From feb968189cd74903e653e9e0a657bebcf22e3991 Mon Sep 17 00:00:00 2001
From: alec <alec@208e9e7b-5314-0410-a742-e7e81cd9613c>
Date: Fri, 10 Sep 2010 08:09:10 +0000
Subject: - Security improvements for chpasswd driver (#1486987)

git-svn-id: https://svn.roundcube.net/trunk@3955 208e9e7b-5314-0410-a742-e7e81cd9613c
---
 plugins/password/drivers/chpasswd.php | 15 +++++++--------
 1 file changed, 7 insertions(+), 8 deletions(-)

(limited to 'plugins/password/drivers/chpasswd.php')

diff --git a/plugins/password/drivers/chpasswd.php b/plugins/password/drivers/chpasswd.php
index ed15a054e..5c6bde2d2 100644
--- a/plugins/password/drivers/chpasswd.php
+++ b/plugins/password/drivers/chpasswd.php
@@ -11,15 +11,16 @@
  * @version 1.0
  * @author Alex Cartwright <acartwright@mutinydesign.co.uk)
  */
- 
+
 function password_save($currpass, $newpass)
 {
-    $cmd = sprintf('echo \'%1$s:%2$s\' | %3$s; echo $?',
-                addcslashes($_SESSION['username'], "'"),
-                addcslashes($newpass, "'"),
-                rcmail::get_instance()->config->get('password_chpasswd_cmd'));
+    $cmd = rcmail::get_instance()->config->get('password_chpasswd_cmd');
+    $username = $_SESSION['username'];
+
+    $handle = popen($cmd, "w");
+    fwrite($handle, "$username:$newpass");
 
-    if (exec($cmd) == 0) {
+    if (pclose($handle) == 0) {
         return PASSWORD_SUCCESS;
     }
     else {
@@ -33,5 +34,3 @@ function password_save($currpass, $newpass)
 
     return PASSWORD_ERROR;
 }
-
-?>
-- 
cgit v1.2.3