llvy.ltd/casdoor
1
0
Fork 0
mirror of https://github.com/casdoor/casdoor.git synced 2025-07-02 11:20:18 +08:00
Code Issues Packages Projects Releases Wiki Activity

feat: fix SSRF when download avatar (#1193)

Browse Source
This commit is contained in:
Yaodong Yu
2022-10-20 14:47:08 +08:00
committed by GitHub
parent dffa68cbce
commit 6a1ec51978
6 changed files with 75 additions and 26 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
object/syncer_user.go
View File

@ -120,7 +120,7 @@ func (syncer *Syncer) updateUserForOriginalFields(user *User) (bool, error) {
}
if user.Avatar != oldUser.Avatar && user.Avatar != "" {
user.PermanentAvatar = getPermanentAvatarUrl(user.Owner, user.Name, user.Avatar)
user.PermanentAvatar = getPermanentAvatarUrl(user.Owner, user.Name, user.Avatar, true)
}
columns := syncer.getCasdoorColumns()