Merge branch 'master' into stable

* master: (214 commits) release preparations postgresql auth plugin: correct function name parse AT parameter: first strtotime then timestamp remove config option move more strings to lang.php move strings to lang.php add placeholders for create page text phpdocs parserutils improve some scrutinizer issues visibility plugin methods use config cascade for loading of localizations reformatting config cascade add lang files to cascading work around missing gzopen on certain systems #865 translation update fix scrutinizer issues fixed typos in docblock comments do not allow empty passwords clean user credentials from control chars added filter method to INPUT class translation update ...
author: Andreas Gohr <andi@splitbrain.org> 2014-09-29 20:17:39 +0200
committer: Andreas Gohr <andi@splitbrain.org> 2014-09-29 20:17:39 +0200
commit: 6c1ae996157551dcf5bb4e7e8922677bb3d3d358 (patch)
tree: b3a4162367176a4e2ebadbd6ab31753c1b042be0 /lib/plugins/authplain/auth.php
parent: 35f3340eb3b989194a496861abfb5b3d3c9a630d (diff)
parent: 57271d078b9c433bec79d75cb44dadcafeae07df (diff)
download: rpg-6c1ae996157551dcf5bb4e7e8922677bb3d3d358.tar.gz
rpg-6c1ae996157551dcf5bb4e7e8922677bb3d3d358.tar.bz2
1 files changed, 30 insertions, 6 deletions
diff --git a/lib/plugins/authplain/auth.php b/lib/plugins/authplain/auth.php
index 8c4ce0dd9..b3ca988b9 100644
--- a/lib/plugins/authplain/auth.php
+++ b/lib/plugins/authplain/auth.php
@@ -76,14 +76,36 @@ class auth_plugin_authplain extends DokuWiki_Auth_Plugin {
      *
      * @author  Andreas Gohr <andi@splitbrain.org>
      * @param string $user
+     * @param bool $requireGroups  (optional) ignored by this plugin, grps info always supplied
      * @return array|bool
      */
-    public function getUserData($user) {
+    public function getUserData($user, $requireGroups=true) {
         if($this->users === null) $this->_loadUserData();
         return isset($this->users[$user]) ? $this->users[$user] : false;
     }
 
     /**
+     * Creates a string suitable for saving as a line
+     * in the file database
+     * (delimiters escaped, etc.)
+     *
+     * @param string $user
+     * @param string $pass
+     * @param string $name
+     * @param string $mail
+     * @param array  $grps list of groups the user is in
+     * @return string
+     */
+    protected function _createUserLine($user, $pass, $name, $mail, $grps) {
+        $groups   = join(',', $grps);
+        $userline = array($user, $pass, $name, $mail, $groups);
+        $userline = str_replace('\\', '\\\\', $userline); // escape \ as \\
+        $userline = str_replace(':', '\\:', $userline); // escape : as \:
+        $userline = join(':', $userline)."\n";
+        return $userline;
+    }
+
+    /**
      * Create a new User
      *
      * Returns false if the user already exists, null when an error
@@ -115,8 +137,7 @@ class auth_plugin_authplain extends DokuWiki_Auth_Plugin {
         if(!is_array($grps)) $grps = array($conf['defaultgroup']);
 
         // prepare user line
-        $groups   = join(',', $grps);
-        $userline = join(':', array($user, $pass, $name, $mail, $groups))."\n";
+        $userline = $this->_createUserLine($user, $pass, $name, $mail, $grps);
 
         if(io_saveFile($config_cascade['plainauth.users']['default'], $userline, true)) {
             $this->users[$user] = compact('pass', 'name', 'mail', 'grps');
@@ -157,8 +178,7 @@ class auth_plugin_authplain extends DokuWiki_Auth_Plugin {
             $userinfo[$field] = $value;
         }
 
-        $groups   = join(',', $userinfo['grps']);
-        $userline = join(':', array($newuser, $userinfo['pass'], $userinfo['name'], $userinfo['mail'], $groups))."\n";
+        $userline = $this->_createUserLine($newuser, $userinfo['pass'], $userinfo['name'], $userinfo['mail'], $userinfo['grps']);
 
         if(!$this->deleteUsers(array($user))) {
             msg('Unable to modify user data. Please inform the Wiki-Admin', -1);
@@ -308,7 +328,11 @@ class auth_plugin_authplain extends DokuWiki_Auth_Plugin {
             $line = trim($line);
             if(empty($line)) continue;
 
-            $row    = explode(":", $line, 5);
+            /* NB: preg_split can be deprecated/replaced with str_getcsv once dokuwiki is min php 5.3 */
+            $row = preg_split('/(?<![^\\\\]\\\\)\:/', $line, 5); // allow for : escaped as \:
+            $row = str_replace('\\:', ':', $row);
+            $row = str_replace('\\\\', '\\', $row);
+
             $groups = array_values(array_filter(explode(",", $row[4])));
 
             $this->users[$row[0]]['pass'] = $row[1];
author	Andreas Gohr <andi@splitbrain.org>	2014-09-29 20:17:39 +0200
committer	Andreas Gohr <andi@splitbrain.org>	2014-09-29 20:17:39 +0200
commit	6c1ae996157551dcf5bb4e7e8922677bb3d3d358 (patch)
tree	b3a4162367176a4e2ebadbd6ab31753c1b042be0 /lib/plugins/authplain/auth.php
parent	35f3340eb3b989194a496861abfb5b3d3c9a630d (diff)
parent	57271d078b9c433bec79d75cb44dadcafeae07df (diff)
download	rpg-6c1ae996157551dcf5bb4e7e8922677bb3d3d358.tar.gz rpg-6c1ae996157551dcf5bb4e7e8922677bb3d3d358.tar.bz2