[安全]解决 @ combine:"userId,..." 或 @ combine:"userId{},..." 绕过权限校验
Server:
解决 @ combine:"userId,..." 或 @ combine:"userId{},..." 绕过权限校验;
GETS和HEADS请求也不允许传 @ combine ,避免可能绕过Request表里的规则校验;
优化 @ combine 报错信息;
Server:
解决 @ combine:"userId,..." 或 @ combine:"userId{},..." 绕过权限校验;
GETS和HEADS请求也不允许传 @ combine ,避免可能绕过Request表里的规则校验;
优化 @ combine 报错信息;