From dc52ae0b02caa379a16715cba1554b2494498cb7 Mon Sep 17 00:00:00 2001 From: Till Krüss Date: Thu, 13 Feb 2014 09:40:17 +0530 Subject: prevent unwanted code execution via CURLOPT_POSTFIELDS (again) --- plugins/password/drivers/domainfactory.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'plugins') diff --git a/plugins/password/drivers/domainfactory.php b/plugins/password/drivers/domainfactory.php index 4dbf4b799..62d9bfce2 100644 --- a/plugins/password/drivers/domainfactory.php +++ b/plugins/password/drivers/domainfactory.php @@ -51,7 +51,7 @@ class rcube_domainfactory_password // change password $ch = curl_copy_handle($ch); - curl_setopt($ch, CURLOPT_POSTFIELDS, $postfields); + curl_setopt($ch, CURLOPT_POSTFIELDS, http_build_query($postfields)); if ($result = curl_exec($ch)) { // has the password been changed? -- cgit v1.2.3