open-source/WeChatTweak-macOS
1
0
Fork 0
mirror of https://github.com/Sunnyyoung/WeChatTweak-macOS.git synced 2025-05-24 07:16:10 +08:00
Code Issues Packages Projects Releases Wiki Activity

修复数据泄漏漏洞

Browse Source
This commit is contained in:
cutem 2018-10-15 16:00:59 +08:00 committed by GitHub
parent c7a4ece7a0
commit fe86d3cf59
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 19 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

20
WeChatTweak/Manager/AlfredManager.m
View File

@ -17,6 +17,8 @@
@implementation AlfredManager @implementation AlfredManager
static int port = 48065;
+ (instancetype)sharedInstance { + (instancetype)sharedInstance {
static dispatch_once_t onceToken; static dispatch_once_t onceToken;
static AlfredManager *shared; static AlfredManager *shared;
@ -34,6 +36,14 @@
// Search contancts // Search contancts
[self.server addHandlerForMethod:@"GET" path:@"/wechat/search" requestClass:[GCDWebServerRequest class] processBlock:^GCDWebServerResponse * _Nullable(__kindof GCDWebServerRequest * _Nonnull request) { [self.server addHandlerForMethod:@"GET" path:@"/wechat/search" requestClass:[GCDWebServerRequest class] processBlock:^GCDWebServerResponse * _Nullable(__kindof GCDWebServerRequest * _Nonnull request) {
NSString *keyword = [request.query[@"keyword"] lowercaseString] ? : @""; NSString *keyword = [request.query[@"keyword"] lowercaseString] ? : @"";
NSString *hostname = request.headers[@"Host"];
NSString *url1 = [NSString stringWithFormat:@"127.0.0.1:%d", port];
NSString *url2 = [NSString stringWithFormat:@"localhost:%d", port];
if(!([hostname isEqualToString:url1] | [hostname isEqualToString:url2])){
return [GCDWebServerResponse responseWithStatusCode:404];
}
NSArray<WCContactData *> *contacts = ({ NSArray<WCContactData *> *contacts = ({
MMServiceCenter *serviceCenter = [objc_getClass("MMServiceCenter") defaultCenter]; MMServiceCenter *serviceCenter = [objc_getClass("MMServiceCenter") defaultCenter];
ContactStorage *contactStorage = [serviceCenter getService:objc_getClass("ContactStorage")]; ContactStorage *contactStorage = [serviceCenter getService:objc_getClass("ContactStorage")];
@ -64,6 +74,14 @@
}]; }];
// Start chat // Start chat
[self.server addHandlerForMethod:@"GET" path:@"/wechat/start" requestClass:[GCDWebServerRequest class] processBlock:^GCDWebServerResponse * _Nullable(__kindof GCDWebServerRequest * _Nonnull request) { [self.server addHandlerForMethod:@"GET" path:@"/wechat/start" requestClass:[GCDWebServerRequest class] processBlock:^GCDWebServerResponse * _Nullable(__kindof GCDWebServerRequest * _Nonnull request) {
NSString *hostname = request.headers[@"Host"];
NSString *url1 = [NSString stringWithFormat:@"127.0.0.1:%d", port];
NSString *url2 = [NSString stringWithFormat:@"localhost:%d", port];
if(!([hostname isEqualToString:url1] | [hostname isEqualToString:url2])){
return [GCDWebServerResponse responseWithStatusCode:404];
}
WCContactData *contact = ({ WCContactData *contact = ({
NSString *session = request.query[@"session"]; NSString *session = request.query[@"session"];
WCContactData *contact = nil; WCContactData *contact = nil;
@ -86,7 +104,7 @@
}); });
return [GCDWebServerResponse responseWithStatusCode:200]; return [GCDWebServerResponse responseWithStatusCode:200];
}]; }];
[self.server startWithOptions:@{GCDWebServerOption_Port: @(48065), [self.server startWithOptions:@{GCDWebServerOption_Port: [NSNumber numberWithInt:port],
GCDWebServerOption_BindToLocalhost: @(YES)} error:nil]; GCDWebServerOption_BindToLocalhost: @(YES)} error:nil];
} }