昨天發(fā)布的新版補(bǔ)丁,應(yīng)該修復(fù)了一個(gè)重置密碼的漏洞,但直接導(dǎo)致新的bug,補(bǔ)丁后重置密碼的鏈接無法重置密碼了,設(shè)置完點(diǎn)擊就出錯(cuò):解決方案,修改member_getpasswd.php和member_getpasswd.php添加按鈕代碼獲取sign。
\template\default\member\getpasswd.htm
<form method="post" autocomplete="off" action="member.php?mod=getpasswd&uid=$uid&id=$hashid">
改成
<form method="post" autocomplete="off" action="member.php?mod=getpasswd&uid=$uid&id=$hashid&sign=$sign">
\source\module\member\member_getpasswd.php
$hashid = $_GET['id'];
$uid = $_GET['uid'];
改成
$hashid = $_GET['id'];
$uid = $_GET['uid'];
$sign = $_GET['sign'];