fix: lower-case remote usernames before validation

Fixes a bug where users are saved lowercase but compared mixed-case. Only applies to upstreams that send non-lowercase usernames. No obvious security impact; it results in a unique key violation and not a successful login.
This commit is contained in:
disconn3ct 2022-07-08 16:31:15 +03:00
parent d9ae4204ce
commit 7e5453b3aa
1 changed files with 1 additions and 1 deletions

View File

@ -45,7 +45,7 @@ class Auth_Remote extends Auth_Base {
foreach (["REMOTE_USER", "HTTP_REMOTE_USER", "REDIRECT_REMOTE_USER", "PHP_AUTH_USER"] as $hdr) {
if (!empty($_SERVER[$hdr])) {
$try_login = $_SERVER[$hdr];
$try_login = strtolower($_SERVER[$hdr]);
break;
}
}