Merge remote-tracking branch 'splitbrain/master'

author: Gerry Weißbach <gerry.w@gammaproduction.de> 2014-07-16 08:02:34 +0200
committer: Gerry Weißbach <gerry.w@gammaproduction.de> 2014-07-16 08:02:34 +0200
commit: 0bd5b90b4c1294b3c9abc1977060f971dc2e2744 (patch)
tree: ac79a7402ffef718685f16dbba6692a0c9b5f458 /lib/plugins/authplain/auth.php
parent: 1858e4d7685782550789fd8c228e55ae319bc37a (diff)
parent: 80679bafa1a5ed611bafc603afd0ae7b2b5954a7 (diff)
download: rpg-0bd5b90b4c1294b3c9abc1977060f971dc2e2744.tar.gz
rpg-0bd5b90b4c1294b3c9abc1977060f971dc2e2744.tar.bz2
1 files changed, 28 insertions, 5 deletions
diff --git a/lib/plugins/authplain/auth.php b/lib/plugins/authplain/auth.php
index 8c4ce0dd9..e53f56667 100644
--- a/lib/plugins/authplain/auth.php
+++ b/lib/plugins/authplain/auth.php
@@ -84,6 +84,27 @@ class auth_plugin_authplain extends DokuWiki_Auth_Plugin {
     }
 
     /**
+     * Creates a string suitable for saving as a line
+     * in the file database
+     * (delimiters escaped, etc.)
+     *
+     * @param string $user
+     * @param string $pass
+     * @param string $name
+     * @param string $mail
+     * @param array  $grps list of groups the user is in
+     * @return string
+     */
+    protected function _createUserLine($user, $pass, $name, $mail, $grps) {
+        $groups   = join(',', $grps);
+        $userline = array($user, $pass, $name, $mail, $groups);
+        $userline = str_replace('\\', '\\\\', $userline); // escape \ as \\
+        $userline = str_replace(':', '\\:', $userline); // escape : as \:
+        $userline = join(':', $userline)."\n";
+        return $userline;
+    }
+
+    /**
      * Create a new User
      *
      * Returns false if the user already exists, null when an error
@@ -115,8 +136,7 @@ class auth_plugin_authplain extends DokuWiki_Auth_Plugin {
         if(!is_array($grps)) $grps = array($conf['defaultgroup']);
 
         // prepare user line
-        $groups   = join(',', $grps);
-        $userline = join(':', array($user, $pass, $name, $mail, $groups))."\n";
+        $userline = $this->_createUserLine($user, $pass, $name, $mail, $grps);
 
         if(io_saveFile($config_cascade['plainauth.users']['default'], $userline, true)) {
             $this->users[$user] = compact('pass', 'name', 'mail', 'grps');
@@ -157,8 +177,7 @@ class auth_plugin_authplain extends DokuWiki_Auth_Plugin {
             $userinfo[$field] = $value;
         }
 
-        $groups   = join(',', $userinfo['grps']);
-        $userline = join(':', array($newuser, $userinfo['pass'], $userinfo['name'], $userinfo['mail'], $groups))."\n";
+        $userline = $this->_createUserLine($newuser, $userinfo['pass'], $userinfo['name'], $userinfo['mail'], $userinfo['grps']);
 
         if(!$this->deleteUsers(array($user))) {
             msg('Unable to modify user data. Please inform the Wiki-Admin', -1);
@@ -308,7 +327,11 @@ class auth_plugin_authplain extends DokuWiki_Auth_Plugin {
             $line = trim($line);
             if(empty($line)) continue;
 
-            $row    = explode(":", $line, 5);
+            /* NB: preg_split can be deprecated/replaced with str_getcsv once dokuwiki is min php 5.3 */
+            $row = preg_split('/(?<![^\\\\]\\\\)\:/', $line, 5); // allow for : escaped as \:
+            $row = str_replace('\\:', ':', $row);
+            $row = str_replace('\\\\', '\\', $row);
+
             $groups = array_values(array_filter(explode(",", $row[4])));
 
             $this->users[$row[0]]['pass'] = $row[1];
author	Gerry Weißbach <gerry.w@gammaproduction.de>	2014-07-16 08:02:34 +0200
committer	Gerry Weißbach <gerry.w@gammaproduction.de>	2014-07-16 08:02:34 +0200
commit	0bd5b90b4c1294b3c9abc1977060f971dc2e2744 (patch)
tree	ac79a7402ffef718685f16dbba6692a0c9b5f458 /lib/plugins/authplain/auth.php
parent	1858e4d7685782550789fd8c228e55ae319bc37a (diff)
parent	80679bafa1a5ed611bafc603afd0ae7b2b5954a7 (diff)
download	rpg-0bd5b90b4c1294b3c9abc1977060f971dc2e2744.tar.gz rpg-0bd5b90b4c1294b3c9abc1977060f971dc2e2744.tar.bz2