Password: Fix security issue in virtualmin and sasl drivers

CHANGELOG

@@ -1,6 +1,9 @@
 CHANGELOG Roundcube Webmail
 ===========================
 
+
+- Password: Fix security issue in virtualmin and sasl drivers
+
 RELEASE 1.0.10
 --------------
 - Strip HTML tags inside CSS style definitions

plugins/password/drivers/sasl.php

@@ -21,7 +21,7 @@ class rcube_sasl_password
     function save($currpass, $newpass)
     {
         $curdir   = RCUBE_PLUGINS_DIR . 'password/helpers';
-        $username = escapeshellcmd($_SESSION['username']);
+        $username = escapeshellarg($_SESSION['username']);
         $args     = rcmail::get_instance()->config->get('password_saslpasswd_args', '');
 
         if ($fh = popen("$curdir/chgsaslpasswd -p $args $username", 'w')) {

plugins/password/drivers/virtualmin.php

@@ -55,9 +55,9 @@ class rcube_virtualmin_password
             $domain = $rcmail->user->get_username('domain');
         }
 
-        $username = escapeshellcmd($username);
-        $domain   = escapeshellcmd($domain);
-        $newpass  = escapeshellcmd($newpass);
+        $username = escapeshellarg($username);
+        $domain   = escapeshellarg($domain);
+        $newpass  = escapeshellarg($newpass);
         $curdir   = RCUBE_PLUGINS_DIR . 'password/helpers';
 
         exec("$curdir/chgvirtualminpasswd modify-user --domain $domain --user $username --pass $newpass", $output, $returnvalue);