From 037af6890fe6fdb84a08d3c86083e847c90ec0ad Mon Sep 17 00:00:00 2001
From: Aleksander Machniak <alec@alec.pl>
Date: Tue, 22 Oct 2013 08:17:26 -0400
Subject: [PATCH] Fix vulnerability in handling _session argument of utils/save-prefs (#1489382)

---
 plugins/autologon/autologon.php |    5 +++++
 1 files changed, 5 insertions(+), 0 deletions(-)

diff --git a/plugins/autologon/autologon.php b/plugins/autologon/autologon.php
index bc3d2ee..63ffb94 100644
--- a/plugins/autologon/autologon.php
+++ b/plugins/autologon/autologon.php
@@ -3,6 +3,9 @@
 /**
  * Sample plugin to try out some hooks.
  * This performs an automatic login if accessed from localhost
+ *
+ * @license GNU GPLv3+
+ * @author Thomas Bruederli
  */
 class autologon extends rcube_plugin
 {
@@ -31,6 +34,8 @@
       $args['user'] = 'me';
       $args['pass'] = '******';
       $args['host'] = 'localhost';
+      $args['cookiecheck'] = false;
+      $args['valid'] = true;
     }
   
     return $args;

--
Gitblit v1.9.1