use nameencoding on superuser check in inc/auth.php

darcs-hash:20060307192928-7ad00-1ec5393d63d536992810fe8f611525d2af4834a2.gz

1 files changed, 10 insertions, 4 deletions

diff --git a/inc/auth.php b/inc/auth.php
index 1efd42448..7c739d4ef 100644
--- a/inc/auth.php
+++ b/inc/auth.php
@@ -267,7 +267,7 @@ function auth_aclcheck($id,$user,$groups){
   $user = auth_nameencode($user);
 
   //if user is superuser return 255 (acl_admin)
-  if($conf['superuser'] == $user) { return AUTH_ADMIN; }
+  if(auth_nameencode($conf['superuser']) == $user) { return AUTH_ADMIN; }
 
   //make sure groups is an array
   if(!is_array($groups)) $groups = array();
@@ -278,7 +278,7 @@ function auth_aclcheck($id,$user,$groups){
     $groups[$i] = '@'.auth_nameencode($groups[$i]);
   }
   //if user is in superuser group return 255 (acl_admin)
-  if(in_array($conf['superuser'], $groups)) { return AUTH_ADMIN; }
+  if(in_array(auth_nameencode($conf['superuser'],true), $groups)) { return AUTH_ADMIN; }
 
   $ns    = getNS($id);
   $perm  = -1;
@@ -365,8 +365,14 @@ function auth_aclcheck($id,$user,$groups){
  * @author Andreas Gohr <gohr@cosmocode.de>
  * @see rawurldecode()
  */
-function auth_nameencode($name){
-  return preg_replace('/([\x00-\x2f\x3a-\x40\x5b-\x60\x7b-\x7f])/e',"'%'.dechex(ord('\\1'))",$name);
+function auth_nameencode($name,$skip_group=false){
+  if($skip_group && $name{0} =='@'){
+    return '@'.preg_replace('/([\x00-\x2f\x3a-\x40\x5b-\x60\x7b-\x7f])/e',
+                            "'%'.dechex(ord('\\1'))",substr($name,1));
+  }else{
+    return preg_replace('/([\x00-\x2f\x3a-\x40\x5b-\x60\x7b-\x7f])/e',
+                        "'%'.dechex(ord('\\1'))",$name);
+  }
 }
 
 /**