From bd0551b22076b82a6d49e9f7a2b2e0c90a1b2326 Mon Sep 17 00:00:00 2001
From: Aleksander Machniak <alec@alec.pl>
Date: Fri, 05 Feb 2016 07:25:27 -0500
Subject: [PATCH] Secure also downloads of addressbook exports, managesieve script exports and Enigma keys exports

---
 plugins/password/drivers/directadmin.php |   47 ++++++++++++++++++++++++++++++-----------------
 1 files changed, 30 insertions(+), 17 deletions(-)

diff --git a/plugins/password/drivers/directadmin.php b/plugins/password/drivers/directadmin.php
index 1be14f6..08ade51 100644
--- a/plugins/password/drivers/directadmin.php
+++ b/plugins/password/drivers/directadmin.php
@@ -5,9 +5,23 @@
  *
  * Driver to change passwords via DirectAdmin Control Panel
  *
- * @version 2.0
+ * @version 2.1
  * @author Victor Benincasa <vbenincasa@gmail.com>
  *
+ * Copyright (C) 2005-2013, The Roundcube Dev Team
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program. If not, see http://www.gnu.org/licenses/.
  */
 
 class rcube_directadmin_password
@@ -34,16 +48,16 @@
         $Socket->set_method('POST');
         $Socket->query('/CMD_CHANGE_EMAIL_PASSWORD',
             array(
-                'email' 		=> $da_user,
-                'oldpassword' 	=> $da_curpass,
-                'password1' 	=> $da_newpass,
-                'password2' 	=> $da_newpass,
-                'api' 			=> '1'
+                'email'         => $da_user,
+                'oldpassword'   => $da_curpass,
+                'password1'     => $da_newpass,
+                'password2'     => $da_newpass,
+                'api'           => '1'
             ));
         $response = $Socket->fetch_parsed_body();
 
         //DEBUG
-        //console("Password Plugin: [USER: $da_user] [HOST: $da_host] - Response: [SOCKET: ".$Socket->result_status_code."] [DA ERROR: ".strip_tags($response['error'])."] [TEXT: ".$response[text]."]");
+        //rcube::console("Password Plugin: [USER: $da_user] [HOST: $da_host] - Response: [SOCKET: ".$Socket->result_status_code."] [DA ERROR: ".strip_tags($response['error'])."] [TEXT: ".$response[text]."]");
 
         if($Socket->result_status_code != 200)
             return array('code' => PASSWORD_CONNECT_ERROR, 'message' => $Socket->error[0]);
@@ -62,15 +76,16 @@
  *
  * Very, very basic usage:
  *   $Socket = new HTTPSocket;
- *   echo $Socket->get('http://user:pass@somesite.com/somedir/some.file?query=string&this=that');
+ *   echo $Socket->get('http://user:pass@somehost.com:2222/CMD_API_SOMEAPI?query=string&this=that');
  *
  * @author Phi1 'l0rdphi1' Stier <l0rdphi1@liquenox.net>
+ * @updates 2.7 and 2.8 by Victor Benincasa <vbenincasa @ gmail.com>
  * @package HTTPSocket
- * @version 2.7 (Updated by Victor Benincasa <vbenincasa@gmail.com>)
+ * @version 2.8
  */
 class HTTPSocket {
 
-    var $version = '2.7';
+    var $version = '2.8';
 
     /* all vars are private except $error, $query_cache, and $doFollowLocationHeader */
 
@@ -107,7 +122,7 @@
     {
         if (!is_numeric($port))
         {
-            $port = 80;
+            $port = 2222;
         }
 
         $this->remote_host = $host;
@@ -166,8 +181,8 @@
         $this->error = $this->warn = array();
         $this->result_status_code = NULL;
 
-        // is our request a http:// ... ?
-        if (preg_match('!^http://!i',$request))
+        // is our request a http(s):// ... ?
+        if (preg_match('/^(http|https):\/\//i',$request))
         {
             $location = parse_url($request);
             $this->connect($location['host'],$location['port']);
@@ -185,7 +200,7 @@
 
         $array_headers = array(
             'User-Agent' => "HTTPSocket/$this->version",
-            'Host' => ( $this->remote_port == 80 ? $this->remote_host : "$this->remote_host:$this->remote_port" ),
+            'Host' => ( $this->remote_port == 80 ? parse_url($this->remote_host,PHP_URL_HOST) : parse_url($this->remote_host,PHP_URL_HOST).":".$this->remote_port ),
             'Accept' => '*/*',
             'Connection' => 'Close' );
 
@@ -296,7 +311,6 @@
             $status = socket_get_status($socket);
             $startTime = time();
             $length = 0;
-            $prevSecond = 0;
             while ( !feof($socket) && !$status['timed_out'] )
             {
                 $chunk = fgets($socket,1024);
@@ -447,8 +461,7 @@
     function fetch_header( $header = '' )
     {
         $array_headers = preg_split("/\r\n/",$this->result_header);
-
-        $array_return = array( 0 => $array_headers[0] );
+        $array_return  = array( 0 => $array_headers[0] );
         unset($array_headers[0]);
 
         foreach ( $array_headers as $pair )

--
Gitblit v1.9.1