Skip to content

Z
z-push
Commit cc414f10 authored by skummer's avatar skummer
Browse files
Options

ZP-139 

- fixed: use user names only in lowercase

git-svn-id: https://z-push.org/svn/z-push/trunk@1381 b7dd7b3b-3a3c-0410-9da9-bee62a6cc5b5
parent 26e7c81a
Show whitespace changes
Inline Side-by-side
Showing with 5 additions and 5 deletions
src/lib/request/request.php
View file @ cc414f10
...@@ -113,7 +113,7 @@ class Request { ...@@ -113,7 +113,7 @@ class Request {
// getUser is unfiltered, as everything is allowed.. even "/", "\" or ".." // getUser is unfiltered, as everything is allowed.. even "/", "\" or ".."
if(isset($_GET["User"])) if(isset($_GET["User"]))
self::$getUser = $_GET["User"]; self::$getUser = strtolower($_GET["User"]);
if(isset($_GET["DeviceId"])) if(isset($_GET["DeviceId"]))
self::$devid = self::filterEvilInput($_GET["DeviceId"], self::WORDCHAR_ONLY); self::$devid = self::filterEvilInput($_GET["DeviceId"], self::WORDCHAR_ONLY);
if(isset($_GET["DeviceType"])) if(isset($_GET["DeviceType"]))
...@@ -140,7 +140,7 @@ class Request { ...@@ -140,7 +140,7 @@ class Request {
self::$command = Utils::GetCommandFromCode($query['Command']); self::$command = Utils::GetCommandFromCode($query['Command']);
if (!isset(self::$getUser) && isset($query[self::COMMANDPARAM_USER])) if (!isset(self::$getUser) && isset($query[self::COMMANDPARAM_USER]))
self::$getUser = $query[self::COMMANDPARAM_USER]; self::$getUser = strtolower($query[self::COMMANDPARAM_USER]);
if (!isset(self::$devid) && isset($query['DevID'])) if (!isset(self::$devid) && isset($query['DevID']))
self::$devid = self::filterEvilInput($query['DevID'], self::WORDCHAR_ONLY); self::$devid = self::filterEvilInput($query['DevID'], self::WORDCHAR_ONLY);
...@@ -169,7 +169,7 @@ class Request { ...@@ -169,7 +169,7 @@ class Request {
// in base64 encoded query string user is not necessarily set // in base64 encoded query string user is not necessarily set
if (!isset(self::$getUser) && isset($_SERVER['PHP_AUTH_USER'])) if (!isset(self::$getUser) && isset($_SERVER['PHP_AUTH_USER']))
list(self::$getUser,) = Utils::SplitDomainUser($_SERVER['PHP_AUTH_USER']); list(self::$getUser,) = strtolower(Utils::SplitDomainUser($_SERVER['PHP_AUTH_USER']));
} }
/** /**
......
src/z-push-admin.php
View file @ cc414f10
...@@ -194,9 +194,9 @@ class ZPushAdminCLI { ...@@ -194,9 +194,9 @@ class ZPushAdminCLI {
// get 'user' // get 'user'
if (isset($options['u']) && !empty($options['u'])) if (isset($options['u']) && !empty($options['u']))
self::$user = trim($options['u']); self::$user = strtolower(trim($options['u']));
else if (isset($options['user']) && !empty($options['user'])) else if (isset($options['user']) && !empty($options['user']))
self::$user = trim($options['user']); self::$user = strtolower(trim($options['user']));
// get 'device' // get 'device'
if (isset($options['d']) && !empty($options['d'])) if (isset($options['d']) && !empty($options['d']))
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment