+++ b/ruoyi-ui/src/components/HeaderSearch/index.vue
@@ -70,9 +70,11 @@
       this.show = false
     },
     change(val) {
+      const path = val.path;
       if(this.ishttp(val.path)) {
         // http(s):// 路径新窗口打开
-        window.open(val.path, "_blank");
+        const pindex = path.indexOf("http");
+        window.open(path.substr(pindex, path.length), "_blank");
       } else {
         this.$router.push(val.path)
       }

--
Gitblit v1.9.2