githubFork/roundcubemail.git

			@@ -16,6 +16,7 @@
			- Fix PHP7 warning "session_start(): Session callback expects true/false return value" (#1490624)
			- Fix XSS issue in SVG images handling (#1490625)
			- Fix missing language name in "Add to Dictionary" request in HTML mode (#1490634)
			- Fix (again) security issue in DBMail driver of password plugin [CVE-2015-2181] (#1490643)

			RELEASE 1.2-beta
			----------------

			@@ -40,20 +40,9 @@
			$args = rcmail::get_instance()->config->get('password_dbmail_args', '');
			$command = "$curdir/chgdbmailusers -c $username -w $password $args";

			if (strlen($command) > 1024) {
			rcube::raise_error(array(
			'code' => 600,
			'type' => 'php',
			'file' => __FILE__, 'line' => __LINE__,
			'message' => "Password plugin: The command is too long."
			), true, false);
			exec($command, $output, $return_value);

			return PASSWORD_ERROR;
			}

			exec($command, $output, $returnvalue);

			if ($returnvalue == 0) {
			if ($return_value == 0) {
			return PASSWORD_SUCCESS;
			}
			else {

			@@ -1,5 +1,4 @@
			#include <stdio.h>
			#include <string.h>
			#include <unistd.h>

			// set the UID this script will run as (root user)
			@@ -15,27 +14,10 @@

			main(int argc, char *argv[])
			{
			int cnt,rc,cc;
			char cmnd[1024];

			strcpy(cmnd, CMD);

			if (argc > 1)
			{
			for (cnt = 1; cnt < argc; cnt++)
			{
			strcat(cmnd, " ");
			strcat(cmnd, argv[cnt]);
			}
			}
			else
			{
			fprintf(stderr, "__ %s: failed %d %d\n", argv[0], rc, cc);
			return 255;
			}
			int rc, cc;

			cc = setuid(UID);
			rc = system(cmnd);
			rc = execvp(CMD, argv);

			if ((rc != 0) \|\| (cc != 0))
			{

	CHANGELOG	1 ●●●●● patch \| view \| raw \| blame \| history
	plugins/password/drivers/dbmail.php	15 ●●●●● patch \| view \| raw \| blame \| history
	plugins/password/helpers/chgdbmailusers.c	22 ●●●●● patch \| view \| raw \| blame \| history