diff options
| author | Andreas Gohr <andi@splitbrain.org> | 2012-02-01 11:33:25 -0800 |
|---|---|---|
| committer | Andreas Gohr <andi@splitbrain.org> | 2012-02-01 11:33:25 -0800 |
| commit | 853bf105c0cfb04e7e984e2053e4b871606bd6f1 (patch) | |
| tree | 3f97a8a60cc1f7b5258f62cdf2a07589d35526ac | |
| parent | d00208c2ec66849d743c0dc89440a9ab27efedbb (diff) | |
| parent | 48d7b7a6544f9cecba4b776c782a3891b28fb300 (diff) | |
| download | rpg-853bf105c0cfb04e7e984e2053e4b871606bd6f1.tar.gz rpg-853bf105c0cfb04e7e984e2053e4b871606bd6f1.tar.bz2 | |
Merge pull request #72 from dom-mel/auth_fixes
use in_array to filter groups instead of preg_grep for acl
| -rw-r--r-- | inc/auth.php | 22 |
1 files changed, 12 insertions, 10 deletions
diff --git a/inc/auth.php b/inc/auth.php index e0f58e5f2..941dcb8d6 100644 --- a/inc/auth.php +++ b/inc/auth.php @@ -523,18 +523,19 @@ function auth_aclcheck($id,$user,$groups){ $groups[] = '@ALL'; //add User if($user) $groups[] = $user; - //build regexp - $regexp = join('|',$groups); }else{ - $regexp = '@ALL'; + $groups[] = '@ALL'; } //check exact match first - $matches = preg_grep('/^'.preg_quote($id,'/').'\s+('.$regexp.')\s+/'.$ci,$AUTH_ACL); + $matches = preg_grep('/^'.preg_quote($id,'/').'\s+(\S+)\s+/'.$ci,$AUTH_ACL); if(count($matches)){ foreach($matches as $match){ $match = preg_replace('/#.*$/','',$match); //ignore comments $acl = preg_split('/\s+/',$match); + if (!in_array($acl[1], $groups)) { + continue; + } if($acl[2] > AUTH_DELETE) $acl[2] = AUTH_DELETE; //no admins in the ACL! if($acl[2] > $perm){ $perm = $acl[2]; @@ -554,20 +555,24 @@ function auth_aclcheck($id,$user,$groups){ } do{ - $matches = preg_grep('/^'.preg_quote($path,'/').'\s+('.$regexp.')\s+/'.$ci,$AUTH_ACL); + $matches = preg_grep('/^'.preg_quote($path,'/').'\s+(\S+)\s+/'.$ci,$AUTH_ACL); if(count($matches)){ foreach($matches as $match){ $match = preg_replace('/#.*$/','',$match); //ignore comments $acl = preg_split('/\s+/',$match); + if (!in_array($acl[1], $groups)) { + continue; + } if($acl[2] > AUTH_DELETE) $acl[2] = AUTH_DELETE; //no admins in the ACL! if($acl[2] > $perm){ $perm = $acl[2]; } } //we had a match - return it - return $perm; + if ($perm != -1) { + return $perm; + } } - //get next higher namespace $ns = getNS($ns); @@ -582,9 +587,6 @@ function auth_aclcheck($id,$user,$groups){ return AUTH_NONE; } }while(1); //this should never loop endless - - //still here? return no permissions - return AUTH_NONE; } /** |