tyler.durden
/
icingaweb2
mirror of https://github.com/Icinga/icingaweb2.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Autologin: Do NOT sanitize username 

I don't know the reason why this was done initially but a username must not be changed.
This commit is contained in:
Eric Lippmann 2014-06-11 14:43:27 +02:00
parent c42c7977be
commit c09341d77e
1 changed files with 1 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
library/Icinga/Authentication/Backend/AutoLoginBackend.php
View File

@ -57,11 +57,7 @@ class AutoLoginBackend extends UserBackend
&& isset($_SERVER['AUTH_TYPE']) && isset($_SERVER['AUTH_TYPE'])
&& in_array($_SERVER['AUTH_TYPE'], array('Basic', 'Digest')) === true && in_array($_SERVER['AUTH_TYPE'], array('Basic', 'Digest')) === true
) { ) {
$username = filter_var( $username = $_SERVER['PHP_AUTH_USER'];
$_SERVER['PHP_AUTH_USER'],
FILTER_SANITIZE_STRING,
FILTER_FLAG_ENCODE_HIGH|FILTER_FLAG_ENCODE_LOW
);
if ($username !== false) { if ($username !== false) {
if ($this->stripUsernameRegexp !== null) { if ($this->stripUsernameRegexp !== null) {