diff options
| author | Aleksander Machniak <alec@alec.pl> | 2014-02-10 18:27:50 +0100 |
|---|---|---|
| committer | Aleksander Machniak <alec@alec.pl> | 2014-02-10 18:27:50 +0100 |
| commit | e7881f058ae8a006b16f59937bfcf125df5af486 (patch) | |
| tree | 7a773d136a29517dce4448f1246f107a8fe320bb | |
| parent | 50020473e3c6a2c3e3cb581a89b646585240b7e6 (diff) | |
| parent | 334475a50bcc97a8c326aadff0dcbb61fad40a4f (diff) | |
Merge pull request #166 from tillkruess/master
security fix for domainfactory password plugin driver
| -rw-r--r-- | plugins/password/drivers/domainfactory.php | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/plugins/password/drivers/domainfactory.php b/plugins/password/drivers/domainfactory.php index 9128720c9..4dbf4b799 100644 --- a/plugins/password/drivers/domainfactory.php +++ b/plugins/password/drivers/domainfactory.php @@ -29,11 +29,11 @@ class rcube_domainfactory_password CURLOPT_RETURNTRANSFER => true, CURLOPT_URL => 'https://ssl.df.eu/chmail.php', CURLOPT_POST => true, - CURLOPT_POSTFIELDS => array( + CURLOPT_POSTFIELDS => http_build_query(array( 'login' => $rcmail->user->get_username(), 'pwd' => $curpass, 'action' => 'change' - ) + )) )); if ($result = curl_exec($ch)) { |