- Added possibility to encrypt received header, option 'http_received_header_encrypt',

  added some more logic in encrypt/decrypt functions for security


git-svn-id: https://svn.roundcube.net/trunk@2491 208e9e7b-5314-0410-a742-e7e81cd9613c

1 files changed, 2 insertions, 2 deletions

diff --git a/roundcubemail/plugins/sasl_password/sasl_password.php b/roundcubemail/plugins/sasl_password/sasl_password.php
index 3a23557e9..ed1624e71 100644
--- a/roundcubemail/plugins/sasl_password/sasl_password.php
+++ b/roundcubemail/plugins/sasl_password/sasl_password.php
@@ -51,12 +51,12 @@ class sasl_password extends rcube_plugin
       $curpwd = get_input_value('_curpasswd', RCUBE_INPUT_POST);
       $newpwd = get_input_value('_newpasswd', RCUBE_INPUT_POST);
 
-      if ($_SESSION['password'] != $rcmail->encrypt_passwd($curpwd)) {
+      if ($rcmail->decrypt($_SESSION['password']) != $curpwd) {
         $rcmail->output->command('display_message', $this->gettext('passwordincorrect'), 'error');
       }
       else if ($this->_save($newpwd)) {
         $rcmail->output->command('display_message', $this->gettext('successfullysaved'), 'confirmation');
-        $_SESSION['password'] = $rcmail->encrypt_passwd($newpwd);
+        $_SESSION['password'] = $rcmail->encrypt($newpwd);
       }
       else {
         $rcmail->output->command('display_message', $this->gettext('errorsaving'), 'error');