{"id":135,"date":"2021-09-15T17:54:21","date_gmt":"2021-09-15T09:54:21","guid":{"rendered":"https:\/\/axinyi.xuenixiang.com\/?p=135"},"modified":"2021-09-15T17:54:22","modified_gmt":"2021-09-15T09:54:22","slug":"apache-shiro-authentication-bypass-vulnerability-cve-2020-1957","status":"publish","type":"post","link":"https:\/\/axinyi.xuenixiang.com\/index.php\/2021\/09\/15\/apache-shiro-authentication-bypass-vulnerability-cve-2020-1957\/","title":{"rendered":"Apache Shiro \u8eab\u4efd\u9a8c\u8bc1\u7ed5\u8fc7\u6f0f\u6d1e (CVE-2020-1957)"},"content":{"rendered":"\n<p class=\"has-medium-font-size\"><span class=\"begin\">Shiro<\/span>\u662f\u4e00\u4e2a\u529f\u80fd\u5f3a\u5927\u4e14\u6613\u4e8e\u4f7f\u7528\u7684 Java \u5b89\u5168\u6846\u67b6\uff0c\u53ef\u6267\u884c\u8eab\u4efd\u9a8c\u8bc1\u3001\u6388\u6743\u3001\u52a0\u5bc6\u548c\u4f1a\u8bdd\u7ba1\u7406\u3002\u5728\u5e26\u6709 Spring \u52a8\u6001\u63a7\u5236\u5668\u7684 1.5.2 \u4e4b\u524d\u7684 Apache Shiro \u7248\u672c\u4e2d\uff0c\u653b\u51fb\u8005\u53ef\u4ee5\u4f7f\u7528<span class=\"has-inline-color has-vivid-red-color\"> <code>..;<\/code><\/span>\u7ed5\u8fc7\u76ee\u5f55\u8ba4\u8bc1\u3002<\/p>\n\n\n\n<p class=\"has-medium-font-size\"><div class=\"has-toc have-toc\"><\/div>\u73af\u5883\u642d\u5efa<\/p>\n\n\n\n<p class=\"has-medium-font-size\">\u6f0f\u6d1e\u73af\u5883\uff1a\u4f7f\u7528 Spring 2.2.2 \u548c Shiro 1.5.1 \u542f\u52a8\u5e94\u7528\u7a0b\u5e8f\uff0c\u73af\u5883\u542f\u52a8\u540e\uff0c\u8bbf\u95ee <code>http:\/\/your-ip:8080<\/code>\u67e5\u770b\u4e3b\u9875\u3002<\/p>\n\n\n\n<p class=\"has-medium-font-size\">\u672c\u5e94\u7528\u4e2d URL \u6743\u9650\u7684\u914d\u7f6e\u5982\u4e0b\u3002<\/p>\n\n\n\n<pre class=\"wp-block-code has-medium-font-size\"><code>@Bean\npublic ShiroFilterChainDefinition shiroFilterChainDefinition() {\n    DefaultShiroFilterChainDefinition chainDefinition = new DefaultShiroFilterChainDefinition();\n    chainDefinition.addPathDefinition(\"\/login.html\", \"authc\"); \/\/ need to accept POSTs from the login form\n    chainDefinition.addPathDefinition(\"\/logout\", \"logout\");\n    chainDefinition.addPathDefinition(\"\/admin\/**\", \"authc\");\n    return chainDefinition;\n}<\/code><\/pre>\n\n\n\n<p class=\"has-medium-font-size\">\u4f1a\u5bf9admin\u6240\u6709\u7684\u9875\u9762\u90fd\u4f1a\u8fdb\u884c\u6743\u9650\u6821\u9a8c\u3002\u6d4b\u8bd5\u7ed3\u679c\u5982\u4e0b\uff1a<\/p>\n\n\n\n<p class=\"has-medium-font-size\">\u8bbf\u95ee\u9996\u9875\uff1a<\/p>\n\n\n\n<figure class=\"wp-block-image size-full is-resized is-style-rounded\"><img loading=\"lazy\" src=\"https:\/\/axinyi.xuenixiang.com\/wp-content\/uploads\/2021\/09\/index.png\" alt=\"\" class=\"wp-image-141\" width=\"840\" height=\"380\" srcset=\"https:\/\/axinyi.xuenixiang.com\/wp-content\/uploads\/2021\/09\/index.png 635w, https:\/\/axinyi.xuenixiang.com\/wp-content\/uploads\/2021\/09\/index-300x136.png 300w\" sizes=\"(max-width: 840px) 100vw, 840px\" \/><\/figure>\n\n\n\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" width=\"1020\" height=\"156\" src=\"https:\/\/axinyi.xuenixiang.com\/wp-content\/uploads\/2021\/09\/index1.png\" alt=\"\" class=\"wp-image-144\" srcset=\"https:\/\/axinyi.xuenixiang.com\/wp-content\/uploads\/2021\/09\/index1.png 1020w, https:\/\/axinyi.xuenixiang.com\/wp-content\/uploads\/2021\/09\/index1-300x46.png 300w, https:\/\/axinyi.xuenixiang.com\/wp-content\/uploads\/2021\/09\/index1-768x117.png 768w\" sizes=\"(max-width: 1020px) 100vw, 1020px\" \/><\/figure>\n\n\n\n<p class=\"has-medium-font-size\">\u76f4\u63a5\u8bf7\u6c42\u7ba1\u7406\u9875\u9762 <code>\/admin\/<\/code>\u65e0\u6cd5\u8bbf\u95ee\uff0c\u5c06\u88ab\u91cd\u5b9a\u5411\u5230\u767b\u5f55\u9875\u9762\u3002<\/p>\n\n\n\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" width=\"798\" height=\"500\" src=\"https:\/\/axinyi.xuenixiang.com\/wp-content\/uploads\/2021\/09\/login.png\" alt=\"\" class=\"wp-image-145\" srcset=\"https:\/\/axinyi.xuenixiang.com\/wp-content\/uploads\/2021\/09\/login.png 798w, https:\/\/axinyi.xuenixiang.com\/wp-content\/uploads\/2021\/09\/login-300x188.png 300w, https:\/\/axinyi.xuenixiang.com\/wp-content\/uploads\/2021\/09\/login-768x481.png 768w\" sizes=\"(max-width: 798px) 100vw, 798px\" \/><\/figure>\n\n\n\n<p class=\"has-medium-font-size\">\u8bbf\u95eeadmin\u65f6\u4f7f\u7528burp\u6293\u5305:<\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" width=\"1024\" height=\"310\" src=\"https:\/\/axinyi.xuenixiang.com\/wp-content\/uploads\/2021\/09\/admin-2-1024x310.png\" alt=\"\" class=\"wp-image-148\" srcset=\"https:\/\/axinyi.xuenixiang.com\/wp-content\/uploads\/2021\/09\/admin-2-1024x310.png 1024w, https:\/\/axinyi.xuenixiang.com\/wp-content\/uploads\/2021\/09\/admin-2-300x91.png 300w, https:\/\/axinyi.xuenixiang.com\/wp-content\/uploads\/2021\/09\/admin-2-768x233.png 768w, https:\/\/axinyi.xuenixiang.com\/wp-content\/uploads\/2021\/09\/admin-2.png 1185w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<p class=\"has-medium-font-size\"><div class=\"has-toc have-toc\"><\/div>\u6f0f\u6d1e\u5206\u6790<\/p>\n\n\n\n<p class=\"has-medium-font-size\">\u7ed5\u8fc7\u6f14\u793a<\/p>\n\n\n\n<p class=\"has-medium-font-size\">\u6784\u9020\u6076\u610f\u8bf7\u6c42 <code>\/xxx\/..;\/admin\/<\/code>\u7ed5\u8fc7\u8eab\u4efd\u9a8c\u8bc1\u68c0\u67e5\u5e76\u8bbf\u95ee\u7ba1\u7406\u9875\u9762\uff0c\u5728shiro\u76841.5.1\u53ca\u5176\u4e4b\u524d\u7684\u7248\u672c\u90fd\u53ef\u4ee5\u5b8c\u7f8e\u5730\u7ed5\u8fc7\u6743\u9650\u68c0\u9a8c\uff0c\u5982\u4e0b\u6240\u793a\uff1a<\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" width=\"1024\" height=\"318\" src=\"https:\/\/axinyi.xuenixiang.com\/wp-content\/uploads\/2021\/09\/QQ\u56fe\u724720210915170610-1024x318.png\" alt=\"\" class=\"wp-image-149\" srcset=\"https:\/\/axinyi.xuenixiang.com\/wp-content\/uploads\/2021\/09\/QQ\u56fe\u724720210915170610-1024x318.png 1024w, https:\/\/axinyi.xuenixiang.com\/wp-content\/uploads\/2021\/09\/QQ\u56fe\u724720210915170610-300x93.png 300w, https:\/\/axinyi.xuenixiang.com\/wp-content\/uploads\/2021\/09\/QQ\u56fe\u724720210915170610-768x238.png 768w, https:\/\/axinyi.xuenixiang.com\/wp-content\/uploads\/2021\/09\/QQ\u56fe\u724720210915170610.png 1164w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<p><div class=\"has-toc have-toc\"><\/div>\u7ed5\u8fc7\u539f\u7406\u5206\u6790<\/p>\n\n\n\n<p class=\"has-medium-font-size\">\u6211\u4eec\u9700\u8981\u5206\u6790\u6211\u4eec\u8bf7\u6c42\u7684URL\u5728\u6574\u4e2a\u9879\u76ee\u7684\u4f20\u5165\u4f20\u9012\u8fc7\u7a0b\u3002\u5728\u4f7f\u7528\u4e86shiro\u7684\u9879\u76ee\u4e2d\uff0c\u662f\u6211\u4eec\u8bf7\u6c42\u7684URL(URL1),\u8fdb\u8fc7shiro\u6743\u9650\u68c0\u9a8c(URL2), \u6700\u540e\u5230springboot\u9879\u76ee\u627e\u5230\u8def\u7531\u6765\u5904\u7406(URL3)<\/p>\n\n\n\n<p class=\"has-medium-font-size\">\u6f0f\u6d1e\u7684\u51fa\u73b0\u5c31\u5728URL1,URL2\u548cURL3 \u6709\u53ef\u80fd\u4e0d\u662f\u540c\u4e00\u4e2aURL\uff0c\u8fd9\u5c31\u5bfc\u81f4\u6211\u4eec\u80fd\u7ed5\u8fc7shiro\u7684\u6821\u9a8c\uff0c\u76f4\u63a5\u8bbf\u95ee\u540e\u7aef\u9700\u8981\u9996\u9009\u7684URL\u3002\u672c\u4f8b\u4e2d\u7684\u6f0f\u6d1e\u5c31\u662f\u56e0\u4e3a\u8fd9\u4e2a\u539f\u56e0\u4ea7\u751f\u7684\u3002<\/p>\n\n\n\n<p class=\"has-medium-font-size\">\u4ee5 <code>http:\/\/localhost:8080\/xxxx\/..;\/admin\/index<\/code> \u4e3a\u4f8b\uff0c\u4e00\u6b65\u6b65\u5206\u6790\u6574\u4e2a\u6d41\u7a0b\u4e2d\u7684\u8bf7\u6c42\u8fc7\u7a0b\u3002<\/p>\n\n\n\n<pre class=\"wp-block-code has-medium-font-size\"><code>protected String getPathWithinApplication(ServletRequest request) {\n    return WebUtils.getPathWithinApplication(WebUtils.toHttp(request));\n}\n\npublic static String getPathWithinApplication(HttpServletRequest request) {\n        String contextPath = getContextPath(request);\n        String requestUri = getRequestUri(request);\n        if (StringUtils.startsWithIgnoreCase(requestUri, contextPath)) {\n            \/\/ Normal case: URI contains context path.\n            String path = requestUri.substring(contextPath.length());\n            return (StringUtils.hasText(path) ? path : \"\/\");\n        } else {\n            \/\/ Special case: rather unusual.\n            return requestUri;\n        }\n    }\n\n\npublic static String getRequestUri(HttpServletRequest request) {\n        String uri = (String) request.getAttribute(INCLUDE_REQUEST_URI_ATTRIBUTE);  \/\/URL:\"\/xxxx\/..;\/admin\/index\"\n        if (uri == null) {\n            uri = request.getRequestURI();\n        }\n        return normalize(decodeAndCleanUriString(request, uri));\n    }<\/code><\/pre>\n\n\n\n<p class=\"has-medium-font-size\">\u6b64\u65f6\u7684URL\u8fd8\u662f\u6211\u4eec\u4f20\u5165\u7684\u539f\u59cbURL: <code>\/xxxx\/..;\/admin\/index<\/code><\/p>\n\n\n\n<p class=\"has-medium-font-size\">\u63a5\u7740,\u7a0b\u5e8f\u4f1a\u8fdb\u5165\u5230decodeAndCleanUriString(), \u5f97\u5230:<\/p>\n\n\n\n<pre class=\"wp-block-code has-medium-font-size\"><code>private static String decodeAndCleanUriString(HttpServletRequest request, String uri) {\n        uri = decodeRequestString(request, uri);\n        int semicolonIndex = uri.indexOf(';');\n        return (semicolonIndex != -1 ? uri.substring(0, semicolonIndex) : uri);\n    }<\/code><\/pre>\n\n\n\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" width=\"984\" height=\"279\" src=\"https:\/\/axinyi.xuenixiang.com\/wp-content\/uploads\/2021\/09\/9EM8LB3O9WGYCM3NW.png\" alt=\"\" class=\"wp-image-151\" srcset=\"https:\/\/axinyi.xuenixiang.com\/wp-content\/uploads\/2021\/09\/9EM8LB3O9WGYCM3NW.png 984w, https:\/\/axinyi.xuenixiang.com\/wp-content\/uploads\/2021\/09\/9EM8LB3O9WGYCM3NW-300x85.png 300w, https:\/\/axinyi.xuenixiang.com\/wp-content\/uploads\/2021\/09\/9EM8LB3O9WGYCM3NW-768x218.png 768w\" sizes=\"(max-width: 984px) 100vw, 984px\" \/><\/figure>\n\n\n\n<p class=\"has-medium-font-size\">decodeAndCleanUriString \u4ee5 <code>;<\/code>\u622a\u65ad\u540e\u9762\u7684\u8bf7\u6c42,\u6240\u4ee5\u6b64\u65f6\u8fd4\u56de\u7684\u5c31\u662f <code>\/xxxx\/..<\/code>.\u7136\u540e\u7a0b\u5e8f\u8c03\u7528normalize() \u5bf9decodeAndCleanUriString()\u5904\u7406\u5f97\u5230\u7684\u8def\u5f84\u8fdb\u884c\u6807\u51c6\u5316\u5904\u7406. \u6807\u51c6\u8bdd\u7684\u5904\u7406\u5305\u62ec:<\/p>\n\n\n\n<ul class=\"has-medium-font-size\"><li>\u66ff\u6362\u53cd\u659c\u7ebf<\/li><li>\u66ff\u6362 <code>\/\/<\/code> \u4e3a <code>\/<\/code><\/li><li>\u66ff\u6362 <code>\/.\/<\/code> \u4e3a <code>\/<\/code><\/li><li>\u66ff\u6362 <code>\/..\/<\/code> \u4e3a <code>\/<\/code><\/li><\/ul>\n\n\n\n<p>\u90fd\u662f\u4e00\u4e9b\u5f88\u5e38\u89c1\u7684\u6807\u51c6\u5316\u65b9\u6cd5.<\/p>\n\n\n\n<pre class=\"wp-block-code has-medium-font-size\"><code>private static String normalize(String path, boolean replaceBackSlash) {\n\n        if (path == null)\n            return null;\n\n        \/\/ Create a place for the normalized path\n        String normalized = path;\n\n        if (replaceBackSlash &amp;&amp; normalized.indexOf('\\\\') >= 0)\n            normalized = normalized.replace('\\\\', '\/');\n\n        if (normalized.equals(\"\/.\"))\n            return \"\/\";\n\n        \/\/ Add a leading \"\/\" if necessary\n        if (!normalized.startsWith(\"\/\"))\n            normalized = \"\/\" + normalized;\n\n        \/\/ Resolve occurrences of \"\/\/\" in the normalized path\n        while (true) {\n            int index = normalized.indexOf(\"\/\/\");\n            if (index &lt; 0)\n                break;\n            normalized = normalized.substring(0, index) +\n                    normalized.substring(index + 1);\n        }\n\n        \/\/ Resolve occurrences of \"\/.\/\" in the normalized path\n        while (true) {\n            int index = normalized.indexOf(\"\/.\/\");\n            if (index &lt; 0)\n                break;\n            normalized = normalized.substring(0, index) +\n                    normalized.substring(index + 2);\n        }\n\n        \/\/ Resolve occurrences of \"\/..\/\" in the normalized path\n        while (true) {\n            int index = normalized.indexOf(\"\/..\/\");\n            if (index &lt; 0)\n                break;\n            if (index == 0)\n                return (null);  \/\/ Trying to go outside our context\n            int index2 = normalized.lastIndexOf('\/', index - 1);\n            normalized = normalized.substring(0, index2) +\n                    normalized.substring(index + 3);\n        }\n\n        \/\/ Return the normalized path that we have completed\n        return (normalized);\n\n    }<\/code><\/pre>\n\n\n\n<p class=\"has-medium-font-size\">\u7ecf\u8fc7getPathWithinApplication()\u51fd\u6570\u7684\u5904\u7406,\u6700\u7ec8shiro \u9700\u8981\u6821\u9a8c\u7684URL \u5c31\u662f <code>\/xxxx\/..<\/code>. \u6700\u7ec8\u4f1a\u8fdb\u5165\u5230 org.apache.shiro.web.filter.mgt.PathMatchingFilterChainResolver \u4e2d\u7684 getChain()\u65b9\u6cd5\u4f1aURL\u6821\u9a8c. \u5173\u952e\u7684\u6821\u9a8c\u65b9\u6cd5\u5982\u4e0b:<\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" width=\"1024\" height=\"340\" src=\"https:\/\/axinyi.xuenixiang.com\/wp-content\/uploads\/2021\/09\/UO933@1@JMIB0TT38-1024x340.png\" alt=\"\" class=\"wp-image-152\" srcset=\"https:\/\/axinyi.xuenixiang.com\/wp-content\/uploads\/2021\/09\/UO933@1@JMIB0TT38-1024x340.png 1024w, https:\/\/axinyi.xuenixiang.com\/wp-content\/uploads\/2021\/09\/UO933@1@JMIB0TT38-300x100.png 300w, https:\/\/axinyi.xuenixiang.com\/wp-content\/uploads\/2021\/09\/UO933@1@JMIB0TT38-768x255.png 768w, https:\/\/axinyi.xuenixiang.com\/wp-content\/uploads\/2021\/09\/UO933@1@JMIB0TT38.png 1117w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<p class=\"has-medium-font-size\">\u7531\u4e8e <code>\/xxxx\/..<\/code> \u5e76\u4e0d\u4f1a\u5339\u914d\u5230 <code>\/admin\/**<\/code>, \u6240\u4ee5shiro\u6743\u9650\u6821\u9a8c\u5c31\u4f1a\u901a\u8fc7.<\/p>\n\n\n\n<p class=\"has-medium-font-size\">\u6700\u7ec8\u6211\u4eec\u7684\u539f\u59cb\u8bf7\u6c42 <code>\/xxxx\/..;\/admin\/index<\/code> \u5c31\u4f1a\u8fdb\u5165\u5230 springboot\u4e2d. springboot\u5bf9\u4e8e\u6bcf\u4e00\u4e2a\u8fdb\u5165\u7684request\u8bf7\u6c42\u4e5f\u4f1a\u6709\u81ea\u5df1\u7684\u5904\u7406\u65b9\u5f0f,\u627e\u5230\u81ea\u5df1\u6240\u5bf9\u5e94\u7684mapping. \u5177\u4f53\u7684\u5339\u914d\u65b9\u5f0f\u662f\u5728:<code>org.springframework.web.util.UrlPathHelper \u4e2d\u7684 getPathWithinServletMapping()<\/code><\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" width=\"1024\" height=\"500\" src=\"https:\/\/axinyi.xuenixiang.com\/wp-content\/uploads\/2021\/09\/VDWHD@DSSSAEW8Z1EXD-1024x500.png\" alt=\"\" class=\"wp-image-153\" srcset=\"https:\/\/axinyi.xuenixiang.com\/wp-content\/uploads\/2021\/09\/VDWHD@DSSSAEW8Z1EXD-1024x500.png 1024w, https:\/\/axinyi.xuenixiang.com\/wp-content\/uploads\/2021\/09\/VDWHD@DSSSAEW8Z1EXD-300x147.png 300w, https:\/\/axinyi.xuenixiang.com\/wp-content\/uploads\/2021\/09\/VDWHD@DSSSAEW8Z1EXD-768x375.png 768w, https:\/\/axinyi.xuenixiang.com\/wp-content\/uploads\/2021\/09\/VDWHD@DSSSAEW8Z1EXD.png 1156w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<p class=\"has-medium-font-size\">getPathWithinServletMapping() \u5728\u4e00\u822c\u60c5\u51b5\u4e0b\u8fd4\u56de\u7684\u5c31\u662f servletPath, \u6240\u4ee5\u672c\u6b21\u4e2d\u8fd4\u56de\u7684\u5c31\u662f \/admin\/index.\u6700\u7ec8\u5230\u4e86\/admin\/index \u5bf9\u5e94\u7684requestMapping, \u5982\u6b64\u5c31\u6210\u529f\u5730\u8bbf\u95ee\u4e86\u540e\u53f0\u8bf7\u6c42.<\/p>\n\n\n\n<p class=\"has-medium-font-size\">\u6700\u540e\uff0c\u6211\u4eec\u6765\u6570\u7406\u4e00\u4e0b\u6574\u4e2a\u8bf7\u6c42\u8fc7\u7a0b\uff1a<\/p>\n\n\n\n<ul class=\"has-medium-font-size\"><li>1.\u5ba2\u6237\u7aef\u8bf7\u6c42URL: <code>\/xxxx\/..;\/admin\/index<\/code>\u3002<\/li><li>2.shrio \u5185\u90e8\u5904\u7406\u5f97\u5230\u6821\u9a8cURL\u4e3a <code>\/xxxx\/..<\/code>,\u6821\u9a8c\u901a\u8fc7\u3002<\/li><li>3.springboot \u5904\u7406 <code>\/xxxx\/..;\/admin\/index<\/code> , \u6700\u7ec8\u8bf7\u6c42 <code>\/admin\/index<\/code>, \u6210\u529f\u8bbf\u95ee\u4e86\u540e\u53f0\u8bf7\u6c42\u3002<\/li><\/ul>\n\n\n\n<p class=\"has-medium-font-size\"><div class=\"has-toc have-toc\"><\/div>\u603b\u7ed3<\/p>\n\n\n\n<p class=\"has-medium-font-size\">\u603b\u7684\u6765\u8bf4\uff0c\u8fd9\u4e2a\u6f0f\u6d1e\u8fd8\u662f\u6bd4\u8f83\u7b80\u5355\u7684\uff0c\u867d\u7136\u5927\u90e8\u5206shior\u90fd\u5b58\u5728\u8fd9\u4e2a\u6f0f\u6d1e\uff0c\u4f46\u662f\u5b9e\u7528\u6027\u4e0d\u5927\u3002<\/p>\n\n\n\n<p><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Shiro\u662f\u4e00\u4e2a\u529f\u80fd\u5f3a\u5927\u4e14\u6613\u4e8e\u4f7f\u7528\u7684 Java \u5b89\u5168\u6846\u67b6\uff0c\u53ef\u6267\u884c\u8eab\u4efd\u9a8c\u8bc1\u3001\u6388\u6743\u3001\u52a0\u5bc6\u548c\u4f1a\u8bdd\u7ba1\u7406\u3002\u5728\u5e26\u6709 Spring \u52a8\u6001\u63a7\u5236\u5668\u7684 &#8230;<\/p>","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":true,"template":"","format":"standard","meta":[],"categories":[6],"tags":[],"_links":{"self":[{"href":"https:\/\/axinyi.xuenixiang.com\/index.php\/wp-json\/wp\/v2\/posts\/135"}],"collection":[{"href":"https:\/\/axinyi.xuenixiang.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/axinyi.xuenixiang.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/axinyi.xuenixiang.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/axinyi.xuenixiang.com\/index.php\/wp-json\/wp\/v2\/comments?post=135"}],"version-history":[{"count":9,"href":"https:\/\/axinyi.xuenixiang.com\/index.php\/wp-json\/wp\/v2\/posts\/135\/revisions"}],"predecessor-version":[{"id":155,"href":"https:\/\/axinyi.xuenixiang.com\/index.php\/wp-json\/wp\/v2\/posts\/135\/revisions\/155"}],"wp:attachment":[{"href":"https:\/\/axinyi.xuenixiang.com\/index.php\/wp-json\/wp\/v2\/media?parent=135"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/axinyi.xuenixiang.com\/index.php\/wp-json\/wp\/v2\/categories?post=135"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/axinyi.xuenixiang.com\/index.php\/wp-json\/wp\/v2\/tags?post=135"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}