阅读次数:150发布日期:2020-10-20
微擎1.5.4任意用户删除漏解决方案如下:
文件位置:
web/source/founder/display.ctrl.php
查找到以下代码:
$founders = explode(',', $_W['config']['setting']['founder']);
在以下代码下增加下面的代码:
$identity = uni_permission($_W['uid']); if ($identity != ACCOUNT_MANAGE_NAME_FOUNDER && $identity != ACCOUNT_MANAGE_NAME_VICE_FOUNDER) { itoast('非法访问!', referer(), 'error'); }
即可解决!