diff --git a/CHANGELOG b/CHANGELOG index a0434d6c34f..5028bbe2f33 100644 --- a/CHANGELOG +++ b/CHANGELOG @@ -36,6 +36,7 @@ RELEASE 1.3-rc - Fix undesired effects when postgres database uses different timezone than PHP host (#5708) - Installer: Fix DB schema initialization on MS SQL Server - Fix bug where base_dn setting was ignored inside group_filters (#5720) +- Password: Fix security issue in virtualmin and sasl drivers RELEASE 1.3-beta ---------------- diff --git a/plugins/password/drivers/sasl.php b/plugins/password/drivers/sasl.php index f3baef557f9..fcaf7ac3ecc 100644 --- a/plugins/password/drivers/sasl.php +++ b/plugins/password/drivers/sasl.php @@ -36,7 +36,7 @@ class rcube_sasl_password function save($currpass, $newpass) { $curdir = RCUBE_PLUGINS_DIR . 'password/helpers'; - $username = escapeshellcmd($_SESSION['username']); + $username = escapeshellarg($_SESSION['username']); $args = rcmail::get_instance()->config->get('password_saslpasswd_args', ''); if ($fh = popen("$curdir/chgsaslpasswd -p $args $username", 'w')) { diff --git a/plugins/password/drivers/virtualmin.php b/plugins/password/drivers/virtualmin.php index 3001ad9d059..f219eacc679 100644 --- a/plugins/password/drivers/virtualmin.php +++ b/plugins/password/drivers/virtualmin.php @@ -70,9 +70,9 @@ function save($currpass, $newpass) $domain = $rcmail->user->get_username('domain'); } - $username = escapeshellcmd($username); - $domain = escapeshellcmd($domain); - $newpass = escapeshellcmd($newpass); + $username = escapeshellarg($username); + $domain = escapeshellarg($domain); + $newpass = escapeshellarg($newpass); $curdir = RCUBE_PLUGINS_DIR . 'password/helpers'; exec("$curdir/chgvirtualminpasswd modify-user --domain $domain --user $username --pass $newpass", $output, $returnvalue);