2 files changed, 84 insertions, 8 deletions

diff --git a/lib/plugins/authplain/_test/escaping.test.php b/lib/plugins/authplain/_test/escaping.test.php
index cd5294157..e1eade8d4 100644
--- a/lib/plugins/authplain/_test/escaping.test.php
+++ b/lib/plugins/authplain/_test/escaping.test.php
@@ -12,13 +12,14 @@
  * @group plugins
  */
 class helper_plugin_authplain_escaping_test extends DokuWikiTest {
- 
-    protected $pluginsEnabled = array('authplain');
+
+    protected $pluginsEnabled = array('authplainharness');
+    /** @var  auth_plugin_authplain|auth_plugin_authplainharness */
     protected $auth;
- 
+
     protected function reloadUsers() {
         /* auth caches data loaded from file, but recreated object forces reload */
-        $this->auth = new auth_plugin_authplain();
+        $this->auth = new auth_plugin_authplainharness();
     }
 
     function setUp() {
@@ -76,7 +77,50 @@ class helper_plugin_authplain_escaping_test extends DokuWikiTest {
         $this->assertEquals($saved['name'], $user['name']);
         $this->assertTrue($this->auth->checkPass("testuser", $user['pass']));
     }
+
+    // really only required for developers to ensure this plugin will
+    // work with systems running on PCRE 6.6 and lower.
+    public function testLineSplit(){
+        $this->auth->setPregsplit_safe(false);
+
+        $names = array(
+          'plain',
+          'ut-fठ8',
+          'colon:',
+          'backslash\\',
+          'alltogether\\ठ:'
+        );
+        $userpass = 'user:password_hash:';
+        $other_user_data = ':email@address:group1,group2';
+
+        foreach ($names as $testname) {
+            $escaped = str_replace(array('\\',':'),array('\\\\','\\:'),$testname);   // escape : & \
+            $test_line = $userpass.$escaped.$other_user_data;
+            $result = $this->auth->splitUserData($test_line);
+
+            $this->assertEquals($escaped, $result[2]);
+        }
+    }
     
 }
 
-?>
\ No newline at end of file
+class auth_plugin_authplainharness extends auth_plugin_authplain {
+
+    /**
+     * @param boolean $bool
+     */
+    public function setPregsplit_safe($bool) {
+        $this->_pregsplit_safe = $bool;
+    }
+
+    public function getPregsplit_safe(){
+        return $this->_pregsplit_safe;
+    }
+
+    /**
+     * @param string $line
+     */
+    public function splitUserData($line){
+        return $this->_splitUserData($line);
+    }
+}
diff --git a/lib/plugins/authplain/auth.php b/lib/plugins/authplain/auth.php
index b3ca988b9..b31c02fc8 100644
--- a/lib/plugins/authplain/auth.php
+++ b/lib/plugins/authplain/auth.php
@@ -17,6 +17,9 @@ class auth_plugin_authplain extends DokuWiki_Auth_Plugin {
     /** @var array filter pattern */
     protected $_pattern = array();
 
+    /** @var bool safe version of preg_split */
+    protected $_pregsplit_safe = false;
+
     /**
      * Constructor
      *
@@ -44,6 +47,8 @@ class auth_plugin_authplain extends DokuWiki_Auth_Plugin {
             $this->cando['getUsers']     = true;
             $this->cando['getUserCount'] = true;
         }
+
+        $this->_pregsplit_safe = version_compare(PCRE_VERSION,'6.7','>=');
     }
 
     /**
@@ -77,7 +82,7 @@ class auth_plugin_authplain extends DokuWiki_Auth_Plugin {
      * @author  Andreas Gohr <andi@splitbrain.org>
      * @param string $user
      * @param bool $requireGroups  (optional) ignored by this plugin, grps info always supplied
-     * @return array|bool
+     * @return array|false
      */
     public function getUserData($user, $requireGroups=true) {
         if($this->users === null) $this->_loadUserData();
@@ -320,7 +325,7 @@ class auth_plugin_authplain extends DokuWiki_Auth_Plugin {
 
         $this->users = array();
 
-        if(!@file_exists($config_cascade['plainauth.users']['default'])) return;
+        if(!file_exists($config_cascade['plainauth.users']['default'])) return;
 
         $lines = file($config_cascade['plainauth.users']['default']);
         foreach($lines as $line) {
@@ -329,7 +334,7 @@ class auth_plugin_authplain extends DokuWiki_Auth_Plugin {
             if(empty($line)) continue;
 
             /* NB: preg_split can be deprecated/replaced with str_getcsv once dokuwiki is min php 5.3 */
-            $row = preg_split('/(?<![^\\\\]\\\\)\:/', $line, 5); // allow for : escaped as \:
+            $row = $this->_splitUserData($line);
             $row = str_replace('\\:', ':', $row);
             $row = str_replace('\\\\', '\\', $row);
 
@@ -342,6 +347,33 @@ class auth_plugin_authplain extends DokuWiki_Auth_Plugin {
         }
     }
 
+    protected function _splitUserData($line){
+        // due to a bug in PCRE 6.6, preg_split will fail with the regex we use here
+        // refer github issues 877 & 885
+        if ($this->_pregsplit_safe){
+            return preg_split('/(?<![^\\\\]\\\\)\:/', $line, 5);       // allow for : escaped as \:
+        }
+
+        $row = array();
+        $piece = '';
+        $len = strlen($line);
+        for($i=0; $i<$len; $i++){
+            if ($line[$i]=='\\'){
+                $piece .= $line[$i];
+                $i++;
+                if ($i>=$len) break;
+            } else if ($line[$i]==':'){
+                $row[] = $piece;
+                $piece = '';
+                continue;
+            }
+            $piece .= $line[$i];
+        }
+        $row[] = $piece;
+
+        return $row;
+    }
+
     /**
      * return true if $user + $info match $filter criteria, false otherwise
      *