diff options
| author | disconn3ct <[email protected]> | 2022-07-08 16:31:15 +0300 |
|---|---|---|
| committer | disconn3ct <[email protected]> | 2022-07-08 16:31:15 +0300 |
| commit | 7e5453b3aac94fb0fb1771b4afa8af8d6626e960 (patch) | |
| tree | b4678754967e50e7d6274e4aab5dfa0ff6221e0e /plugins | |
| parent | d9ae4204ce15f5abb47c1352ce3e1611b90010d1 (diff) | |
fix: lower-case remote usernames before validation
Fixes a bug where users are saved lowercase but compared mixed-case. Only applies to upstreams that send non-lowercase usernames. No obvious security impact; it results in a unique key violation and not a successful login.
Diffstat (limited to 'plugins')
| -rw-r--r-- | plugins/auth_remote/init.php | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/plugins/auth_remote/init.php b/plugins/auth_remote/init.php index 3203d41fe..2fb45fdef 100644 --- a/plugins/auth_remote/init.php +++ b/plugins/auth_remote/init.php @@ -45,7 +45,7 @@ class Auth_Remote extends Auth_Base { foreach (["REMOTE_USER", "HTTP_REMOTE_USER", "REDIRECT_REMOTE_USER", "PHP_AUTH_USER"] as $hdr) { if (!empty($_SERVER[$hdr])) { - $try_login = $_SERVER[$hdr]; + $try_login = strtolower($_SERVER[$hdr]); break; } } |