xle/tt-rss
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

enforce lowercase usernames while keeping backwards-compatibility for authentication

Browse Source
This commit is contained in:
Andrew Dolgov
2024-08-16 14:28:20 +03:00
parent 99e444d1d2
commit b8cbb167d4
2 changed files with 3 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
classes/UserHelper.php
View File

@@ -62,6 +62,7 @@ class UserHelper {
if (!Config::get(Config::SINGLE_USER_MODE)) { if (!Config::get(Config::SINGLE_USER_MODE)) {
$user_id = false; $user_id = false;
$auth_module = false; $auth_module = false;
$login = mb_strtolower($login);
PluginHost::getInstance()->chain_hooks_callback(PluginHost::HOOK_AUTH_USER, PluginHost::getInstance()->chain_hooks_callback(PluginHost::HOOK_AUTH_USER,
function ($result, $plugin) use (&$user_id, &$auth_module) { function ($result, $plugin) use (&$user_id, &$auth_module) {
@@ -222,7 +223,7 @@ class UserHelper {
static function find_user_by_login(string $login): ?int { static function find_user_by_login(string $login): ?int {
$user = ORM::for_table('ttrss_users') $user = ORM::for_table('ttrss_users')
->where('login', $login) ->where_raw('LOWER(login) = LOWER(?)', [$login])
->find_one(); ->find_one();
if ($user) if ($user)

2
plugins/auth_internal/init.php
View File

@@ -116,7 +116,7 @@ class Auth_Internal extends Auth_Base implements IAuthModule2 {
if ($login) { if ($login) {
$user = ORM::for_table('ttrss_users') $user = ORM::for_table('ttrss_users')
->where('login', $login) ->where_raw('LOWER(login) = LOWER(?)', [$login])
->find_one(); ->find_one();
if ($user) { if ($user) {