diff options
| author | Michael Hamann <michael@content-space.de> | 2010-12-11 00:08:51 +0100 |
|---|---|---|
| committer | Michael Hamann <michael@content-space.de> | 2010-12-11 00:31:28 +0100 |
| commit | 3e304b55d99607a2d4586c7a4f0219736d995478 (patch) | |
| tree | 98999f9e3ee5c23c681d46ef109327860d57acc0 /inc/auth.php | |
| parent | 8596046db551f4eda739892c98b35d4461ef0019 (diff) | |
| download | rpg-3e304b55d99607a2d4586c7a4f0219736d995478.tar.gz rpg-3e304b55d99607a2d4586c7a4f0219736d995478.tar.bz2 | |
preg_quote namespaces in auth_aclcheck
Like ids namespaces are now preg_quoted in the acl check (and therefore
the escaping of "*" has been removed). When plugins call the ACL check
function with strange ids the regex fails otherwise (in the case of the
include plugin errors like "Warning: preg_grep() [function.preg-grep]:
Compilation failed: missing terminating ] for character class at offset
47" have been reported by two users).
I've run the acl tests after this change and everything passes so this
shouldn't break anything but please test this especially with protected
wikis as this change modifies the code that handles namespace
permissions. Furthermore permissions for a namespace foobar are no
longer applied to namespaces with names like foo.ar, I hope nobody has
used that "feature".
When you are using per-user namespaces, user registration is open and
either write or read protection for these namespaces is important to
you this is a security fix for you: When someone wants to get access to
the namespace of a user "foo.bar" he can register as "fooxbar" (where
"x" is an arbitrary character) and will have access to the user
namespace of the user "foo.bar" as when a page in "foo.bar" is checked
it will match the rule for "fooxbar".
Diffstat (limited to 'inc/auth.php')
| -rw-r--r-- | inc/auth.php | 12 |
1 files changed, 6 insertions, 6 deletions
diff --git a/inc/auth.php b/inc/auth.php index c455fac0c..fd2a9c66d 100644 --- a/inc/auth.php +++ b/inc/auth.php @@ -534,13 +534,13 @@ function auth_aclcheck($id,$user,$groups){ //still here? do the namespace checks if($ns){ - $path = $ns.':\*'; + $path = $ns.':*'; }else{ - $path = '\*'; //root document + $path = '*'; //root document } do{ - $matches = preg_grep('/^'.$path.'\s+('.$regexp.')\s+/'.$ci,$AUTH_ACL); + $matches = preg_grep('/^'.preg_quote($path,'/').'\s+('.$regexp.')\s+/'.$ci,$AUTH_ACL); if(count($matches)){ foreach($matches as $match){ $match = preg_replace('/#.*$/','',$match); //ignore comments @@ -557,9 +557,9 @@ function auth_aclcheck($id,$user,$groups){ //get next higher namespace $ns = getNS($ns); - if($path != '\*'){ - $path = $ns.':\*'; - if($path == ':\*') $path = '\*'; + if($path != '*'){ + $path = $ns.':*'; + if($path == ':*') $path = '*'; }else{ //we did this already //looks like there is something wrong with the ACL |