Permalink
Browse files

Fix bug where domain name was converted to lower-case even with login…

…_lc=false (#1488593)

Conflicts:

	CHANGELOG
	program/include/rcmail.php
  • Loading branch information...
1 parent 0ae929f commit 48a04205c8513fdc4f923fef556e3db8cc17d9f9 @alecpl alecpl committed Aug 17, 2012
Showing with 17 additions and 12 deletions.
  1. +1 −0 CHANGELOG
  2. +4 −3 config/main.inc.php.dist
  3. +12 −9 program/include/rcmail.php
View
@@ -1,6 +1,7 @@
CHANGELOG Roundcube Webmail
===========================
+- Fix bug where domain name was converted to lower-case even with login_lc=false (#1488593)
- Fix lower-casing email address on replies (#1488598)
- Fix line separator in exported messages (#1488603)
- Fix XSS issue where plain signatures wasn't secured in HTML mode (#1488613)
@@ -219,11 +219,12 @@ $rcmail_config['use_https'] = false;
// 0 - disabled, 1 - username and host only, 2 - username, host, password
$rcmail_config['login_autocomplete'] = 0;
-// If users authentication is not case sensitive this must be enabled.
-// You can also use it to force conversion of logins to lower case.
+// Forces conversion of logins to lower case.
+// 0 - disabled, 1 - only domain part, 2 - domain and local part.
+// If users authentication is not case-sensitive this must be enabled.
// After enabling it all user records need to be updated, e.g. with query:
// UPDATE users SET username = LOWER(username);
-$rcmail_config['login_lc'] = false;
+$rcmail_config['login_lc'] = 0;
// Includes should be interpreted as PHP files
$rcmail_config['skin_include_php'] = false;
@@ -899,7 +899,14 @@ function login($username, $pass, $host = null, $cookiecheck = false)
// Convert username to lowercase. If storage backend
// is case-insensitive we need to store always the same username (#1487113)
if ($config['login_lc']) {
- $username = mb_strtolower($username);
+ if ($config['login_lc'] == 2 || $config['login_lc'] === true) {
+ $username = mb_strtolower($username);
+ }
+ else if (strpos($username, '@')) {
+ // lowercase domain name
+ list($local, $domain) = explode('@', $username);
+ $username = $local . '@' . mb_strtolower($domain);
+ }
}
// try to resolve email address from virtuser table
@@ -909,17 +916,13 @@ function login($username, $pass, $host = null, $cookiecheck = false)
// Here we need IDNA ASCII
// Only rcube_contacts class is using domain names in Unicode
- $host = rcube_idn_to_ascii($host);
- if (strpos($username, '@')) {
- // lowercase domain name
- list($local, $domain) = explode('@', $username);
- $username = $local . '@' . mb_strtolower($domain);
- $username = rcube_idn_to_ascii($username);
- }
+ $host = rcube_idn_to_ascii($host);
+ $username = rcube_idn_to_ascii($username);
// user already registered -> overwrite username
- if ($user = rcube_user::query($username, $host))
+ if ($user = rcube_user::query($username, $host)) {
$username = $user->data['username'];
+ }
if (!$this->storage)
$this->storage_init();

0 comments on commit 48a0420

Please sign in to comment.