Parcourir la source
Strip invalid UTF-8 bytes in User#find_by_login (#16107).
git-svn-id: http://svn.redmine.org/redmine/trunk@12916 e93f8b46-1217-0410-a6f0-8f06a7374b81tags/2.6.0
Jean-Philippe Lang
il y a 10 ans
2 fichiers modifiés avec 8 ajouts et 2 suppressions
+ 1
- 1
app/models/user.rb
Voir le fichier
| @@ -384,8 +384,8 @@ class User < Principal | |||
| # Find a user account by matching the exact login and then a case-insensitive | |||
| # version. Exact matches will be given priority. | |||
| def self.find_by_login(login) | |||
| login = Redmine::CodesetUtil.replace_invalid_utf8(login.to_s) | |||
| if login.present? | |||
| login = login.to_s | |||
| # First look for an exact match | |||
| user = where(:login => login).detect {|u| u.login == login} | |||
| unless user | |||
+ 7
- 1
test/integration/api_test/authentication_test.rb
Voir le fichier
| @@ -30,7 +30,7 @@ class Redmine::ApiTest::AuthenticationTest < Redmine::ApiTest::Base | |||
| def test_api_should_trigger_basic_http_auth_with_basic_authorization_header | |||
| ApplicationController.any_instance.expects(:authenticate_with_http_basic).once | |||
| get '/users/current.xml', {}, credentials('admin') | |||
| get '/users/current.xml', {}, credentials('jsmith') | |||
| end | |||
| def test_api_should_not_trigger_basic_http_auth_with_non_basic_authorization_header | |||
| @@ -38,6 +38,12 @@ class Redmine::ApiTest::AuthenticationTest < Redmine::ApiTest::Base | |||
| get '/users/current.xml', {}, 'HTTP_AUTHORIZATION' => 'Digest foo bar' | |||
| end | |||
| def test_invalid_utf8_credentials_should_not_trigger_an_error | |||
| assert_nothing_raised do | |||
| get '/users/current.xml', {}, credentials("\x82", "foo") | |||
| end | |||
| end | |||
| def test_api_request_should_not_use_user_session | |||
| log_user('jsmith', 'jsmith') | |||
Chargement…