Fixed: [ 1186582 ] Authentication problem in Windows NT/AD Domains

diff --git a/wwwroot/cgi-bin/awstats.pl b/wwwroot/cgi-bin/awstats.pl
index 4f926ae6c46d7be97ccb48965ade30221e4454ad..980ff5db857f74148a2f80d99430d83a1ffdf764 100644 (file)
--- a/wwwroot/cgi-bin/awstats.pl
+++ b/wwwroot/cgi-bin/awstats.pl
@@ -5796,8 +5796,9 @@ if ($AllowAccessFromWebToAuthenticatedUsersOnly && $ENV{'GATEWAY_INTERFACE'}) {
        }
        if (@AllowAccessFromWebToFollowingAuthenticatedUsers) {
                my $userisinlist=0;
-               my $currentuser=qr/^$ENV{"REMOTE_USER"}$/i;
-               $currentuser =~ s/\s/%20/g;     # Allow authenticated user with space in name to be compared to allowed user list
+        my $remoteuser=quotemeta($ENV{"REMOTE_USER"});
+               $remoteuser =~ s/\s/%20/g;              # Allow authenticated user with space in name to be compared to allowed user list
+               my $currentuser=qr/^$remoteuser$/i; # Set precompiled regex
                foreach (@AllowAccessFromWebToFollowingAuthenticatedUsers) {
                        if (/$currentuser/o) { $userisinlist=1; last; }
                }