diff options
| -rw-r--r-- | _test/cases/inc/auth_nameencode.test.php | 11 | ||||
| -rw-r--r-- | inc/auth.php | 14 |
2 files changed, 21 insertions, 4 deletions
diff --git a/_test/cases/inc/auth_nameencode.test.php b/_test/cases/inc/auth_nameencode.test.php index 6deb7de9f..926937a09 100644 --- a/_test/cases/inc/auth_nameencode.test.php +++ b/_test/cases/inc/auth_nameencode.test.php @@ -23,6 +23,17 @@ class auth_nameencode_test extends UnitTestCase { $this->assertEqual(auth_nameencode($in),$out); } + function test_groupskipon(){ + $in = '@hey$you'; + $out = '@hey%24you'; + $this->assertEqual(auth_nameencode($in,true),$out); + } + + function test_groupskipoff(){ + $in = '@hey$you'; + $out = '%40hey%24you'; + $this->assertEqual(auth_nameencode($in),$out); + } } //Setup VIM: ex: et ts=4 enc=utf-8 : diff --git a/inc/auth.php b/inc/auth.php index 1efd42448..7c739d4ef 100644 --- a/inc/auth.php +++ b/inc/auth.php @@ -267,7 +267,7 @@ function auth_aclcheck($id,$user,$groups){ $user = auth_nameencode($user); //if user is superuser return 255 (acl_admin) - if($conf['superuser'] == $user) { return AUTH_ADMIN; } + if(auth_nameencode($conf['superuser']) == $user) { return AUTH_ADMIN; } //make sure groups is an array if(!is_array($groups)) $groups = array(); @@ -278,7 +278,7 @@ function auth_aclcheck($id,$user,$groups){ $groups[$i] = '@'.auth_nameencode($groups[$i]); } //if user is in superuser group return 255 (acl_admin) - if(in_array($conf['superuser'], $groups)) { return AUTH_ADMIN; } + if(in_array(auth_nameencode($conf['superuser'],true), $groups)) { return AUTH_ADMIN; } $ns = getNS($id); $perm = -1; @@ -365,8 +365,14 @@ function auth_aclcheck($id,$user,$groups){ * @author Andreas Gohr <gohr@cosmocode.de> * @see rawurldecode() */ -function auth_nameencode($name){ - return preg_replace('/([\x00-\x2f\x3a-\x40\x5b-\x60\x7b-\x7f])/e',"'%'.dechex(ord('\\1'))",$name); +function auth_nameencode($name,$skip_group=false){ + if($skip_group && $name{0} =='@'){ + return '@'.preg_replace('/([\x00-\x2f\x3a-\x40\x5b-\x60\x7b-\x7f])/e', + "'%'.dechex(ord('\\1'))",substr($name,1)); + }else{ + return preg_replace('/([\x00-\x2f\x3a-\x40\x5b-\x60\x7b-\x7f])/e', + "'%'.dechex(ord('\\1'))",$name); + } } /** |