View Issue Details
ID | Project | Category | View Status | Date Submitted | Last Update |
---|---|---|---|---|---|
0025097 | mantisbt | authentication | public | 2018-12-18 20:26 | 2020-03-15 15:23 |
Reporter | jingshaochen | Assigned To | dregad | ||
Priority | normal | Severity | major | Reproducibility | always |
Status | closed | Resolution | fixed | ||
Platform | Linux | OS | Ubuntu 16.04 | OS Version | 16.04 |
Product Version | 2.18.0 | ||||
Target Version | 2.24.0 | Fixed in Version | 2.24.0 | ||
Summary | 0025097: login username is not trimmed | ||||
Description | When an LDAP user with This is not desirable at least. | ||||
Steps To Reproduce |
| ||||
Tags | No tags attached. | ||||
suggest fix is to add a trim in login_password_page.php file: |
|
I just tested and I can't reproduce this behavior with Active Directory, the LDAP search fails:
Maybe this affects other types of LDAP (did not test). Regardless, it fully makes sense to ignore leading/trailing whitespace in this context, so I'll add the trim() call as suggested. |
|
MantisBT: master 73fc958a 2020-01-29 05:34 Details Diff |
Trim username on login When an LDAP user adds spaces before or after their username when logging in, they will be authenticated successfully and logged in, but Mantis will create a new entry in the user table including the spaces. Fixes 0025097 |
Affected Issues 0025097 |
|
mod - login_password_page.php | Diff File |