From dcea76ea0175726d26a5eb21624554c8e63b0c43 Mon Sep 17 00:00:00 2001
From: Andrew Clarke <andrew@glydetechnology.com>
Date: Fri, 1 Apr 2016 09:44:23 +0100
Subject: [PATCH] Update class.auth.php

Fix for  Auth Ticket generation & check mismatch #3005
---
 include/class.auth.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/include/class.auth.php b/include/class.auth.php
index afda9c0e9..1dc5a9ccf 100644
--- a/include/class.auth.php
+++ b/include/class.auth.php
@@ -1061,7 +1061,7 @@ class AuthTokenAuthentication extends UserAuthenticationBackend {
             if (($ticket = Ticket::lookupByNumber($_GET['t'], $_GET['e']))
                     // Using old ticket auth code algo - hardcoded here because it
                     // will be removed in ticket class in the upcoming rewrite
-                    && !strcasecmp($_GET['a'], md5($ticket->getId() .  $_GET['e'] . SECRET_SALT))
+                    && !strcasecmp($_GET['a'], md5($ticket->getId() .  strtolower($_GET['e']) . SECRET_SALT))
                     && ($owner = $ticket->getOwner()))
                 $user = new ClientSession($owner);
         }
-- 
GitLab