fix: username sanitized twice in UserAuth::authUser()

Remove usage of filter_var on username in UserAuth::authUser() as it's already done before.
bacula-web · Dec 29, 2023 · 61c8330 · 61c8330
1 parent e81b25e
commit 61c8330
Showing 1 changed file with 0 additions and 5 deletions.
diff --git a/core/App/UserAuth.php b/core/App/UserAuth.php
@@ -115,12 +115,7 @@ public function checkSchema(): void
      */
     public function authUser(string $username, string $password): string
     {
-        // TODO: FILTER_SANITIZE_STRING is deprecated as of PHP 8.1, replace by htmlspecialchars() instead
-
-        // Sanitize username
-        $username = filter_var($username, FILTER_SANITIZE_STRING, array( 'flags' => FILTER_FLAG_STRIP_LOW | FILTER_FLAG_STRIP_HIGH));
         $username = trim($username, ' ');
-
         $user = $this->userTable->findByName($username);
 
         if ($user) {