yetangitu/Oinktube
1
0
Fork 0
mirror of https://github.com/DanielnetoDotCom/YouPHPTube synced 2025-10-03 09:49:28 +02:00
Code Issues Releases Wiki Activity

TALOS-2023-1897

Browse source 
CVE-2023-50172
This commit is contained in:
Daniel Neto 2023-12-18 12:58:54 -03:00
parent 7516d9b33c
commit aca09187c6
2 changed files with 15 additions and 9 deletions
Download patch file Download diff file Expand all files Collapse all files

12
objects/userRecoverPass.php
View file

@ -34,11 +34,10 @@ if (!(!empty($_REQUEST['user']) && !empty($_REQUEST['recoverpass']))) {
if (empty($_REQUEST['captcha'])) { if (empty($_REQUEST['captcha'])) {
$obj->error = __("Captcha is empty"); $obj->error = __("Captcha is empty");
} else { } else {
if ($user->save()) {
require_once 'captcha.php'; require_once 'captcha.php';
$valid = Captcha::validation($_REQUEST['captcha']); $valid = Captcha::validation($_REQUEST['captcha']);
if ($valid) { if ($valid) {
if ($user->save()) {
$url = "{$global['webSiteRootURL']}recoverPass"; $url = "{$global['webSiteRootURL']}recoverPass";
$url = addQueryStringParameter($url, 'user', $_REQUEST['user']); $url = addQueryStringParameter($url, 'user', $_REQUEST['user']);
$url = addQueryStringParameter($url, 'recoverpass', $recoverPass); $url = addQueryStringParameter($url, 'recoverpass', $recoverPass);
@ -56,11 +55,11 @@ if (!(!empty($_REQUEST['user']) && !empty($_REQUEST['recoverpass']))) {
$obj->success = __("Message sent"); $obj->success = __("Message sent");
} }
} else { } else {
$obj->error = __("Your code is not valid"); $obj->error = __("Recover password could not be saved!");
$obj->reloadCaptcha = true;
} }
} else { } else {
$obj->error = __("Recover password could not be saved!"); $obj->error = __("Your code is not valid");
$obj->reloadCaptcha = true;
} }
} }
} else { } else {
@ -153,5 +152,6 @@ if (!(!empty($_REQUEST['user']) && !empty($_REQUEST['recoverpass']))) {
</script> </script>
<?php <?php
$_page->print();exit; $_page->print();
exit;
} }

6
plugin/Cache/Objects/CachesInDB.php
View file

@ -345,10 +345,16 @@ class CachesInDB extends ObjectYPT
if (!static::isTableInstalled()) { if (!static::isTableInstalled()) {
return false; return false;
} }
/*
$sql = "TRUNCATE TABLE " . static::getTableName() . " "; $sql = "TRUNCATE TABLE " . static::getTableName() . " ";
$global['lastQuery'] = $sql; $global['lastQuery'] = $sql;
//_error_log("Delete Query: ".$sql); //_error_log("Delete Query: ".$sql);
return sqlDAL::writeSql($sql); return sqlDAL::writeSql($sql);
*/
$sql = 'DROP TABLE IF EXISTS `CachesInDB`';
sqlDal::writeSql($sql);
$file = $global['systemRootPath'] . 'plugin/Cache/install/install.sql';
return sqlDal::executeFile($file);
} }
public static function encodeContent($content) public static function encodeContent($content)