diff options
Diffstat (limited to 'lib/plugins/authplain')
| -rw-r--r-- | lib/plugins/authplain/_test/escaping.test.php | 45 | ||||
| -rw-r--r-- | lib/plugins/authplain/auth.php | 34 |
2 files changed, 74 insertions, 5 deletions
diff --git a/lib/plugins/authplain/_test/escaping.test.php b/lib/plugins/authplain/_test/escaping.test.php index 5cf631508..9df96389a 100644 --- a/lib/plugins/authplain/_test/escaping.test.php +++ b/lib/plugins/authplain/_test/escaping.test.php @@ -13,13 +13,13 @@ */ class helper_plugin_authplain_escaping_test extends DokuWikiTest { - protected $pluginsEnabled = array('authplain'); - /** @var auth_plugin_authplain */ + protected $pluginsEnabled = array('authplainharness'); + /** @var auth_plugin_authplain|auth_plugin_authplainharness */ protected $auth; protected function reloadUsers() { /* auth caches data loaded from file, but recreated object forces reload */ - $this->auth = new auth_plugin_authplain(); + $this->auth = new auth_plugin_authplainharness(); } function setUp() { @@ -77,7 +77,44 @@ class helper_plugin_authplain_escaping_test extends DokuWikiTest { $this->assertEquals($saved['name'], $user['name']); $this->assertTrue($this->auth->checkPass("testuser", $user['pass'])); } + + // really only required for developers to ensure this plugin will + // work with systems running on PCRE 6.6 and lower. + public function testLineSplit(){ + $this->auth->setPregsplit_safe(false); + + $names = array( + 'plain', + 'ut-fठ8', + 'colon:', + 'backslash\\', + 'alltogether\\ठ:' + ); + $userpass = 'user:password_hash:'; + $other_user_data = ':email@address:group1,group2'; + + foreach ($names as $testname) { + $escaped = str_replace(array('\\',':'),array('\\\\','\\:'),$testname); // escape : & \ + $test_line = $userpass.$escaped.$other_user_data; + $result = $this->auth->splitUserData($test_line); + + $this->assertEquals($escaped, $result[2]); + } + } } -?>
\ No newline at end of file +class auth_plugin_authplainharness extends auth_plugin_authplain { + + public function setPregsplit_safe($bool) { + $this->_pregsplit_safe = $bool; + } + + public function getPregsplit_safe(){ + return $this->_pregsplit_safe; + } + + public function splitUserData($line){ + return $this->_splitUserData($line); + } +} diff --git a/lib/plugins/authplain/auth.php b/lib/plugins/authplain/auth.php index 1ea75b100..fd2d0b249 100644 --- a/lib/plugins/authplain/auth.php +++ b/lib/plugins/authplain/auth.php @@ -17,6 +17,9 @@ class auth_plugin_authplain extends DokuWiki_Auth_Plugin { /** @var array filter pattern */ protected $_pattern = array(); + /** @var bool safe version of preg_split */ + protected $_pregsplit_safe = false; + /** * Constructor * @@ -44,6 +47,8 @@ class auth_plugin_authplain extends DokuWiki_Auth_Plugin { $this->cando['getUsers'] = true; $this->cando['getUserCount'] = true; } + + $this->_pregsplit_safe = version_compare(PCRE_VERSION,'6.7','>='); } /** @@ -329,7 +334,7 @@ class auth_plugin_authplain extends DokuWiki_Auth_Plugin { if(empty($line)) continue; /* NB: preg_split can be deprecated/replaced with str_getcsv once dokuwiki is min php 5.3 */ - $row = preg_split('/(?<![^\\\\]\\\\)\:/', $line, 5); // allow for : escaped as \: + $row = $this->_splitUserData($line); $row = str_replace('\\:', ':', $row); $row = str_replace('\\\\', '\\', $row); @@ -342,6 +347,33 @@ class auth_plugin_authplain extends DokuWiki_Auth_Plugin { } } + protected function _splitUserData($line){ + // due to a bug in PCRE 6.6, preg_split will fail with the regex we use here + // refer github issues 877 & 885 + if ($this->_pregsplit_safe){ + return preg_split('/(?<![^\\\\]\\\\)\:/', $line, 5); // allow for : escaped as \: + } + + $row = array(); + $piece = ''; + $len = strlen($line); + for($i=0; $i<$len; $i++){ + if ($line[$i]=='\\'){ + $piece .= $line[$i]; + $i++; + if ($i>=$len) break; + } else if ($line[$i]==':'){ + $row[] = $piece; + $piece = ''; + continue; + } + $piece .= $line[$i]; + } + $row[] = $piece; + + return $row; + } + /** * return true if $user + $info match $filter criteria, false otherwise * |