Micolog RPC漏洞及修复
August 24th, 2009
由于代码不严谨,导致使用xmlrpc功能发布文章时,认证功能出现错误。
SVN上最新代码已修复该BUG.
http://code.google.com/p/micolog/source/diff?spec=svn56&r=56&format=side&path=/trunk/api_rpc.py
将apirpc.py的第21行的
if not (username and password and g_blog.rpcuser==username) and (g_blog.rpcpassword==password):
修改为
if not (username and password and g_blog.rpcuser and g_blog.rpcpassword and (g_blog.rpcuser==username) and (g_blog.rpcpassword==password)):
就可以修改该错误。
请使用micolog的朋友尽快修改该错误!
