From 2ed38036a53a489d2fcadc46ce601f8c876fca31 Mon Sep 17 00:00:00 2001 From: Andreas Gohr Date: Fri, 21 Sep 2012 11:53:17 +0200 Subject: consolidate more notification code in subscription class This is untested and probably broken currently --- inc/auth.php | 11 +++-------- 1 file changed, 3 insertions(+), 8 deletions(-) (limited to 'inc/auth.php') diff --git a/inc/auth.php b/inc/auth.php index cedfdee36..3fb937613 100644 --- a/inc/auth.php +++ b/inc/auth.php @@ -778,23 +778,18 @@ function register() { return false; } - // create substitutions for use in notification email - $substitutions = array( - 'NEWUSER' => $_POST['login'], - 'NEWNAME' => $_POST['fullname'], - 'NEWEMAIL' => $_POST['email'], - ); + $subscription = new Subscription(); if(!$conf['autopasswd']) { msg($lang['regsuccess2'], 1); - notify('', 'register', '', $_POST['login'], false, $substitutions); + $subscription->send_register($_POST['login'], $_POST['fullname'], $_POST['email']); return true; } // autogenerated password? then send him the password if(auth_sendPassword($_POST['login'], $pass)) { msg($lang['regsuccess'], 1); - notify('', 'register', '', $_POST['login'], false, $substitutions); + $subscription->send_register($_POST['login'], $_POST['fullname'], $_POST['email']); return true; } else { msg($lang['regmailfail'], -1); -- cgit v1.2.3 From eb3ce0d55290dd4a60193e680aa50b46571350bd Mon Sep 17 00:00:00 2001 From: Kazutaka Miyasaka Date: Sun, 25 Nov 2012 21:02:32 +0900 Subject: Fix case-insensitive match in ACL checking ACL checking of DokuWiki is currently always case-sensitive regardless of auth backend setting ($auth->isCaseSensitive). This commit enables case-insensitive match in the same way of auth_isMember(). --- inc/auth.php | 17 ++++++++++++----- 1 file changed, 12 insertions(+), 5 deletions(-) (limited to 'inc/auth.php') diff --git a/inc/auth.php b/inc/auth.php index 1c8a8f5f5..9c458338d 100644 --- a/inc/auth.php +++ b/inc/auth.php @@ -535,9 +535,10 @@ function auth_aclcheck($id, $user, $groups) { return AUTH_ADMIN; } - $ci = ''; - if(!$auth->isCaseSensitive()) $ci = 'ui'; - + if(!$auth->isCaseSensitive()) { + $user = utf8_strtolower($user); + $groups = array_map('utf8_strtolower', $groups); + } $user = $auth->cleanUser($user); $groups = array_map(array($auth, 'cleanGroup'), (array) $groups); $user = auth_nameencode($user); @@ -561,11 +562,14 @@ function auth_aclcheck($id, $user, $groups) { } //check exact match first - $matches = preg_grep('/^'.preg_quote($id, '/').'\s+(\S+)\s+/'.$ci, $AUTH_ACL); + $matches = preg_grep('/^'.preg_quote($id, '/').'\s+(\S+)\s+/u', $AUTH_ACL); if(count($matches)) { foreach($matches as $match) { $match = preg_replace('/#.*$/', '', $match); //ignore comments $acl = preg_split('/\s+/', $match); + if(!$auth->isCaseSensitive() && $acl[1] !== '@ALL') { + $acl[1] = utf8_strtolower($acl[1]); + } if(!in_array($acl[1], $groups)) { continue; } @@ -588,11 +592,14 @@ function auth_aclcheck($id, $user, $groups) { } do { - $matches = preg_grep('/^'.preg_quote($path, '/').'\s+(\S+)\s+/'.$ci, $AUTH_ACL); + $matches = preg_grep('/^'.preg_quote($path, '/').'\s+(\S+)\s+/u', $AUTH_ACL); if(count($matches)) { foreach($matches as $match) { $match = preg_replace('/#.*$/', '', $match); //ignore comments $acl = preg_split('/\s+/', $match); + if(!$auth->isCaseSensitive() && $acl[1] !== '@ALL') { + $acl[1] = utf8_strtolower($acl[1]); + } if(!in_array($acl[1], $groups)) { continue; } -- cgit v1.2.3 From 10b5c32d6486ab0884deda109b1e5947f7ec7662 Mon Sep 17 00:00:00 2001 From: Andreas Gohr Date: Fri, 30 Nov 2012 12:35:46 +0100 Subject: fixed merge error in inc/auth.php merged the wrong change here --- inc/auth.php | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) (limited to 'inc/auth.php') diff --git a/inc/auth.php b/inc/auth.php index 54d2cd50a..9c458338d 100644 --- a/inc/auth.php +++ b/inc/auth.php @@ -782,21 +782,21 @@ function register() { // create substitutions for use in notification email $substitutions = array( - 'NEWUSER' => $_POST['login'], - 'NEWNAME' => $_POST['fullname'], - 'NEWEMAIL' => $_POST['email'], + 'NEWUSER' => $login, + 'NEWNAME' => $fullname, + 'NEWEMAIL' => $email, ); if(!$conf['autopasswd']) { msg($lang['regsuccess2'], 1); - notify('', 'register', '', $_POST['login'], false, $substitutions); + notify('', 'register', '', $login, false, $substitutions); return true; } // autogenerated password? then send him the password if(auth_sendPassword($login, $pass)) { msg($lang['regsuccess'], 1); - notify('', 'register', '', $_POST['login'], false, $substitutions); + notify('', 'register', '', $login, false, $substitutions); return true; } else { msg($lang['regmailfail'], -1); -- cgit v1.2.3 From 790b77202079261b11d425e0c814608d626eea70 Mon Sep 17 00:00:00 2001 From: Andreas Gohr Date: Fri, 30 Nov 2012 13:09:15 +0100 Subject: moved registration notification to subscription class --- inc/auth.php | 14 +++++--------- 1 file changed, 5 insertions(+), 9 deletions(-) (limited to 'inc/auth.php') diff --git a/inc/auth.php b/inc/auth.php index 9c458338d..29a46b37e 100644 --- a/inc/auth.php +++ b/inc/auth.php @@ -780,23 +780,19 @@ function register() { return false; } - // create substitutions for use in notification email - $substitutions = array( - 'NEWUSER' => $login, - 'NEWNAME' => $fullname, - 'NEWEMAIL' => $email, - ); + // send notification about the new user + $subscription = new Subscription(); + $subscription->send_register($login, $fullname, $email); + // are we done? if(!$conf['autopasswd']) { msg($lang['regsuccess2'], 1); - notify('', 'register', '', $login, false, $substitutions); return true; } - // autogenerated password? then send him the password + // autogenerated password? then send password to user if(auth_sendPassword($login, $pass)) { msg($lang['regsuccess'], 1); - notify('', 'register', '', $login, false, $substitutions); return true; } else { msg($lang['regmailfail'], -1); -- cgit v1.2.3 From def492a2d77af9effca204483b570061202cda5b Mon Sep 17 00:00:00 2001 From: Guillaume Turri Date: Sun, 6 Jan 2013 10:18:17 +0100 Subject: Made auth_aclcheck always return int The returned type is important in particular when we deal with xmlrpc. Indeed, this value is directly returned to the client eg when the wiki.getAllPages method is queried. Currently the 'perms' attribute may be either an int or a string, and its up to the xmlrpc client to resolve it (although Dokuwiki's documentation only tells it can be an int). This patch makes sure we'll always return perms as int. --- inc/auth.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'inc/auth.php') diff --git a/inc/auth.php b/inc/auth.php index 9c458338d..c68a699fe 100644 --- a/inc/auth.php +++ b/inc/auth.php @@ -580,7 +580,7 @@ function auth_aclcheck($id, $user, $groups) { } if($perm > -1) { //we had a match - return it - return $perm; + return (int) $perm; } } @@ -610,7 +610,7 @@ function auth_aclcheck($id, $user, $groups) { } //we had a match - return it if($perm != -1) { - return $perm; + return (int) $perm; } } //get next higher namespace -- cgit v1.2.3