Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

修改url可以预约非法时段 #656

Open
linhaowei1 opened this issue Sep 1, 2022 · 5 comments
Open

修改url可以预约非法时段 #656

linhaowei1 opened this issue Sep 1, 2022 · 5 comments
Labels
unsafe 有安全风险

Comments

@linhaowei1
Copy link
Contributor

image
此时是10:28,我可以修改url,预约10:00-10:30的教室
image
@linhaowei1
Copy link
Contributor Author

扣了信用分求给我加回来qwq 我只是试一试而已!!没想到真的约上了

@Aubrey-Liu
Copy link
Member

这不算非法吧,按道理说本来在时间段之内,就可以预约的

@linhaowei1
Copy link
Contributor Author

可是这个预约必然会造成信用分的扣分,并且在系统上本来就是没法选中已经超过的时间段的(比如10:01不能选择10:00-10:30的这个时段),这个合理吗?
如果是已经结束的时间段,代码应该会检查,报错非法url,这两边的判断要不要统一一下?
或者留着其实也行,这样如果超过10:01我就能预约10:00-10:30的时段了)

@Aubrey-Liu
Copy link
Member

额,看了一下,确实是没做足够的检查

@Aubrey-Liu
Copy link
Member

如果是已经结束的时间段,代码应该会检查

我好像没发现有做这个事的代码

@Aubrey-Liu Aubrey-Liu added the unsafe 有安全风险 label Sep 2, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
unsafe 有安全风险
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@linhaowei1 @Aubrey-Liu