From 037af6890fe6fdb84a08d3c86083e847c90ec0ad Mon Sep 17 00:00:00 2001
From: Aleksander Machniak <alec@alec.pl>
Date: Tue, 22 Oct 2013 08:17:26 -0400
Subject: [PATCH] Fix vulnerability in handling _session argument of utils/save-prefs (#1489382)

---
 plugins/password/drivers/ldap.php |    6 +++---
 1 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/plugins/password/drivers/ldap.php b/plugins/password/drivers/ldap.php
index def07a1..f773335 100644
--- a/plugins/password/drivers/ldap.php
+++ b/plugins/password/drivers/ldap.php
@@ -85,7 +85,7 @@
 
         // Crypt new samba password
         if ($smbpwattr && !($samba_pass = $this->hashPassword($passwd, 'samba'))) {
-	        return PASSWORD_CRYPT_ERROR;
+            return PASSWORD_CRYPT_ERROR;
         }
 
         // Writing new crypted password to LDAP
@@ -274,8 +274,8 @@
                 $cryptedPassword = hash('md4', rcube_charset_convert($passwordClear, RCMAIL_CHARSET, 'UTF-16LE'));
                 $cryptedPassword = strtoupper($cryptedPassword);
             } else {
-				/* Your PHP install does not have the hash() function */
-				return false;
+                /* Your PHP install does not have the hash() function */
+                return false;
             }
             break;
 

--
Gitblit v1.9.1