prevent unwanted code execution via CURLOPT_POSTFIELDS (again)

10 years ago · dc52ae0b02
parent 6f079094d2
commit dc52ae0b02
1 changed files with 1 additions and 1 deletions
--- a/plugins/password/drivers/domainfactory.php
+++ b/plugins/password/drivers/domainfactory.php
@ -51,7 +51,7 @@ class rcube_domainfactory_password

 				// change password
 				$ch = curl_copy_handle($ch);
-				curl_setopt($ch, CURLOPT_POSTFIELDS, $postfields);
+				curl_setopt($ch, CURLOPT_POSTFIELDS, http_build_query($postfields));
 				if ($result = curl_exec($ch)) {

 					// has the password been changed?