fix: lower-case remote usernames before validation
Fixes a bug where users are saved lowercase but compared mixed-case. Only applies to upstreams that send non-lowercase usernames. No obvious security impact; it results in a unique key violation and not a successful login.
This commit is contained in:
parent
d9ae4204ce
commit
7e5453b3aa
|
@ -45,7 +45,7 @@ class Auth_Remote extends Auth_Base {
|
|||
|
||||
foreach (["REMOTE_USER", "HTTP_REMOTE_USER", "REDIRECT_REMOTE_USER", "PHP_AUTH_USER"] as $hdr) {
|
||||
if (!empty($_SERVER[$hdr])) {
|
||||
$try_login = $_SERVER[$hdr];
|
||||
$try_login = strtolower($_SERVER[$hdr]);
|
||||
break;
|
||||
}
|
||||
}
|
||||
|
|
Loading…
Reference in New Issue