- Security improvements for chpasswd driver (#1486987)

git-svn-id: https://svn.roundcube.net/trunk@3955 208e9e7b-5314-0410-a742-e7e81cd9613c
author: alec <alec@208e9e7b-5314-0410-a742-e7e81cd9613c> 2010-09-10 08:09:10 +0000
committer: alec <alec@208e9e7b-5314-0410-a742-e7e81cd9613c> 2010-09-10 08:09:10 +0000
commit: feb968189cd74903e653e9e0a657bebcf22e3991 (patch)
tree: b9d63656e7984b6d2e5c1fb97bed42e637e635db /plugins/password/drivers
parent: dafdf25a59ada82149c016ab6cc5f93bf1e53ece (diff)
1 files changed, 7 insertions, 8 deletions
diff --git a/plugins/password/drivers/chpasswd.php b/plugins/password/drivers/chpasswd.php
index ed15a054e..5c6bde2d2 100644
--- a/plugins/password/drivers/chpasswd.php
+++ b/plugins/password/drivers/chpasswd.php
@@ -11,15 +11,16 @@
  * @version 1.0
  * @author Alex Cartwright <acartwright@mutinydesign.co.uk)
  */
- 
+
 function password_save($currpass, $newpass)
 {
-    $cmd = sprintf('echo \'%1$s:%2$s\' | %3$s; echo $?',
-                addcslashes($_SESSION['username'], "'"),
-                addcslashes($newpass, "'"),
-                rcmail::get_instance()->config->get('password_chpasswd_cmd'));
+    $cmd = rcmail::get_instance()->config->get('password_chpasswd_cmd');
+    $username = $_SESSION['username'];
+
+    $handle = popen($cmd, "w");
+    fwrite($handle, "$username:$newpass");
 
-    if (exec($cmd) == 0) {
+    if (pclose($handle) == 0) {
         return PASSWORD_SUCCESS;
     }
     else {
@@ -33,5 +34,3 @@ function password_save($currpass, $newpass)
 
     return PASSWORD_ERROR;
 }
-
-?>
author	alec <alec@208e9e7b-5314-0410-a742-e7e81cd9613c>	2010-09-10 08:09:10 +0000
committer	alec <alec@208e9e7b-5314-0410-a742-e7e81cd9613c>	2010-09-10 08:09:10 +0000
commit	feb968189cd74903e653e9e0a657bebcf22e3991 (patch)
tree	b9d63656e7984b6d2e5c1fb97bed42e637e635db /plugins/password/drivers
parent	dafdf25a59ada82149c016ab6cc5f93bf1e53ece (diff)