From bd0551b22076b82a6d49e9f7a2b2e0c90a1b2326 Mon Sep 17 00:00:00 2001
From: Aleksander Machniak <alec@alec.pl>
Date: Fri, 05 Feb 2016 07:25:27 -0500
Subject: [PATCH] Secure also downloads of addressbook exports, managesieve script exports and Enigma keys exports

---
 plugins/password/drivers/virtualmin.php |   28 +++++++++++++++++++++-------
 1 files changed, 21 insertions(+), 7 deletions(-)

diff --git a/plugins/password/drivers/virtualmin.php b/plugins/password/drivers/virtualmin.php
index d2b765a..3001ad9 100644
--- a/plugins/password/drivers/virtualmin.php
+++ b/plugins/password/drivers/virtualmin.php
@@ -12,14 +12,28 @@
  *
  * @version 3.0
  * @author Martijn de Munnik
+ *
+ * Copyright (C) 2005-2013, The Roundcube Dev Team
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program. If not, see http://www.gnu.org/licenses/.
  */
 
 class rcube_virtualmin_password
 {
     function save($currpass, $newpass)
     {
-        $rcmail = rcmail::get_instance();
-
+        $rcmail   = rcmail::get_instance();
         $format   = $rcmail->config->get('password_virtualmin_format', 0);
         $username = $_SESSION['username'];
 
@@ -48,12 +62,12 @@
             $pieces = explode("_", $username);
             $domain = $pieces[0];
             break;
-        case 8: // domain taken from alias, username left as it was
-            $email = $rcmail->user->data['alias'];
-            $domain = substr(strrchr($email, "@"), 1);
-            break;
         default: // username@domain
             $domain = substr(strrchr($username, "@"), 1);
+        }
+
+        if (!$domain) {
+            $domain = $rcmail->user->get_username('domain');
         }
 
         $username = escapeshellcmd($username);
@@ -67,7 +81,7 @@
             return PASSWORD_SUCCESS;
         }
         else {
-            raise_error(array(
+            rcube::raise_error(array(
                 'code' => 600,
                 'type' => 'php',
                 'file' => __FILE__, 'line' => __LINE__,

--
Gitblit v1.9.1