diff options
| author | mkanat%kerio.com <> | 2005-07-08 11:31:41 +0200 |
|---|---|---|
| committer | mkanat%kerio.com <> | 2005-07-08 11:31:41 +0200 |
| commit | 4f25eedf9065f28badf1e5e1df6c925062d8279e (patch) | |
| tree | 01adc7e1f641b2104a5177bd84ad4ab084e71dda /Bugzilla/Auth | |
| parent | 6bff5c39e564cc34c85c4d30e11f6ff14482548a (diff) | |
| download | bugzilla-4f25eedf9065f28badf1e5e1df6c925062d8279e.tar.gz bugzilla-4f25eedf9065f28badf1e5e1df6c925062d8279e.tar.xz | |
Bug 285695: [PostgreSQL] Username checks for login, etc. need to be case insensitive
Patch By Max Kanat-Alexander <mkanat@bugzilla.org> r=LpSolit, a=justdave
Diffstat (limited to 'Bugzilla/Auth')
| -rw-r--r-- | Bugzilla/Auth/Login/WWW/Env.pm | 3 | ||||
| -rw-r--r-- | Bugzilla/Auth/Verify/DB.pm | 20 | ||||
| -rw-r--r-- | Bugzilla/Auth/Verify/LDAP.pm | 3 |
3 files changed, 10 insertions, 16 deletions
diff --git a/Bugzilla/Auth/Login/WWW/Env.pm b/Bugzilla/Auth/Login/WWW/Env.pm index 2f29d570f..985393206 100644 --- a/Bugzilla/Auth/Login/WWW/Env.pm +++ b/Bugzilla/Auth/Login/WWW/Env.pm @@ -84,7 +84,8 @@ sub login { # also sent), and the id, so that we have a way of telling that we # got something instead of a bunch of NULLs $sth = $dbh->prepare("SELECT extern_id, userid, disabledtext " . - "FROM profiles WHERE login_name=?"); + "FROM profiles WHERE " . + $dbh->sql_istrcmp('login_name', '?')); $sth->execute($env_email); $sth->execute(); diff --git a/Bugzilla/Auth/Verify/DB.pm b/Bugzilla/Auth/Verify/DB.pm index 1d5c6850c..4a45e81e7 100644 --- a/Bugzilla/Auth/Verify/DB.pm +++ b/Bugzilla/Auth/Verify/DB.pm @@ -34,6 +34,10 @@ use strict; use Bugzilla::Config; use Bugzilla::Constants; use Bugzilla::Util; +# Because of the screwy way that Auth works, it thinks +# that we're redefining subroutines if we "use" anything +# that "uses" Bugzilla::Auth. +require Bugzilla::User; my $edit_options = { 'new' => 1, @@ -52,11 +56,8 @@ sub authenticate { return (AUTH_NODATA) unless defined $username && defined $passwd; - # We're just testing against the db: any value is ok - trick_taint($username); - - my $userid = $class->get_id_from_username($username); - return (AUTH_LOGINFAILED) unless defined $userid; + my $userid = Bugzilla::User::login_to_id($username); + return (AUTH_LOGINFAILED) unless $userid; return (AUTH_LOGINFAILED, $userid) unless $class->check_password($userid, $passwd); @@ -74,15 +75,6 @@ sub authenticate { return (AUTH_OK, $userid); } -sub get_id_from_username { - my ($class, $username) = @_; - my $dbh = Bugzilla->dbh; - my $sth = $dbh->prepare_cached("SELECT userid FROM profiles " . - "WHERE login_name=?"); - my ($userid) = $dbh->selectrow_array($sth, undef, $username); - return $userid; -} - sub get_disabled { my ($class, $userid) = @_; my $dbh = Bugzilla->dbh; diff --git a/Bugzilla/Auth/Verify/LDAP.pm b/Bugzilla/Auth/Verify/LDAP.pm index 551a70f45..ee58f9d7e 100644 --- a/Bugzilla/Auth/Verify/LDAP.pm +++ b/Bugzilla/Auth/Verify/LDAP.pm @@ -137,7 +137,8 @@ sub authenticate { my $dbh = Bugzilla->dbh; my $sth = $dbh->prepare_cached("SELECT userid, disabledtext " . "FROM profiles " . - "WHERE login_name=?"); + "WHERE " . + $dbh->sql_istrcmp('login_name', '?')); my ($userid, $disabledtext) = $dbh->selectrow_array($sth, undef, |