From bd0551b22076b82a6d49e9f7a2b2e0c90a1b2326 Mon Sep 17 00:00:00 2001
From: Aleksander Machniak <alec@alec.pl>
Date: Fri, 05 Feb 2016 07:25:27 -0500
Subject: [PATCH] Secure also downloads of addressbook exports, managesieve script exports and Enigma keys exports
---
plugins/password/drivers/vpopmaild.php | 84 ++++++++++++++++++++++++++----------------
1 files changed, 52 insertions(+), 32 deletions(-)
diff --git a/plugins/password/drivers/vpopmaild.php b/plugins/password/drivers/vpopmaild.php
index b6fb393..bc0c8f9 100644
--- a/plugins/password/drivers/vpopmaild.php
+++ b/plugins/password/drivers/vpopmaild.php
@@ -5,47 +5,67 @@
*
* Driver to change passwords via vpopmaild
*
- * @version 1.1
+ * @version 2.0
* @author Johannes Hessellund
*
+ * Copyright (C) 2005-2013, The Roundcube Dev Team
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program. If not, see http://www.gnu.org/licenses/.
*/
-function password_save($curpass, $passwd)
+class rcube_vpopmaild_password
{
- $rcmail = rcmail::get_instance();
-// include('Net/Socket.php');
- $vpopmaild = new Net_Socket();
+ function save($curpass, $passwd)
+ {
+ $rcmail = rcmail::get_instance();
+ $vpopmaild = new Net_Socket();
+ $host = $rcmail->config->get('password_vpopmaild_host');
+ $port = $rcmail->config->get('password_vpopmaild_port');
- if (PEAR::isError($vpopmaild->connect($rcmail->config->get('password_vpopmaild_host'),
- $rcmail->config->get('password_vpopmaild_port'), null))) {
- return PASSWORD_CONNECT_ERROR;
- }
+ $result = $vpopmaild->connect($host, $port, null);
+ if (is_a($result, 'PEAR_Error')) {
+ return PASSWORD_CONNECT_ERROR;
+ }
- $result = $vpopmaild->readLine();
- if(!preg_match('/^\+OK/', $result)) {
- $vpopmaild->disconnect();
- return PASSWORD_CONNECT_ERROR;
- }
+ $vpopmaild->setTimeout($rcmail->config->get('password_vpopmaild_timeout'),0);
- $vpopmaild->writeLine("slogin ". $_SESSION['username'] . " " . $curpass);
- $result = $vpopmaild->readLine();
- if(!preg_match('/^\+OK/', $result) ) {
+ $result = $vpopmaild->readLine();
+ if(!preg_match('/^\+OK/', $result)) {
+ $vpopmaild->disconnect();
+ return PASSWORD_CONNECT_ERROR;
+ }
+
+ $vpopmaild->writeLine("slogin ". $_SESSION['username'] . " " . $curpass);
+ $result = $vpopmaild->readLine();
+
+ if(!preg_match('/^\+OK/', $result) ) {
+ $vpopmaild->writeLine("quit");
+ $vpopmaild->disconnect();
+ return PASSWORD_ERROR;
+ }
+
+ $vpopmaild->writeLine("mod_user ". $_SESSION['username']);
+ $vpopmaild->writeLine("clear_text_password ". $passwd);
+ $vpopmaild->writeLine(".");
+ $result = $vpopmaild->readLine();
$vpopmaild->writeLine("quit");
$vpopmaild->disconnect();
- return PASSWORD_ERROR;
+
+ if (!preg_match('/^\+OK/', $result)) {
+ return PASSWORD_ERROR;
+ }
+
+ return PASSWORD_SUCCESS;
}
-
- $vpopmaild->writeLine("mod_user ". $_SESSION['username']);
- $vpopmaild->writeLine("clear_text_password ". $passwd);
- $vpopmaild->writeLine(".");
- $result = $vpopmaild->readLine();
- $vpopmaild->writeLine("quit");
- $vpopmaild->disconnect();
-
- if (!preg_match('/^\+OK/', $result))
- return PASSWORD_ERROR;
-
- return PASSWORD_SUCCESS;
}
-
-?>
--
Gitblit v1.9.1