diff options
| author | Anika Henke <anika@selfthinker.org> | 2013-11-02 13:10:14 +0000 |
|---|---|---|
| committer | Anika Henke <anika@selfthinker.org> | 2013-11-02 13:10:14 +0000 |
| commit | c5393ecb1aa570830d21e9dc95b4c21cd9aa9c01 (patch) | |
| tree | 96e8dc34468a325596a5f94c85e38374fbc4b9ba /inc/auth.php | |
| parent | 71c1143e8785954ea00a62aeb755ca7d8fa47e56 (diff) | |
| parent | 38d74b12176722ce52dc1905c13816a78a2551ee (diff) | |
| download | rpg-c5393ecb1aa570830d21e9dc95b4c21cd9aa9c01.tar.gz rpg-c5393ecb1aa570830d21e9dc95b4c21cd9aa9c01.tar.bz2 | |
Merge remote-tracking branch 'origin/master' into video-audio
Conflicts:
inc/parser/xhtml.php
Diffstat (limited to 'inc/auth.php')
| -rw-r--r-- | inc/auth.php | 59 |
1 files changed, 31 insertions, 28 deletions
diff --git a/inc/auth.php b/inc/auth.php index 1c0bf5b4f..b793f5d12 100644 --- a/inc/auth.php +++ b/inc/auth.php @@ -48,15 +48,15 @@ function auth_setup() { // try to load auth backend from plugins foreach ($plugin_controller->getList('auth') as $plugin) { - if ($conf['authtype'] === $plugin) { - $auth = $plugin_controller->load('auth', $plugin); - break; - } elseif ('auth' . $conf['authtype'] === $plugin) { - // matches old auth backends (pre-Weatherwax) - $auth = $plugin_controller->load('auth', $plugin); - msg('Your authtype setting is deprecated. You must set $conf[\'authtype\'] = "auth' . $conf['authtype'] . '"' - . ' in your configuration (see <a href="https://www.dokuwiki.org/auth">Authentication Backends</a>)',-1,'','',MSG_ADMINS_ONLY); - } + if ($conf['authtype'] === $plugin) { + $auth = $plugin_controller->load('auth', $plugin); + break; + } elseif ('auth' . $conf['authtype'] === $plugin) { + // matches old auth backends (pre-Weatherwax) + $auth = $plugin_controller->load('auth', $plugin); + msg('Your authtype setting is deprecated. You must set $conf[\'authtype\'] = "auth' . $conf['authtype'] . '"' + . ' in your configuration (see <a href="https://www.dokuwiki.org/auth">Authentication Backends</a>)',-1,'','',MSG_ADMINS_ONLY); + } } if(!isset($auth) || !$auth){ @@ -65,10 +65,10 @@ function auth_setup() { } if ($auth->success == false) { - // degrade to unauthenticated user - unset($auth); - auth_logoff(); - msg($lang['authtempfail'], -1); + // degrade to unauthenticated user + unset($auth); + auth_logoff(); + msg($lang['authtempfail'], -1); return false; } @@ -139,10 +139,10 @@ function auth_loadACL() { $out = array(); foreach($acl as $line) { $line = trim($line); - if($line{0} == '#') continue; - list($id,$rest) = preg_split('/\s+/',$line,2); + if(empty($line) || ($line{0} == '#')) continue; // skip blank lines & comments + list($id,$rest) = preg_split('/[ \t]+/',$line,2); - // substitue user wildcard first (its 1:1) + // substitute user wildcard first (its 1:1) if(strstr($line, '%USER%')){ // if user is not logged in, this ACL line is meaningless - skip it if (!isset($_SERVER['REMOTE_USER'])) continue; @@ -391,7 +391,6 @@ function auth_randombytes($length) { } } - // If no strong randoms available, try OS the specific ways if(!$strong) { // Unix/Linux platform @@ -717,11 +716,11 @@ function auth_aclcheck($id, $user, $groups) { } //check exact match first - $matches = preg_grep('/^'.preg_quote($id, '/').'\s+(\S+)\s+/u', $AUTH_ACL); + $matches = preg_grep('/^'.preg_quote($id, '/').'[ \t]+([^ \t]+)[ \t]+/', $AUTH_ACL); if(count($matches)) { foreach($matches as $match) { $match = preg_replace('/#.*$/', '', $match); //ignore comments - $acl = preg_split('/\s+/', $match); + $acl = preg_split('/[ \t]+/', $match); if(!$auth->isCaseSensitive() && $acl[1] !== '@ALL') { $acl[1] = utf8_strtolower($acl[1]); } @@ -747,11 +746,11 @@ function auth_aclcheck($id, $user, $groups) { } do { - $matches = preg_grep('/^'.preg_quote($path, '/').'\s+(\S+)\s+/u', $AUTH_ACL); + $matches = preg_grep('/^'.preg_quote($path, '/').'[ \t]+([^ \t]+)[ \t]+/', $AUTH_ACL); if(count($matches)) { foreach($matches as $match) { $match = preg_replace('/#.*$/', '', $match); //ignore comments - $acl = preg_split('/\s+/', $match); + $acl = preg_split('/[ \t]+/', $match); if(!$auth->isCaseSensitive() && $acl[1] !== '@ALL') { $acl[1] = utf8_strtolower($acl[1]); } @@ -809,14 +808,14 @@ function auth_nameencode($name, $skip_group = false) { if(!isset($cache[$name][$skip_group])) { if($skip_group && $name{0} == '@') { - $cache[$name][$skip_group] = '@'.preg_replace( - '/([\x00-\x2f\x3a-\x40\x5b-\x60\x7b-\x7f])/e', - "'%'.dechex(ord(substr('\\1',-1)))", substr($name, 1) + $cache[$name][$skip_group] = '@'.preg_replace_callback( + '/([\x00-\x2f\x3a-\x40\x5b-\x60\x7b-\x7f])/', + 'auth_nameencode_callback', substr($name, 1) ); } else { - $cache[$name][$skip_group] = preg_replace( - '/([\x00-\x2f\x3a-\x40\x5b-\x60\x7b-\x7f])/e', - "'%'.dechex(ord(substr('\\1',-1)))", $name + $cache[$name][$skip_group] = preg_replace_callback( + '/([\x00-\x2f\x3a-\x40\x5b-\x60\x7b-\x7f])/', + 'auth_nameencode_callback', $name ); } } @@ -824,6 +823,10 @@ function auth_nameencode($name, $skip_group = false) { return $cache[$name][$skip_group]; } +function auth_nameencode_callback($matches) { + return '%'.dechex(ord(substr($matches[1],-1))); +} + /** * Create a pronouncable password * @@ -1061,7 +1064,7 @@ function auth_deleteprofile(){ if(!$INPUT->post->bool('delete')) return false; if(!checkSecurityToken()) return false; - // action prevented or auth module disallows + // action prevented or auth module disallows if(!actionOK('profile_delete') || !$auth->canDo('delUser')) { msg($lang['profnodelete'], -1); return false; |