From 232d7358934ab8e1fa5e871c37f0997e5f394e86 Mon Sep 17 00:00:00 2001
From: Thomas Müller <thomas.mueller@tmit.eu>
Date: Thu, 9 Jun 2016 16:44:31 +0200
Subject: Do not leak the login name - fixes #25047

---
 core/Controller/LoginController.php | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

(limited to 'core/Controller')

diff --git a/core/Controller/LoginController.php b/core/Controller/LoginController.php
index c64f58ae2cc..7806e1de904 100644
--- a/core/Controller/LoginController.php
+++ b/core/Controller/LoginController.php
@@ -171,6 +171,7 @@ class LoginController extends Controller {
 	 * @return RedirectResponse
 	 */
 	public function tryLogin($user, $password, $redirect_url) {
+		$originalUser = $user;
 		// TODO: Add all the insane error handling
 		/* @var $loginResult IUser */
 		$loginResult = $this->userManager->checkPassword($user, $password);
@@ -186,8 +187,8 @@ class LoginController extends Controller {
 			$this->session->set('loginMessages', [
 				['invalidpassword']
 			]);
-			// Read current user and append if possible
-			$args = !is_null($user) ? ['user' => $user] : [];
+			// Read current user and append if possible - we need to return the unmodified user otherwise we will leak the login name
+			$args = !is_null($user) ? ['user' => $originalUser] : [];
 			return new RedirectResponse($this->urlGenerator->linkToRoute('core.login.showLoginForm', $args));
 		}
 		// TODO: remove password checks from above and let the user session handle failures
-- 
cgit v1.2.3