summaryrefslogtreecommitdiff
path: root/plugins/password
diff options
context:
space:
mode:
authorTill Krüss <me@tillkruess.com>2014-02-13 09:40:17 +0530
committerAleksander Machniak <alec@alec.pl>2014-02-13 08:04:05 +0100
commitdc52ae0b02caa379a16715cba1554b2494498cb7 (patch)
treedc1fe80837e681ede49fd1466fcc2b4cb2c0b4a9 /plugins/password
parent6f079094d261a1f448da9cd03266b3f61821a67a (diff)
prevent unwanted code execution via CURLOPT_POSTFIELDS (again)
Diffstat (limited to 'plugins/password')
-rw-r--r--plugins/password/drivers/domainfactory.php2
1 files changed, 1 insertions, 1 deletions
diff --git a/plugins/password/drivers/domainfactory.php b/plugins/password/drivers/domainfactory.php
index 4dbf4b799..62d9bfce2 100644
--- a/plugins/password/drivers/domainfactory.php
+++ b/plugins/password/drivers/domainfactory.php
@@ -51,7 +51,7 @@ class rcube_domainfactory_password
// change password
$ch = curl_copy_handle($ch);
- curl_setopt($ch, CURLOPT_POSTFIELDS, $postfields);
+ curl_setopt($ch, CURLOPT_POSTFIELDS, http_build_query($postfields));
if ($result = curl_exec($ch)) {
// has the password been changed?