ZP-139

- fixed: use user names only in lowercase

git-svn-id: https://z-push.org/svn/z-push/trunk@1381 b7dd7b3b-3a3c-0410-9da9-bee62a6cc5b5

src/lib/request/request.php

@@ -113,7 +113,7 @@ class Request {
 
         // getUser is unfiltered, as everything is allowed.. even "/", "\" or ".."
         if(isset($_GET["User"]))
-            self::$getUser = $_GET["User"];
+            self::$getUser = strtolower($_GET["User"]);
         if(isset($_GET["DeviceId"]))
             self::$devid = self::filterEvilInput($_GET["DeviceId"], self::WORDCHAR_ONLY);
         if(isset($_GET["DeviceType"]))
@@ -140,7 +140,7 @@ class Request {
                 self::$command = Utils::GetCommandFromCode($query['Command']);
 
             if (!isset(self::$getUser) && isset($query[self::COMMANDPARAM_USER]))
-                self::$getUser = $query[self::COMMANDPARAM_USER];
+                self::$getUser = strtolower($query[self::COMMANDPARAM_USER]);
 
             if (!isset(self::$devid) && isset($query['DevID']))
                 self::$devid = self::filterEvilInput($query['DevID'], self::WORDCHAR_ONLY);
@@ -169,7 +169,7 @@ class Request {
 
         // in base64 encoded query string user is not necessarily set
         if (!isset(self::$getUser) && isset($_SERVER['PHP_AUTH_USER']))
-            list(self::$getUser,) = Utils::SplitDomainUser($_SERVER['PHP_AUTH_USER']);
+            list(self::$getUser,) = strtolower(Utils::SplitDomainUser($_SERVER['PHP_AUTH_USER']));
     }
 
     /**

src/z-push-admin.php

@@ -194,9 +194,9 @@ class ZPushAdminCLI {
 
         // get 'user'
         if (isset($options['u']) && !empty($options['u']))
-            self::$user = trim($options['u']);
+            self::$user = strtolower(trim($options['u']));
         else if (isset($options['user']) && !empty($options['user']))
-            self::$user = trim($options['user']);
+            self::$user = strtolower(trim($options['user']));
 
         // get 'device'
         if (isset($options['d']) && !empty($options['d']))