Bug 1813629: Prevent Auth plugins from authenticating usernames with unicode variants

author Dave Miller <justdave@bugzilla.org>

Thu, 29 Aug 2024 11:06:04 +0000 (07:06 -0400)

committer Dave Miller <github@justdave.net>

Tue, 3 Sep 2024 14:39:49 +0000 (10:39 -0400)
author Dave Miller <justdave@bugzilla.org>
Thu, 29 Aug 2024 11:06:04 +0000 (07:06 -0400)
committer Dave Miller <github@justdave.net>
Tue, 3 Sep 2024 14:39:49 +0000 (10:39 -0400)
diff --git a/Bugzilla/User.pm b/Bugzilla/User.pm

index b33c39748413f1d5148358e5baf7dee153f9dbcd..63faac0320c9490808cc3773888b9ba9eb2aca94 100644 (file)
--- a/Bugzilla/User.pm
+++ b/Bugzilla/User.pm
@@ -131,7 +131,19 @@ sub new {
        $_[0] = $param;
      }
    }
-  return $class->SUPER::new(@_);
+
+  $user = $class->SUPER::new(@_);
+
+  # MySQL considers some non-ascii characters such as umlauts to equal
+  # ascii characters returning a user when it should not.
+  if ($user && ref $param eq 'HASH' && exists $param->{name}) {
+    my $login = $param->{name};
+    if (lc $login ne lc $user->login) {
+      $user = undef;
+    }
+  }
+
+  return $user;
  }
  
  sub super_user {
author	Dave Miller <justdave@bugzilla.org>
	Thu, 29 Aug 2024 11:06:04 +0000 (07:06 -0400)
committer	Dave Miller <github@justdave.net>
	Tue, 3 Sep 2024 14:39:49 +0000 (10:39 -0400)