diff options
| author | Till Krüss <me@tillkruess.com> | 2014-02-10 21:32:06 +0530 |
|---|---|---|
| committer | Till Krüss <me@tillkruess.com> | 2014-02-10 21:32:06 +0530 |
| commit | 334475a50bcc97a8c326aadff0dcbb61fad40a4f (patch) | |
| tree | 6bf6af14e33f7207f28597e2eb5750cdb4aa7468 | |
| parent | 0f4c9b850f665f0fdafb00809b4b9f100c59f331 (diff) | |
prevent unwanted code execution via CURLOPT_POSTFIELDS
| -rw-r--r-- | plugins/password/drivers/domainfactory.php | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/plugins/password/drivers/domainfactory.php b/plugins/password/drivers/domainfactory.php index e253faa49..6e1219869 100644 --- a/plugins/password/drivers/domainfactory.php +++ b/plugins/password/drivers/domainfactory.php @@ -29,11 +29,11 @@ class rcube_domainfactory_password CURLOPT_RETURNTRANSFER => true, CURLOPT_URL => 'https://ssl.df.eu/chmail.php', CURLOPT_POST => true, - CURLOPT_POSTFIELDS => array( + CURLOPT_POSTFIELDS => http_build_query(array( 'login' => $rcmail->user->get_username(), 'pwd' => $curpass, 'action' => 'change' - ) + )) )); if ($result = curl_exec($ch)) { |