Bug 1813629: Prevent Auth plugins from authenticating usernames with unicode variants

author Dave Miller <justdave@bugzilla.org>

Thu, 29 Aug 2024 11:03:14 +0000 (07:03 -0400)

committer Dave Miller <github@justdave.net>

Tue, 3 Sep 2024 15:41:55 +0000 (11:41 -0400)
author Dave Miller <justdave@bugzilla.org>
Thu, 29 Aug 2024 11:03:14 +0000 (07:03 -0400)
committer Dave Miller <github@justdave.net>
Tue, 3 Sep 2024 15:41:55 +0000 (11:41 -0400)
diff --git a/Bugzilla/User.pm b/Bugzilla/User.pm

index 77e6cebb022b2411ac663c03be8d9a747d593479..e8f4aa77fc3eb400a3ad286606f600d67b8f5837 100644 (file)
--- a/Bugzilla/User.pm
+++ b/Bugzilla/User.pm
@@ -132,7 +132,19 @@ sub new {
              $_[0] = $param;
          }
      }
-    return $class->SUPER::new(@_);
+
+    $user = $class->SUPER::new(@_);
+
+    # MySQL considers some non-ascii characters such as umlauts to equal
+    # ascii characters returning a user when it should not.
+    if ($user && ref $param eq 'HASH' && exists $param->{name}) {
+        my $login = $param->{name};
+        if (lc $login ne lc $user->login) {
+            $user = undef;
+        }
+    }
+
+    return $user;
  }
  
  sub super_user {
author	Dave Miller <justdave@bugzilla.org>
	Thu, 29 Aug 2024 11:03:14 +0000 (07:03 -0400)
committer	Dave Miller <github@justdave.net>
	Tue, 3 Sep 2024 15:41:55 +0000 (11:41 -0400)