tyler.durden
/
pandorafms
mirror of https://github.com/pandorafms/pandorafms.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'ent-5725-Vulnerabilidad' into 'develop' 

fix vulnerability in password recovery

See merge request artica/pandorafms!3175
This commit is contained in:
Daniel Rodriguez 2020-05-20 16:41:42 +02:00
parent 298e3cbdc2 9a66359b3c
commit 3546bbfc73
1 changed files with 5 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
pandora_console/index.php
View File

@ -731,12 +731,13 @@ if (! isset($config['id_user'])) {
$first = (boolean) get_parameter('first', 0);
$reset_hash = get_parameter('reset_hash', '');
if ($correct_pass_change) {
$pass1 = get_parameter_post('pass1');
$pass2 = get_parameter_post('pass2');
$id_user = get_parameter_post('id_user');
if ($correct_pass_change && !empty($pass1) && !empty($pass2) && !empty($id_user)) {
$correct_reset_pass_process = '';
$process_error_message = '';
$pass1 = get_parameter('pass1');
$pass2 = get_parameter('pass2');
$id_user = get_parameter('id_user');
if ($pass1 == $pass2) {
$res = update_user_password($id_user, $pass1);