From f14ebc65784cea3d9810048950ff874c9540e211 Mon Sep 17 00:00:00 2001 From: djmaze Date: Fri, 12 Nov 2021 10:09:08 +0100 Subject: [PATCH] v2.9.1a forgot to encrypt sProxyAuthPassword --- .../0.0.0/app/libraries/RainLoop/Model/AdditionalAccount.php | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/snappymail/v/0.0.0/app/libraries/RainLoop/Model/AdditionalAccount.php b/snappymail/v/0.0.0/app/libraries/RainLoop/Model/AdditionalAccount.php index a1063473e..2befbb4af 100644 --- a/snappymail/v/0.0.0/app/libraries/RainLoop/Model/AdditionalAccount.php +++ b/snappymail/v/0.0.0/app/libraries/RainLoop/Model/AdditionalAccount.php @@ -38,7 +38,8 @@ class AdditionalAccount extends Account { $sHash = $oMainAccount->CryptKey(); $aData = $this->jsonSerialize(); - $aData[3] = \SnappyMail\Crypt::EncryptUrlSafe($aData[3], $sHash); + $aData[3] = \SnappyMail\Crypt::EncryptUrlSafe($aData[3], $sHash); // sPassword + $aData[6] = \SnappyMail\Crypt::EncryptUrlSafe($aData[6], $sHash); // sProxyAuthPassword $aData[] = \hash_hmac('sha1', $aData[3], $sHash); return $aData; } @@ -55,6 +56,7 @@ class AdditionalAccount extends Account $sParentEmail = \array_pop($aAccountHash); if ($sPasswordHMAC && $sPasswordHMAC === \hash_hmac('sha1', $aAccountHash[3], $sHash)) { $aAccountHash[3] = \SnappyMail\Crypt::DecryptUrlSafe($aAccountHash[3], $sHash); + $aAccountHash[6] = \SnappyMail\Crypt::DecryptUrlSafe($aAccountHash[6], $sHash); } $oAccount = parent::NewInstanceFromTokenArray($oActions, $aAccountHash, $bThrowExceptionOnFalse); if ($oAccount) {