prevent unwanted code execution via CURLOPT_POSTFIELDS

author: Till Krüss <me@tillkruess.com> 2014-02-10 21:32:06 +0530
committer: Aleksander Machniak <alec@alec.pl> 2014-02-10 18:40:49 +0100
commit: 01014a20b92904db6cbc0a39c0f081257243c0c6 (patch)
tree: fbb625732f3f80f0ead3b45de1c5ae557e33deef /plugins/password
parent: 6fdf1f20729c34083b958b706647f42df37e8bca (diff)
1 files changed, 2 insertions, 2 deletions
diff --git a/plugins/password/drivers/domainfactory.php b/plugins/password/drivers/domainfactory.php
index 9128720c9..4dbf4b799 100644
--- a/plugins/password/drivers/domainfactory.php
+++ b/plugins/password/drivers/domainfactory.php
@@ -29,11 +29,11 @@ class rcube_domainfactory_password
 				CURLOPT_RETURNTRANSFER => true,
 				CURLOPT_URL => 'https://ssl.df.eu/chmail.php',
 				CURLOPT_POST => true,
-				CURLOPT_POSTFIELDS => array(
+				CURLOPT_POSTFIELDS => http_build_query(array(
 					'login' => $rcmail->user->get_username(),
 					'pwd' => $curpass,
 					'action' => 'change'
-				)
+				))
 			));
 
 			if ($result = curl_exec($ch)) {
author	Till Krüss <me@tillkruess.com>	2014-02-10 21:32:06 +0530
committer	Aleksander Machniak <alec@alec.pl>	2014-02-10 18:40:49 +0100
commit	01014a20b92904db6cbc0a39c0f081257243c0c6 (patch)
tree	fbb625732f3f80f0ead3b45de1c5ae557e33deef /plugins/password
parent	6fdf1f20729c34083b958b706647f42df37e8bca (diff)