valvin
/
ttrss
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

fix: lower-case remote usernames before validation 

Fixes a bug where users are saved lowercase but compared mixed-case. Only applies to upstreams that send non-lowercase usernames. No obvious security impact; it results in a unique key violation and not a successful login.
This commit is contained in:
disconn3ct 2022-07-08 16:31:15 +03:00
parent d9ae4204ce
commit 7e5453b3aa
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
plugins/auth_remote/init.php
View File

@ -45,7 +45,7 @@ class Auth_Remote extends Auth_Base {
foreach (["REMOTE_USER", "HTTP_REMOTE_USER", "REDIRECT_REMOTE_USER", "PHP_AUTH_USER"] as $hdr) { foreach (["REMOTE_USER", "HTTP_REMOTE_USER", "REDIRECT_REMOTE_USER", "PHP_AUTH_USER"] as $hdr) {
if (!empty($_SERVER[$hdr])) { if (!empty($_SERVER[$hdr])) {
$try_login = $_SERVER[$hdr]; $try_login = strtolower($_SERVER[$hdr]);
break; break;
} }
} }