diff options
| author | Till Krüss <me@tillkruess.com> | 2014-02-10 21:32:06 +0530 |
|---|---|---|
| committer | Aleksander Machniak <alec@alec.pl> | 2014-02-10 18:40:49 +0100 |
| commit | 01014a20b92904db6cbc0a39c0f081257243c0c6 (patch) | |
| tree | fbb625732f3f80f0ead3b45de1c5ae557e33deef /plugins | |
| parent | 6fdf1f20729c34083b958b706647f42df37e8bca (diff) | |
prevent unwanted code execution via CURLOPT_POSTFIELDS
Diffstat (limited to 'plugins')
| -rw-r--r-- | plugins/password/drivers/domainfactory.php | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/plugins/password/drivers/domainfactory.php b/plugins/password/drivers/domainfactory.php index 9128720c9..4dbf4b799 100644 --- a/plugins/password/drivers/domainfactory.php +++ b/plugins/password/drivers/domainfactory.php @@ -29,11 +29,11 @@ class rcube_domainfactory_password CURLOPT_RETURNTRANSFER => true, CURLOPT_URL => 'https://ssl.df.eu/chmail.php', CURLOPT_POST => true, - CURLOPT_POSTFIELDS => array( + CURLOPT_POSTFIELDS => http_build_query(array( 'login' => $rcmail->user->get_username(), 'pwd' => $curpass, 'action' => 'change' - ) + )) )); if ($result = curl_exec($ch)) { |