fix: lower-case remote usernames before validation

Fixes a bug where users are saved lowercase but compared mixed-case. Only applies to upstreams that send non-lowercase usernames. No obvious security impact; it results in a unique key violation and not a successful login.
2022-07-08 16:31:15 +03:00 · 2022-07-08 16:31:15 +03:00 · 7e5453b3aa
parent d9ae4204ce
commit 7e5453b3aa
1 changed files with 1 additions and 1 deletions
--- a/plugins/auth_remote/init.php
+++ b/plugins/auth_remote/init.php
@ -45,7 +45,7 @@ class Auth_Remote extends Auth_Base {

 		foreach (["REMOTE_USER", "HTTP_REMOTE_USER", "REDIRECT_REMOTE_USER", "PHP_AUTH_USER"] as $hdr) {
 			if (!empty($_SERVER[$hdr])) {
-				$try_login = $_SERVER[$hdr];
+				$try_login = strtolower($_SERVER[$hdr]);
 				break;
 			}
 		}