View Issue Details

IDProjectCategoryView StatusLast Update
0025097mantisbtauthenticationpublic2020-03-15 15:23
Reporterjingshaochen Assigned Todregad  
Status closedResolutionfixed 
PlatformLinuxOSUbuntu 16.04OS Version16.04
Product Version2.18.0 
Target Version2.24.0Fixed in Version2.24.0 
Summary0025097: login username is not trimmed

When an LDAP user with username log in, if he/she put space in front or at the end of the username, he will still be authenticated and logged in, however, user table will have a new entry with the spaces as username.

This is not desirable at least.

Steps To Reproduce
  1. use LDAP authentication
  2. login with a valid username and password
  3. check the user is created in user table
  4. now log out and log in again, with a space in front of the username, and the valid password
  5. log in succeed
  6. however, check user table, there will be another user created with username: username (with the space in front)
TagsNo tags attached.


has duplicate 0023831 closedatrol Leading space of username should be trimmed when login 




2018-12-18 20:34

reporter   ~0061080

suggest fix is to add a trim in login_password_page.php file:

$f_username              = trim(gpc_get_string( 'username', '' ));


2020-01-29 10:39

developer   ~0063536

I just tested and I can't reproduce this behavior with Active Directory, the LDAP search fails:

2020-01-29 10:07 EST LDAP ldap_api.php:346 ldap_authenticate_by_username() Searching for (&(sAMAccountName=  USERNAME))
2020-01-29 10:07 EST LDAP ldap_api.php:377 ldap_authenticate_by_username() No matching entries found

Maybe this affects other types of LDAP (did not test). Regardless, it fully makes sense to ignore leading/trailing whitespace in this context, so I'll add the trim() call as suggested.

See PR

Related Changesets

MantisBT: master 73fc958a

2020-01-29 10:34:25


Details Diff
Trim username on login

When an LDAP user adds spaces before or after their username when
logging in, they will be authenticated successfully and logged in, but
Mantis will create a new entry in the user table including the spaces.

Fixes 0025097
Affected Issues
mod - login_password_page.php Diff File

Issue History

Date Modified Username Field Change
2018-12-18 20:26 jingshaochen New Issue
2018-12-18 20:34 jingshaochen Note Added: 0061080
2018-12-19 03:26 atrol Assigned To => atrol
2018-12-19 03:26 atrol Status new => resolved
2018-12-19 03:26 atrol Resolution open => duplicate
2018-12-19 03:26 atrol Relationship added duplicate of 0023831
2018-12-19 03:28 atrol Relationship replaced has duplicate 0023831
2018-12-19 03:29 atrol Assigned To atrol =>
2018-12-19 03:29 atrol Status resolved => acknowledged
2018-12-19 03:29 atrol Resolution duplicate => open
2020-01-29 10:39 dregad Assigned To => dregad
2020-01-29 10:39 dregad Status acknowledged => assigned
2020-01-29 10:39 dregad Note Added: 0063536
2020-01-29 10:40 dregad Target Version => 2.24.0
2020-02-17 04:37 dregad Changeset attached => MantisBT master 73fc958a
2020-02-17 04:37 dregad Status assigned => resolved
2020-02-17 04:37 dregad Resolution open => fixed
2020-02-17 04:37 dregad Fixed in Version => 2.24.0
2020-03-15 15:23 vboctor Status resolved => closed