Bugfix haveibeenpwned suffix handling

the-djmaze · the-djmaze · commit 6739ec21c80f · 2024-04-22T15:55:31.000+02:00
diff --git a/plugins/haveibeenpwned/index.php b/plugins/haveibeenpwned/index.php
@@ -51,7 +51,9 @@ public function HibpCheck()
 		}
 
 		$pass = \sha1($oAccount->ImapPass());
-		$response = $HTTP->doRequest('GET', 'https://api.pwnedpasswords.com/range/' . \substr($pass, 0, 5));
+		$prefix = \substr($pass, 0, 5);
+		$suffix = \substr($pass, 5);
+		$response = $HTTP->doRequest('GET', "https://api.pwnedpasswords.com/range/{$prefix}");
 		$passwords = [];
 		foreach (\preg_split('/\\R/', $response->body) as $entry) {
 			if ($entry) {
@@ -61,8 +63,7 @@ public function HibpCheck()
 		}
 
 		return $this->jsonResponse(__FUNCTION__, array(
-			'pwned' => isset($passwords[$pass]) ? $passwords[$pass] : 0,
-//			'passwords' => $passwords,
+			'pwned' => isset($passwords[$suffix]) ? $passwords[$suffix] : 0,
 			'breached' => $breached ? [
 				'request_uri' => $breached->request_uri,
 				'final_uri' => $breached->final_uri,
