diff options
author | Till Krüss <me@tillkruess.com> | 2014-02-13 09:40:17 +0530 |
---|---|---|
committer | Till Krüss <me@tillkruess.com> | 2014-02-13 09:40:17 +0530 |
commit | aba993da6afe0668af1863e58061886c6c996e96 (patch) | |
tree | 489f469ee88547a3e85ac7899d2f65d141cf385f /plugins | |
parent | 334475a50bcc97a8c326aadff0dcbb61fad40a4f (diff) |
prevent unwanted code execution via CURLOPT_POSTFIELDS (again)
Diffstat (limited to 'plugins')
-rw-r--r-- | plugins/password/drivers/domainfactory.php | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/plugins/password/drivers/domainfactory.php b/plugins/password/drivers/domainfactory.php index 6e1219869..3351d2fd3 100644 --- a/plugins/password/drivers/domainfactory.php +++ b/plugins/password/drivers/domainfactory.php @@ -51,7 +51,7 @@ class rcube_domainfactory_password // change password $ch = curl_copy_handle($ch); - curl_setopt($ch, CURLOPT_POSTFIELDS, $postfields); + curl_setopt($ch, CURLOPT_POSTFIELDS, http_build_query($postfields)); if ($result = curl_exec($ch)) { // did the new password match the requirements? |