View Issue Details

IDProjectCategoryView StatusLast Update
0025097mantisbtauthenticationpublic2018-12-19 03:29
Reporterjingshaochen Assigned To 
PrioritynormalSeveritymajorReproducibilityalways
Status acknowledgedResolutionopen 
PlatformLinuxOSUbuntu 16.04 
Product Version2.18.0 
Summary0025097: login username is not trimmed
Description

When an LDAP user with username log in, if he/she put space in front or at the end of the username, he will still be authenticated and logged in, however, user table will have a new entry with the spaces as username.

This is not desirable at least.

Steps To Reproduce
  1. use LDAP authentication
  2. login with a valid username and password
  3. check the user is created in user table
  4. now log out and log in again, with a space in front of the username, and the valid password
  5. log in succeed
  6. however, check user table, there will be another user created with username: username (with the space in front)
TagsNo tags attached.

Relationships

has duplicate 0023831 closedatrol Leading space of username should be trimmed when login 

Activities

jingshaochen

jingshaochen

2018-12-18 20:34

reporter   ~0061080

suggest fix is to add a trim in login_password_page.php file:

$f_username              = trim(gpc_get_string( 'username', '' ));

Issue History

Date Modified Username Field Change
2018-12-18 20:26 jingshaochen New Issue
2018-12-18 20:34 jingshaochen Note Added: 0061080
2018-12-19 03:26 atrol Assigned To => atrol
2018-12-19 03:26 atrol Status new => resolved
2018-12-19 03:26 atrol Resolution open => duplicate
2018-12-19 03:26 atrol Relationship added duplicate of 0023831
2018-12-19 03:28 atrol Relationship replaced has duplicate 0023831
2018-12-19 03:29 atrol Assigned To atrol =>
2018-12-19 03:29 atrol Status resolved => acknowledged
2018-12-19 03:29 atrol Resolution duplicate => open