From 9db02f261219fe4e70cd15c99d44a0338e698154 Mon Sep 17 00:00:00 2001 From: "Cleopatra Enjeck M." Date: Tue, 25 Feb 2025 06:36:53 +0000 Subject: [PATCH] fix: Improve string comparison Signed-off-by: Cleopatra Enjeck M. --- lib/private/User/Session.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/private/User/Session.php b/lib/private/User/Session.php index da2b8b48df4..f33297d75dd 100644 --- a/lib/private/User/Session.php +++ b/lib/private/User/Session.php @@ -810,7 +810,7 @@ class Session implements IUserSession, Emitter { * Check if login names match */ private function validateTokenLoginName(?string $loginName, IToken $token): bool { - if (strtolower($token->getLoginName() ?? '') !== strtolower($loginName ?? '')) { + if (strcasecmp($token->getLoginName(), $loginName ?? '') !== 0) { // TODO: this makes it impossible to use different login names on browser and client // e.g. login by e-mail 'user@example.com' on browser for generating the token will not // allow to use the client token with the login name 'user'.