From bd0551b22076b82a6d49e9f7a2b2e0c90a1b2326 Mon Sep 17 00:00:00 2001
From: Aleksander Machniak <alec@alec.pl>
Date: Fri, 05 Feb 2016 07:25:27 -0500
Subject: [PATCH] Secure also downloads of addressbook exports, managesieve script exports and Enigma keys exports

---
 plugins/password/drivers/sasl.php |   61 ++++++++++++++++++++----------
 1 files changed, 40 insertions(+), 21 deletions(-)

diff --git a/plugins/password/drivers/sasl.php b/plugins/password/drivers/sasl.php
index 3613334..f3baef5 100644
--- a/plugins/password/drivers/sasl.php
+++ b/plugins/password/drivers/sasl.php
@@ -7,35 +7,54 @@
  * The code is derrived from the Squirrelmail "Change SASL Password" Plugin
  * by Galen Johnson.
  *
- * It only works with saslpasswd2 on the same host where RoundCube runs
+ * It only works with saslpasswd2 on the same host where Roundcube runs
  * and requires shell access and gcc in order to compile the binary.
  *
  * For installation instructions please read the README file.
  *
- * @version 1.0
+ * @version 2.0
  * @author Thomas Bruederli
+ *
+ * Copyright (C) 2005-2013, The Roundcube Dev Team
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program. If not, see http://www.gnu.org/licenses/.
  */
- 
-function password_save($currpass, $newpass)
+
+class rcube_sasl_password
 {
-    $curdir = realpath(dirname(__FILE__));
-    $username = escapeshellcmd($_SESSION['username']);
+    function save($currpass, $newpass)
+    {
+        $curdir   = RCUBE_PLUGINS_DIR . 'password/helpers';
+        $username = escapeshellcmd($_SESSION['username']);
+        $args     = rcmail::get_instance()->config->get('password_saslpasswd_args', '');
 
-    if ($fh = popen("$curdir/chgsaslpasswd -p $username", 'w')) {
-	fwrite($fh, $newpass."\n");
-        $code = pclose($fh);
+        if ($fh = popen("$curdir/chgsaslpasswd -p $args $username", 'w')) {
+            fwrite($fh, $newpass."\n");
+            $code = pclose($fh);
 
-	if($code == 0)
-    	    return PASSWORD_SUCCESS;
-    } else 
-	raise_error(array(
-            'code' => 600,
-	    'type' => 'php',
-	    'file' = __FILE__,
-	    'message' => "Password plugin: Unable to execute $curdir/chgsaslpasswd"
-	), true, false);				    
+            if ($code == 0)
+                return PASSWORD_SUCCESS;
+        }
+        else {
+            rcube::raise_error(array(
+                'code' => 600,
+                'type' => 'php',
+                'file' => __FILE__, 'line' => __LINE__,
+                'message' => "Password plugin: Unable to execute $curdir/chgsaslpasswd"
+                ), true, false);
+        }
 
-    return PASSWORD_ERROR;
+        return PASSWORD_ERROR;
+    }
 }
-
-?>

--
Gitblit v1.9.1