QiangLi826 opened a new pull request, #1466: URL: https://github.com/apache/answer/pull/1466
在AcceptAnswer方法中添加了安全检查,确保要设置为最佳答案的回答确实属于该问题。 这可以防止攻击者将其他问题的回答设置为当前问题的最佳答案。 安全问题:越权设置最佳评论 修复方法:验证acceptedAnswerInfo.QuestionID == req.QuestionID -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
