From: Dave Miller <justdave@bugzilla.org>
Date: Thu, 29 Aug 2024 11:03:14 +0000 (-0400)
Subject: Bug 1813629: Prevent Auth plugins from authenticating usernames with unicode variants
X-Git-Tag: bugzilla-5.0.4.1~3
X-Git-Url: http://git.ipfire.org/gitweb/gitweb.cgi?a=commitdiff_plain;h=004ee037b0f49a549648a84b568188ec49bccac7;p=thirdparty%2Fbugzilla.git

Bug 1813629: Prevent Auth plugins from authenticating usernames with unicode variants

Co-authored-by: David Lawrence <dkl@mozilla.com>
---

diff --git a/Bugzilla/User.pm b/Bugzilla/User.pm
index 77e6cebb0..e8f4aa77f 100644
--- a/Bugzilla/User.pm
+++ b/Bugzilla/User.pm
@@ -132,7 +132,19 @@ sub new {
             $_[0] = $param;
         }
     }
-    return $class->SUPER::new(@_);
+
+    $user = $class->SUPER::new(@_);
+
+    # MySQL considers some non-ascii characters such as umlauts to equal
+    # ascii characters returning a user when it should not.
+    if ($user && ref $param eq 'HASH' && exists $param->{name}) {
+        my $login = $param->{name};
+        if (lc $login ne lc $user->login) {
+            $user = undef;
+        }
+    }
+
+    return $user;
 }
 
 sub super_user {