idealyard
idealyard copied to clipboard
imoyao
使用 Vue 和 Flask 搭建前后端分离的 RESTful 个人博客
Bumps [axios](https://github.com/axios/axios) from 0.19.0 to 0.21.2. Release notes Sourced from axios's releases. v0.21.2 0.21.2 (September 4, 2021) Fixes and Functionality: Updating axios requests to be delayed by pre-emptive promise creation...
![dependabot[bot] avatar](https://avatars.githubusercontent.com/in/29110?v=4 "dependabot[bot] avatar"){kind=avatar}
Bumps [url-parse](https://github.com/unshiftio/url-parse) from 1.4.7 to 1.5.10. Commits 8cd4c6c 1.5.10 ce7a01f [fix] Improve handling of empty port 0071490 [doc] Update JSDoc comment a7044e3 [minor] Use more descriptive variable name d547792 [security]...
Bumps [ipython](https://github.com/ipython/ipython) from 7.6.1 to 7.16.3. Commits d43c7c7 release 7.16.3 5fa1e40 Merge pull request from GHSA-pq7m-3gw7-gq5x 8df8971 back to dev 9f477b7 release 7.16.2 138f266 bring back release helper from master...
Bumps [shelljs](https://github.com/shelljs/shelljs) from 0.7.8 to 0.8.5. Release notes Sourced from shelljs's releases. v0.8.5 This was a small security fix for #1058. v0.8.4 Small patch release to fix a circular dependency...
Bumps [mavon-editor](https://github.com/hinesboy/mavonEditor) from 2.7.5 to 2.8.2. Commits See full diff in compare view [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter...
Bumps [tmpl](https://github.com/daaku/nodejs-tmpl) from 1.0.4 to 1.0.5. Commits See full diff in compare view [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter...
看到一个别人写的博客,前端不错,有机会了解一下。或者持续改进? https://frostming.com/2019/08-11/flask-blog
Bumps [path-parse](https://github.com/jbgutierrez/path-parse) from 1.0.6 to 1.0.7. Commits See full diff in compare view [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter...
- [ ] 发现一个越权漏洞,解决方案:authorId需根据article_id查询出来,因为前端的数据除了token,都不可信。 ```python json_data = request.json current_user_id = json_data.get('authorId') if g.user.id != current_user_id: # or g.current_user.can(Permission.ADMINISTER): return forbidden('Insufficient permissions') ``` _Originally posted by @githubcyc in https://github.com/imoyao/idealyard/issues/9#issuecomment-824031989_