Merge branch 'master' into stable

1 files changed, 74 insertions, 32 deletions

diff --git a/inc/auth.php b/inc/auth.php
index b793f5d12..2bdc3eb00 100644
--- a/inc/auth.php
+++ b/inc/auth.php
@@ -131,6 +131,8 @@ function auth_setup() {
 function auth_loadACL() {
     global $config_cascade;
     global $USERINFO;
+    /* @var Input $INPUT */
+    global $INPUT;
 
     if(!is_readable($config_cascade['acl']['default'])) return array();
 
@@ -145,10 +147,10 @@ function auth_loadACL() {
         // substitute user wildcard first (its 1:1)
         if(strstr($line, '%USER%')){
             // if user is not logged in, this ACL line is meaningless - skip it
-            if (!isset($_SERVER['REMOTE_USER'])) continue;
+            if (!$INPUT->server->has('REMOTE_USER')) continue;
 
-            $id   = str_replace('%USER%',cleanID($_SERVER['REMOTE_USER']),$id);
-            $rest = str_replace('%USER%',auth_nameencode($_SERVER['REMOTE_USER']),$rest);
+            $id   = str_replace('%USER%',cleanID($INPUT->server->str('REMOTE_USER')),$id);
+            $rest = str_replace('%USER%',auth_nameencode($INPUT->server->str('REMOTE_USER')),$rest);
         }
 
         // substitute group wildcard (its 1:m)
@@ -217,6 +219,8 @@ function auth_login($user, $pass, $sticky = false, $silent = false) {
     global $lang;
     /* @var DokuWiki_Auth_Plugin $auth */
     global $auth;
+    /* @var Input $INPUT */
+    global $INPUT;
 
     $sticky ? $sticky = true : $sticky = false; //sanity check
 
@@ -226,7 +230,7 @@ function auth_login($user, $pass, $sticky = false, $silent = false) {
         //usual login
         if($auth->checkPass($user, $pass)) {
             // make logininfo globally available
-            $_SERVER['REMOTE_USER'] = $user;
+            $INPUT->server->set('REMOTE_USER', $user);
             $secret                 = auth_cookiesalt(!$sticky, true); //bind non-sticky to session
             auth_setCookie($user, auth_encrypt($pass, $secret), $sticky);
             return true;
@@ -253,7 +257,7 @@ function auth_login($user, $pass, $sticky = false, $silent = false) {
             ) {
 
                 // he has session, cookie and browser right - let him in
-                $_SERVER['REMOTE_USER'] = $user;
+                $INPUT->server->set('REMOTE_USER', $user);
                 $USERINFO               = $session['info']; //FIXME move all references to session
                 return true;
             }
@@ -288,7 +292,10 @@ function auth_validateToken($token) {
     }
     // still here? trust the session data
     global $USERINFO;
-    $_SERVER['REMOTE_USER'] = $_SESSION[DOKU_COOKIE]['auth']['user'];
+    /* @var Input $INPUT */
+    global $INPUT;
+
+    $INPUT->server->set('REMOTE_USER',$_SESSION[DOKU_COOKIE]['auth']['user']);
     $USERINFO               = $_SESSION[DOKU_COOKIE]['auth']['info'];
     return true;
 }
@@ -321,11 +328,14 @@ function auth_createToken() {
  * @return  string  a MD5 sum of various browser headers
  */
 function auth_browseruid() {
+    /* @var Input $INPUT */
+    global $INPUT;
+
     $ip  = clientIP(true);
     $uid = '';
-    $uid .= $_SERVER['HTTP_USER_AGENT'];
-    $uid .= $_SERVER['HTTP_ACCEPT_ENCODING'];
-    $uid .= $_SERVER['HTTP_ACCEPT_CHARSET'];
+    $uid .= $INPUT->server->str('HTTP_USER_AGENT');
+    $uid .= $INPUT->server->str('HTTP_ACCEPT_ENCODING');
+    $uid .= $INPUT->server->str('HTTP_ACCEPT_CHARSET');
     $uid .= substr($ip, 0, strpos($ip, '.'));
     $uid = strtolower($uid);
     return md5($uid);
@@ -511,6 +521,8 @@ function auth_logoff($keepbc = false) {
     global $USERINFO;
     /* @var DokuWiki_Auth_Plugin $auth */
     global $auth;
+    /* @var Input $INPUT */
+    global $INPUT;
 
     // make sure the session is writable (it usually is)
     @session_start();
@@ -523,16 +535,11 @@ function auth_logoff($keepbc = false) {
         unset($_SESSION[DOKU_COOKIE]['auth']['info']);
     if(!$keepbc && isset($_SESSION[DOKU_COOKIE]['bc']))
         unset($_SESSION[DOKU_COOKIE]['bc']);
-    if(isset($_SERVER['REMOTE_USER']))
-        unset($_SERVER['REMOTE_USER']);
+    $INPUT->server->remove('REMOTE_USER');
     $USERINFO = null; //FIXME
 
     $cookieDir = empty($conf['cookiedir']) ? DOKU_REL : $conf['cookiedir'];
-    if(version_compare(PHP_VERSION, '5.2.0', '>')) {
-        setcookie(DOKU_COOKIE, '', time() - 600000, $cookieDir, '', ($conf['securecookie'] && is_ssl()), true);
-    } else {
-        setcookie(DOKU_COOKIE, '', time() - 600000, $cookieDir, '', ($conf['securecookie'] && is_ssl()));
-    }
+    setcookie(DOKU_COOKIE, '', time() - 600000, $cookieDir, '', ($conf['securecookie'] && is_ssl()), true);
 
     if($auth) $auth->logOff();
 }
@@ -557,13 +564,16 @@ function auth_ismanager($user = null, $groups = null, $adminonly = false) {
     global $USERINFO;
     /* @var DokuWiki_Auth_Plugin $auth */
     global $auth;
+    /* @var Input $INPUT */
+    global $INPUT;
+
 
     if(!$auth) return false;
     if(is_null($user)) {
-        if(!isset($_SERVER['REMOTE_USER'])) {
+        if(!$INPUT->server->has('REMOTE_USER')) {
             return false;
         } else {
-            $user = $_SERVER['REMOTE_USER'];
+            $user = $INPUT->server->str('REMOTE_USER');
         }
     }
     if(is_null($groups)) {
@@ -655,23 +665,47 @@ function auth_isMember($memberlist, $user, array $groups) {
 function auth_quickaclcheck($id) {
     global $conf;
     global $USERINFO;
+    /* @var Input $INPUT */
+    global $INPUT;
     # if no ACL is used always return upload rights
     if(!$conf['useacl']) return AUTH_UPLOAD;
-    return auth_aclcheck($id, $_SERVER['REMOTE_USER'], $USERINFO['grps']);
+    return auth_aclcheck($id, $INPUT->server->str('REMOTE_USER'), $USERINFO['grps']);
 }
 
 /**
- * Returns the maximum rights a user has for
- * the given ID or its namespace
+ * Returns the maximum rights a user has for the given ID or its namespace
  *
  * @author  Andreas Gohr <andi@splitbrain.org>
- *
+ * @triggers AUTH_ACL_CHECK
  * @param  string       $id     page ID (needs to be resolved and cleaned)
  * @param  string       $user   Username
  * @param  array|null   $groups Array of groups the user is in
  * @return int             permission level
  */
 function auth_aclcheck($id, $user, $groups) {
+    $data = array(
+        'id'     => $id,
+        'user'   => $user,
+        'groups' => $groups
+    );
+
+    return trigger_event('AUTH_ACL_CHECK', $data, 'auth_aclcheck_cb');
+}
+
+/**
+ * default ACL check method
+ *
+ * DO NOT CALL DIRECTLY, use auth_aclcheck() instead
+ *
+ * @author  Andreas Gohr <andi@splitbrain.org>
+ * @param  array $data event data
+ * @return int   permission level
+ */
+function auth_aclcheck_cb($data) {
+    $id     =& $data['id'];
+    $user   =& $data['user'];
+    $groups =& $data['groups'];
+
     global $conf;
     global $AUTH_ACL;
     /* @var DokuWiki_Auth_Plugin $auth */
@@ -823,6 +857,12 @@ function auth_nameencode($name, $skip_group = false) {
     return $cache[$name][$skip_group];
 }
 
+/**
+ * callback encodes the matches
+ *
+ * @param array $matches first complete match, next matching subpatterms
+ * @return string
+ */
 function auth_nameencode_callback($matches) {
     return '%'.dechex(ord(substr($matches[1],-1)));
 }
@@ -1034,18 +1074,18 @@ function updateprofile() {
     }
 
     if($conf['profileconfirm']) {
-        if(!$auth->checkPass($_SERVER['REMOTE_USER'], $INPUT->post->str('oldpass'))) {
+        if(!$auth->checkPass($INPUT->server->str('REMOTE_USER'), $INPUT->post->str('oldpass'))) {
             msg($lang['badpassconfirm'], -1);
             return false;
         }
     }
 
-    if($result = $auth->triggerUserMod('modify', array($_SERVER['REMOTE_USER'], $changes))) {
+    if($result = $auth->triggerUserMod('modify', array($INPUT->server->str('REMOTE_USER'), $changes))) {
         // update cookie and session with the changed data
         if($changes['pass']) {
             list( /*user*/, $sticky, /*pass*/) = auth_getCookie();
             $pass = auth_encrypt($changes['pass'], auth_cookiesalt(!$sticky, true));
-            auth_setCookie($_SERVER['REMOTE_USER'], $pass, (bool) $sticky);
+            auth_setCookie($INPUT->server->str('REMOTE_USER'), $pass, (bool) $sticky);
         }
         return true;
     }
@@ -1053,6 +1093,11 @@ function updateprofile() {
     return false;
 }
 
+/**
+ * Delete the current logged-in user
+ *
+ * @return bool true on success, false on any error
+ */
 function auth_deleteprofile(){
     global $conf;
     global $lang;
@@ -1076,13 +1121,13 @@ function auth_deleteprofile(){
     }
 
     if($conf['profileconfirm']) {
-        if(!$auth->checkPass($_SERVER['REMOTE_USER'], $INPUT->post->str('oldpass'))) {
+        if(!$auth->checkPass($INPUT->server->str('REMOTE_USER'), $INPUT->post->str('oldpass'))) {
             msg($lang['badpassconfirm'], -1);
             return false;
         }
     }
 
-    $deleted[] = $_SERVER['REMOTE_USER'];
+    $deleted[] = $INPUT->server->str('REMOTE_USER');
     if($auth->triggerUserMod('delete', array($deleted))) {
         // force and immediate logout including removing the sticky cookie
         auth_logoff();
@@ -1286,11 +1331,8 @@ function auth_setCookie($user, $pass, $sticky) {
     $cookie    = base64_encode($user).'|'.((int) $sticky).'|'.base64_encode($pass);
     $cookieDir = empty($conf['cookiedir']) ? DOKU_REL : $conf['cookiedir'];
     $time      = $sticky ? (time() + 60 * 60 * 24 * 365) : 0; //one year
-    if(version_compare(PHP_VERSION, '5.2.0', '>')) {
-        setcookie(DOKU_COOKIE, $cookie, $time, $cookieDir, '', ($conf['securecookie'] && is_ssl()), true);
-    } else {
-        setcookie(DOKU_COOKIE, $cookie, $time, $cookieDir, '', ($conf['securecookie'] && is_ssl()));
-    }
+    setcookie(DOKU_COOKIE, $cookie, $time, $cookieDir, '', ($conf['securecookie'] && is_ssl()), true);
+
     // set session
     $_SESSION[DOKU_COOKIE]['auth']['user'] = $user;
     $_SESSION[DOKU_COOKIE]['auth']['pass'] = sha1($pass);