From bd0551b22076b82a6d49e9f7a2b2e0c90a1b2326 Mon Sep 17 00:00:00 2001
From: Aleksander Machniak <alec@alec.pl>
Date: Fri, 05 Feb 2016 07:25:27 -0500
Subject: [PATCH] Secure also downloads of addressbook exports, managesieve script exports and Enigma keys exports

---
 plugins/password/drivers/ximss.php |  112 ++++++++++++++++++++++++++++++--------------------------
 1 files changed, 60 insertions(+), 52 deletions(-)

diff --git a/plugins/password/drivers/ximss.php b/plugins/password/drivers/ximss.php
index 94aba18..54477f7 100644
--- a/plugins/password/drivers/ximss.php
+++ b/plugins/password/drivers/ximss.php
@@ -8,29 +8,46 @@
  *   password_ximss_host - Host name of Communigate server
  *   password_ximss_port - XIMSS port on Communigate server
  *
- *
  * References:
  *   http://www.communigate.com/WebGuide/XMLAPI.html
  *
- * @version 1
+ * @version 2.0
  * @author Erik Meitner <erik wanderings.us>
+ *
+ * Copyright (C) 2005-2013, The Roundcube Dev Team
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program. If not, see http://www.gnu.org/licenses/.
  */
- 
-function password_save($pass, $newpass)
-{
 
-  $rcmail = rcmail::get_instance();
-  
-  $sock = stream_socket_client("tcp://".$rcmail->config->get('password_ximss_host').":".$rcmail->config->get('password_ximss_port'), $errno, $errstr, 30) ;
-  if( $sock === FALSE )
-  {
-    return PASSWORD_CONNECT_ERROR;
-  }
-  
-  // send all requests at once(pipelined)
-  fwrite( $sock, '<login id="A001" authData="'.$_SESSION['username'].'" password="'.$pass.'" />'."\0");
-  fwrite( $sock, '<passwordModify id="A002" oldPassword="'.$pass.'" newPassword="'.$newpass.'"  />'."\0");
-  fwrite( $sock, '<bye id="A003" />'."\0");
+class rcube_ximss_password
+{
+    function save($pass, $newpass)
+    {
+        $rcmail = rcmail::get_instance();
+
+        $host = $rcmail->config->get('password_ximss_host');
+        $port = $rcmail->config->get('password_ximss_port');
+        $sock = stream_socket_client("tcp://$host:$port", $errno, $errstr, 30);
+
+        if ($sock === FALSE) {
+            return PASSWORD_CONNECT_ERROR;
+        }
+
+        // send all requests at once(pipelined)
+        fwrite( $sock, '<login id="A001" authData="'.$_SESSION['username'].'" password="'.$pass.'" />'."\0");
+        fwrite( $sock, '<passwordModify id="A002" oldPassword="'.$pass.'" newPassword="'.$newpass.'"  />'."\0");
+        fwrite( $sock, '<bye id="A003" />'."\0");
 
   //example responses
   //  <session id="A001" urlID="4815-vN2Txjkggy7gjHRD10jw" userName="user@example.com"/>\0
@@ -40,42 +57,33 @@
   // or an error:
   //  <response id="A001" errorText="incorrect password or account name" errorNum="515"/>\0
 
-  $responseblob = '';
-  while (!feof($sock)) {
-    $responseblob .= fgets($sock, 1024);
-  }
+        $responseblob = '';
+        while (!feof($sock)) {
+            $responseblob .= fgets($sock, 1024);
+        }
 
-  fclose($sock);
-  
-  foreach( explode( "\0",$responseblob) as $response )
-  {
-    $resp = simplexml_load_string("<xml>".$response."</xml>");
+        fclose($sock);
 
-    if( $resp->response[0]['id'] == 'A001' )
-    {
-      if( isset( $resp->response[0]['errorNum'] ) )
-      {
-        return PASSWORD_CONNECT_ERROR;
-      }  
-    }
-    else if( $resp->response[0]['id'] == 'A002' )
-    {
-      if( isset( $resp->response[0]['errorNum'] ))
-      {
-        return PASSWORD_ERROR;
-      }  
-    }
-    else if( $resp->response[0]['id'] == 'A003' )
-    {
-      if( isset($resp->response[0]['errorNum'] ))
-      {
-        //There was a problem during logout(This is probably harmless)
-      }  
-    }
-  } //foreach
+        foreach( explode( "\0",$responseblob) as $response ) {
+            $resp = simplexml_load_string("<xml>".$response."</xml>");
 
-  return PASSWORD_SUCCESS;
-  
+            if( $resp->response[0]['id'] == 'A001' ) {
+                if( isset( $resp->response[0]['errorNum'] ) ) {
+                    return PASSWORD_CONNECT_ERROR;
+                }
+            }
+            else if( $resp->response[0]['id'] == 'A002' ) {
+                if( isset( $resp->response[0]['errorNum'] )) {
+                    return PASSWORD_ERROR;
+                }
+            }
+            else if( $resp->response[0]['id'] == 'A003' ) {
+                if( isset($resp->response[0]['errorNum'] )) {
+                    //There was a problem during logout(This is probably harmless)
+                }
+            }
+        } //foreach
+
+        return PASSWORD_SUCCESS;
+    }
 }
-  
-?>
\ No newline at end of file

--
Gitblit v1.9.1