TALOS-2023-1897

CVE-2023-50172
2025-10-03 01:39:24 +02:00 · 2023-12-18 12:58:54 -03:00 · 2023-12-18 12:58:54 -03:00 · aca09187c6
commit aca09187c6
parent 7516d9b33c
2 changed files with 15 additions and 9 deletions
--- a/objects/userRecoverPass.php
+++ b/objects/userRecoverPass.php
@ -34,11 +34,10 @@ if (!(!empty($_REQUEST['user']) && !empty($_REQUEST['recoverpass']))) {
        if (empty($_REQUEST['captcha'])) {
            $obj->error = __("Captcha is empty");
        } else {
-            if ($user->save()) {
-                require_once 'captcha.php';
-                $valid = Captcha::validation($_REQUEST['captcha']);
-                if ($valid) {
-
+            require_once 'captcha.php';
+            $valid = Captcha::validation($_REQUEST['captcha']);
+            if ($valid) {
+                if ($user->save()) {
                    $url = "{$global['webSiteRootURL']}recoverPass";
                    $url = addQueryStringParameter($url, 'user', $_REQUEST['user']);
                    $url = addQueryStringParameter($url, 'recoverpass', $recoverPass);
@ -56,11 +55,11 @@ if (!(!empty($_REQUEST['user']) && !empty($_REQUEST['recoverpass']))) {
                        $obj->success = __("Message sent");
                    }
                } else {
-                    $obj->error = __("Your code is not valid");
-                    $obj->reloadCaptcha = true;
+                    $obj->error = __("Recover password could not be saved!");
                }
            } else {
-                $obj->error = __("Recover password could not be saved!");
+                $obj->error = __("Your code is not valid");
+                $obj->reloadCaptcha = true;
            }
        }
    } else {
@ -153,5 +152,6 @@ if (!(!empty($_REQUEST['user']) && !empty($_REQUEST['recoverpass']))) {
    </script>

 <?php
-    $_page->print();exit;
+    $_page->print();
+    exit;
 }
--- a/plugin/Cache/Objects/CachesInDB.php
+++ b/plugin/Cache/Objects/CachesInDB.php
@ -345,10 +345,16 @@ class CachesInDB extends ObjectYPT
        if (!static::isTableInstalled()) {
            return false;
        }
+        /*
        $sql = "TRUNCATE TABLE " . static::getTableName() . " ";
        $global['lastQuery'] = $sql;
        //_error_log("Delete Query: ".$sql);
        return sqlDAL::writeSql($sql);
+        */
+        $sql = 'DROP TABLE IF EXISTS `CachesInDB`';
+        sqlDal::writeSql($sql);
+        $file = $global['systemRootPath'] . 'plugin/Cache/install/install.sql';
+        return sqlDal::executeFile($file);
    }

    public static function encodeContent($content)