banananetwork
/
roundcubemail
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Do not store passwords on disk - use proc_open instead of popen (#5531)

Browse Source
pull/5657/head
KaloNK 8 years ago committed by Aleksander Machniak
parent 581c41ca67
commit d41db75d82
1 changed files with 19 additions and 26 deletions
Show Stats Download Patch File Download Diff File

45
plugins/password/password.php
Unescape Escape View File

@ -598,38 +598,31 @@ class password extends rcube_plugin
$method = 'CRAM-MD5';
}
// use common temp dir
$tmp_dir = $rcmail->config->get('temp_dir');
$tmpfile = tempnam($tmp_dir, 'roundcube-');
$pipe = popen("$dovecotpw -s '$method' > '$tmpfile'", "w");
if (!$pipe) {
unlink($tmpfile);
$pipe = proc_open("$dovecotpw -s '$method'", array(0 => array('pipe', 'r'), 1 => array('pipe', 'w'), 2 => array('file', '/dev/null', 'a')), $pipes);
if (!is_resource($pipe)) return false;
fwrite($pipes[0], $password . "\n", 1+strlen($password));
usleep(1000);
fwrite($pipes[0], $password . "\n", 1+strlen($password));
fclose($pipes[0]);
$crypted = trim(stream_get_contents($pipes[1]), "\n");
fclose($pipes[1]);
proc_close($pipe);
if (!preg_match('/^\{' . $method . '\}/', $crypted)) {
return false;
}
else {
fwrite($pipe, $password . "\n", 1+strlen($password)); usleep(1000);
fwrite($pipe, $password . "\n", 1+strlen($password));
pclose($pipe);
$crypted = trim(file_get_contents($tmpfile), "\n");
unlink($tmpfile);
if (!preg_match('/^\{' . $method . '\}/', $crypted)) {
return false;
}
if (!$default) {
$prefixed = (bool) $rcmail->config->get('password_dovecotpw_with_method');
}
if (!$prefixed) {
$crypted = trim(str_replace('{' . $method . '}', '', $crypted));
}
if (!$default) {
$prefixed = (bool) $rcmail->config->get('password_dovecotpw_with_method');
}
$prefixed = false;
if (!$prefixed) {
$crypted = trim(str_replace('{' . $method . '}', '', $crypted));
}
$prefixed = false;
break;
case 'hash': // deprecated

Write Preview
Loading…
Cancel
Save