From 75c93b7798bed5fafb8b75066adce3af14ebb524 Mon Sep 17 00:00:00 2001
From: Andreas Gohr <andi@splitbrain.org>
Date: Sat, 2 Oct 2010 11:32:00 +0200
Subject: a more correct fix for FS#2039

---
 inc/auth.php | 31 ++++++++++++++++++++++++++-----
 1 file changed, 26 insertions(+), 5 deletions(-)

(limited to 'inc/auth.php')

diff --git a/inc/auth.php b/inc/auth.php
index 90ce61a37..a2844a732 100644
--- a/inc/auth.php
+++ b/inc/auth.php
@@ -103,13 +103,34 @@ function auth_setup(){
     }
 
     //load ACL into a global array XXX
-    if(is_readable($config_cascade['acl']['default'])){
-        $AUTH_ACL = file($config_cascade['acl']['default']);
-        //support user wildcard
-        if(isset($_SERVER['REMOTE_USER'])){
-            $AUTH_ACL = str_replace('%USER%',auth_nameencode($_SERVER['REMOTE_USER']),$AUTH_ACL);
+    $AUTH_ACL = auth_loadACL();
+}
+
+/**
+ * Loads the ACL setup and handle user wildcards
+ *
+ * @author Andreas Gohr <andi@splitbrain.org>
+ * @returns array
+ */
+function auth_loadACL(){
+    global $config_cascade;
+
+    if(!is_readable($config_cascade['acl']['default'])) return array();
+
+    $acl = file($config_cascade['acl']['default']);
+
+    //support user wildcard
+    if(isset($_SERVER['REMOTE_USER'])){
+        $len = count($acl);
+        for($i=0; $i<$len; $i++){
+            if($acl[$i]{0} == '#') continue;
+            list($id,$rest) = preg_split('/\s+/',$acl[$i],2);
+            $id   = str_replace('%USER%',cleanID($_SERVER['REMOTE_USER']),$id);
+            $rest = str_replace('%USER%',auth_nameencode($_SERVER['REMOTE_USER']),$rest);
+            $acl[$i] = "$id\t$rest";
         }
     }
+    return $acl;
 }
 
 function auth_login_wrapper($evdata) {
-- 
cgit v1.2.3