Always throw an error when password hashing fails (#8145)

4 years ago · e76752ed62
3 changed files with 7 additions and 13 deletions
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@ -9,6 +9,7 @@
 - Fix converting >1MB of HTML content into plain text (#8137)
 - Fix bug where expanding a group in the recipient input could corrupt the input content (#7569)
 - Fix fatal error/warning on invalid input to user parameter (#8152)
+- Fix changing password with dovecot_passwdfile driver (#8145)

 ## Release 1.5-rc

--- a/plugins/password/drivers/dovecot_passwdfile.php
+++ b/plugins/password/drivers/dovecot_passwdfile.php
@ -40,18 +40,6 @@ class rcube_dovecot_passwdfile_password
        $mailuserfile = $rcmail->config->get('password_dovecot_passwdfile_path') ?: '/etc/mail/imap.passwd';

        $password = password::hash_password($newpass);
-
-        if ($password === false) {
-            rcube::raise_error([
-                    'code' => 600, 'file' => __FILE__, 'line' => __LINE__,
-                    'message' => "Password plugin: Failed to hash password. Check for configuration issues."
-                ],
-                true, false
-            );
-
-            return PASSWORD_ERROR;
-        }
-
        $username = escapeshellcmd($username); // FIXME: Do we need this?
        $content  = '';

--- a/plugins/password/password.php
+++ b/plugins/password/password.php
@ -787,7 +787,12 @@ class password extends rcube_plugin
        }

        if ($crypted === null || $crypted === false) {
-            return false;
+            rcube::raise_error([
+                    'code' => 600, 'file' => __FILE__, 'line' => __LINE__,
+                    'message' => "Password plugin: Failed to hash password ($method). Check for configuration issues."
+                ],
+                true, true
+            );
        }

        if ($prefixed && $prefixed !== true) {