From 037af6890fe6fdb84a08d3c86083e847c90ec0ad Mon Sep 17 00:00:00 2001
From: Aleksander Machniak <alec@alec.pl>
Date: Tue, 22 Oct 2013 08:17:26 -0400
Subject: [PATCH] Fix vulnerability in handling _session argument of utils/save-prefs (#1489382)
---
plugins/password/drivers/vpopmaild.php | 53 +++++++++++++++++++++++++++++++++++++++++++++++++++++
1 files changed, 53 insertions(+), 0 deletions(-)
diff --git a/plugins/password/drivers/vpopmaild.php b/plugins/password/drivers/vpopmaild.php
new file mode 100644
index 0000000..6c1a9ee
--- /dev/null
+++ b/plugins/password/drivers/vpopmaild.php
@@ -0,0 +1,53 @@
+<?php
+
+/**
+ * vpopmail Password Driver
+ *
+ * Driver to change passwords via vpopmaild
+ *
+ * @version 2.0
+ * @author Johannes Hessellund
+ *
+ */
+
+class rcube_vpopmaild_password
+{
+ function save($curpass, $passwd)
+ {
+ $rcmail = rcmail::get_instance();
+ // include('Net/Socket.php');
+ $vpopmaild = new Net_Socket();
+
+ if (PEAR::isError($vpopmaild->connect($rcmail->config->get('password_vpopmaild_host'),
+ $rcmail->config->get('password_vpopmaild_port'), null))) {
+ return PASSWORD_CONNECT_ERROR;
+ }
+
+ $result = $vpopmaild->readLine();
+ if(!preg_match('/^\+OK/', $result)) {
+ $vpopmaild->disconnect();
+ return PASSWORD_CONNECT_ERROR;
+ }
+
+ $vpopmaild->writeLine("slogin ". $_SESSION['username'] . " " . $curpass);
+ $result = $vpopmaild->readLine();
+
+ if(!preg_match('/^\+OK/', $result) ) {
+ $vpopmaild->writeLine("quit");
+ $vpopmaild->disconnect();
+ return PASSWORD_ERROR;
+ }
+
+ $vpopmaild->writeLine("mod_user ". $_SESSION['username']);
+ $vpopmaild->writeLine("clear_text_password ". $passwd);
+ $vpopmaild->writeLine(".");
+ $result = $vpopmaild->readLine();
+ $vpopmaild->writeLine("quit");
+ $vpopmaild->disconnect();
+
+ if (!preg_match('/^\+OK/', $result))
+ return PASSWORD_ERROR;
+
+ return PASSWORD_SUCCESS;
+ }
+}
--
Gitblit v1.9.1