Hi Stefan,
When we use Webserver authentication, we have the correct username already in the variable http_user.
The old way of copying this http_user to "user" is wrong since we don't use the size of http_user.
Instead, just encode the http_user variable directly.
See attached patch against git HEAD.
Christof
|
diff --git a/src/elogd.c b/src/elogd.c
index 601639c..de4734b 100755
--- a/src/elogd.c
+++ b/src/elogd.c
@@ -13142,12 +13142,13 @@ int save_user_config(LOGBOOK * lbs, char *user, BOOL new_user)
/* if we outsourced the authentication, use external username */
getcfg(lbs->name, "Authentication", str, sizeof(str));
- if ( stristr(str, "Webserver")) {
- strlcpy(user, http_user, sizeof(user));
- }
/* do not allow HTML in user name */
- strencode2(user_enc, user, sizeof(user_enc));
+ if ( stristr(str, "Webserver")) {
+ strencode2(user_enc, http_user, sizeof(user_enc));
+ } else {
+ strencode2(user_enc, user, sizeof(user_enc));
+ }
/* check for user name */
if (!isparam("new_user_name") || *getparam("new_user_name") == 0) {
|