From e240e5f8ddabaea072f7c789275892dbfca5bcaa Mon Sep 17 00:00:00 2001 From: Aleksander Machniak Date: Sun, 27 Nov 2016 14:27:23 +0100 Subject: [PATCH] CS fixes and update changelog --- CHANGELOG | 1 + plugins/password/password.php | 12 +++++++++--- 2 files changed, 10 insertions(+), 3 deletions(-) diff --git a/CHANGELOG b/CHANGELOG index 07d5a6fd9..5c0170fee 100644 --- a/CHANGELOG +++ b/CHANGELOG @@ -13,6 +13,7 @@ CHANGELOG Roundcube Webmail - Display error when trying to upload more files than specified in max_file_uploads (#5483) - Add missing sql upgrade file for 'ip' column resize in session table (#5465) - Do not show inline images of unsupported mimetype (#5463) +- Password: Don't store passwords in temp files when using dovecotpw (#5531) - Password: Added LDAP PPolicy driver (#5364) - Password: Added possibility to nicely redirect from other plugins on password expiration (#5468) - Implement separate action to mark all messages in a folder as \Seen (#5006) diff --git a/plugins/password/password.php b/plugins/password/password.php index 22f28df71..d4b40063d 100644 --- a/plugins/password/password.php +++ b/plugins/password/password.php @@ -598,14 +598,20 @@ class password extends rcube_plugin $method = 'CRAM-MD5'; } - $pipe = proc_open("$dovecotpw -s '$method'", array(0 => array('pipe', 'r'), 1 => array('pipe', 'w'), 2 => array('file', '/dev/null', 'a')), $pipes); - if (!is_resource($pipe)) return false; + $spec = array(0 => array('pipe', 'r'), 1 => array('pipe', 'w'), 2 => array('file', '/dev/null', 'a')); + $pipe = proc_open("$dovecotpw -s '$method'", $spec, $pipes); + + if (!is_resource($pipe)) { + return false; + } fwrite($pipes[0], $password . "\n", 1+strlen($password)); usleep(1000); fwrite($pipes[0], $password . "\n", 1+strlen($password)); - fclose($pipes[0]); + $crypted = trim(stream_get_contents($pipes[1]), "\n"); + + fclose($pipes[0]); fclose($pipes[1]); proc_close($pipe);