diff options
| author | Dave Miller <justdave@bugzilla.org> | 2024-08-29 07:03:14 -0400 |
|---|---|---|
| committer | Dave Miller <github@justdave.net> | 2024-09-03 11:41:55 -0400 |
| commit | 004ee037b0f49a549648a84b568188ec49bccac7 (patch) | |
| tree | 68ec324ca3b30c8f39dbfa9ce11fd0d2b1339d2f | |
| parent | 14345241e997c557504c677f8b96a4fab386d731 (diff) | |
| download | bugs-004ee037b0f49a549648a84b568188ec49bccac7.tar bugs-004ee037b0f49a549648a84b568188ec49bccac7.tar.gz bugs-004ee037b0f49a549648a84b568188ec49bccac7.tar.bz2 bugs-004ee037b0f49a549648a84b568188ec49bccac7.tar.xz bugs-004ee037b0f49a549648a84b568188ec49bccac7.zip | |
Bug 1813629: Prevent Auth plugins from authenticating usernames with unicode variants
Co-authored-by: David Lawrence <dkl@mozilla.com>
| -rw-r--r-- | Bugzilla/User.pm | 14 |
1 files changed, 13 insertions, 1 deletions
diff --git a/Bugzilla/User.pm b/Bugzilla/User.pm index 77e6cebb0..e8f4aa77f 100644 --- a/Bugzilla/User.pm +++ b/Bugzilla/User.pm @@ -132,7 +132,19 @@ sub new { $_[0] = $param; } } - return $class->SUPER::new(@_); + + $user = $class->SUPER::new(@_); + + # MySQL considers some non-ascii characters such as umlauts to equal + # ascii characters returning a user when it should not. + if ($user && ref $param eq 'HASH' && exists $param->{name}) { + my $login = $param->{name}; + if (lc $login ne lc $user->login) { + $user = undef; + } + } + + return $user; } sub super_user { |