summaryrefslogtreecommitdiff
path: root/plugins/password/drivers
diff options
context:
space:
mode:
authorTill Krüss <me@tillkruess.com>2014-02-10 21:32:06 +0530
committerTill Krüss <me@tillkruess.com>2014-02-10 21:32:06 +0530
commit334475a50bcc97a8c326aadff0dcbb61fad40a4f (patch)
tree6bf6af14e33f7207f28597e2eb5750cdb4aa7468 /plugins/password/drivers
parent0f4c9b850f665f0fdafb00809b4b9f100c59f331 (diff)
prevent unwanted code execution via CURLOPT_POSTFIELDS
Diffstat (limited to 'plugins/password/drivers')
-rw-r--r--plugins/password/drivers/domainfactory.php4
1 files changed, 2 insertions, 2 deletions
diff --git a/plugins/password/drivers/domainfactory.php b/plugins/password/drivers/domainfactory.php
index e253faa49..6e1219869 100644
--- a/plugins/password/drivers/domainfactory.php
+++ b/plugins/password/drivers/domainfactory.php
@@ -29,11 +29,11 @@ class rcube_domainfactory_password
CURLOPT_RETURNTRANSFER => true,
CURLOPT_URL => 'https://ssl.df.eu/chmail.php',
CURLOPT_POST => true,
- CURLOPT_POSTFIELDS => array(
+ CURLOPT_POSTFIELDS => http_build_query(array(
'login' => $rcmail->user->get_username(),
'pwd' => $curpass,
'action' => 'change'
- )
+ ))
));
if ($result = curl_exec($ch)) {
generated by cgit v1.2.3 (git 2.51.0) at 2025-10-31 14:51:37 +0000