Merge branch 'master' into stable

* master: (214 commits)
  release preparations
  postgresql auth plugin: correct function name
  parse AT parameter: first strtotime then timestamp remove config option
  move more strings to lang.php
  move strings to lang.php
  add placeholders for create page text
  phpdocs parserutils
  improve some scrutinizer issues
  visibility plugin methods
  use config cascade for loading of localizations
  reformatting config cascade
  add lang files to cascading
  work around missing gzopen on certain systems #865
  translation update
  fix scrutinizer issues
  fixed typos in docblock comments
  do not allow empty passwords
  clean user credentials from control chars
  added filter method to INPUT class
  translation update
  ...

3 files changed, 113 insertions, 7 deletions

diff --git a/lib/plugins/authplain/_test/escaping.test.php b/lib/plugins/authplain/_test/escaping.test.php
new file mode 100644
index 000000000..cd5294157
--- /dev/null
+++ b/lib/plugins/authplain/_test/escaping.test.php
@@ -0,0 +1,82 @@
+<?php
+
+/**
+ * These tests are designed to test the capacity of pluginauth to handle
+ * correct escaping of colon field delimiters and backslashes in user content.
+ *
+ * (Note that these tests set some Real Names, etc. that are may not be
+ * valid in the broader dokuwiki context, but the tests ensure that
+ * authplain won't get unexpectedly surprised.)
+ *
+ * @group plugin_authplain
+ * @group plugins
+ */
+class helper_plugin_authplain_escaping_test extends DokuWikiTest {
+ 
+    protected $pluginsEnabled = array('authplain');
+    protected $auth;
+ 
+    protected function reloadUsers() {
+        /* auth caches data loaded from file, but recreated object forces reload */
+        $this->auth = new auth_plugin_authplain();
+    }
+
+    function setUp() {
+        global $config_cascade;
+        parent::setUp();
+        $name = $config_cascade['plainauth.users']['default'];
+        copy($name, $name.".orig");
+        $this->reloadUsers();
+    }
+
+    function tearDown() {
+        global $config_cascade;
+        parent::tearDown();
+        $name = $config_cascade['plainauth.users']['default'];
+        copy($name.".orig", $name);
+    }
+
+    public function testMediawikiPasswordHash() {
+        global $conf;
+        $conf['passcrypt'] = 'mediawiki';
+        $this->auth->createUser("mwuser", "12345", "Mediawiki User", "me@example.com");
+        $this->reloadUsers();
+        $this->assertTrue($this->auth->checkPass("mwuser", "12345"));
+        $mwuser = $this->auth->getUserData("mwuser");
+        $this->assertStringStartsWith(":B:",$mwuser['pass']);
+        $this->assertEquals("Mediawiki User",$mwuser['name']);
+    }
+
+    public function testNameWithColons() {
+        $name = ":Colon: User:";
+        $this->auth->createUser("colonuser", "password", $name, "me@example.com");
+        $this->reloadUsers();
+        $user = $this->auth->getUserData("colonuser");
+        $this->assertEquals($name,$user['name']);
+    }
+
+    public function testNameWithBackslashes() {
+        $name = "\\Slash\\ User\\";
+        $this->auth->createUser("slashuser", "password", $name, "me@example.com");
+        $this->reloadUsers();
+        $user = $this->auth->getUserData("slashuser");
+        $this->assertEquals($name,$user['name']);
+    }
+
+    public function testModifyUser() {
+        global $conf;
+        $conf['passcrypt'] = 'mediawiki';
+        $user = $this->auth->getUserData("testuser");
+        $user['name'] = "\\New:Crazy:Name\\";
+        $user['pass'] = "awesome new password";
+        $this->auth->modifyUser("testuser", $user);
+        $this->reloadUsers();
+
+        $saved = $this->auth->getUserData("testuser");
+        $this->assertEquals($saved['name'], $user['name']);
+        $this->assertTrue($this->auth->checkPass("testuser", $user['pass']));
+    }
+    
+}
+
+?>
\ No newline at end of file
diff --git a/lib/plugins/authplain/auth.php b/lib/plugins/authplain/auth.php
index 8c4ce0dd9..b3ca988b9 100644
--- a/lib/plugins/authplain/auth.php
+++ b/lib/plugins/authplain/auth.php
@@ -76,14 +76,36 @@ class auth_plugin_authplain extends DokuWiki_Auth_Plugin {
      *
      * @author  Andreas Gohr <andi@splitbrain.org>
      * @param string $user
+     * @param bool $requireGroups  (optional) ignored by this plugin, grps info always supplied
      * @return array|bool
      */
-    public function getUserData($user) {
+    public function getUserData($user, $requireGroups=true) {
         if($this->users === null) $this->_loadUserData();
         return isset($this->users[$user]) ? $this->users[$user] : false;
     }
 
     /**
+     * Creates a string suitable for saving as a line
+     * in the file database
+     * (delimiters escaped, etc.)
+     *
+     * @param string $user
+     * @param string $pass
+     * @param string $name
+     * @param string $mail
+     * @param array  $grps list of groups the user is in
+     * @return string
+     */
+    protected function _createUserLine($user, $pass, $name, $mail, $grps) {
+        $groups   = join(',', $grps);
+        $userline = array($user, $pass, $name, $mail, $groups);
+        $userline = str_replace('\\', '\\\\', $userline); // escape \ as \\
+        $userline = str_replace(':', '\\:', $userline); // escape : as \:
+        $userline = join(':', $userline)."\n";
+        return $userline;
+    }
+
+    /**
      * Create a new User
      *
      * Returns false if the user already exists, null when an error
@@ -115,8 +137,7 @@ class auth_plugin_authplain extends DokuWiki_Auth_Plugin {
         if(!is_array($grps)) $grps = array($conf['defaultgroup']);
 
         // prepare user line
-        $groups   = join(',', $grps);
-        $userline = join(':', array($user, $pass, $name, $mail, $groups))."\n";
+        $userline = $this->_createUserLine($user, $pass, $name, $mail, $grps);
 
         if(io_saveFile($config_cascade['plainauth.users']['default'], $userline, true)) {
             $this->users[$user] = compact('pass', 'name', 'mail', 'grps');
@@ -157,8 +178,7 @@ class auth_plugin_authplain extends DokuWiki_Auth_Plugin {
             $userinfo[$field] = $value;
         }
 
-        $groups   = join(',', $userinfo['grps']);
-        $userline = join(':', array($newuser, $userinfo['pass'], $userinfo['name'], $userinfo['mail'], $groups))."\n";
+        $userline = $this->_createUserLine($newuser, $userinfo['pass'], $userinfo['name'], $userinfo['mail'], $userinfo['grps']);
 
         if(!$this->deleteUsers(array($user))) {
             msg('Unable to modify user data. Please inform the Wiki-Admin', -1);
@@ -308,7 +328,11 @@ class auth_plugin_authplain extends DokuWiki_Auth_Plugin {
             $line = trim($line);
             if(empty($line)) continue;
 
-            $row    = explode(":", $line, 5);
+            /* NB: preg_split can be deprecated/replaced with str_getcsv once dokuwiki is min php 5.3 */
+            $row = preg_split('/(?<![^\\\\]\\\\)\:/', $line, 5); // allow for : escaped as \:
+            $row = str_replace('\\:', ':', $row);
+            $row = str_replace('\\\\', '\\', $row);
+
             $groups = array_values(array_filter(explode(",", $row[4])));
 
             $this->users[$row[0]]['pass'] = $row[1];
diff --git a/lib/plugins/authplain/plugin.info.txt b/lib/plugins/authplain/plugin.info.txt
index b63ee53e4..2659ac7ad 100644
--- a/lib/plugins/authplain/plugin.info.txt
+++ b/lib/plugins/authplain/plugin.info.txt
@@ -1,7 +1,7 @@
 base   authplain
 author Andreas Gohr
 email  andi@splitbrain.org
-date   2012-11-09
+date   2014-07-01
 name   Plain Auth Plugin
 desc   Provides user authentication against DokuWiki's local password storage
 url    http://www.dokuwiki.org/plugin:authplain