From bd0551b22076b82a6d49e9f7a2b2e0c90a1b2326 Mon Sep 17 00:00:00 2001
From: Aleksander Machniak <alec@alec.pl>
Date: Fri, 05 Feb 2016 07:25:27 -0500
Subject: [PATCH] Secure also downloads of addressbook exports, managesieve script exports and Enigma keys exports

---
 plugins/password/drivers/cpanel.php |   47 +++++++++++++++++++++++++++++++++--------------
 1 files changed, 33 insertions(+), 14 deletions(-)

diff --git a/plugins/password/drivers/cpanel.php b/plugins/password/drivers/cpanel.php
index b71c33e..9446fde 100644
--- a/plugins/password/drivers/cpanel.php
+++ b/plugins/password/drivers/cpanel.php
@@ -15,6 +15,21 @@
  *
  * @version 3.0
  * @author Christian Chech <christian@chech.fr>
+ *
+ * Copyright (C) 2005-2013, The Roundcube Dev Team
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program. If not, see http://www.gnu.org/licenses/.
  */
 
 class rcube_cpanel_password
@@ -34,20 +49,16 @@
         $this->xmlapi->set_output('json');
         $this->xmlapi->set_debug(0);
 
-        if ($this->setPassword($_SESSION['username'], $newpass)) {
-            return PASSWORD_SUCCESS;
-        }
-        else {
-            return PASSWORD_ERROR;
-        }
+        return $this->setPassword($_SESSION['username'], $newpass);
     }
 
     /**
      * Change email account password
      *
-     * Returns true on success or false on failure.
-     * @param string $password email account password
-     * @return bool
+     * @param string $address  Email address/username
+     * @param string $password Email account password
+     *
+     * @return int|array Operation status
      */
     function setPassword($address, $password)
     {
@@ -60,13 +71,21 @@
 
         $data['password'] = $password;
 
-        $query = $this->xmlapi->api2_query($this->cuser, 'Email', 'passwdpop', $data);
-        $query = json_decode($query, true);
+        $query  = $this->xmlapi->api2_query($this->cuser, 'Email', 'passwdpop', $data);
+        $query  = json_decode($query, true);
+        $result = $query['cpanelresult']['data'][0];
 
-        if ($query['cpanelresult']['data'][0]['result'] == 1) {
-            return true;
+        if ($result['result'] == 1) {
+            return PASSWORD_SUCCESS;
         }
 
-        return false;
+        if ($result['reason']) {
+            return array(
+                'code'    => PASSWORD_ERROR,
+                'message' => $result['reason'],
+            );
+        }
+
+        return PASSWORD_ERROR;
     }
 }

--
Gitblit v1.9.1