From 73fc958ae77cf5aa839fd0ea3262836f2b227a8b Mon Sep 17 00:00:00 2001
From: Damien Regad <dregad@mantisbt.org>
Date: Wed, 29 Jan 2020 16:34:25 +0100
Subject: [PATCH] Trim username on login

When an LDAP user adds spaces before or after their username when
logging in, they will be authenticated successfully and logged in, but
Mantis will create a new entry in the user table including the spaces.

Fixes #25097
---
 login_password_page.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/login_password_page.php b/login_password_page.php
index 147cc53fc9..1bebca54ab 100644
--- a/login_password_page.php
+++ b/login_password_page.php
@@ -58,7 +58,7 @@
 $f_error                 = gpc_get_bool( 'error' );
 $f_cookie_error          = gpc_get_bool( 'cookie_error' );
 $f_return                = string_sanitize_url( gpc_get_string( 'return', '' ) );
-$f_username              = gpc_get_string( 'username', '' );
+$f_username              = trim( gpc_get_string( 'username', '' ) );
 $f_reauthenticate        = gpc_get_bool( 'reauthenticate', false );
 $f_perm_login            = gpc_get_bool( 'perm_login', false );
 $f_secure_session        = gpc_get_bool( 'secure_session', false );