From 698e7df8c9d5c43a93ed6822efa537158682a700 Mon Sep 17 00:00:00 2001
From: Christopher Smith <chris@jalakai.co.uk>
Date: Sat, 19 Oct 2013 18:24:20 +0100
Subject: add tests for usernames with 2 & 3 byte utf8 characters

---
 _test/tests/inc/auth_nameencode.test.php | 16 ++++++++++++++++
 1 file changed, 16 insertions(+)

diff --git a/_test/tests/inc/auth_nameencode.test.php b/_test/tests/inc/auth_nameencode.test.php
index da9f31f90..64e437004 100644
--- a/_test/tests/inc/auth_nameencode.test.php
+++ b/_test/tests/inc/auth_nameencode.test.php
@@ -42,6 +42,22 @@ class auth_nameencode_test extends DokuWikiTest {
         $out = '%40hey%24you';
         $this->assertEquals(auth_nameencode($in),$out);
     }
+
+    // include a two byte utf8 character which shouldn't be encoded
+    function test_hebrew(){
+        $in = 'nun-נ8';
+        $expect = 'nun%2dנ8';
+
+        $this->assertEquals($expect, auth_nameencode($in));
+    }
+
+    // include a three byte utf8 character which shouldn't be encoded
+    function test_devanagiri(){
+        $in = 'ut-fठ8';
+        $expect = 'ut%2dfठ8';
+
+        $this->assertEquals($expect, auth_nameencode($in));
+    }
 }
 
 //Setup VIM: ex: et ts=4 :
-- 
cgit v1.2.3


From 21c3090a76ebde3117ae1dcb9f503fe3a61c1c02 Mon Sep 17 00:00:00 2001
From: Christopher Smith <chris@jalakai.co.uk>
Date: Mon, 21 Oct 2013 23:32:15 +0100
Subject: replace \s, \S with [ \t], [^ \t] in regexs used with acls

---
 inc/auth.php              | 10 +++++-----
 lib/plugins/acl/admin.php |  4 ++--
 2 files changed, 7 insertions(+), 7 deletions(-)

diff --git a/inc/auth.php b/inc/auth.php
index 0d42c8673..b793f5d12 100644
--- a/inc/auth.php
+++ b/inc/auth.php
@@ -140,7 +140,7 @@ function auth_loadACL() {
     foreach($acl as $line) {
         $line = trim($line);
         if(empty($line) || ($line{0} == '#')) continue; // skip blank lines & comments
-        list($id,$rest) = preg_split('/\s+/',$line,2);
+        list($id,$rest) = preg_split('/[ \t]+/',$line,2);
 
         // substitute user wildcard first (its 1:1)
         if(strstr($line, '%USER%')){
@@ -716,11 +716,11 @@ function auth_aclcheck($id, $user, $groups) {
     }
 
     //check exact match first
-    $matches = preg_grep('/^'.preg_quote($id, '/').'\s+(\S+)\s+/u', $AUTH_ACL);
+    $matches = preg_grep('/^'.preg_quote($id, '/').'[ \t]+([^ \t]+)[ \t]+/', $AUTH_ACL);
     if(count($matches)) {
         foreach($matches as $match) {
             $match = preg_replace('/#.*$/', '', $match); //ignore comments
-            $acl   = preg_split('/\s+/', $match);
+            $acl   = preg_split('/[ \t]+/', $match);
             if(!$auth->isCaseSensitive() && $acl[1] !== '@ALL') {
                 $acl[1] = utf8_strtolower($acl[1]);
             }
@@ -746,11 +746,11 @@ function auth_aclcheck($id, $user, $groups) {
     }
 
     do {
-        $matches = preg_grep('/^'.preg_quote($path, '/').'\s+(\S+)\s+/u', $AUTH_ACL);
+        $matches = preg_grep('/^'.preg_quote($path, '/').'[ \t]+([^ \t]+)[ \t]+/', $AUTH_ACL);
         if(count($matches)) {
             foreach($matches as $match) {
                 $match = preg_replace('/#.*$/', '', $match); //ignore comments
-                $acl   = preg_split('/\s+/', $match);
+                $acl   = preg_split('/[ \t]+/', $match);
                 if(!$auth->isCaseSensitive() && $acl[1] !== '@ALL') {
                     $acl[1] = utf8_strtolower($acl[1]);
                 }
diff --git a/lib/plugins/acl/admin.php b/lib/plugins/acl/admin.php
index 5ab73670d..b24981d91 100644
--- a/lib/plugins/acl/admin.php
+++ b/lib/plugins/acl/admin.php
@@ -554,7 +554,7 @@ class admin_plugin_acl extends DokuWiki_Admin_Plugin {
             $line = trim(preg_replace('/#.*$/','',$line)); //ignore comments
             if(!$line) continue;
 
-            $acl = preg_split('/\s+/',$line);
+            $acl = preg_split('/[ \t]+/',$line);
             //0 is pagename, 1 is user, 2 is acl
 
             $acl[1] = rawurldecode($acl[1]);
@@ -701,7 +701,7 @@ class admin_plugin_acl extends DokuWiki_Admin_Plugin {
         $acl_config = file($config_cascade['acl']['default']);
         $acl_user = auth_nameencode($acl_user,true);
 
-        $acl_pattern = '^'.preg_quote($acl_scope,'/').'\s+'.$acl_user.'\s+[0-8].*$';
+        $acl_pattern = '^'.preg_quote($acl_scope,'/').'[ \t]+'.$acl_user.'[ \t]+[0-8].*$';
 
         // save all non!-matching
         $new_config = preg_grep("/$acl_pattern/", $acl_config, PREG_GREP_INVERT);
-- 
cgit v1.2.3


From 1f6e92fa1bf9bf1d01cd159a9495657661ea6f4f Mon Sep 17 00:00:00 2001
From: Christopher Smith <chris@jalakai.co.uk>
Date: Fri, 25 Oct 2013 13:30:27 +0100
Subject: unittests for auth_loadACL

---
 _test/tests/inc/auth_loadacl.test.php | 121 ++++++++++++++++++++++++++++++++++
 1 file changed, 121 insertions(+)
 create mode 100644 _test/tests/inc/auth_loadacl.test.php

diff --git a/_test/tests/inc/auth_loadacl.test.php b/_test/tests/inc/auth_loadacl.test.php
new file mode 100644
index 000000000..5e7ac3acf
--- /dev/null
+++ b/_test/tests/inc/auth_loadacl.test.php
@@ -0,0 +1,121 @@
+<?php
+/**
+ *  auth_loadACL carries out the user & group substitutions
+ *
+ */
+
+class auth_loadacl_test extends DokuWikiTest {
+
+    function setUp() {
+        global $USERINFO;
+        parent::setUp();
+        $_SERVER['REMOTE_USER'] = 'testuser';
+        $USERINFO['grps'] = array('foo','bar');
+    }
+
+    function tearDown() {
+        parent::tearDown();
+    }
+
+    function auth_loadACL_testwrapper($acls) {
+        global $config_cascade;
+        $acl_file = $config_cascade['acl']['default'];
+
+        $config_cascade['acl']['default'] .= '.test';
+        file_put_contents($config_cascade['acl']['default'],$acls);
+
+        $result = auth_loadACL();
+
+        unlink($config_cascade['acl']['default']);
+        $config_cascade['acl']['default'] = $acl_file;
+
+        return $result;
+    }
+
+    function test_simple() {
+        $acls = <<<ACL
+* @ALL 2
+ACL;
+        $expect = array("*\t@ALL 2");
+        $this->assertEquals($expect, $this->auth_loadACL_testwrapper($acls));
+    }
+
+    function test_user_substitution() {
+        $acls = <<<ACL
+%USER% %USER% 2
+ACL;
+        $expect = array(
+            "testuser\ttestuser 2",
+        );
+        $this->assertEquals($expect, $this->auth_loadACL_testwrapper($acls));
+    }
+
+    function test_group_substitution() {
+        $acls = <<<ACL
+%GROUP% %GROUP% 2
+ACL;
+        $expect = array(
+            "foo\t@foo 2",
+            "bar\t@bar 2",
+        );
+        $this->assertEquals($expect, $this->auth_loadACL_testwrapper($acls));
+    }
+
+    function test_both_substitution() {
+        $acls = <<<ACL
+%GROUP%:%USER% %USER% 2
+%GROUP%:%USER% %GROUP% 2
+ACL;
+        $expect = array(
+            "foo:testuser\ttestuser 2",
+            "bar:testuser\ttestuser 2",
+            "foo:testuser\t@foo 2",
+            "bar:testuser\t@bar 2",
+        );
+        $this->assertEquals($expect, $this->auth_loadACL_testwrapper($acls));
+    }
+
+    // put it all together - read the standard acl provided with the test suite
+    function test_standardtestacls(){
+        $expect = array(
+            "*\t@ALL        8",
+            "private:*\t@ALL        0",
+            "users:*\t@ALL         1",
+            "users:testuser:*\ttestuser       16",
+            "groups:*\t@ALL         1",
+            "groups:foo:*\t@foo      16",
+            "groups:bar:*\t@bar      16",
+        );
+        $this->assertEquals($expect, auth_loadACL());
+    }
+
+    // FS#2867, '\s' in php regular expressions may match non-space characters utf8 strings
+    // this is due to locale setting on the server, which may match bytes '\xA0' and '\x85'
+    // these two bytes are present in valid multi-byte UTF-8 characters.
+    // this test will use one, 'ठ' (DEVANAGARI LETTER TTHA, e0 a4 a0).  There are many others. 
+    function test_FS2867() {
+        global $USERINFO;
+
+        setlocale(LC_ALL, "English_United States.1252");  // should only succeed on windows systems
+        setlocale(LC_ALL, "en_US.UTF-8");                 // should succeed on other systems
+
+        $_SERVER['REMOTE_USER'] = 'utfठ8';
+        $USERINFO['grps'] = array('utfठ16','utfठa');
+
+        $acls = <<<ACL
+%GROUP%:%USER% %USER% 2
+%GROUP%:* %GROUP% 4
+devangariठttha @ALL 2
+ACL;
+        $expect = array(
+            "utfठ16:utfठ8\tutfठ8 2",
+            "utfठa:utfठ8\tutfठ8 2",
+            "utfठ16:*\t@utfठ16 4",
+            "utfठa:*\t@utfठa 4",
+            "devangariठttha\t@ALL 2",
+        );
+        $this->assertEquals($expect, $this->auth_loadACL_testwrapper($acls));
+    }
+}
+
+//Setup VIM: ex: et ts=4 :
-- 
cgit v1.2.3


From 0113757259202e06f0316ef4be0f938b134e6e9c Mon Sep 17 00:00:00 2001
From: Christopher Smith <chris@jalakai.co.uk>
Date: Fri, 25 Oct 2013 14:42:48 +0100
Subject: skip FS#2867 test if \s doesn't match \xA0 after attempting to change
 the locale

---
 _test/tests/inc/auth_loadacl.test.php | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/_test/tests/inc/auth_loadacl.test.php b/_test/tests/inc/auth_loadacl.test.php
index 5e7ac3acf..64ab1b9cf 100644
--- a/_test/tests/inc/auth_loadacl.test.php
+++ b/_test/tests/inc/auth_loadacl.test.php
@@ -2,6 +2,7 @@
 /**
  *  auth_loadACL carries out the user & group substitutions
  *
+ * @author     Chris Smith <chris@jalakai.co.uk>
  */
 
 class auth_loadacl_test extends DokuWikiTest {
@@ -99,6 +100,11 @@ ACL;
         setlocale(LC_ALL, "English_United States.1252");  // should only succeed on windows systems
         setlocale(LC_ALL, "en_US.UTF-8");                 // should succeed on other systems
 
+        // no point continuing with this test if \s doesn't match A0
+        if (!preg_match('/\s/',"\xa0")) {
+            $this->markTestSkipped('Unable to change locale.');
+        }
+
         $_SERVER['REMOTE_USER'] = 'utfठ8';
         $USERINFO['grps'] = array('utfठ16','utfठa');
 
-- 
cgit v1.2.3


From 30eae85545994c10dcacb2d7becceaf569c99f65 Mon Sep 17 00:00:00 2001
From: Christopher Smith <chris@jalakai.co.uk>
Date: Fri, 25 Oct 2013 15:15:58 +0100
Subject: ensure locale is set back to the original value

---
 _test/tests/inc/auth_loadacl.test.php | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/_test/tests/inc/auth_loadacl.test.php b/_test/tests/inc/auth_loadacl.test.php
index 64ab1b9cf..e8d9f6696 100644
--- a/_test/tests/inc/auth_loadacl.test.php
+++ b/_test/tests/inc/auth_loadacl.test.php
@@ -97,11 +97,13 @@ ACL;
     function test_FS2867() {
         global $USERINFO;
 
+        $old_locale = setlocale(LC_ALL, '0');
         setlocale(LC_ALL, "English_United States.1252");  // should only succeed on windows systems
         setlocale(LC_ALL, "en_US.UTF-8");                 // should succeed on other systems
 
         // no point continuing with this test if \s doesn't match A0
         if (!preg_match('/\s/',"\xa0")) {
+            setlocale(LC_ALL, $old_locale);
             $this->markTestSkipped('Unable to change locale.');
         }
 
@@ -121,6 +123,7 @@ ACL;
             "devangariठttha\t@ALL 2",
         );
         $this->assertEquals($expect, $this->auth_loadACL_testwrapper($acls));
+        setlocale(LC_ALL, $old_locale);
     }
 }
 
-- 
cgit v1.2.3