From 6c2bb1005f9be48e398a5b41494d235d7061b7bb Mon Sep 17 00:00:00 2001 From: Andreas Gohr Date: Thu, 2 Mar 2006 11:18:50 +0100 Subject: Allow non-ID names in ACLs Some auth backends allow special chars like whitespaces in user and group names. This made problems with the existing ACL checks and ACL manager. This patch makes the ACL system work with these cases by (url)encoding all special chars below 128. darcs-hash:20060302101850-6e07b-14bda9dbdb3528904325419b35bb9eddb0d1dde3.gz --- inc/auth.php | 23 +++++++++++++++++++++-- 1 file changed, 21 insertions(+), 2 deletions(-) (limited to 'inc/auth.php') diff --git a/inc/auth.php b/inc/auth.php index 6280cf1c1..79cae52e7 100644 --- a/inc/auth.php +++ b/inc/auth.php @@ -264,16 +264,18 @@ function auth_aclcheck($id,$user,$groups){ # if no ACL is used always return upload rights if(!$conf['useacl']) return AUTH_UPLOAD; + $user = auth_nameencode($user); + //if user is superuser return 255 (acl_admin) if($conf['superuser'] == $user) { return AUTH_ADMIN; } //make sure groups is an array if(!is_array($groups)) $groups = array(); - //prepend groups with @ + //prepend groups with @ and nameencode $cnt = count($groups); for($i=0; $i<$cnt; $i++){ - $groups[$i] = '@'.$groups[$i]; + $groups[$i] = '@'.auth_nameencode($groups[$i]); } //if user is in superuser group return 255 (acl_admin) if(in_array($conf['superuser'], $groups)) { return AUTH_ADMIN; } @@ -350,6 +352,23 @@ function auth_aclcheck($id,$user,$groups){ return AUTH_NONE; } +/** + * Encode ASCII special chars + * + * Some auth backends allow special chars in their user and groupnames + * The special chars are encoded with this function. Only ASCII chars + * are encoded UTF-8 multibyte are left as is (different from usual + * urlencoding!). + * + * Decoding can be done with rawurldecode + * + * @author Andreas Gohr + * @see rawurldecode() + */ +function auth_nameencode($name){ + return preg_replace('/([\x00-\x2f\x3a-\x40\x5b-\x60\x7b-\x7f])/e',"'%'.dechex(ord('\\1'))",$name); +} + /** * Create a pronouncable password * -- cgit v1.2.3