summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAleksander Machniak <alec@alec.pl>2014-02-10 18:27:50 +0100
committerAleksander Machniak <alec@alec.pl>2014-02-10 18:27:50 +0100
commite7881f058ae8a006b16f59937bfcf125df5af486 (patch)
tree7a773d136a29517dce4448f1246f107a8fe320bb
parent50020473e3c6a2c3e3cb581a89b646585240b7e6 (diff)
parent334475a50bcc97a8c326aadff0dcbb61fad40a4f (diff)
Merge pull request #166 from tillkruess/master
security fix for domainfactory password plugin driver
-rw-r--r--plugins/password/drivers/domainfactory.php4
1 files changed, 2 insertions, 2 deletions
diff --git a/plugins/password/drivers/domainfactory.php b/plugins/password/drivers/domainfactory.php
index 9128720c9..4dbf4b799 100644
--- a/plugins/password/drivers/domainfactory.php
+++ b/plugins/password/drivers/domainfactory.php
@@ -29,11 +29,11 @@ class rcube_domainfactory_password
CURLOPT_RETURNTRANSFER => true,
CURLOPT_URL => 'https://ssl.df.eu/chmail.php',
CURLOPT_POST => true,
- CURLOPT_POSTFIELDS => array(
+ CURLOPT_POSTFIELDS => http_build_query(array(
'login' => $rcmail->user->get_username(),
'pwd' => $curpass,
'action' => 'change'
- )
+ ))
));
if ($result = curl_exec($ch)) {