安全修复：加固CSRF与凭证保护并修复越权风险

2026-02-16 01:19:43 +08:00
parent 14b506e8a1
commit 1389ec7434
22 changed files with 375 additions and 83 deletions
--- a/routes/admin_api/core.py
+++ b/routes/admin_api/core.py
@@ -355,9 +355,6 @@ def admin_logout():
    session.pop("admin_id", None)
    session.pop("admin_username", None)
    session.pop("admin_reauth_until", None)
-    session.pop("_user_id", None)
-    session.pop("_fresh", None)
-    session.pop("_id", None)
    return jsonify({"success": True})