我有一个Web应用程序,其中Angular作为前端,Spring Boot webservices作为后端。我能够执行" Web参数篡改"攻击我的一个帖子调用,将数据插入我的数据库。有没有人解决过这个问题?
感谢您的帮助。
Angular:
//---------------------------------------------------//
//---- REGISTER CUSTOM POST TYPES ------------------//
//--------------------------------------------------//
// Register Employees Custom Post Type
function employees_custom_post_type() {
$labels = array(
'name' => 'Employees',
'singular_name' => 'Employee',
'menu_name' => 'Employees',
'name_admin_bar' => 'Employee',
'archives' => 'Item Archives',
'parent_item_colon' => 'Parent Item:',
'all_items' => 'All Items',
'add_new_item' => 'Add New Item',
'add_new' => 'Add New',
'new_item' => 'New Item',
'edit_item' => 'Edit Item',
'update_item' => 'Update Item',
'view_item' => 'View Item',
'search_items' => 'Search Item',
'not_found' => 'Not found',
'not_found_in_trash' => 'Not found in Trash',
'featured_image' => 'Featured Image',
'set_featured_image' => 'Set featured image',
'remove_featured_image' => 'Remove featured image',
'use_featured_image' => 'Use as featured image',
'insert_into_item' => 'Insert into item',
'uploaded_to_this_item' => 'Uploaded to this item',
'items_list' => 'Items list',
'items_list_navigation' => 'Items list navigation',
'filter_items_list' => 'Filter items list',
);
$args = array(
'label' => 'Employee',
'description' => 'A List of CenterPoint Employees categorized by role',
'labels' => $labels,
'supports' => array( 'title', 'editor', 'excerpt', 'thumbnail', ),
'taxonomies' => array( 'team_categories' ),
'hierarchical' => true,
'public' => true,
'show_ui' => true,
'show_in_menu' => true,
'menu_position' => 5,
'show_in_admin_bar' => true,
'show_in_nav_menus' => true,
'can_export' => true,
'has_archive' => true,
'exclude_from_search' => false,
'publicly_queryable' => true,
'capability_type' => 'page',
);
register_post_type( 'post_type', $args );
}
add_action( 'init', 'employees_custom_post_type', 0 );
//-----------------------------------//
//----REGISTER CUSTOM TAXONOMIES-----//
//-----------------------------------//
function custom_taxonomy() {
$labels = array(
'name' => 'Team Categories',
'singular_name' => 'Team Category',
'menu_name' => 'Taxonomy',
'all_items' => 'All Items',
'parent_item' => 'Parent Item',
'parent_item_colon' => 'Parent Item:',
'new_item_name' => 'New Item Name',
'add_new_item' => 'Add New Item',
'edit_item' => 'Edit Item',
'update_item' => 'Update Item',
'view_item' => 'View Item',
'separate_items_with_commas' => 'Separate items with commas',
'add_or_remove_items' => 'Add or remove items',
'choose_from_most_used' => 'Choose from the most used',
'popular_items' => 'Popular Items',
'search_items' => 'Search Items',
'not_found' => 'Not Found',
'no_terms' => 'No items',
'items_list' => 'Items list',
'items_list_navigation' => 'Items list navigation',
);
$args = array(
'labels' => $labels,
'hierarchical' => true,
'public' => true,
'show_ui' => true,
'show_admin_column' => true,
'show_in_nav_menus' => true,
'show_tagcloud' => true,
);
register_taxonomy( 'team_categories', array( 'employees_custom_post_type' ), $args );
}
add_action( 'init', 'custom_taxonomy', 0 );
SpringBoot:
$scope.submitRequest = function() {
ar.createRequest.save({
orderNum : orderNum
...
}, function() {
}, function (httpResponse){
});
};