From 78bee8b8b62f1ab4970c0b2b0265c17073ffb2be Mon Sep 17 00:00:00 2001
From: Aleksander Machniak <alec@alec.pl>
Date: Fri, 10 Oct 2014 10:25:52 +0200
Subject: Fix regression in SHAA password generation in ldap driver of password
 plugin (#1490094)

---
 CHANGELOG                         | 1 +
 plugins/password/drivers/ldap.php | 2 +-
 2 files changed, 2 insertions(+), 1 deletion(-)

diff --git a/CHANGELOG b/CHANGELOG
index 90149a37f..d3c9aba90 100644
--- a/CHANGELOG
+++ b/CHANGELOG
@@ -50,6 +50,7 @@ CHANGELOG Roundcube Webmail
 - Fix page title when using search filter (#1490023)
 - Fix mbox files import
 - Fix setting flags on servers with no PERMANENTFLAGS response (#1490087)
+- Fix regression in SHAA password generation in ldap driver of password plugin (#1490094)
 
 RELEASE 1.0.3
 -------------
diff --git a/plugins/password/drivers/ldap.php b/plugins/password/drivers/ldap.php
index acd968723..340dd29f8 100644
--- a/plugins/password/drivers/ldap.php
+++ b/plugins/password/drivers/ldap.php
@@ -277,7 +277,7 @@ class rcube_ldap_password
 
             if (function_exists('mhash') && function_exists('mhash_keygen_s2k')) {
                 $salt     = mhash_keygen_s2k(MHASH_SHA1, $password_clear, $salt, 4);
-                $password = mhash(MHASH_MD5, $password_clear . $salt);
+                $password = mhash(MHASH_SHA1, $password_clear . $salt);
             }
             else if (function_exists('sha1')) {
                 $salt     = substr(pack("H*", sha1($salt . $password_clear)), 0, 4);
-- 
cgit v1.2.3