Changeset 3955 in subversion
- Timestamp:
- Sep 10, 2010 4:09:10 AM (3 years ago)
- Location:
- trunk/plugins/password
- Files:
-
- 3 edited
-
README (modified) (1 diff)
-
drivers/chpasswd.php (modified) (2 diffs)
-
package.xml (modified) (3 diffs)
Legend:
- Unmodified
- Added
- Removed
-
trunk/plugins/password/README
r3954 r3955 224 224 the 'chpasswd' command. See config.inc.php file. 225 225 226 Attached wrapper script (chpass-wrapper.py) restricts password changes 227 to uids >= 1000 and can deny requests based on a blacklist. 228 226 229 227 230 2.12. LDAP - no PEAR (ldap_simple) -
trunk/plugins/password/drivers/chpasswd.php
r3533 r3955 12 12 * @author Alex Cartwright <acartwright@mutinydesign.co.uk) 13 13 */ 14 14 15 15 function password_save($currpass, $newpass) 16 16 { 17 $cmd = sprintf('echo \'%1$s:%2$s\' | %3$s; echo $?', 18 addcslashes($_SESSION['username'], "'"), 19 addcslashes($newpass, "'"), 20 rcmail::get_instance()->config->get('password_chpasswd_cmd')); 17 $cmd = rcmail::get_instance()->config->get('password_chpasswd_cmd'); 18 $username = $_SESSION['username']; 21 19 22 if (exec($cmd) == 0) { 20 $handle = popen($cmd, "w"); 21 fwrite($handle, "$username:$newpass"); 22 23 if (pclose($handle) == 0) { 23 24 return PASSWORD_SUCCESS; 24 25 } … … 34 35 return PASSWORD_ERROR; 35 36 } 36 37 ?> -
trunk/plugins/password/package.xml
r3954 r3955 16 16 <active>yes</active> 17 17 </lead> 18 <date> </date>19 <time> </time>18 <date>2010-09-10</date> 19 <time>09:00:00</time> 20 20 <version> 21 21 <release>1.7</release> … … 29 29 <notes> 30 30 - Added XMail driver 31 - Improve security of chpasswd driver using popen instead of exec+echo (#1486987) 32 - Added chpass-wrapper.py script to improve security (#1486987) 31 33 </notes> 32 34 <contents> … … 82 84 <file name="drivers/virtualmin.php" role="php"></file> 83 85 <file name="drivers/ximss.php" role="php"></file> 86 <file name="drivers/xmail.php" role="php"></file> 87 <file name="drivers/chpass-wrapper.py" role="data"></file> 84 88 85 89 <file name="config.inc.php.disc" role="data"></file>
Note: See TracChangeset
for help on using the changeset viewer.
