View Issue Details

IDProjectCategoryView StatusLast Update
0025097mantisbtauthenticationpublic2020-03-15 15:23
Reporterjingshaochen Assigned Todregad  
Status closedResolutionfixed 
PlatformLinuxOSUbuntu 16.04OS Version16.04
Product Version2.18.0 
Target Version2.24.0Fixed in Version2.24.0 
Summary0025097: login username is not trimmed

When an LDAP user with username log in, if he/she put space in front or at the end of the username, he will still be authenticated and logged in, however, user table will have a new entry with the spaces as username.

This is not desirable at least.

Steps To Reproduce
  1. use LDAP authentication
  2. login with a valid username and password
  3. check the user is created in user table
  4. now log out and log in again, with a space in front of the username, and the valid password
  5. log in succeed
  6. however, check user table, there will be another user created with username: username (with the space in front)
TagsNo tags attached.


has duplicate 0023831 closedatrol Leading space of username should be trimmed when login 




2018-12-18 20:34

reporter   ~0061080

suggest fix is to add a trim in login_password_page.php file:

$f_username              = trim(gpc_get_string( 'username', '' ));


2020-01-29 10:39

developer   ~0063536

I just tested and I can't reproduce this behavior with Active Directory, the LDAP search fails:

2020-01-29 10:07 EST LDAP ldap_api.php:346 ldap_authenticate_by_username() Searching for (&(sAMAccountName=  USERNAME))
2020-01-29 10:07 EST LDAP ldap_api.php:377 ldap_authenticate_by_username() No matching entries found

Maybe this affects other types of LDAP (did not test). Regardless, it fully makes sense to ignore leading/trailing whitespace in this context, so I'll add the trim() call as suggested.

See PR

Related Changesets

MantisBT: master 73fc958a

2020-01-29 10:34:25


Details Diff
Trim username on login

When an LDAP user adds spaces before or after their username when
logging in, they will be authenticated successfully and logged in, but
Mantis will create a new entry in the user table including the spaces.

Fixes 0025097
Affected Issues
mod - login_password_page.php Diff File