From aba993da6afe0668af1863e58061886c6c996e96 Mon Sep 17 00:00:00 2001
From: Till Krüss <me@tillkruess.com>
Date: Wed, 12 Feb 2014 23:10:17 -0500
Subject: [PATCH] prevent unwanted code execution via CURLOPT_POSTFIELDS (again)

---
 plugins/password/drivers/domainfactory.php |    2 +-
 1 files changed, 1 insertions(+), 1 deletions(-)

diff --git a/plugins/password/drivers/domainfactory.php b/plugins/password/drivers/domainfactory.php
index 6e12198..3351d2f 100644
--- a/plugins/password/drivers/domainfactory.php
+++ b/plugins/password/drivers/domainfactory.php
@@ -51,7 +51,7 @@
 
 				// change password
 				$ch = curl_copy_handle($ch);
-				curl_setopt($ch, CURLOPT_POSTFIELDS, $postfields);
+				curl_setopt($ch, CURLOPT_POSTFIELDS, http_build_query($postfields));
 				if ($result = curl_exec($ch)) {
 
 					// did the new password match the requirements?

--
Gitblit v1.9.1