From c09341d77ece175be4b7ed8c3499c15f2d6af101 Mon Sep 17 00:00:00 2001
From: Eric Lippmann <eric.lippmann@netways.de>
Date: Wed, 11 Jun 2014 14:43:27 +0200
Subject: [PATCH] Autologin: Do NOT sanitize username

I don't know the reason why this was done initially but a username must not be changed.
---
 library/Icinga/Authentication/Backend/AutoLoginBackend.php | 6 +-----
 1 file changed, 1 insertion(+), 5 deletions(-)

diff --git a/library/Icinga/Authentication/Backend/AutoLoginBackend.php b/library/Icinga/Authentication/Backend/AutoLoginBackend.php
index 8fd7a7c5c..173dde6a7 100644
--- a/library/Icinga/Authentication/Backend/AutoLoginBackend.php
+++ b/library/Icinga/Authentication/Backend/AutoLoginBackend.php
@@ -57,11 +57,7 @@ class AutoLoginBackend extends UserBackend
             && isset($_SERVER['AUTH_TYPE'])
             && in_array($_SERVER['AUTH_TYPE'], array('Basic', 'Digest')) === true
         ) {
-            $username = filter_var(
-                $_SERVER['PHP_AUTH_USER'],
-                FILTER_SANITIZE_STRING,
-                FILTER_FLAG_ENCODE_HIGH|FILTER_FLAG_ENCODE_LOW
-            );
+            $username = $_SERVER['PHP_AUTH_USER'];
 
             if ($username !== false) {
                 if ($this->stripUsernameRegexp !== null) {