From dc52ae0b02caa379a16715cba1554b2494498cb7 Mon Sep 17 00:00:00 2001
From: Till Krüss <me@tillkruess.com>
Date: Thu, 13 Feb 2014 02:04:05 -0500
Subject: [PATCH] prevent unwanted code execution via CURLOPT_POSTFIELDS (again)

---
 plugins/password/drivers/domainfactory.php |    2 +-
 1 files changed, 1 insertions(+), 1 deletions(-)

diff --git a/plugins/password/drivers/domainfactory.php b/plugins/password/drivers/domainfactory.php
index 4dbf4b7..62d9bfc 100644
--- a/plugins/password/drivers/domainfactory.php
+++ b/plugins/password/drivers/domainfactory.php
@@ -51,7 +51,7 @@
 
 				// change password
 				$ch = curl_copy_handle($ch);
-				curl_setopt($ch, CURLOPT_POSTFIELDS, $postfields);
+				curl_setopt($ch, CURLOPT_POSTFIELDS, http_build_query($postfields));
 				if ($result = curl_exec($ch)) {
 
 					// has the password been changed?

--
Gitblit v1.9.1