diff options
Diffstat (limited to 'inc')
| -rw-r--r-- | inc/Mailer.class.php | 31 | ||||
| -rw-r--r-- | inc/PassHash.class.php | 18 | ||||
| -rw-r--r-- | inc/Tar.class.php | 28 | ||||
| -rw-r--r-- | inc/auth.php | 14 | ||||
| -rw-r--r-- | inc/html.php | 4 | ||||
| -rw-r--r-- | inc/lang/nl/lang.php | 12 | ||||
| -rw-r--r-- | inc/template.php | 10 |
7 files changed, 79 insertions, 38 deletions
diff --git a/inc/Mailer.class.php b/inc/Mailer.class.php index cb5f22f54..0f3321bb9 100644 --- a/inc/Mailer.class.php +++ b/inc/Mailer.class.php @@ -137,7 +137,13 @@ class Mailer { } // empty value deletes - $value = trim($value); + if(is_array($value)){ + $value = array_map('trim', $value); + $value = array_filter($value); + if(!$value) $value = ''; + }else{ + $value = trim($value); + } if($value === '') { if(isset($this->headers[$header])) unset($this->headers[$header]); } else { @@ -270,7 +276,7 @@ class Mailer { * Add the To: recipients * * @see setAddress - * @param string $address Multiple adresses separated by commas + * @param string|array $address Multiple adresses separated by commas or as array */ public function to($address) { $this->setHeader('To', $address, false); @@ -280,7 +286,7 @@ class Mailer { * Add the Cc: recipients * * @see setAddress - * @param string $address Multiple adresses separated by commas + * @param string|array $address Multiple adresses separated by commas or as array */ public function cc($address) { $this->setHeader('Cc', $address, false); @@ -290,7 +296,7 @@ class Mailer { * Add the Bcc: recipients * * @see setAddress - * @param string $address Multiple adresses separated by commas + * @param string|array $address Multiple adresses separated by commas or as array */ public function bcc($address) { $this->setHeader('Bcc', $address, false); @@ -327,18 +333,20 @@ class Mailer { * Example: * setAddress("föö <foo@bar.com>, me@somewhere.com","TBcc"); * - * @param string $address Multiple adresses separated by commas + * @param string|array $address Multiple adresses separated by commas or as array * @return bool|string the prepared header (can contain multiple lines) */ - public function cleanAddress($address) { + public function cleanAddress($addresses) { // No named recipients for To: in Windows (see FS#652) $names = (strtoupper(substr(PHP_OS, 0, 3)) === 'WIN') ? false : true; - $address = preg_replace('/[\r\n\0]+/', ' ', $address); // remove attack vectors - $headers = ''; - $parts = explode(',', $address); - foreach($parts as $part) { + if(!is_array($addresses)){ + $addresses = explode(',', $addresses); + } + + foreach($addresses as $part) { + $part = preg_replace('/[\r\n\0]+/', ' ', $part); // remove attack vectors $part = trim($part); // parse address @@ -378,7 +386,7 @@ class Mailer { $text = utf8_strip($text); } - if(!utf8_isASCII($text)) { + if(strpos($text, ',') !== false || !utf8_isASCII($text)) { $text = '=?UTF-8?B?'.base64_encode($text).'?='; } } else { @@ -392,6 +400,7 @@ class Mailer { $headers .= $text.' '.$addr; } + $headers = trim($headers); if(empty($headers)) return false; return $headers; diff --git a/inc/PassHash.class.php b/inc/PassHash.class.php index 607661a22..db6a3a77c 100644 --- a/inc/PassHash.class.php +++ b/inc/PassHash.class.php @@ -98,7 +98,7 @@ class PassHash { $salt = ''; $chars = 'abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789'; for($i = 0; $i < $len; $i++) { - $salt .= $chars[auth_random(0, 61)]; + $salt .= $chars[$this->random(0, 61)]; } return $salt; } @@ -541,4 +541,20 @@ class PassHash { return ($raw_output) ? pack($pack, $output) : $output; } + + /** + * Use DokuWiki's secure random generator if available + * + * @param $min + * @param $max + * + * @return int + */ + protected function random($min, $max){ + if(function_exists('auth_random')){ + return auth_random($min, $max); + }else{ + return mt_rand($min, $max); + } + } } diff --git a/inc/Tar.class.php b/inc/Tar.class.php index d1a38ea0e..bc87d7d29 100644 --- a/inc/Tar.class.php +++ b/inc/Tar.class.php @@ -568,29 +568,23 @@ class Tar { } /** - * Cleans up a path and removes relative parts + * Cleans up a path and removes relative parts, also strips leading slashes * * @param string $p_dir * @return string */ - protected function cleanPath($p_dir) { - $r = ''; - if($p_dir) { - $subf = explode("/", $p_dir); - - for($i = count($subf) - 1; $i >= 0; $i--) { - if($subf[$i] == ".") { - # do nothing - } elseif($subf[$i] == "..") { - $i--; - } elseif(!$subf[$i] && $i != count($subf) - 1 && $i) { - # do nothing - } else { - $r = $subf[$i].($i != (count($subf) - 1) ? "/".$r : ""); - } + public function cleanPath($path) { + $path=explode('/', $path); + $newpath=array(); + foreach($path as $p) { + if ($p === '' || $p === '.') continue; + if ($p==='..') { + array_pop($newpath); + continue; } + array_push($newpath, $p); } - return $r; + return trim(implode('/', $newpath), '/'); } /** diff --git a/inc/auth.php b/inc/auth.php index be6b7ebbe..1c0bf5b4f 100644 --- a/inc/auth.php +++ b/inc/auth.php @@ -136,22 +136,30 @@ function auth_loadACL() { $acl = file($config_cascade['acl']['default']); - //support user wildcard $out = array(); foreach($acl as $line) { $line = trim($line); if($line{0} == '#') continue; list($id,$rest) = preg_split('/\s+/',$line,2); + // substitue user wildcard first (its 1:1) + if(strstr($line, '%USER%')){ + // if user is not logged in, this ACL line is meaningless - skip it + if (!isset($_SERVER['REMOTE_USER'])) continue; + + $id = str_replace('%USER%',cleanID($_SERVER['REMOTE_USER']),$id); + $rest = str_replace('%USER%',auth_nameencode($_SERVER['REMOTE_USER']),$rest); + } + + // substitute group wildcard (its 1:m) if(strstr($line, '%GROUP%')){ + // if user is not logged in, grps is empty, no output will be added (i.e. skipped) foreach((array) $USERINFO['grps'] as $grp){ $nid = str_replace('%GROUP%',cleanID($grp),$id); $nrest = str_replace('%GROUP%','@'.auth_nameencode($grp),$rest); $out[] = "$nid\t$nrest"; } } else { - $id = str_replace('%USER%',cleanID($_SERVER['REMOTE_USER']),$id); - $rest = str_replace('%USER%',auth_nameencode($_SERVER['REMOTE_USER']),$rest); $out[] = "$id\t$rest"; } } diff --git a/inc/html.php b/inc/html.php index 96c4eaa1a..a2a726406 100644 --- a/inc/html.php +++ b/inc/html.php @@ -1629,7 +1629,9 @@ function html_debug(){ if($auth){ print '<b>Auth backend capabilities:</b><pre>'; - print_r($auth->cando); + foreach ($auth->getCapabilities() as $cando){ + print ' '.str_pad($cando,16) . ' => ' . (int)$auth->canDo($cando) . NL; + } print '</pre>'; } diff --git a/inc/lang/nl/lang.php b/inc/lang/nl/lang.php index 6c416ca74..c45c172fb 100644 --- a/inc/lang/nl/lang.php +++ b/inc/lang/nl/lang.php @@ -1,8 +1,8 @@ <?php + /** - * dutch language file - * * @license GPL 2 (http://www.gnu.org/licenses/gpl.html) + * * @author François Kooman <fkooman.tuxed.net> * @author Jack van Klaren <dokuwiki@afentoe.xs4all.nl> * @author Riny Heijdendael <riny@heijdendael.nl> @@ -17,6 +17,7 @@ * @author Jeroen * @author Ricardo Guijt <ricardoguijt@gmail.com> * @author Gerrit <klapinklapin@gmail.com> + * @author mprins <mprins@users.sf.net> */ $lang['encoding'] = 'utf-8'; $lang['direction'] = 'ltr'; @@ -60,6 +61,7 @@ $lang['btn_revert'] = 'Herstellen'; $lang['btn_register'] = 'Registreren'; $lang['btn_apply'] = 'Toepassen'; $lang['btn_media'] = 'Mediabeheerder'; +$lang['btn_deleteuser'] = 'Verwijder mijn account'; $lang['loggedinas'] = 'Ingelogd als'; $lang['user'] = 'Gebruikersnaam'; $lang['pass'] = 'Wachtwoord'; @@ -71,6 +73,7 @@ $lang['fullname'] = 'Volledige naam'; $lang['email'] = 'E-mail'; $lang['profile'] = 'Gebruikersprofiel'; $lang['badlogin'] = 'Sorry, gebruikersnaam of wachtwoord onjuist'; +$lang['badpassconfirm'] = 'Sorry, het wachtwoord was onjuist'; $lang['minoredit'] = 'Kleine wijziging'; $lang['draftdate'] = 'Concept automatisch opgeslagen op'; $lang['nosecedit'] = 'De pagina is tussentijds veranderd, sectie-informatie was verouderd, volledige pagina geladen.'; @@ -87,6 +90,11 @@ $lang['profna'] = 'Deze wiki ondersteunt geen profielwijzigingen' $lang['profnochange'] = 'Geen wijzigingen, niets gedaan'; $lang['profnoempty'] = 'Een lege gebruikersnaam of e-mailadres is niet toegestaan'; $lang['profchanged'] = 'Gebruikersprofiel succesvol aangepast'; +$lang['profnodelete'] = 'Deze wiki heeft biedt geen ondersteuning voor verwijdering van gebruikers'; +$lang['profdeleteuser'] = 'Verwijder gebruiker'; +$lang['profdeleted'] = 'Uw gebruikersaccount is verwijderd van deze wiki'; +$lang['profconfdelete'] = 'Ik wik mijn gebruikersaccount verwijderen van deze wiki. <br/> Deze actie kan niet ongedaan gemaakt worden.'; +$lang['profconfdeletemissing'] = 'Bevestigingsvinkje niet gezet'; $lang['pwdforget'] = 'Je wachtwoord vergeten? Vraag een nieuw wachtwoord aan'; $lang['resendna'] = 'Deze wiki ondersteunt het verzenden van wachtwoorden niet'; $lang['resendpwd'] = 'Nieuw wachtwoord bepalen voor'; diff --git a/inc/template.php b/inc/template.php index c8520dc26..8f41ce65b 100644 --- a/inc/template.php +++ b/inc/template.php @@ -33,11 +33,13 @@ function template($file) { * This replaces the deprecated DOKU_TPLINC constant * * @author Andreas Gohr <andi@splitbrain.org> + * @param string $tpl The template to use, default to current one * @return string */ -function tpl_incdir() { +function tpl_incdir($tpl='') { global $conf; - return DOKU_INC.'lib/tpl/'.$conf['template'].'/'; + if(!$tpl) $tpl = $conf['template']; + return DOKU_INC.'lib/tpl/'.$tpl.'/'; } /** @@ -46,10 +48,12 @@ function tpl_incdir() { * This replaces the deprecated DOKU_TPL constant * * @author Andreas Gohr <andi@splitbrain.org> + * @param string $tpl The template to use, default to current one * @return string */ -function tpl_basedir() { +function tpl_basedir($tpl='') { global $conf; + if(!$tpl) $tpl = $conf['template']; return DOKU_BASE.'lib/tpl/'.$conf['template'].'/'; } |