diff options
| author | Michael Hamann <michael@content-space.de> | 2010-12-11 00:08:51 +0100 |
|---|---|---|
| committer | Andreas Gohr <andi@splitbrain.org> | 2011-01-16 18:36:41 +0100 |
| commit | 668ecbf4f3b194e6466682ac7134425bb698237a (patch) | |
| tree | fb934d18dae5ffb62f5b55254ce6b1522af2b8e3 | |
| parent | 5f727e6526488b03f61b0316dafb0ee127b709f3 (diff) | |
| download | rpg-668ecbf4f3b194e6466682ac7134425bb698237a.tar.gz rpg-668ecbf4f3b194e6466682ac7134425bb698237a.tar.bz2 | |
preg_quote namespaces in auth_aclcheck
Like ids namespaces are now preg_quoted in the acl check (and therefore
the escaping of "*" has been removed). When plugins call the ACL check
function with strange ids the regex fails otherwise (in the case of the
include plugin errors like "Warning: preg_grep() [function.preg-grep]:
Compilation failed: missing terminating ] for character class at offset
47" have been reported by two users).
I've run the acl tests after this change and everything passes so this
shouldn't break anything but please test this especially with protected
wikis as this change modifies the code that handles namespace
permissions. Furthermore permissions for a namespace foobar are no
longer applied to namespaces with names like foo.ar, I hope nobody has
used that "feature".
When you are using per-user namespaces, user registration is open and
either write or read protection for these namespaces is important to
you this is a security fix for you: When someone wants to get access to
the namespace of a user "foo.bar" he can register as "fooxbar" (where
"x" is an arbitrary character) and will have access to the user
namespace of the user "foo.bar" as when a page in "foo.bar" is checked
it will match the rule for "fooxbar".
| -rw-r--r-- | inc/auth.php | 12 |
1 files changed, 6 insertions, 6 deletions
diff --git a/inc/auth.php b/inc/auth.php index a2844a732..41e7c3490 100644 --- a/inc/auth.php +++ b/inc/auth.php @@ -536,13 +536,13 @@ function auth_aclcheck($id,$user,$groups){ //still here? do the namespace checks if($ns){ - $path = $ns.':\*'; + $path = $ns.':*'; }else{ - $path = '\*'; //root document + $path = '*'; //root document } do{ - $matches = preg_grep('/^'.$path.'\s+('.$regexp.')\s+/'.$ci,$AUTH_ACL); + $matches = preg_grep('/^'.preg_quote($path,'/').'\s+('.$regexp.')\s+/'.$ci,$AUTH_ACL); if(count($matches)){ foreach($matches as $match){ $match = preg_replace('/#.*$/','',$match); //ignore comments @@ -559,9 +559,9 @@ function auth_aclcheck($id,$user,$groups){ //get next higher namespace $ns = getNS($ns); - if($path != '\*'){ - $path = $ns.':\*'; - if($path == ':\*') $path = '\*'; + if($path != '*'){ + $path = $ns.':*'; + if($path == ':*') $path = '*'; }else{ //we did this already //looks like there is something wrong with the ACL |