lsm/sa-token
1
0
Fork 0
mirror of https://gitee.com/dromara/sa-token.git synced 2025-10-21 19:17:25 +08:00
Code Issues Actions Packages Projects Releases Wiki Activity

修复 SaRouter.match 匹配规则与 Spring 默认不一致导致的越权漏洞

Browse Source
This commit is contained in:
click33
2023-09-21 05:06:40 +08:00
parent 5a6e8bd463
commit cd14651dcc
8 changed files with 137 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
sa-token-starter/sa-token-reactor-spring-boot3-starter/src/main/java/cn/dev33/satoken/reactor/spring/SaTokenContextForSpringReactor.java
View File

@@ -16,7 +16,7 @@
package cn.dev33.satoken.reactor.spring;
import cn.dev33.satoken.context.SaTokenContextForThreadLocal;
import cn.dev33.satoken.spring.SaPathMatcherHolder;
import cn.dev33.satoken.spring.SaPathPatternParserUtil;
/**
* Sa-Token 上下文处理器 [ Spring Reactor 版本实现 ] ,基于 SaTokenContextForThreadLocal 定制
@@ -31,7 +31,7 @@ public class SaTokenContextForSpringReactor extends SaTokenContextForThreadLocal
*/
@Override
public boolean matchPath(String pattern, String path) {
return SaPathMatcherHolder.getPathMatcher().match(pattern, path);
return SaPathPatternParserUtil.match(pattern, path);
}
}