|
|
本帖最后由 民审-M 于 2017-8-2 10:43 编辑
Discuz!X3.4 X3.2并发刷分漏洞修复:开启用户积分信息安全,可防止并发刷分,满足 times(次数)/second(秒) 的操作无法提交:
2017.08.01 更新:同步 细节
编辑:/config/config_global.php
查找:
- $_config['security']['querysafe']['afullnote'] = '0';
- $_config['security']['creditsafe']['second'] = 1; // 开启用户积分信息安全,可防止并发刷分,满足 times(次数)/second(秒) 的操作 无法提交, 默认 0 关闭
- $_config['security']['creditsafe']['times'] = 10;
编辑:/source/class/class_credit.php
查找:
- function updatemembercount($creditarr, $uids = 0, $checkgroup = true, $ruletxt = '') {
- function frequencycheck($uids) {
- global $_G;
- if(empty($_G['config']['security']['creditsafe']['second']) || empty($_G['config']['security']['creditsafe']['times'])) {
- return true;
- }
- foreach($uids as $uid) {
- $key = 'credit_fc'.$uid;
- $v = intval(memory('get', $key));
- memory('set', $key, ++$v, $_G['config']['security']['creditsafe']['second']);
- if($v > $_G['config']['security']['creditsafe']['times']) {
- system_error('credit frequency limit', true);
- return false;
- }
- }
- return true;
- }
查找:
- if($uids && ($creditarr || $this->extrasql)) {
- $this->frequencycheck($uids);
草根吧Discuz! X3.4 R20170801+ SC_GBK 版本更新(2017.08.01更新)已修复:
https://www.cgzz8.cn/t-29165-1-1.html
(出处: 草根吧)
|
|
帐号登录
QQ登录
微信登录
发表于 2017-7-31 23:21:07
