From 037af6890fe6fdb84a08d3c86083e847c90ec0ad Mon Sep 17 00:00:00 2001
From: Aleksander Machniak <alec@alec.pl>
Date: Tue, 22 Oct 2013 08:17:26 -0400
Subject: [PATCH] Fix vulnerability in handling _session argument of utils/save-prefs (#1489382)

---
 plugins/password/password.php |    2 +-
 1 files changed, 1 insertions(+), 1 deletions(-)

diff --git a/plugins/password/password.php b/plugins/password/password.php
index 028a58d..806db05 100644
--- a/plugins/password/password.php
+++ b/plugins/password/password.php
@@ -164,7 +164,7 @@
                 // Log password change
                 if ($rcmail->config->get('password_log')) {
                     write_log('password', sprintf('Password changed for user %s (ID: %d) from %s',
-                        $rcmail->user->get_username(), $rcmail->user->ID, rcmail_remote_ip()));
+                        $rcmail->get_user_name(), $rcmail->user->ID, rcmail_remote_ip()));
                 }
             }
             else {

--
Gitblit v1.9.1