Bug 1813629: Prevent Auth plugins from authenticating usernames with unicode variants

author Dave Miller <justdave@bugzilla.org>

Thu, 29 Aug 2024 11:02:47 +0000 (07:02 -0400)

committer Dave Miller <github@justdave.net>

Tue, 3 Sep 2024 14:45:24 +0000 (10:45 -0400)
author Dave Miller <justdave@bugzilla.org>
Thu, 29 Aug 2024 11:02:47 +0000 (07:02 -0400)
committer Dave Miller <github@justdave.net>
Tue, 3 Sep 2024 14:45:24 +0000 (10:45 -0400)
diff --git a/Bugzilla/User.pm b/Bugzilla/User.pm

index 89fa20026bbb877161fab919f1af06d1d54af5e6..a6a47fc2996c5ea6d767d6ed2d8ecf7e94f847d8 100644 (file)
--- a/Bugzilla/User.pm
+++ b/Bugzilla/User.pm
@@ -132,7 +132,19 @@ sub new {
              $_[0] = $param;
          }
      }
-    return $class->SUPER::new(@_);
+
+    $user = $class->SUPER::new(@_);
+
+    # MySQL considers some non-ascii characters such as umlauts to equal
+    # ascii characters returning a user when it should not.
+    if ($user && ref $param eq 'HASH' && exists $param->{name}) {
+        my $login = $param->{name};
+        if (lc $login ne lc $user->login) {
+            $user = undef;
+        }
+    }
+
+    return $user;
  }
  
  sub super_user {
author	Dave Miller <justdave@bugzilla.org>
	Thu, 29 Aug 2024 11:02:47 +0000 (07:02 -0400)
committer	Dave Miller <github@justdave.net>
	Tue, 3 Sep 2024 14:45:24 +0000 (10:45 -0400)