diff options
| author | Andreas Gohr <andi@splitbrain.org> | 2009-11-13 11:22:49 +0100 |
|---|---|---|
| committer | Andreas Gohr <andi@splitbrain.org> | 2009-11-13 11:22:49 +0100 |
| commit | 191bb90af90d4b063435ee55d67082e7453ed1fb (patch) | |
| tree | 584897855e3ca2c3a56083738df7ef9dcd51449a /inc/auth.php | |
| parent | d4caa43b1b7b6d8cead392e391bdfadd08b24c11 (diff) | |
| download | rpg-191bb90af90d4b063435ee55d67082e7453ed1fb.tar.gz rpg-191bb90af90d4b063435ee55d67082e7453ed1fb.tar.bz2 | |
Added group and user sanitation
Ignore-this: 26392125523d2c822580346074330ebe
darcs-hash:20091113102249-7ad00-4cede040a940d739bd34d548e12956e8d8609cfa.gz
Diffstat (limited to 'inc/auth.php')
| -rw-r--r-- | inc/auth.php | 13 |
1 files changed, 7 insertions, 6 deletions
diff --git a/inc/auth.php b/inc/auth.php index 7dd7eb557..6157ac892 100644 --- a/inc/auth.php +++ b/inc/auth.php @@ -74,6 +74,9 @@ if($conf['useacl']){ $_REQUEST['http_credentials'] = true; } + // apply cleaning + $_REQUEST['u'] = $auth->cleanUser($_REQUEST['u']); + if(isset($_REQUEST['authtok'])){ // when an authentication token is given, trust the session auth_validateToken($_REQUEST['authtok']); @@ -90,13 +93,10 @@ if($conf['useacl']){ $evt = new Doku_Event('AUTH_LOGIN_CHECK',$evdata); if($evt->advise_before()){ auth_login($evdata['user'], - $evdata['password'], - $evdata['sticky'], - $evdata['silent']); + $evdata['password'], + $evdata['sticky'], + $evdata['silent']); } - $evt->advise_after(); - unset($evt); - unset($evdata); } } @@ -104,6 +104,7 @@ if($conf['useacl']){ global $AUTH_ACL; if(is_readable(DOKU_CONF.'acl.auth.php')){ $AUTH_ACL = file(DOKU_CONF.'acl.auth.php'); + //support user wildcard if(isset($_SERVER['REMOTE_USER'])){ $AUTH_ACL = str_replace('%USER%',$_SERVER['REMOTE_USER'],$AUTH_ACL); $AUTH_ACL = str_replace('@USER@',$_SERVER['REMOTE_USER'],$AUTH_ACL); //legacy |